build(deps-dev): bump eslint-plugin-react-refresh from 0.5.2 to 0.5.3 in /webui#289
Conversation
Bumps [eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh) from 0.5.2 to 0.5.3. - [Release notes](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases) - [Changelog](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md) - [Commits](ArnaudBarre/eslint-plugin-react-refresh@v0.5.2...v0.5.3) --- updated-dependencies: - dependency-name: eslint-plugin-react-refresh dependency-version: 0.5.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
deleted the
dependabot/npm_and_yarn/webui/eslint-plugin-react-refresh-0.5.3
branch
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Bug Scan Summary
Date: 2026-06-21
Commits inspected: 34c8e021 → 6cc0eca2 (PR #289)
Result: No critical bugs found.
Scope of change
Dev-only bump: eslint-plugin-react-refresh 0.5.2 → 0.5.3 in webui/package.json and webui/package-lock.json. No application or backend code changes.
Investigation
- Production impact: None. ESLint plugins are devDependencies and are not bundled into the production SPA (
npm run buildsucceeds). - Plugin changelog (v0.5.3): Fixes a false-positive in the
only-export-componentsrule for non-component classes re-exported viaexport { }. This is a lint-accuracy improvement, not a runtime behavior change. - Call-path trace:
eslint.config.jsregistersreact-refresh/only-export-componentsas a"warn". The rule does not execute at runtime and cannot affect auth, data persistence, or worker orchestration. - Validation:
npx vitest run— 154/154 passed.npm run build— OK.npm ls eslint-plugin-react-refresh— 0.5.3. - Lint delta:
npm run lintreports 34 errors on both 0.5.2 (base) and 0.5.3 (head); zero violations fromreact-refresh/*. Failures are pre-existingreact-hooks/*and@typescript-eslint/*issues unrelated to this bump.
Deduplication check
- Open PRs:
eslint-plugin-react-refresh,react-refresh— only #289 (this PR). - Recently merged PRs: #20 (prior react-refresh bump), no overlapping fix.
- Open issues: No matches for
eslint-plugin-react-refresh. - Conclusion: No existing fix needed; safe dev-dependency maintenance.
Notes (below critical bar)
Pre-existing unfixed correctness issues remain in open draft PRs #281 (Imported hash-only scoping), #282 (CHANGE_ME qBit placeholder drop on save), and #283 (PasswordHash section-replace bypass). These are unrelated to this Dependabot bump.
Sent by Cursor Automation: Torrentarr - Find critical bugs
There was a problem hiding this comment.
PR Validation (Cursor Automation)
Recommendation: Merge
Primary reason: Clean frontend dev-dependency bump; local merge with current master had no conflicts, Release build passed, non-live .NET tests passed on rerun, and Vitest passed. GitHub currently reports this PR as already merged into master.
Gates
| Gate | Status | Notes |
|---|---|---|
| Merge conflicts | Pass | git merge origin/master completed cleanly; conflicts: none. |
dotnet build |
Pass | dotnet restore + dotnet build -c Release passed with SDK 10.0.100 installed locally under /tmp/dotnet for validation. |
dotnet test (non-live) |
Pass | Final aggregate rerun passed: Core 167/167, Host 196/196, Infrastructure 396/396. Initial aggregate run hit transient ConfigReloaderTests failures; the failing class, Infrastructure suite, and aggregate command all passed on rerun. |
vitest |
Pass | npx vitest run passed: 16 files, 154 tests. |
Validation
| Axis | Score | Notes |
|---|---|---|
| Purpose | Pass | Updates eslint-plugin-react-refresh from 0.5.2 to 0.5.3, a narrow dev-dependency maintenance bump. |
| Correctness | Pass | Changes are limited to webui/package.json and webui/package-lock.json; no runtime or qBitrr parity behavior is affected. |
| Tests | Pass | No behavior-specific regression tests required for this dependency-only update; existing backend and frontend suites pass. |
| Hygiene | Pass | Two-file dependency update, no unrelated generated files or broad branch noise. |
| Overlap | Pass | No open PRs found for the same eslint-plugin-react-refresh bump; known 2026-06-15 duplicate-winner themes are unrelated. |
Why
This PR is a minimal Dependabot dev-dependency bump in the WebUI. It merges cleanly with current master, leaves the package lock consistent, and passes the relevant build/test gates after a fair retry of a transient .NET test interaction. The Torrentarr-specific behavioral checks are not triggered because no backend, auth, config, Arr sync, HnR, or database lookup code changed.
Note: docs/audits/pr-triage-*.md was not present in the merged checkout, so overlap was checked against the known-winner table from the automation prompt plus open PR search.
Overlap
None.
Commands run
git fetch origin mastergit fetch origin dependabot/npm_and_yarn/webui/eslint-plugin-react-refresh-0.5.3(remote ref unavailable)git fetch origin pull/289/head:refs/remotes/origin/pr/289git checkout -B pr-validate origin/pr/289git merge origin/masternpm cinpx vitest run- Installed .NET SDK
10.0.100locally under/tmp/dotnetfor validation dotnet restoredotnet build -c Releasedotnet test -c Release --no-build --filter "Category!=Live"dotnet test tests/Torrentarr.Infrastructure.Tests/Torrentarr.Infrastructure.Tests.csproj -c Release --no-build --filter "FullyQualifiedName~ConfigReloaderTests"dotnet test tests/Torrentarr.Infrastructure.Tests/Torrentarr.Infrastructure.Tests.csproj -c Release --no-build --filter "Category!=Live"dotnet test -c Release --no-build --filter "Category!=Live"gh pr list --state open --search "eslint-plugin-react-refresh repo:Feramance/Torrentarr" --json number,title,url,headRefName
Sent by Cursor Automation: Torrentarr PR validation triage
Bumps eslint-plugin-react-refresh from 0.5.2 to 0.5.3.
Release notes
Sourced from eslint-plugin-react-refresh's releases.
Changelog
Sourced from eslint-plugin-react-refresh's changelog.
Commits
00818e9v0.5.3 [publish]202fc4aFix PascalCase class exported viaexport { Name }incorrectly treated as Re...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)