Skip to content

chore(deps): update npm#1901

Merged
kkedziak-splunk merged 6 commits intodevelopfrom
renovate/npm
Mar 27, 2026
Merged

chore(deps): update npm#1901
kkedziak-splunk merged 6 commits intodevelopfrom
renovate/npm

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Aug 31, 2025
edited by kkedziak-splunk
Loading

Summary

Renovatebot npm dependency updates with manual fixes for broken packages.

Updates included

Non-Splunk dependency bumps from the original renovatebot PR (babel, typescript, storybook, vite, msw, zod, etc.)

Packages reverted due to breakage

Package Reverted from Reverted to Reason
@splunk/react-ui ^5.9.0 5.2.0 (pinned via resolution) querySelector('undefined') error in jsdom — breaks 55 unit tests
@splunk/dashboard-* 29.5.0 29.4.0 Transitive dep on broken @splunk/react-ui ^5.7+
Other @splunk/* packages various develop versions Kept in sync with dashboard packages
vite-plugin-dts 4.5.4 4.5.3 Unable to find package.json error during rollupTypes in lib build
@storybook/test-runner ^0.24.3 ^0.23.0 Must use import to load ES Module error loading .ts config

Additional fixes

  • Export DatePickerComponentProps in DatePickerComponent.tsx — fixes TS4023 declaration emit error (cannot be named)
  • Update expected UI file list in smoke test — Vite chunking changed (removed ArrowBroadUnderbarDown.js, ChevronUp.js; Search.js now split into two chunks)

Known pre-existing CVEs (not addressed here)

  • brace-expansion@5.0.4 / 2.0.2 (CVE-2026-33750) — fix requires major version bump, breaks eslint-plugin-import
  • picomatch@2.3.1 (CVE-2026-33671/33672) — fix requires major version bump (v2→v4)
  • crypto-js@3.3.0 (CVE-2023-46233) — transitive dep of @splunk packages

Test plan

  • vitest run — 486 tests pass (54 files)
  • vite build --config vite.lib.config.ts — lib build succeeds
  • vite build --config vite.config.ts — app build succeeds
  • Smoke test expected file list updated

@renovate renovate Bot requested a review from a team as a code owner August 31, 2025 11:44
@renovate renovate Bot force-pushed the renovate/npm branch 11 times, most recently from 036c2f1 to 7138ced Compare September 5, 2025 19:09
@renovate renovate Bot force-pushed the renovate/npm branch 9 times, most recently from c83f220 to 02ac7de Compare September 13, 2025 23:47
@renovate renovate Bot force-pushed the renovate/npm branch 6 times, most recently from faf56c9 to 98025d2 Compare September 18, 2025 11:27
@renovate renovate Bot force-pushed the renovate/npm branch 9 times, most recently from 6ee69a2 to 4cf2f5e Compare December 14, 2025 18:56
@renovate renovate Bot force-pushed the renovate/npm branch 13 times, most recently from 09824d7 to ace1341 Compare December 22, 2025 11:11
renovate Bot and others added 2 commits March 26, 2026 19:53
@renovate
chore(deps): update npm
f770f39
@kkedziak-splunk @claude
fix: revert broken @splunk/react-ui 5.9.0, vite-plugin-dts 4.5.4, and…
82a74fa 
… export DatePickerComponentProps

- Pin @splunk/react-ui to 5.2.0 to fix querySelector('undefined') error in jsdom tests
- Revert @splunk/* packages to develop versions (dashboard 29.4.0, etc.)
- Revert vite-plugin-dts to 4.5.3 to fix "Unable to find package.json" build error
- Export DatePickerComponentProps interface to fix TS4023 declaration emit error

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Mar 27, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

kkedziak-splunk and others added 4 commits March 27, 2026 11:32
@kkedziak-splunk @claude
fix: revert @storybook/test-runner to ^0.23.0 to fix ESM import error
1a89402 
v0.24.3 fails with "Must use import to load ES Module" when loading
.storybook/test-runner.ts config file.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kkedziak-splunk @claude
fix: update expected UI file list in smoke test
09cadfa 
Dependency updates changed Vite's chunking: ArrowBroadUnderbarDown.js
and ChevronUp.js are no longer separate chunks, and Search.js is now
split into two chunks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kkedziak-splunk @claude
fix: bump brace-expansion and picomatch to fix CVE-2026-33750 and CVE…
2f2beea 
…-2026-33671/33672

Add resolutions for brace-expansion >=5.0.5 and picomatch >=4.0.4.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kkedziak-splunk @claude
fix: revert brace-expansion/picomatch resolutions that broke eslint
3b27cfe 
The CVE fixes require major version bumps (v2→v5, v2→v4) that break
the API for consumers expecting v1/v2. Upstream packages need to
update their dependencies first.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@kkedziak-splunk kkedziak-splunk kkedziak-splunk approved these changes

@soleksy-splunk soleksy-splunk Awaiting requested review from soleksy-splunk soleksy-splunk is a code owner automatically assigned from splunk/ucc-ui-developers

@rohanm-crest rohanm-crest Awaiting requested review from rohanm-crest rohanm-crest is a code owner automatically assigned from splunk/ucc-ui-developers

Assignees

No one assigned

Labels

size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kkedziak-splunk