chore(deps): bump devalue and @sveltejs/adapter-auto in /examples/svelte/svelte-vite#4607
Conversation
Bumps [devalue](https://github.com/sveltejs/devalue) to 5.8.1 and updates ancestor dependency [@sveltejs/adapter-auto](https://github.com/sveltejs/kit/tree/HEAD/packages/adapter-auto). These dependencies need to be updated together. Updates `devalue` from 4.3.3 to 5.8.1 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v4.3.3...v5.8.1) Updates `@sveltejs/adapter-auto` from 1.0.0-next.91 to 7.0.1 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/adapter-auto/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/adapter-auto@7.0.1/packages/adapter-auto) --- updated-dependencies: - dependency-name: devalue dependency-version: 5.8.1 dependency-type: indirect - dependency-name: "@sveltejs/adapter-auto" dependency-version: 7.0.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 7e9c434. Configure here.
| "devDependencies": { | ||
| "@originjs/vite-plugin-commonjs": "^1.0.3", | ||
| "@sveltejs/adapter-auto": "*", | ||
| "@sveltejs/adapter-auto": "next", |
There was a problem hiding this comment.
Dependency uses next dist-tag instead of semver range
Medium Severity
The @sveltejs/adapter-auto version specifier was changed from "*" to "next", which is an npm dist-tag rather than a semver range. The next dist-tag typically points to pre-release or unstable versions and can resolve to a different version each time npm install runs without a lockfile. This was likely meant to be a proper semver range like "^7.0.1" to pin to the stable release.
Reviewed by Cursor Bugbot for commit 7e9c434. Configure here.
|
View your CI Pipeline Execution ↗ for commit 7e9c434
☁️ Nx Cloud last updated this comment at |
Bumps devalue to 5.8.1 and updates ancestor dependency @sveltejs/adapter-auto. These dependencies need to be updated together.
Updates
devaluefrom 4.3.3 to 5.8.1Release notes
Sourced from devalue's releases.
... (truncated)
Changelog
Sourced from devalue's changelog.
... (truncated)
Commits
796ea83Version Packages (#152)206ca67Merge commit from fork14933f7Version Packages (#151)c5115b0feat:stringifyAsync(#150)67dad45docs: update README to reflect serialization stability non-goal (#147)6eb920aVersion Packages (#146)8becc7cfix: handle regexes consistently in uneval's value and reference formats (#145)2eee2e4Version Packages (#144)498656eDataView support (#143)5590634Improve platform types support (#142)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for devalue since your current version.
Updates
@sveltejs/adapter-autofrom 1.0.0-next.91 to 7.0.1Release notes
Sourced from @sveltejs/adapter-auto's releases.
Changelog
Sourced from @sveltejs/adapter-auto's changelog.
... (truncated)
Commits
c727a90Version Packages (#15309)77ab341feat: update adapter-netlify to version 61d2be12chore: update suggestion message (#15165)0da365achore(deps): update vitest monorepo to v4 (major) (#14789)6f13d2bVersion Packages (#14738)c710a39breaking: update to adapter-vercel to version 6 (#14737)9fbd0d1Version Packages (#14580)193d37cchore: fix "homepage" field in package.json (#14579)758ec17fix: conditionally access builder properties that only exist on the latest Sv...d4f00a1chore: remove skipLibCheck (#14227)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@sveltejs/adapter-autosince your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Medium Risk
Dependency lockfile updates pull in major-version SvelteKit ecosystem changes (notably
@sveltejs/adapter-auto7 and@sveltejs/kit2.x) and new Node engine requirements, which could break the example build/runtime despite being non-production code.Overview
Updates the
examples/svelte/svelte-vitepackage-lock.jsonto newer SvelteKit ecosystem versions, including@sveltejs/adapter-auto7.0.1(and corresponding@sveltejs/kit2.60.1) plusdevalue5.8.1.This refreshes several transitive dependencies (e.g.,
cookie,set-cookie-parser,sirv,acorn) and drops some no-longer-needed packages, aligning the lockfile with newer peer deps and Node >=18 requirements.Reviewed by Cursor Bugbot for commit 7e9c434. Bugbot is set up for automated code reviews on this repo. Configure here.