Version bumps for security updates

[GTFalcao]

Summary by CodeRabbit

• Chores
  • Bumped package versions across Mailjet, Pipedream Utils (action), Twilio, WooCommerce (and its action), Verdict service, RSS, and UPS — maintenance releases with no user-facing behavior changes.
  • RSS now uses its HTTP client as a runtime dependency (packaging/runtime adjustment).
  • UPS adds a new runtime dependency (installation/runtime adjustment).

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
pipedream-docs	Ignored			Nov 12, 2025 10:07pm
pipedream-docs-redirect-do-not-edit	Ignored			Nov 12, 2025 10:07pm

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Patch version bumps across multiple component packages and two action metadata files; components/rss/package.json moves axios from devDependencies to dependencies and removes @types/axios; components/ups/package.json adds uuid. components/verdict_as_a_service/app/verdict_as_a_service.app.ts updates an import and local type annotation; no runtime logic changes.

Changes

Cohort / File(s)	Change Summary
Package Version Updates components/mailjet/package.json, components/pipedream_utils/package.json, components/twilio/package.json, components/woocommerce/package.json, components/rss/package.json, components/ups/package.json, components/verdict_as_a_service/package.json	Version fields incremented (mailjet: 0.4.3 → 0.4.4; pipedream_utils: 0.0.9 → 0.0.10; twilio: 0.6.2 → 0.6.3; woocommerce: 0.0.7 → 0.0.8; rss: 0.5.10 → 0.5.11; ups: 0.1.0 → 0.1.1; verdict_as_a_service: 0.0.4 → 0.0.5).
Action Metadata Version Updates components/pipedream_utils/actions/prettify-json/prettify-json.mjs, components/woocommerce/actions/search-customers/search-customers.mjs	Version fields in exported action metadata incremented (prettify-json: 0.0.2 → 0.0.3; search-customers: 0.0.3 → 0.0.4).
Dependency Changes components/rss/package.json, components/ups/package.json	components/rss: removed devDependency @types/axios and added axios to dependencies. components/ups: added dependency uuid: ^13.0.0.
Import / Type Annotation components/verdict_as_a_service/app/verdict_as_a_service.app.ts	Replaced prior import with a default import from gdata-vaas as gdataVaas, re-exported Vaas, VAAS_URL, and ClientCredentialsGrantAuthenticator from it, and changed a local variable type annotation to gdataVaas.Vaas. No behavioral changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Areas to pay extra attention:

• components/rss/package.json — moving axios to runtime and removing @types/axios (runtime availability, bundling, and TypeScript typing impacts).
• components/ups/package.json — new uuid dependency (ensure correct usage and compatibility).
• components/verdict_as_a_service/app/verdict_as_a_service.app.ts — import and type annotation change (verify types and re-exports are correct).
• Confirm version bump policy and changelog/release notes for each component.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is empty, failing to provide any context, rationale, or explanation for the version bumps and security updates.	Add a description following the template with a 'WHY' section explaining the security updates, affected components, and any breaking changes or migration notes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Version bumps for security updates' accurately describes the changeset, which consists entirely of version bumps across multiple components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between df9923d and 97fb931.

📒 Files selected for processing (2)

• components/verdict_as_a_service/app/verdict_as_a_service.app.ts (2 hunks)
• components/verdict_as_a_service/package.json (1 hunks)

🔇 Additional comments (1)

components/verdict_as_a_service/package.json (1)

3-3: Version bump looks correct, but verify alignment with PR objectives.

The patch version bump from 0.0.4 to 0.0.5 is appropriate. However, the PR title mentions "security updates," yet no dependency versions were updated in this file. Ensure that security-related changes (if any) have been applied consistently across the PR.

[michelle0927]

@jcortes I hope you don't mind that I went ahead and reviewed this since it's just version updates.
@GTFalcao LGTM!