Skip to content

chore(deps): lock file maintenance#184

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/lock-file-maintenance
Open

chore(deps): lock file maintenance#184
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/lock-file-maintenance

Conversation

@renovate

@renovate renovate Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Summary by CodeRabbit

  • Style
    • Reformatted several type definitions for consistency and readability.
    • No functional behavior, available options, or user-facing flows were changed.

@renovate renovate Bot added the dependencies label Jul 1, 2026
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b7d92a95-4247-450a-8a71-35a7c0f1d212

📥 Commits

Reviewing files that changed from the base of the PR and between f9269e5 and fb6bb78.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (6)
  • evals/intent-discovery/corpus/tasks.ts
  • evals/intent-discovery/harness/intent-hooks/hook-core.d.mts
  • packages/intent/src/commands/install/guidance.ts
  • packages/intent/src/core/source-policy.ts
  • packages/intent/src/hooks/types.ts
  • packages/intent/src/skills/use.ts

📝 Walkthrough

Walkthrough

This PR reformats six string/object union type declarations across evals and packages/intent source files, converting multi-line leading-pipe union syntax into single-line inline-pipe syntax. No type members, exported API shapes, or runtime logic are changed.

Changes

Type Union Formatting

Layer / File(s) Summary
Collapse multi-line unions to single-line
evals/intent-discovery/corpus/tasks.ts, evals/intent-discovery/harness/intent-hooks/hook-core.d.mts, packages/intent/src/commands/install/guidance.ts, packages/intent/src/core/source-policy.ts, packages/intent/src/hooks/types.ts, packages/intent/src/skills/use.ts
Six union type declarations (IntentDiscoveryFixture, GateDecision, WriteIntentSkillsBlockResult, LoadRefusalCode, HookDecision, SkillUseParseErrorCode) reformatted from multi-line to single-line union syntax; no member or logic changes.

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

  • KevinVandy
  • schiller-manuel

A rabbit hopped through lines of code,
Squishing pipes into one tidy road. 🐇
No meaning lost, just fewer breaks,
Tidier unions for goodness' sake!
Hop, hop, format — done with grace. ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Title check ⚠️ Warning The title says lock file maintenance, but the PR only reformats TypeScript union types and does not touch lock files. Rename it to reflect the real change, e.g. chore: reformat exported union type declarations.
Description check ⚠️ Warning The description is missing the required template sections and leaves the checklist and release impact mostly unfilled. Add the 🎯 Changes, ✅ Checklist, and 🚀 Release Impact sections and clearly describe the actual formatting-only updates.
✅ Passed checks (3 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/lock-file-maintenance

Comment @coderabbitai help to get the list of available commands.

@nx-cloud

nx-cloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit c044679

Command Status Duration Result
nx run-many --targets=build --exclude=examples/** ✅ Succeeded <1s View ↗

☁️ Nx Cloud last updated this comment at 2026-07-01 01:08:16 UTC

@pkg-pr-new

pkg-pr-new Bot commented Jul 1, 2026

Copy link
Copy Markdown

Open in StackBlitz

npm i https://pkg.pr.new/TanStack/intent/@tanstack/intent@184

commit: fb6bb78

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednx@​22.7.65910093100100
Added@​types/​node@​25.9.41001008196100
Addedtsdown@​0.22.3981008896100
Addedsherif@​1.12.09910010090100
Addedsemver@​7.8.510010010094100
Addedknip@​6.23.0991009596100
Added@​codspeed/​vitest-plugin@​5.7.1971009896100
Addedverdaccio@​6.7.49710010097100
Updatedprettier@​3.9.4 ⏵ 3.9.3991009799100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/vitest@4.1.8npm/tsdown@0.22.3npm/nx@22.7.6npm/@codspeed/vitest-plugin@5.7.1npm/knip@6.23.0npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @verdaccio/ui-theme is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/verdaccio@6.7.4npm/@verdaccio/ui-theme@9.0.0-next-9.20

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@verdaccio/ui-theme@9.0.0-next-9.20. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm cheerio is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/markdown-link-extractor@4.0.3npm/cheerio@1.2.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cheerio@1.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm htmlparser2 is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/markdown-link-extractor@4.0.3npm/htmlparser2@10.1.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/htmlparser2@10.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm nx is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/nx@22.7.6

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/nx@22.7.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Low adoption: npm @humanfs/types

Location: Package overview

From: pnpm-lock.yamlnpm/eslint@9.39.4npm/@humanfs/types@0.15.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@humanfs/types@0.15.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants