IS-11486 Update dependencies#241
Merged
Merged
Conversation
This was referenced Jun 19, 2026
Closed
Contributor
There was a problem hiding this comment.
Pull request overview
Updates several workspace package.json files in the ui-kit monorepo to incorporate Dependabot-driven dependency version bumps (without merging the original Dependabot PRs).
Changes:
- Bump core runtime deps in Self Service Portal (e.g.,
react-dom,react-router,react-i18next,i18next,react-error-boundary). - Update dev/test tooling deps across workspaces (e.g.,
cypress,jsdom,stylelint-config-standard,@types/react-dom). - Update CSS docs site deps (e.g.,
astro,react-dom).
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/self-service-portal/app/package.json | Dependency bumps for the self-service portal app (React ecosystem + tooling). |
| src/haapi-react-app/package.json | Updates React DOM/types and jsdom for the HAAPI React app. |
| src/common/css/docs/package.json | Updates Astro + React DOM/types for the CSS docs site. |
| src/common/component-library/package.json | Updates react-router/jsdom/stylelint config and adjusts React peer dependency constraints. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
647c2f1 to
1e65973
Compare
luisgoncalves
commented
Jun 19, 2026
urre
approved these changes
Jun 22, 2026
urre
reviewed
Jun 22, 2026
slunker
approved these changes
Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Brings in the direct dependency (
package.json) updates that Dependabot opened PRs for, applied directly to this branch instead of merging the Dependabot PRs.Why not just merge the Dependabot PRs?
The open Dependabot PRs target the wrong base branch — the Dependabot configuration was changed after those PRs were created, so their diffs are computed against an outdated base and can't be merged cleanly (several even contain garbled hunks, e.g. a spurious
reactdowngrade). Instead, the version bumps were re-applied by hand to the correct dependency declarations in the working tree, preserving the^ranges. Lock file changes were intentionally excluded —package-lock.jsonis regenerated vianpm installagainst these new ranges.Dependency changes
(Slash-separated versions correspond to the listed files in the same order.
ssp= self-service-portal/app.)Lock-file-only Dependabot PRs (not included here)
These PRs only touched
package-lock.json(transitive dependency bumps with nopackage.jsonchange), so there was nothing specific to bring in, since the lock file was also regenerated for this PR:🤖 Generated with Claude Code