Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Dependency ReviewThe following issues were found:
|
There was a problem hiding this comment.
Pull request overview
This PR aims to address Dependabot security warnings in the monorepo by updating tooling dependencies and enforcing patched transitive versions via Yarn resolutions/lockfile updates.
Changes:
- Bump
rollupdevDependency from^2.79.2to^2.80.0. - Add Yarn
resolutionsoverrides forserialize-javascript@7.0.3andminimatch@3.1.3. - Update
yarn.lockaccordingly (including workspace entry and dependency graph changes).
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updates build tooling version and adds resolutions pins intended to remediate vulnerable transitive deps. |
| yarn.lock | Regenerates/adjusts lock entries to reflect the new rollup version and enforced resolutions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
examples/testbench/package.json:20
- This workspace now uses
next15.5.14, buteslint-config-nextis still pinned to 14.1.0 in devDependencies. Consider aligning them (or otherwise validating lint config compatibility) to avoid unexpected lint/ruleset mismatches.
"next": "15.5.14",
"react": "^18.0.0",
"react-dom": "^18.0.0",
"viem": "^2.23.2",
"wagmi": "^2.14.11"
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "connectkit": "workspace:packages/connectkit", | ||
| "connectkit-next-siwe": "workspace:packages/connectkit-next-siwe", | ||
| "next": "14.2.32", | ||
| "next": "15.5.14", | ||
| "react": "^18.0.0", | ||
| "react-dom": "^18.0.0", |
There was a problem hiding this comment.
This example updates to next@15.5.14, but keeps eslint-config-next on 12.3.0 (and thus @next/eslint-plugin-next@12.3.0). That combination is likely to produce incorrect or failing next lint behavior. Update eslint-config-next to a compatible v15 release for this workspace when bumping Next major versions.
| "@types/react": "^18.2.43", | ||
| "eslint": "^8.15.0", | ||
| "eslint-config-next": "^14.0.4", | ||
| "next": "^14.2.32", | ||
| "next": "^15.5.14", | ||
| "typescript": "^5.0.4" |
There was a problem hiding this comment.
This workspace is now on next@15.5.14 but eslint-config-next remains on a v14 range. To keep next lint aligned with the installed Next major, update eslint-config-next to a v15 release in this workspace as well.
examples/nextjs-app/package.json
Outdated
| @@ -22,7 +22,7 @@ | |||
| "@types/react": "^18.2.43", | |||
| "eslint": "^8.15.0", | |||
| "eslint-config-next": "^14.0.4", | |||
There was a problem hiding this comment.
This workspace is now on next@15.5.14 but eslint-config-next remains on a v14 range. To keep next lint aligned with the installed Next major, update eslint-config-next to a v15 release in this workspace as well.
| "eslint-config-next": "^14.0.4", | |
| "eslint-config-next": "^15.0.0", |
| "connectkit-next-siwe": "workspace:packages/connectkit-next-siwe", | ||
| "local-ssl-proxy": "^1.3.0", | ||
| "next": "14.2.32", | ||
| "next": "15.5.14", | ||
| "react": "^18.0.0", |
There was a problem hiding this comment.
This example now depends on next@15.5.14 but keeps eslint-config-next@14.1.0. Consider bumping eslint-config-next to a v15 release here too so next lint uses rules/plugins that match the installed Next major version.
Uh oh!
There was an error while loading. Please reload this page.