chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 in /tee-worker/omni-executor/client-sdk#3989
Closed
dependabot[bot] wants to merge 1 commit into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
6 tasks
BillyWooo
pushed a commit
that referenced
this pull request
May 22, 2026
Aggregated patch set, all under the rule "no polkadot-sdk, no
enclave/Rust under tee-worker/**/Cargo.*". Only JS/TS/Ruby tooling
touched.
- tee-worker/identity/scripts/changelog/Gemfile.lock
faraday 2.14.1 -> 2.14.2, json 2.19.2 -> 2.19.5 (#3985)
- tee-worker/omni-executor/ts-tests/pnpm-lock.yaml + stress-tests/package.json
systeminformation 5.31.5 -> 5.31.6 (#3984)
fast-uri 3.1.0 -> 3.1.2 (#3987)
brace-expansion 5.0.4/5.0.5 -> 5.0.6 (#3986)
- tee-worker/omni-executor/client-sdk/pnpm-lock.yaml
metadata refresh: deprecated marker for @ungap/structured-clone@1.3.0
(#3988 and #3989; follow-redirects 1.16.0 and brace-expansion 5.0.5
are already present in the lockfile)
- tee-worker/client-api/pnpm-lock.yaml
brace-expansion 5.0.5 -> 5.0.6 (subset of #3991)
- tee-worker/identity/ts-tests/pnpm-lock.yaml
brace-expansion 1.1.12 -> 1.1.14, 2.0.2 -> 2.1.0
fast-uri 3.1.0 -> 3.1.2 (subset of #3991)
- tee-worker/omni-executor/ts-tests/stress-tests/src/dashboard/package.json
next 16.2.3 -> 16.2.6 (subset of #3991, lockfile-less subdir)
Not included:
- #3991's tee-worker/identity/client-sdk/pnpm-lock.yaml change: the
dependabot patch also migrates the lockfile format from v6 to v9
(a 12k-line diff), much bigger than the three packages it claims
to bump. Left for a dedicated PR.
- #3991's tee-worker/omni-executor/contracts/aa/aa-demo-app change
(next 16.2.3 -> 16.2.6): touching that path triggers contract-check,
which fails on a pre-existing anchor-syn 0.32.1 incompatibility with
the runner's rustc (unrelated to this PR; would be fixed by #3992's
anchor-client 0.32 -> 1.0 bump). Left for that cargo bundle to land.
Out of scope: #3990 (older subset of #3991), #3992 (cargo bundle that
spans parachain + tee-worker/omni-executor Rust and includes risky
majors).
Each lockfile validated locally with `pnpm install --frozen-lockfile`.
Kailai-Wang
added a commit
that referenced
this pull request
May 22, 2026
* ci: pin pnpm to 9.15.2 in corepack steps
The fmt and ts-tests jobs run `corepack enable pnpm` at the repo root
where no packageManager field is declared. Corepack downloads the
latest pnpm (11.2.2), which requires Node >= 22.13 and imports
node:sqlite. The CI runner uses Node 20, so `pnpm --version` errors
with ERR_UNKNOWN_BUILTIN_MODULE: node:sqlite, fmt fails, and
andymckay's cancel-action wipes out the rest of the workflow.
Pin the root smoke-test pnpm to 9.15.2 (matches what most subprojects
already declare). Subdirectory commands continue to honor their own
packageManager pins.
* chore(deps): apply safe dependabot bumps
Aggregated patch set, all under the rule "no polkadot-sdk, no
enclave/Rust under tee-worker/**/Cargo.*". Only JS/TS/Ruby tooling
touched.
- tee-worker/identity/scripts/changelog/Gemfile.lock
faraday 2.14.1 -> 2.14.2, json 2.19.2 -> 2.19.5 (#3985)
- tee-worker/omni-executor/ts-tests/pnpm-lock.yaml + stress-tests/package.json
systeminformation 5.31.5 -> 5.31.6 (#3984)
fast-uri 3.1.0 -> 3.1.2 (#3987)
brace-expansion 5.0.4/5.0.5 -> 5.0.6 (#3986)
- tee-worker/omni-executor/client-sdk/pnpm-lock.yaml
metadata refresh: deprecated marker for @ungap/structured-clone@1.3.0
(#3988 and #3989; follow-redirects 1.16.0 and brace-expansion 5.0.5
are already present in the lockfile)
- tee-worker/client-api/pnpm-lock.yaml
brace-expansion 5.0.5 -> 5.0.6 (subset of #3991)
- tee-worker/identity/ts-tests/pnpm-lock.yaml
brace-expansion 1.1.12 -> 1.1.14, 2.0.2 -> 2.1.0
fast-uri 3.1.0 -> 3.1.2 (subset of #3991)
- tee-worker/omni-executor/ts-tests/stress-tests/src/dashboard/package.json
next 16.2.3 -> 16.2.6 (subset of #3991, lockfile-less subdir)
Not included:
- #3991's tee-worker/identity/client-sdk/pnpm-lock.yaml change: the
dependabot patch also migrates the lockfile format from v6 to v9
(a 12k-line diff), much bigger than the three packages it claims
to bump. Left for a dedicated PR.
- #3991's tee-worker/omni-executor/contracts/aa/aa-demo-app change
(next 16.2.3 -> 16.2.6): touching that path triggers contract-check,
which fails on a pre-existing anchor-syn 0.32.1 incompatibility with
the runner's rustc (unrelated to this PR; would be fixed by #3992's
anchor-client 0.32 -> 1.0 bump). Left for that cargo bundle to land.
Out of scope: #3990 (older subset of #3991), #3992 (cargo bundle that
spans parachain + tee-worker/omni-executor Rust and includes risky
majors).
Each lockfile validated locally with `pnpm install --frozen-lockfile`.
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.14 to 5.0.6. - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.14...v5.0.6) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 5.0.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/tee-worker/omni-executor/client-sdk/brace-expansion-5.0.5
branch
from
1becf9c to
e37d240
Compare
6 tasks
Collaborator
|
Superseded by #4004 (consolidated bump). |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/tee-worker/omni-executor/client-sdk/brace-expansion-5.0.5
branch
Kailai-Wang
added a commit
that referenced
this pull request
May 22, 2026
Aggregated patch set under the same rule as #3993: no polkadot-sdk, no enclave/Rust under tee-worker/**/Cargo.*. Only JS/TS tooling touched. - ws bumps (8.x patch, security fixes): - parachain/docker/pnpm-lock.yaml (8.18.2 -> 8.20.1) - parachain/ts-tests/pnpm-lock.yaml (8.20.0 -> 8.20.1) — #3997 - tee-worker/client-api/pnpm-lock.yaml (8.18.2 -> 8.20.1) - tee-worker/identity/scripts/test_transfer/package-lock.json (8.18.2 -> 8.20.1) - tee-worker/identity/ts-tests/{pnpm-lock.yaml,integration-tests, post-checks,worker}/* (8.18.3 -> 8.20.1) - tee-worker/omni-executor/client-sdk/{package.json,pnpm-lock.yaml} (8.20.0 -> 8.20.1) — #3996 - tee-worker/omni-executor/ts-tests/{pnpm-lock.yaml, integration-tests,stress-tests}/* (8.20.0 -> 8.20.1) — #3994 - brace-expansion bumps: - tee-worker/omni-executor/client-sdk: 5.0.5 -> 5.0.6 + balanced-match 4.0.4 dropped (5.0.6 uses 4.0.3) — #3989 - @babel/plugin-transform-modules-systemjs bumps: - tee-worker/omni-executor/client-sdk: 7.29.0 -> 7.29.4 — #3995 Supersedes: #3989, #3994, #3995, #3996, #3997. Partially absorbs #4001 (the npm 6-dir bundle): took its parachain/docker, client-api, identity/scripts/test_transfer, and identity/ts-tests pieces. Excluded on purpose: - #3998 (ws in parachain/scripts/ts-utils): dependabot's patch also drifts lockfile specifiers for @polkadot/{api,util,util-crypto}, prettier, ethers, tsx etc. away from package.json, breaking --frozen-lockfile. Leave for a clean regenerated patch. - #4001's tee-worker/identity/client-sdk/{package.json,pnpm-lock.yaml}: same v6 -> v9 lockfile-format migration as before (~12k-line diff). - #4001's tee-worker/omni-executor/contracts/aa/aa-demo-app/**: triggers contract-check, which still fails on the pre-existing anchor-syn 0.32.1 / rustc incompat. - #4003: both target dirs (identity/client-sdk + aa-demo-app) are off-limits for the above reasons. - #3992, #3999, #4000: cargo bumps under tee-worker/omni-executor (Rust). - #4001 (parent bundle): partially absorbed here; remaining bits left for follow-up. Each lockfile validated locally with `pnpm install --frozen-lockfile`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps brace-expansion from 1.1.14 to 5.0.6.
Release notes
Sourced from brace-expansion's releases.
... (truncated)
Commits
46317b55.0.6c0b095bMerge commit from forkec56020Bump picomatch from 4.0.3 to 4.0.4 (#93)87939015.0.59a02af5Merge commit from forkdaa71bcBump tar from 7.5.10 to 7.5.11 (#92)799e5f7Bump tar from 7.5.9 to 7.5.10 (#90)012c2305.0.4243c491Fix handling of brackets. Closes #87609f858Correct incorrect brace-expansion import (#89)Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.