build(deps): Bump the all-deps group across 1 directory with 9 updates by dependabot[bot] · Pull Request #16 · teocomyn/commerce-agent-protocol

dependabot · 2026-05-04T10:19:53Z

Bumps the all-deps group with 9 updates in the / directory:

Package	From	To
@types/node	`22.19.15`	`22.19.17`
turbo	`2.9.6`	`2.9.8`
@hono/node-server	`1.19.11`	`1.19.14`
bullmq	`5.76.4`	`5.76.5`
hono	`4.12.15`	`4.12.16`
tsc-alias	`1.8.16`	`1.8.17`
lucide-react	`0.400.0`	`0.577.0`
next	`15.5.14`	`15.5.15`
postcss	`8.5.12`	`8.5.13`

Updates @types/node from 22.19.15 to 22.19.17

Commits

See full diff in compare view

Updates turbo from 2.9.6 to 2.9.8

Release notes

Sourced from turbo's releases.

Turborepo v2.9.8

What's Changed

@turbo/repository

chore: Update to Rust 1.95.0 by @ognevny in vercel/turborepo#12636

Changelog

release(turborepo): 2.9.7 by @github-actions[bot] in vercel/turborepo#12679

test: Add regression for gitignored output restore by @anthonyshew in vercel/turborepo#12681

docs: Clarify root task guidance by @anthonyshew in vercel/turborepo#12683

fix: Preserve concrete dependency precedence by @anthonyshew in vercel/turborepo#12682

release(turborepo): 2.9.8-canary.1 by @github-actions[bot] in vercel/turborepo#12685

fix: Resolve Yarn catalog affected packages by @anthonyshew in vercel/turborepo#12684

release(turborepo): 2.9.8-canary.2 by @github-actions[bot] in vercel/turborepo#12687

fix: Preserve Bun prune lockfile validity by @anthonyshew in vercel/turborepo#12686

release(turborepo): 2.9.8-canary.3 by @github-actions[bot] in vercel/turborepo#12689

fix: Create prune docker bin stubs by @anthonyshew in vercel/turborepo#12688

release(turborepo): 2.9.8-canary.4 by @github-actions[bot] in vercel/turborepo#12690

fix: Keep tbx shell connections stable by @anthonyshew in vercel/turborepo#12692

perf: Reduce turbo watch hash memory spikes by @anthonyshew in vercel/turborepo#12695

release(turborepo): 2.9.8-canary.5 by @github-actions[bot] in vercel/turborepo#12696

fix: Reduce parent-death watchdog CPU usage by @anthonyshew in vercel/turborepo#12697

release(turborepo): 2.9.8-canary.6 by @github-actions[bot] in vercel/turborepo#12698

Full Changelog: vercel/turborepo@v2.9.7...v2.9.8

Turborepo v2.9.8-canary.6

What's Changed

Changelog

release(turborepo): 2.9.8-canary.5 by @github-actions[bot] in vercel/turborepo#12696

fix: Reduce parent-death watchdog CPU usage by @anthonyshew in vercel/turborepo#12697

Full Changelog: vercel/turborepo@v2.9.8-canary.5...v2.9.8-canary.6

Turborepo v2.9.8-canary.5

What's Changed

@turbo/repository

chore: Update to Rust 1.95.0 by @ognevny in vercel/turborepo#12636

Changelog

release(turborepo): 2.9.8-canary.4 by @github-actions[bot] in vercel/turborepo#12690

fix: Keep tbx shell connections stable by @anthonyshew in vercel/turborepo#12692

perf: Reduce turbo watch hash memory spikes by @anthonyshew in vercel/turborepo#12695

... (truncated)

Commits

3a77153 publish 2.9.8 to registry
3895eef release(turborepo): 2.9.8-canary.6 (#12698)
97706ca fix: Reduce parent-death watchdog CPU usage (#12697)
fe78c2c release(turborepo): 2.9.8-canary.5 (#12696)
dab9979 perf: Reduce turbo watch hash memory spikes (#12695)
8451e86 fix: Keep tbx shell connections stable (#12692)
c392227 chore: Update to Rust 1.95.0 (#12636)
c37b3ff release(turborepo): 2.9.8-canary.4 (#12690)
364c177 fix: Create prune docker bin stubs (#12688)
1b7b8a9 release(turborepo): 2.9.8-canary.3 (#12689)
Additional commits viewable in compare view

Updates @hono/node-server from 1.19.11 to 1.19.14

Release notes

Sourced from @hono/node-server's releases.

v1.19.14

What's Changed

fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

chore: ignore claude setting by @yusukebe in honojs/node-server#314

fix: request draining for early 413 responses by @usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

Commits

b5e63a3 1.19.14
c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
fd64e65 1.19.13
025c30f Merge commit from fork
6cdb5a7 1.19.12
70250f7 fix: request draining for early 413 responses (#329)
cfc08b3 chore: ignore claude setting (#314)
See full diff in compare view

Updates bullmq from 5.76.4 to 5.76.5

Release notes

Sourced from bullmq's releases.

v5.76.5

5.76.5 (2026-05-02)

Bug Fixes

deps: update dependency msgpackr to v1.11.12 (#3939) (b47f00b)

Commits

b47f00b fix(deps): update dependency msgpackr to v1.11.12 (#3939)
009c2e8 docs: update bullmq-pro changelog for version v7.45.0 (#4141)
355f640 chore(release): vpy2.25.0 (#4128)
f7e7386 chore(release): 5.76.4 (#4127)
cfbbf72 ci(test): use randomUUID instead of v4 (#4129)
54311e5 feat(queue): add skipVersionCheck and skipWaitingForReady to QueueBaseOptions...
ecb7b92 docs(queue-meta): add JSDoc to QueueMeta interface and fields (#4124)
e5dd52d docs(scripts): add JSDoc to key public methods (#4089)
See full diff in compare view

Updates hono from 4.12.15 to 4.12.16

Release notes

Sourced from hono's releases.

v4.12.16

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

Commits

90d4182 4.12.16
db05b96 Merge commit from fork
614b834 Merge commit from fork
027e3df fix(method-override): handle Content-Type with charset parameter (#4894)
See full diff in compare view

Updates tsc-alias from 1.8.16 to 1.8.17

Release notes

Sourced from tsc-alias's releases.

v1.8.17 (2025-04-30)

What's Changed

minor typo in README.md by @danielrentz in justkey007/tsc-alias#249

CI by @justkey007 in justkey007/tsc-alias#258

chore(deps): bump minimatch from 10.0.1 to 10.2.5 by @dependabot[bot] in justkey007/tsc-alias#257

New Contributors

@danielrentz made their first contribution in justkey007/tsc-alias#249

@dependabot[bot] made their first contribution in justkey007/tsc-alias#257

Full Changelog: justkey007/tsc-alias@v1.8.16...v1.8.17

Commits

d51d3e6 1.8.17
0b1a906 test: increase timeout for prepareSingleFileReplaceTscAliasPaths test
318b473 Merge pull request #257 from justkey007/dependabot/npm_and_yarn/minimatch-10.2.5
0f67a39 Merge pull request #258 from justkey007/_ci
9aa5362 test: fix prepareSingleFileReplaceTscAliasPaths test to use JS API instead of...
f450e74 chore: update tsconfig.json files in project14 packages to include compiler o...
14aa685 chore: add "skipLibCheck" option to tsconfig.json files in project14 and proj...
57d8c33 chore: add "skipLibCheck" option to tsconfig.json files across multiple projects
b8984a4 chore: update Node.js and pnpm versions in CI workflow
a435cd4 chore(deps): bump minimatch from 10.0.1 to 10.2.5
Additional commits viewable in compare view

Updates lucide-react from 0.400.0 to 0.577.0

Release notes

Sourced from lucide-react's releases.

Version 0.577.0

What's Changed

chore(deps): bump rollup from 4.53.3 to 4.59.0 by @dependabot[bot] in lucide-icons/lucide#4106

fix(repo): correctly ignore docs/releaseMetadata via .gitignore by @bhavberi in lucide-icons/lucide#4100

feat(icons): added ellipse icon by @KISHORE-KUMAR-S in lucide-icons/lucide#3749

New Contributors

@bhavberi made their first contribution in lucide-icons/lucide#4100

@KISHORE-KUMAR-S made their first contribution in lucide-icons/lucide#3749

Full Changelog: lucide-icons/lucide@0.576.0...0.577.0

Version 0.576.0

What's Changed

Added zodiac signs by @karsa-mistmere in lucide-icons/lucide#712

fix(icons): fixes guideline violations in package-* icons. by @karsa-mistmere in lucide-icons/lucide#4074

fix(icons): changed receipt icon by @karsa-mistmere in lucide-icons/lucide#4075

fix(icons): updated cuboid icon tags and categories by @karsa-mistmere in lucide-icons/lucide#4095

fix(icons): changed cuboid icon by @jamiemlaw in lucide-icons/lucide#4098

fix(lucide-font, lucide-static): Fixing stable code points by @ericfennis in lucide-icons/lucide#3894

feat(icons): added fishing-rod icon by @7ender in lucide-icons/lucide#3839

Full Changelog: lucide-icons/lucide@0.575.0...0.576.0

Version 0.575.0

What's Changed

feat(icons): added message-square-check icon by @karsa-mistmere in lucide-icons/lucide#4076

fix(lucide): Fix ESM Module output path in build by @ericfennis in lucide-icons/lucide#4084

feat(icons): added metronome icon by @edwloef in lucide-icons/lucide#4063

fix(icons): remove execution permission of SVG files by @duckafire in lucide-icons/lucide#4053

fix(icons): changed file-pen-line icon by @jguddas in lucide-icons/lucide#3970

feat(icons): added square-arrow-right-exit and square-arrow-right-enter icons by @EthanHazel in lucide-icons/lucide#3958

fix(icons): renamed flip-* to square-centerline-dashed-* by @jguddas in lucide-icons/lucide#3945

New Contributors

@edwloef made their first contribution in lucide-icons/lucide#4063

@duckafire made their first contribution in lucide-icons/lucide#4053

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

Version 0.574.0

What's Changed

fix(icons): changed rocking-chair icon by @jamiemlaw in lucide-icons/lucide#3445

fix(icons): flipped coins icon by @jguddas in lucide-icons/lucide#3158

feat(icons): added x-line-top icon by @jguddas in lucide-icons/lucide#2838

feat(icons): added mouse-left icon by @marvfash in lucide-icons/lucide#2788

feat(icons): added mouse-right icon by @marvfash in lucide-icons/lucide#2787

New Contributors

... (truncated)

Commits

f6c0d06 chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)
67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
076e0bb chore(dependencies): Update dependencies (#3809)
80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
e71198d chore: icon alias improvements (#2861)
3e644fd chore(scripts): Refactor scripts to typescript (#3316)
19fa01b build(deps-dev): bump vite from 6.3.2 to 6.3.4 (#3181)
03eb862 use implicit return in react package (#2325)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for lucide-react since your current version.

Updates next from 15.5.14 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

Commits

412eb90 v15.5.15
cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
fffef9e Fix CI for glibc linux builds
See full diff in compare view

Updates postcss from 8.5.12 to 8.5.13

Release notes

Sourced from postcss's releases.

8.5.13

Fixed postcss-scss commend regression.

Changelog

Sourced from postcss's changelog.

8.5.13

Fixed postcss-scss commend regression.

Commits

af58cf1 Release 8.5.13 version
f227dbd Temporary ignore pnpm 11 config
d3abd40 Update dependencies
dd06c3e Revert stringifier changes because of the conflict with postcss-scss
ae889c8 Try to fix CI
e0093e4 Move to pnpm 11
See full diff in compare view

dependabot · 2026-05-04T10:19:53Z

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

vercel · 2026-05-04T10:19:56Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
commerce-agent-protocol	Error		May 4, 2026 10:48am
commerce-agent-protocol-site	Ready	Preview, Comment	May 4, 2026 10:48am

cubic-dev-ai

No issues found across 5 files

Bumps the all-deps group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.19.15` | `22.19.17` | | [turbo](https://github.com/vercel/turborepo) | `2.9.6` | `2.9.8` | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.14` | | [bullmq](https://github.com/taskforcesh/bullmq) | `5.76.4` | `5.76.5` | | [hono](https://github.com/honojs/hono) | `4.12.15` | `4.12.16` | | [tsc-alias](https://github.com/justkey007/tsc-alias) | `1.8.16` | `1.8.17` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.400.0` | `0.577.0` | | [next](https://github.com/vercel/next.js) | `15.5.14` | `15.5.15` | | [postcss](https://github.com/postcss/postcss) | `8.5.12` | `8.5.13` | Updates `@types/node` from 22.19.15 to 22.19.17 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `turbo` from 2.9.6 to 2.9.8 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.6...v2.9.8) Updates `@hono/node-server` from 1.19.11 to 1.19.14 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.11...v1.19.14) Updates `bullmq` from 5.76.4 to 5.76.5 - [Release notes](https://github.com/taskforcesh/bullmq/releases) - [Commits](taskforcesh/bullmq@v5.76.4...v5.76.5) Updates `hono` from 4.12.15 to 4.12.16 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.15...v4.12.16) Updates `tsc-alias` from 1.8.16 to 1.8.17 - [Release notes](https://github.com/justkey007/tsc-alias/releases) - [Commits](justkey007/tsc-alias@v1.8.16...v1.8.17) Updates `lucide-react` from 0.400.0 to 0.577.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.577.0/packages/lucide-react) Updates `next` from 15.5.14 to 15.5.15 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.14...v15.5.15) Updates `postcss` from 8.5.12 to 8.5.13 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.12...8.5.13) --- updated-dependencies: - dependency-name: "@hono/node-server" dependency-version: 1.19.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: "@types/node" dependency-version: 22.19.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: bullmq dependency-version: 5.76.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: hono dependency-version: 4.12.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: lucide-react dependency-version: 0.577.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: next dependency-version: 15.5.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: postcss dependency-version: 8.5.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: tsc-alias dependency-version: 1.8.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: turbo dependency-version: 2.9.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-11T18:08:12Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot requested a review from teocomyn as a code owner May 4, 2026 10:19

cubic-dev-ai Bot reviewed May 4, 2026

View reviewed changes

vercel Bot had a problem deploying to Preview – commerce-agent-protocol May 4, 2026 10:21 Failure

vercel Bot deployed to Preview – commerce-agent-protocol-site May 4, 2026 10:22 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/all-deps-2f77675d58 branch from 4a7711f to d6b0dd7 Compare May 4, 2026 10:47

vercel Bot deployed to Preview May 4, 2026 10:48 View deployment

dependabot Bot closed this May 11, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/all-deps-2f77675d58 branch May 11, 2026 18:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump the all-deps group across 1 directory with 9 updates#16

build(deps): Bump the all-deps group across 1 directory with 9 updates#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-deps-2f77675d58

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

vercel Bot commented May 4, 2026 •

edited

Loading

Uh oh!

cubic-dev-ai Bot left a comment

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Turborepo v2.9.8

What's Changed

@​turbo/repository

Changelog

Turborepo v2.9.8-canary.6

What's Changed

Changelog

Turborepo v2.9.8-canary.5

What's Changed

@​turbo/repository

Changelog

v1.19.14

What's Changed

v1.19.13

Security Fix

v1.19.12

What's Changed

v5.76.5

5.76.5 (2026-05-02)

Bug Fixes

v4.12.16

Security fixes

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

bodyLimit() can be bypassed for chunked / unknown-length requests

v1.8.17 (2025-04-30)

What's Changed

New Contributors

Version 0.577.0

What's Changed

New Contributors

Version 0.576.0

What's Changed

Version 0.575.0

What's Changed

New Contributors

Version 0.574.0

What's Changed

New Contributors

v15.5.15

8.5.13

8.5.13

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Labels

Uh oh!

vercel Bot commented May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading

`@turbo/repository`

`@turbo/repository`

vercel Bot commented May 4, 2026 •

edited

Loading