fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
@prisma/adapter-neon (source)	dependencies	minor	5.14.0 -> 5.15.0
@prisma/client (source)	dependencies	minor	5.14.0 -> 5.15.0
@relative-ci/agent (source)	devDependencies	patch	4.2.7 -> 4.2.8
@storybook/addon-a11y (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/addon-essentials (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/addon-interactions (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/addon-links (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/addon-viewport (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/blocks (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/nextjs (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/react (source)	devDependencies	patch	8.1.3 -> 8.1.6
@storybook/test (source)	dependencies	patch	8.1.3 -> 8.1.6
@types/node (source)	devDependencies	minor	20.12.12 -> 20.14.2
@types/react (source)	devDependencies	patch	18.3.2 -> 18.3.3
@typescript-eslint/eslint-plugin (source)	devDependencies	minor	7.10.0 -> 7.12.0
@typescript-eslint/parser (source)	devDependencies	minor	7.10.0 -> 7.12.0
@vercel/analytics (source)	dependencies	patch	1.3.0 -> 1.3.1
@vercel/speed-insights (source)	dependencies	patch	1.0.10 -> 1.0.11
chromatic (source)	devDependencies	minor	11.4.0 -> 11.5.3
eslint-plugin-react	devDependencies	patch	7.34.1 -> 7.34.2
eslint-plugin-turbo (source)	devDependencies	patch	1.13.3 -> 1.13.4
knip (source)	devDependencies	minor	5.16.0 -> 5.17.4
lint-staged	devDependencies	patch	15.2.4 -> 15.2.5
nextjs-routes	dependencies	minor	2.1.0 -> 2.2.0
node (source)		minor	20.13.1 -> 20.14.0
pnpm (source)	packageManager	minor	9.1.2 -> 9.2.0
prettier (source)	devDependencies	minor	3.2.5 -> 3.3.1
prisma (source)	devDependencies	minor	5.14.0 -> 5.15.0
storybook (source)	devDependencies	patch	8.1.3 -> 8.1.6
tsx	devDependencies	minor	4.11.0 -> 4.12.0
turbo (source)	devDependencies	patch	1.13.3 -> 1.13.4
type-fest	devDependencies	minor	4.18.2 -> 4.19.0

---

Release Notes

prisma/prisma (@​prisma/adapter-neon)

v5.15.0

Compare Source

Today, we are excited to share the 5.15.0 stable release 🎉

🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟

Highlights

Multi-File Prisma Schema support

Prisma ORM 5.15.0 features support for multi-file Prisma Schema in Preview.

This closes a long standing issue and does so in a clean and easy to migrate way.

To get started:

1. Enable the prismaSchemaFolder Preview feature by including it in the previewFeatures field of your generator.

   datasource db {
     provider = "postgresql"
     url      = env("DATABASE_URL")
   }
   
   generator client {
     provider        = "prisma-client-js"
     previewFeatures = ["prismaSchemaFolder"]
   }
   

2. Create a schema subdirectory under your prisma directory.
3. Move your schema.prisma into this directory.

You are now set up with a multi-file Prisma Schema! Add as many or as few .prisma files to the new prisma/schema directory.

When running commands where a Prisma Schema file is expected to be provided, you can now define a Prisma Schema directory. This includes Prisma CLI commands that use the --schema option as well as defining schema via package.json

Our tooling has also been updated to handle multiple Prisma Schema files. This includes our Visual Studio Code extension and tools like database introspection, which will deposit new models in a introspected.prisma file. Existing models will be updated in the file they are found.

To learn more, please refer to our official documentation and announcement blog post. If you try out prismaSchemaFolder, please let us know!

Interesting Bug Fixes

Fix for PostgreSQL prepared statement caching for raw queries

This release fixes a nasty bug with the caching of prepared statements in raw Prisma Client queries that affected PostgreSQL when you ran the same SQL statement with differently typed paramters. This should not fail any more.

Fix for SQL Server introspection of (deprecated) CREATE DEFAULT

Our Introspection logic crashed on encountering certain multi-line CREATE DEFAULT, a deprecated way to define defaults in SQL Server. As many SQL Server users are working with established databases, this happened frequently enough that we now explicitly ignore these defaults instead of crashing.

Fix for Cloudflare D1’s lower parameter limit

Cloudflare’s D1 has a lower parameter limit than local SQLite, which caused bigger queries to fail. We adapted that limit to the D1 default for @prisma/adapter-d1, which will avoid such failures.

Fix for Cloudflare D1’s different PRAGMA support

Our generated migration SQL for SQLite did not always work for Cloudflare D1, because of differences in the supported pragmas. We adapted the SQL to work in both local SQLite and Cloudflare D1.

Fixes and improvements

Prisma Migrate

• Crash on multiline defaults introspection on MSSQL
• Error: [libs\sql-schema-describer\src\mssql.rs:315:30] called Result::unwrap() on an Err value: "Couldn't parse default value: create default [dbo].[member_notification_cancel_flags] as 0\r\n"
• Error: [libs\sql-schema-describer\src\mssql.rs:315:30] called Result::unwrap() on an Err value: "Couldn't parse default value: create default d_password as 'D,73' "
• Crash introspecting MSSQL database with DEFAULTs
• doing introspection on a SQL Server 2018 DB - for Dynamic GP get the following error.
• Error: [libs\sql-schema-describer\src\mssql.rs:317:30] called Result::unwrap() on an Err value: "Couldn't parse default value: \r\ncreate default D_BIT_OFF\r\nas 0\r\n"
• Error: called Result::unwrap() on an Err value: "Couldn't parse default value in SQL Server
• db pull errors on SQL Server with Error: [libs\sql-schema-describer\src\mssql.rs:336:30] called Result::unwrap()on anErr value: "Couldn't parse default value: [...]
• Error: [libs\sql-schema-describer\src\mssql.rs:336:30] called Result::unwrap() on an Err value: "Couldn't parse default value: \r\ncreate default [va_nulla] as 0\r\n"
• Error when pulling from database
• Foreign key relation results in erroneous second migration
• db pull can't parse script setting default value
• Bug: Migrations not compatible with D1
• SQL Server Introspection crashes on multi-line (deprecated) defaults

Prisma Client

• Raw query failed. Code: 22P03. Message: db error: ERROR: incorrect binary data format in bind parameter 1
• Float number on raw query: incorrect binary data format in bind parameter 1
• Can't use Prisma client in Next.js middleware, even when deploying to Node.js
• Prepared statement caching is data dependent on numeric input parameters (incorrect binary data format in bind parameter x)
• Turso Driver Adapter: Including _count leads to error
• Next.js app build fails when using Prisma with DB driver in Server Action
• Bug: [D1] Error in performIO: Error: D1_ERROR: too many SQL variables
• Remove warn(prisma-client) This is the 10th instance of Prisma Client being started. warning in Edge (and potentially) other envs)
• $executeRawUnsafe: incorrect binary data format in bind parameter 6
• Bug: Error or bug using Prisma with DriverAdapter with PostgreSQL database Neon
• Inconsistent column data: Unexpected conversion failure from Number to BigInt error when using @prisma/adapter-pg
• Incompatibility with NextJS app dir, CloudFlare Pages and D1
• Breaking change? Int switched to being Int32 for MongoDB

Language tools (e.g. VS Code)

• VS Code extension is showing an advertisement
• Generate codelens fails on Windows
• We incorrectly read commented out preview features if they are before the real preview features

Credits

Huge thanks to @​pranayat, @​yubrot, and @​skyzh for helping!

relative-ci/agent (@​relative-ci/agent)

v4.2.8

Compare Source

What's Changed

• Update dependencies by @​vio in https://github.com/relative-ci/agent/pull/1119

Full Changelog: relative-ci/agent@v4.2.7...v4.2.8

storybookjs/storybook (@​storybook/addon-a11y)

v8.1.6

Compare Source

• CLI: Only log the UpgradeStorybookToSameVersionError but continue the upgrade as normal - #​27217, thanks @​kasperpeulen!
• Core: Replace ip function with a small helper function to address security concerns - #​27529, thanks @​tony19!
• Tags: Fix unsafe project-level tags lookup - #​27511, thanks @​shilman!
• Vite: Fix stats-plugin to normalize file names with posix paths - #​27218, thanks @​AlexAtVista!

v8.1.5

Compare Source

• CSF-Tools: Fix export specifier bug - #​27418, thanks @​valentinpalkovic!
• Dependency: Upgrade tempy - #​27366, thanks @​mnigh!
• Tags: Refine composition behavior - #​27379, thanks @​shilman!
• Theming: Fix self-referencing type - #​27155, thanks @​SimenB!

v8.1.4

Compare Source

• Angular: Revert style adjustments - #​27361, thanks @​valentinpalkovic!
• Svelte: Support latest prerelease - #​27378, thanks @​valentinpalkovic!
• Tags: Fix composition with older storybooks - #​27358, thanks @​shilman!
• Vite: Fix HMR issue for Storybook preview files - #​27256, thanks @​valentinpalkovic!

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v7.12.0

Compare Source

🚀 Features

• eslint-plugin: [no-useless-template-literals] rename to no-useless-template-expression (deprecate no-useless-template-literals)

• rule-tester: check for parsing errors in suggestion fixes

• rule-tester: port checkDuplicateTestCases from ESLint

• eslint-plugin: [no-floating-promises] add option 'allowForKnownSafePromises'

🩹 Fixes

• no-useless-template-expression -> no-unnecessary-template-expression

• eslint-plugin: [no-unnecessary-type-assertion] combine template literal check with const variable check

• eslint-plugin: [dot-notation] fix false positive when accessing private/protected property with optional chaining

• eslint-plugin: [explicit-member-accessibility] refine report locations

• eslint-plugin: [no-unnecessary-type-assertion] declares are always defined, so always check declares

• eslint-plugin: [prefer-literal-enum-member] allow using member it self on allowBitwiseExpressions

• eslint-plugin: [return-await] clean up in-try-catch detection and make autofixes safe

• eslint-plugin: [member-ordering] also TSMethodSignature can be get/set

❤️ Thank You

• Abraham Guo
• Han Yeong-woo
• Joshua Chen
• Kim Sang Du
• Kirk Waiblinger
• YeonJuan

You can read about our versioning strategy and releases on our website.

v7.11.0

Compare Source

🚀 Features

• eslint-plugin: deprecate prefer-ts-expect-error in favor of ban-ts-comment

🩹 Fixes

• eslint-plugin: [consistent-type-assertions] prevent syntax errors on arrow functions

❤️ Thank You

• Abraham Guo
• auvred
• Dom Armstrong
• Kirk Waiblinger

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v7.12.0

Compare Source

🩹 Fixes

• types: correct typing ParserOptions

❤️ Thank You

• Abraham Guo
• Han Yeong-woo
• Joshua Chen
• Kim Sang Du
• Kirk Waiblinger
• YeonJuan

You can read about our versioning strategy and releases on our website.

v7.11.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vercel/analytics (@​vercel/analytics)

v1.3.1

Compare Source

What's Changed

• fix: nextjs parallel routes with catchall isn't supported by @​feugy in https://github.com/vercel/analytics/pull/141

Full Changelog: vercel/analytics@1.3.0...1.3.1

vercel/speed-insights (@​vercel/speed-insights)

v1.0.11

Compare Source

What's Changed

• fix: nextjs parallel routes with catchall isn't supported by @​feugy in https://github.com/vercel/speed-insights/pull/69
• fix(#​68): postinstall is failing with no error

Full Changelog: vercel/speed-insights@1.0.10...1.0.11

chromaui/chromatic-cli (chromatic)

v11.5.3

Compare Source

🐛 Bug Fix

• Clean package.json before compiling into source #​1003 (@​ghengeveld)

Authors: 1

• Gert Hengeveld (@​ghengeveld)

---

v11.5.2

Compare Source

🐛 Bug Fix

• Chore: Update the RegEx filter to pull out empty strings #​1004 (@​ethriel3695)

Authors: 1

• Reuben Ellis (@​ethriel3695)

---

v11.5.1

Compare Source

🐛 Bug Fix

• Add fallback type for Storybook 6 builder syntax #​1001 (@​ethriel3695 @​ghengeveld)
• Only replace local builds with uncommitted changes #​994 (@​ghengeveld)
• Clean package.json before publishing #​999 (@​ghengeveld)

Authors: 2

• Gert Hengeveld (@​ghengeveld)
• Reuben Ellis (@​ethriel3695)

---

v11.5.0

Compare Source

🚀 Enhancement

• Upgrade Storybook to 8.1 #​989 (@​ethriel3695)

🐛 Bug Fix

• Pass SLACK_WEBHOOK_URL to release script #​992 (@​ghengeveld)

Authors: 2

• Gert Hengeveld (@​ghengeveld)
• Reuben Ellis (@​ethriel3695)

---

v11.4.1

Compare Source

🐛 Bug Fix

• Pass CI=1 environment variable to Storybook build command to disable prompts #​991 (@​ghengeveld)
• Setup Slack plugin for auto to notify on new CLI releases #​990 (@​ghengeveld)

Authors: 1

• Gert Hengeveld (@​ghengeveld)

---

jsx-eslint/eslint-plugin-react (eslint-plugin-react)

v7.34.2

Compare Source

Fixed

• [boolean-prop-naming][boolean-prop-naming]: avoid a crash with a non-TSTypeReference type (#​3718 @​developer-bandi)
• [jsx-no-leaked-render][jsx-no-leaked-render]: invalid report if left side is boolean (#​3746 @​akulsr0)
• [jsx-closing-bracket-location][jsx-closing-bracket-location]: message shows {{details}} when there are no details (#​3759 @​mdjermanovic)
• [no-invalid-html-attribute][no-invalid-html-attribute]: ensure error messages are correct (#​3759 @​mdjermanovic, @​ljharb)

Changed

• [Refactor] create various eslint utils to fix eslint deprecations (#​3759 @​mdjermanovic, @​ljharb)

vercel/turbo (eslint-plugin-turbo)

v1.13.4: Turborepo v1.13.4

Compare Source

What's Changed

Docs

• Update eslint-config package name. by @​anthonyshew in https://github.com/vercel/turbo/pull/8069
• chore(docs): add missing words by @​jeremyadavis in https://github.com/vercel/turbo/pull/8067
• Fix typo in Turborepo task-graph documentation by @​danisal in https://github.com/vercel/turbo/pull/8212

turbo-ignore

• feat(turbo-ignore): don’t fail on single package repos by @​tknickman in https://github.com/vercel/turbo/pull/8177

@​turbo/repository

• chore: differentiate rust changes from building turbo by @​chris-olszewski in https://github.com/vercel/turbo/pull/8001

Examples

• fix(examples): lint docs by @​tknickman in https://github.com/vercel/turbo/pull/8049
• fix(example): Fix Prisma example by @​caaatisgood in https://github.com/vercel/turbo/pull/8046
• chore: move react from devDependency to dependency in design system starter template by @​ghdtjgus76 in https://github.com/vercel/turbo/pull/8159

Changelog

• feat(Turborepo): Be explicit about which binary we failed to find by @​gsoltis in https://github.com/vercel/turbo/pull/8050
• fix(ui): add carraige return after cache log messages by @​chris-olszewski in https://github.com/vercel/turbo/pull/8015
• fix(turborepo): Watch mode not responding to changes by @​NicholasLYang in https://github.com/vercel/turbo/pull/8057
• fix(Turborepo): Make package discovery async, and apply a debouncer by @​gsoltis in https://github.com/vercel/turbo/pull/8058
• fix(Turborepo): Disable inputs support by @​gsoltis in https://github.com/vercel/turbo/pull/8074
• feat(Turborepo): Add support for $TURBO_DEFAULT$ to file hash watcher by @​gsoltis in https://github.com/vercel/turbo/pull/8086
• Remove async-trait from a few crates by @​arlyon in https://github.com/vercel/turbo/pull/8077
• feat(turborepo): Using file hashing for package watching by @​NicholasLYang in https://github.com/vercel/turbo/pull/8104
• add support for cache_timeout as well as timeout by @​arlyon in https://github.com/vercel/turbo/pull/8078
• yield a different warning when the cache upload times out by @​arlyon in https://github.com/vercel/turbo/pull/8079
• fix lockfile by @​sokra in https://github.com/vercel/turbo/pull/8110
• fix(gen): isolate generator to commonjs by @​wesleycoder in https://github.com/vercel/turbo/pull/8109
• fix: properly propigate internal errors by @​chris-olszewski in https://github.com/vercel/turbo/pull/8113
• feat(ui): render ui to alternative screen by @​chris-olszewski in https://github.com/vercel/turbo/pull/8084
• fix(turborepo): Persistent tasks in watch mode by @​NicholasLYang in https://github.com/vercel/turbo/pull/8107
• fix(Turborepo): Fix as_inputs to include ! by @​gsoltis in https://github.com/vercel/turbo/pull/8119
• fix(Turborepo): Handle new packages in lockfile comparisons by @​gsoltis in https://github.com/vercel/turbo/pull/8127
• fix(ui): minor formatting by @​chris-olszewski in https://github.com/vercel/turbo/pull/8136
• feat(turborepo): new ui + watch mode by @​NicholasLYang in https://github.com/vercel/turbo/pull/7962
• fix(turborepo): use transitive closure of filtered packages in watch mode by @​NicholasLYang in https://github.com/vercel/turbo/pull/8161
• add two retry strategies to allow requests to timeout gracefully by @​arlyon in https://github.com/vercel/turbo/pull/8080
• add support for upload speed / remaining in the cache upload step by @​arlyon in https://github.com/vercel/turbo/pull/8081
• chore(@​turbo/benchmark): fix lint warnings by @​mehulkar in https://github.com/vercel/turbo/pull/8233
• chore(turborepo): Feature flagged off file hashing by @​NicholasLYang in https://github.com/vercel/turbo/pull/8229
• chore: downgrade curl to fix Windows rust tests by @​chris-olszewski in https://github.com/vercel/turbo/pull/8242
• fix(turborepo): Remove optional git locks by @​NicholasLYang in https://github.com/vercel/turbo/pull/8244
• fix(turborepo): Optional lock with env var by @​NicholasLYang in https://github.com/vercel/turbo/pull/8247

New Contributors

• @​caaatisgood made their first contribution in https://github.com/vercel/turbo/pull/8046
• @​jeremyadavis made their first contribution in https://github.com/vercel/turbo/pull/8067
• @​wesleycoder made their first contribution in https://github.com/vercel/turbo/pull/8109
• @​ghdtjgus76 made their first contribution in https://github.com/vercel/turbo/pull/8159
• @​danisal made their first contribution in https://github.com/vercel/turbo/pull/8212

Full Changelog: vercel/turbo@v1.13.3...v1.13.4

webpro-nl/knip (knip)

v5.17.4

Compare Source

• Fix up caching (e75f0e9)
• Minor refactor (28b2434)
• Do literal text search in setRefs (closes #​595 #​596 #​664) (6e64d60)
• Refactor to use more maps over objects, move/rename some vars (90fcd4c)
• Add polar to funding.yml (c4bb916)
• Use IMPORT_STAR const (cb9ed83)
• Remove specifier from dep graph and SerializableImports type (474a6f7)
• Add ‘xvfb-run’ as globally available binary (#​662) (87850ea)
• Add ‘aws’ as globally available binary (#​661) (6fd3e46)

v5.17.3

Compare Source

• Add ‘kill’ and ‘ssh’ as globally available binaries (#​660) (5e576a2)
• Remove version selector (9ad1d46)
• Timerify (de)serialize functions (0e04f1e)
• Update docs (935a706)

v5.17.2

Compare Source

• Fix external require.resolve (resolves #​657) (c188a7a)

v5.17.1

Compare Source

• Any is OK (28ad084)
• Fix (de)serialization of maps (resolves #​656) (3ab95ef)
• Fix graphql-codegen config filter (resolves #​658) (24c1355)

v5.17.0

Compare Source

• Fix --watch after refactors (db2a261)
• Improve getHasStrictlyNsReferences and traverse into re-exports (9d75e0d)
• Restore imports in Footer.astro (c836517)

okonet/lint-staged (lint-staged)

v15.2.5

Compare Source

Patch Changes

• #​1424 31a1f95 Thanks @​iiroj! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available.

• #​1423 91abea0 Thanks @​iiroj! - Improve error logging when failing to read or parse a configuration file

• #​1424 ee43f15 Thanks @​iiroj! - Upgrade micromatch@4.0.7

tatethurston/nextjs-routes (nextjs-routes)

v2.2.0

Compare Source

• Add trailingSlash option to route. See #​168
• Fix the generated optional catch all route type. See #​183
• Sort the generated route types lexicographically.

nodejs/node (node)

v20.14.0

Compare Source

pnpm/pnpm (pnpm)

v9.2.0

Compare Source

v9.1.4

Compare Source

v9.1.3

Compare Source

prettier/prettier (prettier)

v3.3.1

Compare Source

diff

Preserve empty lines in front matter (#​16347 by @​fisker)

<!-- Input -->
---
foo:
  - bar1

  - bar2

  - bar3
---
Markdown

<!-- Prettier 3.3.0 -->

---
foo:
  - bar1
  - bar2
  - bar3
---

Markdown

<!-- Prettier 3.3.1 -->
---
foo:
  - bar1

  - bar2

  - bar3
---

Markdown

Preserve explicit language in front matter (#​16348 by @​fisker)

<!-- Input -->
---yaml
title: Hello
slug: home
---

<!-- Prettier 3.3.0 -->
---
title: Hello
slug: home
---

<!-- Prettier 3.3.1 -->
---yaml
title: Hello
slug: home
---

Avoid line breaks in import attributes (#​16349 by @​fisker)

// Input
import something from "./some-very-very-very-very-very-very-very-very-long-path.json" with { type: "json" };

// Prettier 3.3.0
import something from "./some-very-very-very-very-very-very-very-very-long-path.json" with { type:
  "json" };

// Prettier 3.3.1
import something from "./some-very-very-very-very-very-very-very-very-long-path.json" with { type: "json" };

v3.3.0

Compare Source

diff

🔗 Release Notes

privatenumber/tsx (tsx)

v4.12.0

Compare Source

v4.11.2

Compare Source

v4.11.1

Compare Source

vercel/turbo (turbo)

v1.13.4

Compare Source

sindresorhus/type-fest (type-fest)

v4.19.0

Compare Source

v4.18.3

Compare Source

• ConditionalKeys: Fix filtering out never type (#​881) 863511d

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday,before 4am on Thursday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
transmascfutures	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 6, 2024 10:52am

[deepsource-io]

Here's the code health analysis summary for commits cf1d0fe..88a9a03. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Secrets	✅ Success		View Check ↗
JavaScript	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[relativeci]

#124 Bundle Size — 18.74MiB (+0.38%).

88a9a03(current) vs c38056d dev#79(baseline)

Bundle metrics   4 changes 1 regression

	Current #124	Baseline #79
Initial JS	1008.21KiB(+0.04%)	1007.8KiB
Initial CSS	6.61KiB	6.61KiB
Cache Invalidation	2.36%	2.36%
Chunks	20	20
Assets	80(+1.27%)	79
Modules	790(+0.13%)	789
Duplicate Modules	103	103
Duplicate Code	5.61%(-0.18%)	5.62%
Packages	81	81
Duplicate Packages	0	0

Bundle size by type   3 changes 3 regressions

	Current #124	Baseline #79
IMG	17.47MiB (+0.41%)	17.4MiB
JS	1.08MiB (+0.04%)	1.08MiB
Fonts	189.64KiB	189.64KiB
CSS	6.61KiB	6.61KiB
Other	4.07KiB (+0.12%)	4.06KiB

---

Bundle analysis report Branch renovate/all-minor-patch Project dashboard

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@prisma/adapter-neon@5.15.0	None	0	0 B
npm/@prisma/client@5.15.0	None	0	0 B
npm/@storybook/addon-a11y@8.1.6	None	0	0 B
npm/@storybook/addon-essentials@8.1.6	None	0	0 B
npm/@storybook/addon-interactions@8.1.6	None	0	0 B
npm/@storybook/addon-links@8.1.6	None	0	0 B
npm/@storybook/addon-viewport@8.1.6	None	0	0 B
npm/@storybook/blocks@8.1.6	None	0	0 B
npm/@storybook/nextjs@8.1.6	None	0	0 B
npm/@storybook/react@8.1.6	None	0	0 B
npm/@storybook/test@8.1.6	None	0	0 B
npm/@types/node@20.14.2	None	0	0 B
npm/@typescript-eslint/eslint-plugin@7.12.0	None	0	0 B
npm/@typescript-eslint/parser@7.12.0	None	0	0 B
npm/chromatic@11.5.1	None	0	0 B
npm/eslint-plugin-react@7.34.2	filesystem Transitive: environment, eval	+86	5.68 MB	ljharb
npm/eslint-plugin-turbo@1.13.4	environment, eval, filesystem, shell	+1	490 kB	turbobot
npm/knip@5.17.4	Transitive: environment, filesystem, shell	+45	3.48 MB
npm/lint-staged@15.2.5	Transitive: environment, filesystem, shell	+20	922 kB	okonet
npm/nextjs-routes@2.2.0	None	0	0 B
npm/prettier@3.3.1	None	0	0 B
npm/prisma@5.15.0	None	0	0 B
npm/storybook@8.1.6	None	0	0 B
npm/tsx@4.12.0	None	0	0 B
npm/turbo@1.13.4	None	+1	30.6 kB	turbobot
npm/type-fest@4.19.0	None	0	366 kB	sindresorhus

🚮 Removed packages: npm/chromatic@11.4.0, npm/eslint-plugin-react@7.34.1, npm/eslint-plugin-turbo@1.13.3, npm/knip@5.16.0, npm/lint-staged@15.2.4, npm/nextjs-routes@2.1.0, npm/prettier@3.2.5, npm/prisma@5.14.0, npm/storybook@8.1.3, npm/tsx@4.11.0, npm/turbo@1.13.3, npm/type-fest@4.18.2

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/core-js@3.37.1	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	package.json pnpm-lock.yaml
Install scripts	npm/@vercel/speed-insights@1.0.11	Install script: postinstall Source: node scripts/postinstall.mjs	orphan: npm/@vercel/speed-insights@1.0.11
Install scripts	npm/@vercel/speed-insights@1.0.10	Install script: postinstall Source: node scripts/postinstall.mjs	Source
Install scripts	npm/esbuild@0.20.2	Install script: postinstall Source: node install.js	Source
Install scripts	npm/core-js@3.37.0	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	Source
Install scripts	npm/@prisma/client@5.14.0	Install script: postinstall Source: node scripts/postinstall.js	Source
Install scripts	npm/@prisma/engines@5.14.0	Install script: postinstall Source: node scripts/postinstall.js	Source
Install scripts	npm/prisma@5.14.0	Install script: preinstall Source: node scripts/preinstall-entry.js	Source

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/core-js@3.37.1
• @SocketSecurity ignore npm/@vercel/speed-insights@1.0.11
• @SocketSecurity ignore npm/@vercel/speed-insights@1.0.10
• @SocketSecurity ignore npm/esbuild@0.20.2
• @SocketSecurity ignore npm/core-js@3.37.0
• @SocketSecurity ignore npm/@prisma/client@5.14.0
• @SocketSecurity ignore npm/@prisma/engines@5.14.0
• @SocketSecurity ignore npm/prisma@5.14.0

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud