Skip to content

fix(deps): update npm minor and patch dependencies#754

Open
red-hat-konflux[bot] wants to merge 1 commit intomasterfrom
konflux/mintmaker/master/npm-minor-and-patch-dependencies
Open

fix(deps): update npm minor and patch dependencies#754
red-hat-konflux[bot] wants to merge 1 commit intomasterfrom
konflux/mintmaker/master/npm-minor-and-patch-dependencies

Conversation

@red-hat-konflux
Copy link
Copy Markdown
Contributor

@red-hat-konflux red-hat-konflux bot commented Mar 18, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@redhat-cloud-services/eslint-config-redhat-cloud-services (source) ^3.0.31^3.0.33 age confidence
@redhat-cloud-services/frontend-components (source) ^7.0.45^7.3.1 age confidence
@redhat-cloud-services/frontend-components-config (source) ^6.7.54^6.8.4 age confidence
@redhat-cloud-services/frontend-components-notifications (source) ^6.2.1^6.5.1 age confidence
@redhat-cloud-services/frontend-components-utilities (source) ^7.1.0^7.2.1 age confidence
@redhat-cloud-services/tsc-transform-imports (source) ^1.0.56^1.0.58 age confidence
@typescript-eslint/parser (source) ^8.57.1^8.58.1 age confidence
cypress (source) ^15.12.0^15.13.1 age confidence
ts-jest (source) ^29.4.6^29.4.9 age confidence
typescript-eslint (source) ^8.57.1^8.58.1 age confidence

Release Notes

RedHatInsights/frontend-components (@​redhat-cloud-services/eslint-config-redhat-cloud-services)

v3.0.33

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.58.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

Compare Source

🚀 Features
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

cypress-io/cypress (cypress)

v15.13.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-13-1

v15.13.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-13-0

kulshekhar/ts-jest (ts-jest)

v29.4.9

Compare Source

v29.4.8

Compare Source

v29.4.7

Compare Source

Features
typescript-eslint/typescript-eslint (typescript-eslint)

v8.58.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

Compare Source

🚀 Features
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux bot requested a review from a team as a code owner March 18, 2026 17:44
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/master/npm-minor-and-patch-dependencies branch 4 times, most recently from 57767a3 to ae67f24 Compare March 24, 2026 19:22
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/master/npm-minor-and-patch-dependencies branch from ae67f24 to c1c5251 Compare March 27, 2026 17:52
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 27, 2026
edited
Loading

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Updated dependency version ranges in package.json for several @redhat-cloud-services/* runtime and dev packages, TypeScript/ESLint tooling, Cypress, Playwright, and related dev tools; no other files, scripts, or configuration were modified. (Lines changed: +11/-11)

Changes

Cohort / File(s) Summary
Dependency & DevDependency Updates
package.json		 Bumped runtime deps: @redhat-cloud-services/frontend-components^7.3.0, @redhat-cloud-services/frontend-components-notifications^6.5.0, @redhat-cloud-services/frontend-components-utilities^7.2.0. DevDeps bumped: @redhat-cloud-services/eslint-config-redhat-cloud-services^3.0.32, @redhat-cloud-services/frontend-components-config^6.8.3, @redhat-cloud-services/tsc-transform-imports^1.0.57, @typescript-eslint/parser & related → ^8.58.0, cypress^15.13.0, ts-jest^29.4.9, @playwright/test^1.59.0. No other keys or scripts changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

  • Ignore

❌ Failed checks (1 error, 2 warnings)

Check name Status Explanation Resolution
Security Check ❌ Error npm audit reveals 12 unresolved vulnerabilities in devDependencies, including 3 high-severity issues (node-forge, path-to-regexp, picomatch), and the webpack-dev-server vulnerability persists despite the @redhat-cloud-services/frontend-components-config version bump. Run npm audit fix and npm audit fix --force if needed, then verify that @redhat-cloud-services/frontend-components-config version resolves the webpack-dev-server vulnerability chain before merging.
Pr Description Quality ⚠️ Warning PR description lacks required template elements: no explanation of why updates are needed, no testing instructions, no JIRA reference, and no checklist completion evidence. Add concise explanation of dependency update importance, testing/verification steps, tracking ticket reference if applicable, and confirmation of checklist items (squashed commits, passing checks, code review).
Description check ⚠️ Warning The PR description includes a comprehensive dependency update table with links and release notes, but lacks the required sections from the template structure. Add missing template sections: a 2-3 sentence summary at the top, links to any impacted UIs, reproduction steps if applicable, and RHCLOUD issue link. Also complete the checklist items to confirm PR scope and quality standards.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The PR title follows the conventional commit format with type 'fix' and a clear description of the changes being dependency updates.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Accessibility Check ✅ Passed The accessibility check is not applicable to this PR, which exclusively updates npm package versions in package.json without modifying any interactive elements, form inputs, images, semantic HTML structures, or keyboard navigation features.
Test Coverage And Strategy ✅ Passed Bot-generated PR from Renovate/MintMaker containing only npm dependency version updates; custom check explicitly skips bot PRs.
Typescript Quality ✅ Passed The TypeScript quality check is not applicable to this pull request. This PR consists exclusively of npm dependency version updates in package.json with no TypeScript source files modified.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/master/npm-minor-and-patch-dependencies

Comment @coderabbitai help to get the list of available commands and usage tips.

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/master/npm-minor-and-patch-dependencies branch 3 times, most recently from bb9ad21 to 9eb80a1 Compare April 1, 2026 06:05
coderabbitai[bot]
coderabbitai bot requested changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 42: The dependency `@redhat-cloud-services/frontend-components-config` was
bumped to ^6.8.3; verify that build/dev/test flows still work by running npm run
build, npm start, and npm run cy:run and fix any webpack or config regressions
introduced by the upgrade (search for usages of frontend-components-config in
package.json and any bootstrap/config scripts or webpack config files such as
code that imports/uses createConfig or setProxy in your build setup); if errors
occur, revert to the previous version or update the configuration code to match
the new minor API surfaces and update package.json accordingly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1d383e23-01dc-4c60-ba83-3b557f24423c

📥 Commits

Reviewing files that changed from the base of the PR and between bb9ad21 and 9eb80a1.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json, !package-lock.json
📒 Files selected for processing (1)
  • package.json

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/master/npm-minor-and-patch-dependencies branch from 9eb80a1 to 8cfac1e Compare April 1, 2026 17:50
coderabbitai[bot]
coderabbitai bot requested changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 41-43: The devDependencies contain 12 security vulnerabilities;
run npm audit fix to apply non-breaking patches and then re-run npm audit to
verify remaining issues, explicitly target and upgrade/patch the listed packages
(`@tootallnate/once`, node-forge, path-to-regexp, picomatch, brace-expansion,
js-yaml, webpack-dev-server) either by updating the dependent package versions
(e.g., bump `@redhat-cloud-services/frontend-components-config` and any transitive
packages) or by applying available patches; if any vulnerabilities require npm
audit fix --force because they introduce breaking changes, create a short
risk-acceptance note documenting why the forced upgrade is necessary or why the
dependency cannot be upgraded, and include the exact commands you ran and the
final npm audit report before marking the PR ready to merge.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: ASSERTIVE

Plan: Pro

Run ID: bc3391b0-0999-46e4-82d9-37464f1b8f73

📥 Commits

Reviewing files that changed from the base of the PR and between 9eb80a1 and 8cfac1e.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json, !package-lock.json
📒 Files selected for processing (1)
  • package.json

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/master/npm-minor-and-patch-dependencies branch 4 times, most recently from 0790d06 to a0cb3da Compare April 8, 2026 19:11
@red-hat-konflux
fix(deps): update npm minor and patch dependencies
0d1266d 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/master/npm-minor-and-patch-dependencies branch from a0cb3da to 0d1266d Compare April 10, 2026 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants