Skip to content

fix(deps): update all non-major dependencies#289

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

fix(deps): update all non-major dependencies#289
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Apr 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@effect/cli (source) 0.75.00.75.2 age confidence dependencies patch
@effect/language-service ^0.84.0^0.86.0 age confidence devDependencies minor
@effect/platform (source) ^0.94.5^0.94.5 || ^0.96.0 age confidence peerDependencies minor
@effect/platform (source) 0.96.00.96.2 age confidence devDependencies patch
@effect/platform (source) 0.96.00.96.2 age confidence dependencies patch
@effect/platform-node (source) ^0.106.0^0.107.0 age confidence devDependencies minor
@effect/platform-node (source) ^0.106.0^0.107.0 age confidence dependencies minor
@hookform/resolvers (source) 5.2.25.4.0 age confidence dependencies minor
@tanstack/react-query (source) 5.96.25.101.1 age confidence devDependencies minor
@types/node (source) 22.19.1722.20.0 age confidence devDependencies minor
@types/react (source) 18.3.2818.3.31 age confidence devDependencies patch
ajv (source) 8.18.08.20.0 age confidence dependencies minor
autoprefixer 10.4.2710.5.0 age confidence devDependencies minor
date-fns 4.1.04.4.0 age confidence devDependencies minor
effect (source) 3.21.03.21.4 age confidence devDependencies patch
effect (source) 3.21.03.21.4 age confidence dependencies patch
esbuild 0.28.00.28.1 age confidence devDependencies patch
framer-motion 12.38.012.41.0 age confidence dependencies minor
fs-extra 11.3.411.3.5 age confidence devDependencies patch
nanoid 5.1.75.1.15 age confidence dependencies patch
node (source) 22.22.222.23.1 age confidence minor
playwright (source) 1.59.11.61.0 age confidence devDependencies minor
pnpm (source) 10.33.010.34.4 age confidence packageManager minor
postcss (source) 8.5.88.5.15 age confidence devDependencies patch
react-hook-form (source) 7.72.17.80.0 age confidence dependencies minor
safe-regex2 5.1.05.1.1 age confidence dependencies patch
sass 1.99.01.101.0 age confidence devDependencies minor
turbo (source) 2.9.32.9.18 age confidence devDependencies patch
yaml (source) 2.8.32.9.0 age confidence dependencies minor

Release Notes

Effect-TS/effect (@​effect/cli)

v0.75.2

Compare Source

Patch Changes

  • #​6213 1a63ec8 Thanks @​lihan3238! - fix(cli): replace all hyphens in shell completion command names

  • #​6208 e71ba68 Thanks @​Zelys-DFKH! - Fix @effect/cli help output to use Ansi.blackBright instead of Ansi.black for Weak spans. The previous black foreground was invisible on dark terminal backgrounds.

v0.75.1

Compare Source

Patch Changes

  • #​6144 ec5c505 Thanks @​LikiosSedo! - Fix --log-level=value equals syntax incorrectly swallowing the next argument. Only skip the next arg when the previous arg is exactly --log-level (space-separated form).

  • Updated dependencies [f99048e]:

    • effect@​3.21.1
Effect-TS/language-service (@​effect/language-service)

v0.86.2

Compare Source

Patch Changes

  • #​739 2a21b07 Thanks @​mattiamanzati! - Update the generated schema.json to include the TypeScript 6.0 ES2025 target and lib entries.

  • #​738 ec42fd6 Thanks @​mattiamanzati! - Update preferSchemaOverJson to be off by default.

    Improve the diagnostic guidance for JSON parsing and stringifying:

    • in Effect v3, suggest Schema.parseJson(Schema.Unknown) for unknown shapes and Schema.parseJson(schema) for known ones
    • in Effect v4, suggest Schema.UnknownFromJsonString, Schema.fromJsonString(schema), and Schema.toCodecJson(schema) depending on whether the target shape is known and whether the code is working with JSON strings or JSON values

  • #​736 4bf81c4 Thanks @​mattiamanzati! - Update the Effect v4 beta dependencies to 4.0.0-beta.68.

v0.86.1

Compare Source

Patch Changes
  • #​732 0674371 Thanks @​mattiamanzati! - Update the Effect v4 test harness and language service development dependencies to Effect 4.0.0 beta 66, including fixture updates for the latest Context service API.

v0.86.0

Compare Source

Minor Changes

  • #​728 a5b0e47 Thanks @​mattiamanzati! - Add the unsafeEffectTypeAssertion diagnostic to catch as Effect<...>, as Stream<...>, and as Layer<...> assertions that unsafely narrow the error or requirements channels.

    The rule skips channels whose original type is any and offers a quick fix that removes the assertion while preserving the original expression.

v0.85.1

Compare Source

Patch Changes

  • #​726 fd4a8da Thanks @​mattiamanzati! - Update the Effect v4 beta examples and type parsing to match the renamed Context APIs in the latest 4.0.0-beta releases.

  • #​724 14d5798 Thanks @​mattiamanzati! - Refactor Effect context tracking to use cached node context flags and direct generator lookups.

    This aligns the TypeScript implementation more closely with the TSGo version and simplifies diagnostics that need to detect whether code is inside an Effect generator.

v0.85.0

Compare Source

Minor Changes

  • #​720 4229bb9 Thanks @​mattiamanzati! - Add the nestedEffectGenYield diagnostic to detect yield* Effect.gen(...) inside an existing Effect generator context.

    Example:

    Effect.gen(function* () {
  yield* Effect.gen(function* () {
    yield* Effect.succeed(1);
  });
});

  • #​723 da9cc4b Thanks @​mattiamanzati! - Add the effectMapFlatten style diagnostic for Effect.map(...) immediately followed by Effect.flatten in pipe flows.

    Example:

    import { Effect } from "effect";

const program = Effect.succeed(1).pipe(
  Effect.map((n) => Effect.succeed(n + 1)),
  Effect.flatten
);

  • #​718 0af7c0f Thanks @​mattiamanzati! - Add the lazyPromiseInEffectSync diagnostic to catch Effect.sync(() => Promise...) patterns and suggest using Effect.promise or Effect.tryPromise for async work.

    Example:

    Effect.sync(() => Promise.resolve(1));

  • #​714 32985b2 Thanks @​mattiamanzati! - Add processEnv and processEnvInEffect diagnostics to guide process.env.* reads toward Effect Config APIs.

    Examples:

    • process.env.PORT
    • process.env["API_KEY"]

  • #​721 f05ae89 Thanks @​mattiamanzati! - Add the unnecessaryArrowBlock style diagnostic for arrow functions whose block body only returns an expression.

    Example:

    const trim = (value: string) => {
  return value.trim();
};

  • #​717 b77848a Thanks @​mattiamanzati! - Add newPromise and asyncFunction effect-native diagnostics to report manual Promise construction and async function declarations, with guidance toward Effect-based async control flow.

  • #​722 6f19858 Thanks @​mattiamanzati! - Add the effectDoNotation style diagnostic for Effect.Do usage and suggest migrating to Effect.gen or Effect.fn.

    Example:

    import { pipe } from "effect/Function";
import { Effect } from "effect";

const program = pipe(
  Effect.Do,
  Effect.bind("a", () => Effect.succeed(1)),
  Effect.let("b", ({ a }) => a + 1)
);

  • #​716 c3f67b0 Thanks @​mattiamanzati! - Add cryptoRandomUUID and cryptoRandomUUIDInEffect diagnostics for Effect v4 to discourage crypto.randomUUID() in favor of the Effect Random module, which uses Effect-injected randomness instead of the global crypto implementation.

Patch Changes
Effect-TS/effect (@​effect/platform)

v0.96.2

Compare Source

Patch Changes

v0.96.1

Compare Source

Patch Changes

  • #​6147 518d0e3 Thanks @​syhstanley! - Fix HttpLayerRouter.addHttpApi silently skipping API-level middleware.

  • #​6191 c016642 Thanks @​IGassmann! - Update msgpackr to 1.11.10 to fix silent decode failures in environments that block new Function() at runtime (e.g. Cloudflare Workers). The new version wraps the JIT new Function() call in a try/catch, falling back to the interpreted path when dynamic code evaluation is blocked.

  • Updated dependencies [74f3267]:

    • effect@​3.21.2

v0.96.0

Compare Source

Patch Changes

v0.95.0

Compare Source

Patch Changes
Effect-TS/effect (@​effect/platform-node)

v0.107.0

Compare Source

Patch Changes
react-hook-form/resolvers (@​hookform/resolvers)

v5.4.0

Compare Source

Features
  • feat: add ata-validator resolver (#​845)
Fixes
  • fix issue with toNestErrors.ts (#​848)
  • add guidance on passing context to yupResolver (useForm context) (#​835) (3d29924)
TanStack/query (@​tanstack/react-query)

v5.101.1

Compare Source

Patch Changes

v5.101.0

Compare Source

Patch Changes

v5.100.14

Compare Source

Patch Changes

v5.100.13

Compare Source

Patch Changes

v5.100.12

Compare Source

Patch Changes

v5.100.11

Patch Changes

v5.100.10

Patch Changes

v5.100.9

Compare Source

Patch Changes

v5.100.8

Compare Source

Patch Changes

v5.100.7

Compare Source

Patch Changes

v5.100.6

Compare Source

Patch Changes

v5.100.5

Compare Source

Patch Changes

v5.100.4

Compare Source

Patch Changes

v5.100.3

Compare Source

Patch Changes

v5.100.2

Patch Changes

v5.100.1

Patch Changes

v5.100.0

Compare Source

Patch Changes

v5.99.2

Compare Source

Patch Changes

v5.99.1

Compare Source

Patch Changes

v5.99.0

Compare Source

Patch Changes

v5.98.0

Compare Source

Patch Changes

v5.97.0

Compare Source

Patch Changes
ajv-validator/ajv (ajv)

v8.20.0

Compare Source

What's Changed

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

postcss/autoprefixer (autoprefixer)

v10.5.0

Compare Source

  • Added mask-position-x and mask-position-y support (by @​toporek).
date-fns/date-fns (date-fns)

v4.4.0

Compare Source

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

  • DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

  • Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

v4.3.0

Compare Source

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

v4.2.1

Compare Source

Fixed
  • Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

Compare Source

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed
  • Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.
Effect-TS/effect (effect)

v3.21.4

Compare Source

Patch Changes
  • #​6267 8222963 Thanks @​fubhy! - Fix Graph traversal and shortest-path algorithms to traverse undirected edges independently of their stored source/target orientation.

v3.21.3

Compare Source

Patch Changes

v3.21.2

Compare Source

Patch Changes
  • #​6194 74f3267 Thanks @​mikearnaldi! - Fix TestClock.unsafeCurrentTimeNanos() to floor fractional millisecond instants before converting them to BigInt.

v3.21.1

Compare Source

Patch Changes

  • #​6139 f99048e Thanks @​marbemac! - Fix batched request resolver defects causing consumer fibers to hang forever.

    When a RequestResolver.makeBatched resolver died with a defect, the request Deferreds were never completed because the cleanup logic in invokeWithInterrupt used flatMap (which only runs on success). Changed to ensuring so uncompleted request entries are always resolved regardless of exit type.

evanw/esbuild (esbuild)

v0.28.1

Compare Source

  • Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

    This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

    Thanks to @​dellalibera for reporting this issue.

  • Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

    The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

    Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

    Thanks to @​sondt99 for reporting this issue.

  • Avoid inlining using and await using declarations (#​4482)

    Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

    // Original code
{
  using x = new Resource()
  x.activate()
}

// Old output (with --minify)
new Resource().activate();

// New output (with --minify)
{using e=new Resource;e.activate()}

  • Fix module evaluation when an error is thrown (#​4461, #​4467)

    If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

  • Fix some edge cases around the new operator (#​4477)

    Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

    // Original code
new (foo()`bar`)()
new (foo()?.bar)()

// Old output
new foo()`bar`();
new (foo())?.bar();

// New output
new (foo())`bar`();
new (foo()?.bar)();

  • Fix renaming of nested var declarations (#​4471)

    This release fixes a bug where var declarations in nested scopes that are hoisted up to module scope were not correctly being renamed during bundling. That could previously lead to name collisions when minification was disabled, which could potentially cause a behavior change. The bug has been fixed so that these hoisted declarations are now considered to be module-level symbols during the name collision avoidance pass.

  • Emit var instead of const for certain TypeScript-only constructs for ES5 (#​4448)

    While esbuild doesn't generally support converting const to var for ES5 due to nested scoping rules (which is currently a build-time error), esbuild previously incorrectly converted TypeScript-only import assignment constructs into a const declaration even when targeting ES5. With this release, esbuild will now use var for this case instead:

    // Original code
import x = require('y')

// Old output (with --target=es5)
const x = require("y");

// New output (with --target=es5)
var x = require("y");
motiondivision/motion (framer-motion)

v12.41.0

Compare Source

Added
  • animateView: Moves from Motion+ Early Access and alpha to main library.
  • animateView: .add() resolves a CSS selector or Element to automatically generate, apply and remove view-transition-name.
  • animateView: .new() and .old() configures values to animate on new and old layers.
  • animateView: .layout() can set a custom transition on the size/position animation of the currently selected elements.
  • animateView: Group layers now automatically crop with children set to cover, with border-radius animating from old radius to new. .crop(false) disables this behaviour.
  • animateView: .class(name) tags currently selected elements with a view-transition-class as a custom CSS hook.
Fixed
  • AnimatePresence: Prevent stuck exit animations when children interrupt.
  • drag: Child e.stopPropagation() no longer break drag end.
  • Fixing Next.js OOM on Windows when importing via motion package.
  • animateLayout: Improve handling of parallel/interleaved calls.
Changed
  • animateView: .enter() and .exit() now refer specifically to new and old layers where there are no matching old or new layers.
  • animateView: Interrupted transition setups now return resolved animation rather than throwing.

v12.40.0

Compare Source

Added
  • path option to transition.
  • arc() for motion along an arc.

v12.39.0

Compare Source

Added
  • Support for repeatType and repeatDelay in animation sequences.
Fixed
  • Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.
  • Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so dragSnapToOrigin no longer leaves the drag transform stranded after a layout swap.
  • LazyMotion: Share React contexts between the framer-motion and framer-motion/m (and therefore motion/react and motion/react-m) CJS bundles so that <m.div> from the /m subpath picks up features loaded by <LazyMotion> from the main entry point.
  • useScroll: Support hydrating target and container refs from anywhere in the tree.
  • Drag: Gesture no longer starts from incorrect start point when rendered inside <AnimatePresence initial={false} />.
  • Drag: dragConstraints, when set as viewport-relative ref, no longer break on scroll.§
  • Updated visualElement hydration order.
  • useAnimate: Now respects skipAnimations.
  • AnimatePresence: Fix object-form initial values not applied on re-entry after exit completes.
  • scroll: Fixed callback progress when tracking an element.
  • useScroll: Fix hardware acceleration when tracking an element.
jprichardson/node-fs-extra (fs-extra)

v11.3.5

Compare Source

  • Fix ensureLink*/ensureSymlink* identical file detection on Windows (#​1068)
  • Fix error handling in timestamp preservation code (#​1065, #​1069)
  • Fix potential file descriptor leak on error in synchronous timestamp preservation code (#​1066)
ai/nanoid (nanoid)

v5.1.15

Compare Source

  • Fixed random pool corruption on big ID sizes.

v5.1.14

Compare Source

  • Fixed npm package size regression.

v5.1.13

Compare Source

  • Fixed npm package size regression.

v5.1.12

Compare Source

  • Moved to npm Provenance and Staged Publishing.

v5.1.11

Compare Source

  • Fixed breaking Nano ID by requesting big ID.

v5.1.10

Compare Source

v5.1.9

Compare Source

  • Fixed npm package size regression.

v5.1.8

Compare Source

nodejs/node (node)

v22.23.1: 2026-06-23, V

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Apr 4, 2026
@renovate renovate Bot requested a review from Zeryther as a code owner April 4, 2026 01:56
@vercel

vercel Bot commented Apr 4, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
sdk-harmony Ready Ready Preview, Comment Jun 23, 2026 5:33pm

Request Review

@changeset-bot

changeset-bot Bot commented Apr 4, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 70f5fbe

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate Bot changed the title chore(deps): update dependency @effect/platform to ^0.94.5 || ^0.96.0 chore(deps): update all non-major dependencies Apr 6, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 7ade729 to 7fa850e Compare April 6, 2026 02:06
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 7fa850e to d3b985f Compare April 7, 2026 20:36
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from d3b985f to 331957e Compare April 8, 2026 05:14
@socket-security

socket-security Bot commented Apr 8, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedesbuild@​0.28.1911007390100
Added@​effect/​platform-node@​0.107.01001007698100
Added@​types/​react@​18.3.311001007995100
Addednanoid@​5.1.151001007994100
Addedplaywright@​1.61.01001001009980
Added@​types/​node@​22.20.01001008196100
Addedeffect@​3.21.4821009197100
Addedpostcss@​8.5.151001008289100
Addedautoprefixer@​10.5.01001008984100
Addedturbo@​2.9.181001008597100
Addedsafe-regex2@​5.1.11001009087100
Updatedajv@​8.18.0 ⏵ 8.20.099 +110010087100
Added@​hookform/​resolvers@​5.4.09910010087100
Addedfs-extra@​11.3.510010010088100
Added@​tanstack/​react-query@​5.101.1991008895100
Addedyaml@​2.9.010010010088100
Addeddate-fns@​4.4.0881009290100
Addedsass@​1.101.010010010093100
Added@​effect/​cli@​0.75.210010010094100
Added@​effect/​language-service@​0.86.29510010098100
Addedframer-motion@​12.41.09910010096100
Addedreact-hook-form@​7.80.010010010096100
Added@​effect/​platform@​0.96.29910010096100

View full report

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 331957e to 4918fdd Compare April 9, 2026 10:45
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 4918fdd to 7c344c5 Compare April 10, 2026 09:23
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 7c344c5 to d2bbeee Compare April 10, 2026 17:33
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from d2bbeee to 47ec870 Compare April 11, 2026 17:36
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 47ec870 to cf4b745 Compare April 11, 2026 21:12
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from cf4b745 to 7edb3ff Compare April 13, 2026 21:56
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 7edb3ff to 9f8f308 Compare April 16, 2026 10:07
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 9f8f308 to 1eebc36 Compare April 17, 2026 22:03
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 1eebc36 to 58e0e34 Compare April 18, 2026 22:03
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 7f4c1dc to 9810281 Compare April 25, 2026 09:52
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 9810281 to 754f466 Compare April 25, 2026 13:36
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 754f466 to ee95f8b Compare April 25, 2026 17:14
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from ee95f8b to 71f7f9e Compare April 25, 2026 20:50
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 71f7f9e to bc2f8a1 Compare April 25, 2026 22:33
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from bc2f8a1 to 4de4005 Compare April 26, 2026 13:20
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 4de4005 to 319c886 Compare April 26, 2026 17:32
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 319c886 to 9d80f62 Compare April 28, 2026 17:46
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 9d80f62 to 96ea25b Compare April 29, 2026 15:50
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 96ea25b to e0264b4 Compare April 30, 2026 22:34
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from e0264b4 to 34e95b4 Compare May 1, 2026 13:51
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 34e95b4 to b708d33 Compare May 2, 2026 02:29
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from b708d33 to a23618e Compare May 2, 2026 04:44
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from a23618e to d01a393 Compare May 2, 2026 13:12
@socket-security

socket-security Bot commented May 7, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm date-fns is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/harmony/package.jsonnpm/date-fns@4.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/date-fns@4.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm effect is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/cli/package.jsonnpm/effect@3.21.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/effect@3.21.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Zeryther Zeryther Awaiting requested review from Zeryther Zeryther is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants