Skip to content

chore(deps): pin dependencies#66

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/react-monorepo
Open

chore(deps): pin dependencies#66
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/react-monorepo

Conversation

@renovate

@renovate renovate Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
@types/react (source) devDependencies pin ^19.0.019.2.17
@types/react-dom (source) devDependencies pin ^19.0.019.2.3

⚠️ Renovate's pin functionality does not currently wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.


Configuration

📅 Schedule: (in timezone America/Boise)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 4, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
aerealith a5e3386 Commit Preview URL

Branch Preview URL
Jul 05 2026, 09:12 AM

@github-actions github-actions Bot added type: build Build tooling, packaging, bundling, or release pipeline work. automated Created or updated by automation, bots, or repository workflows. dependencies Dependency update, package maintenance, or lockfile change. area: tooling Nx, pnpm, TypeScript, ESLint, Prettier, testing, or local development tooling. labels Jul 4, 2026
@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@types/react 19.2.17 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/28 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
npm/@types/react-dom 19.2.3 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/28 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed

Scanned Files

  • package.json

@github-code-quality

github-code-quality Bot commented Jul 4, 2026

Copy link
Copy Markdown

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/vitest

The overall coverage remains at 92%, unchanged from the branch.


Updated July 05, 2026 09:16 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Bundle Report

Bundle size has no change ✅

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Coverage Report for Aerealith Vitest Coverage (.)

Status Category Percentage Covered / Total
🔵 Lines 91.78% 893 / 973
🔵 Statements 91.79% 895 / 975
🔵 Functions 86.41% 267 / 309
🔵 Branches 87.2% 402 / 461
File CoverageNo changed files found.
Generated in workflow #209 for commit a5e3386 by the Vitest Coverage Report Action

@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Aerealith CI

Overall result: ✅ Passed
Run: #209

Check Result
Dependency install ✅ Passed
Nx installation ✅ Passed
Nx workspace reset ✅ Passed
Git comparison range ✅ Passed
Nx affected validation ✅ Passed
MegaLinter ✅ Passed

Cache

  • pnpm store: miss
  • Nx task cache: managed by Nx Cloud when configured for this workspace.
Run details
  • Base SHA: 29f4bb5372032cd5a0e975601929da430abcc9dc
  • Head SHA: a5e3386dad4891d7449b9d2ba00c7e10ad06751e
  • Validation targets: lint, typecheck, test, build
  • Logs: download the ci-logs artifact from the workflow run.

@renovate renovate Bot force-pushed the renovate/react-monorepo branch from ce4bd22 to b7c470f Compare July 5, 2026 03:17
@alwaysmeticulous

alwaysmeticulous Bot commented Jul 5, 2026

Copy link
Copy Markdown

Test suite: Aerealith

✅ Meticulous spotted 0 visual differences across 2 screens tested: view results.

Expected differences? Click here. Last updated for commit a5e3386 chore(deps): pin dependencies. This comment will update as new commits are pushed.

@renovate renovate Bot force-pushed the renovate/react-monorepo branch 4 times, most recently from 787d980 to 1c94f28 Compare July 5, 2026 08:04
@Sinless777 Sinless777 moved this to Inbox in Aerealith Delivery Jul 5, 2026
@Sinless777 Sinless777 moved this from Inbox to In Review in Aerealith Delivery Jul 5, 2026
@renovate renovate Bot force-pushed the renovate/react-monorepo branch from 1c94f28 to a5e3386 Compare July 5, 2026 09:11
@sonarqubecloud

sonarqubecloud Bot commented Jul 5, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: tooling Nx, pnpm, TypeScript, ESLint, Prettier, testing, or local development tooling. automated Created or updated by automation, bots, or repository workflows. dependencies Dependency update, package maintenance, or lockfile change. type: build Build tooling, packaging, bundling, or release pipeline work.

Projects

Status: In Review

Development

Successfully merging this pull request may close these issues.

1 participant