Skip to content

chore: bump dependencies from passing dependabot PRs#2270

Merged
sourishkrout merged 13 commits into
mainfrom
chore/bump-dependabot-deps
Apr 22, 2026
Merged

chore: bump dependencies from passing dependabot PRs#2270
sourishkrout merged 13 commits into
mainfrom
chore/bump-dependabot-deps

Conversation

@sourishkrout
Copy link
Copy Markdown
Contributor

@sourishkrout sourishkrout commented Apr 22, 2026

Summary

Consolidates six dependabot PRs that were mergeable with passing checks into a single branch, plus a reconciling npm install to normalize the lockfile.

Bundled PRs:

Not included (conflicting or failing checks on main): #2255, #2245, #2244, #2243, #2236, #2235, #2222, #2200, #2192, #2140.

Test plan

  • CI build passes on ubuntu-latest
  • DCO check passes
  • Verify extension builds locally
  • Smoke-test notebook execution after install

🤖 Generated with Claude Code

dependabot Bot and others added 13 commits January 22, 2026 04:45
@dependabot
Bump lodash from 4.17.21 to 4.17.23
9169b57 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump lodash
652735d 
Bumps the npm_and_yarn group with 1 update in the /examples/k8s directory: [lodash](https://github.com/lodash/lodash).


Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump picomatch from 2.3.1 to 2.3.2
d5ba8f4 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump yaml from 2.8.2 to 2.8.3
c6d413d 
Bumps [yaml](https://github.com/eemeli/yaml) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.2...v2.8.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump basic-ftp from 5.2.0 to 5.2.2
ec39315 
Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.2.2.
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.2.0...v5.2.2)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.2.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump axios from 1.13.6 to 1.15.0
58b6613 
Bumps [axios](https://github.com/axios/axios) from 1.13.6 to 1.15.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.6...v1.15.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@sourishkrout
chore: bump axios from 1.13.6 to 1.15.0 (#2269)
034c825
@sourishkrout
chore: bump basic-ftp from 5.2.0 to 5.2.2 (#2268)
d18a62d
@sourishkrout
chore: bump yaml from 2.8.2 to 2.8.3 (#2266)
9a14859
@sourishkrout
chore: bump picomatch from 2.3.1 to 2.3.2 (#2264)
2bdc07a
@sourishkrout
chore: bump lodash from 4.17.21 to 4.17.23 (#2246)
10e094e
@sourishkrout
chore: bump lodash from 4.17.21 to 4.17.23 in /examples/k8s (#2247)
eda83e8
@sourishkrout @claude
chore: reconcile package-lock.json after dependabot merges
d95b2ac 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Sebastian (Tiedtke) Huckleberry <sebastiantiedtke@gmail.com>
@sourishkrout sourishkrout force-pushed the chore/bump-dependabot-deps branch from 9ea01b0 to d95b2ac Compare April 22, 2026 19:30
@sourishkrout sourishkrout merged commit 4120134 into main Apr 22, 2026
2 checks passed
@sourishkrout sourishkrout deleted the chore/bump-dependabot-deps branch April 22, 2026 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sourishkrout