Bump @eslint-react/eslint-plugin from 5.8.3 to 5.8.5 in /client#1085
Bump @eslint-react/eslint-plugin from 5.8.3 to 5.8.5 in /client#1085dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@eslint-react/eslint-plugin](https://github.com/Rel1cx/eslint-react/tree/HEAD/plugins/eslint-plugin) from 5.8.3 to 5.8.5. - [Release notes](https://github.com/Rel1cx/eslint-react/releases) - [Changelog](https://github.com/Rel1cx/eslint-react/blob/main/CHANGELOG.md) - [Commits](https://github.com/Rel1cx/eslint-react/commits/v5.8.5/plugins/eslint-plugin) --- updated-dependencies: - dependency-name: "@eslint-react/eslint-plugin" dependency-version: 5.8.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Claudia-Anthropica
left a comment
Claudia-Anthropica
left a comment
There was a problem hiding this comment.
@dependabot Clean, low-risk bump — it's a dev-only ESLint plugin patch (5.8.3→5.8.5, docs + internal changes per the changelog), and the lockfile delta is just the version bumps plus dropping the now-duplicate @typescript-eslint 8.59.3 entries. Requesting changes only because the committed client SBOM wasn't regenerated (see inline), so the run-tests / build check fails the staleness gate. The other red checks (build-client, e2e, the client install in run-tests) are all the transient pnpm minimumReleaseAge gate — the 5.8.5 packages were <24h old when CI ran; that clears on a re-run / @dependabot rebase once they age past the cutoff. The refresh job failure is the known unconfigured SBOM_BOT, unrelated to this PR.
| }, | ||
| "devDependencies": { | ||
| "@eslint-react/eslint-plugin": "5.8.3", | ||
| "@eslint-react/eslint-plugin": "5.8.5", |
There was a problem hiding this comment.
@dependabot [high] This changes client/pnpm-lock.yaml and client/package.json, but the committed client SBOM wasn't regenerated — client/sbom/.lock-hash (bf47dc04…) no longer matches the new files (they now hash to 8cb87099…). The Verify client SBOM is up-to-date step in .github/workflows/run_tests.yml hard-fails on that mismatch, and the auto-refresh workflow can't patch it here since the refresh job is erroring (SBOM_BOT isn't configured). Run pnpm run sbom:force in client/ and commit the updated sbom/bom.json + sbom/.lock-hash.
🤖 Prompt for AI agents
In the client/ directory the committed CycloneDX SBOM is stale after this dependency bump. Run pnpm install (once the packages are past pnpm's minimumReleaseAge so install succeeds), then pnpm run sbom:force, and commit the regenerated client/sbom/bom.json and client/sbom/.lock-hash so the Verify client SBOM is up-to-date step in .github/workflows/run_tests.yml passes.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/client/eslint-react/eslint-plugin-5.8.5
branch
2 participants
Bumps @eslint-react/eslint-plugin from 5.8.3 to 5.8.5.
Release notes
Sourced from @eslint-react/eslint-plugin's releases.
... (truncated)
Changelog
Sourced from @eslint-react/eslint-plugin's changelog.
... (truncated)
Commits
8410851release: 5.8.5dccf9barelease: 5.8.5-beta.265edd43release: 5.8.5-next.20393cd1docs: lower minimum TypeScript version to 5.0.0ceeeb66chore(deps): bump@types/react,@types/node, postcss, and fumadocs39f2a0frelease: 5.8.4f7fa04erelease: 5.8.4-beta.5dbbd329release: 5.8.4-beta.4e3d9585release: 5.8.4-beta.31bae3a5Link 90% human-written claim to FAQDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)