Skip to content

Bump globals from 15.15.0 to 17.3.0 in /app#414

Closed
dependabot[bot] wants to merge 3 commits into
stagingfrom
dependabot/npm_and_yarn/app/staging/globals-17.3.0
Closed

Bump globals from 15.15.0 to 17.3.0 in /app#414
dependabot[bot] wants to merge 3 commits into
stagingfrom
dependabot/npm_and_yarn/app/staging/globals-17.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 22, 2026

Copy link
Copy Markdown
Contributor

Bumps globals from 15.15.0 to 17.3.0.

Release notes

Sourced from globals's releases.

v17.3.0

  • Update globals (2026-02-01) (#336) 295fba9

sindresorhus/globals@v17.2.0...v17.3.0

v17.2.0

  • jasmine: Add throwUnless and throwUnlessAsync globals (#335) 97f23a7

sindresorhus/globals@v17.1.0...v17.2.0

v17.1.0

  • Add webpack and rspack globals (#333) 65cae73

sindresorhus/globals@v17.0.0...v17.1.0

v17.0.0

Breaking

  • Split audioWorklet environment from browser (#320) 7bc293e

Improvements

  • Update globals (#329) ebe1063
  • Get all browser globals from both chrome and firefox (#321) 59ceff8
  • Add bunBuiltin environment (#324) 1bc6e3b
  • Add denoBuiltin environment (#324) 1bc6e3b
  • Add paintWorklet environment (#323) 4b78f56
  • Add sharedWorker environment (#322) 4a02a85

sindresorhus/globals@v16.5.0...v17.0.0

v16.5.0

  • Update globals (2025-11-01) (#316) 6d441ca
  • Add Vue, Svelte, and Astro globals (#314) ea31521

sindresorhus/globals@v16.4.0...v16.5.0

v16.4.0

  • Update globals (#309) 8b8a2d6

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 22, 2026
@github-actions

github-actions Bot commented Feb 22, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/globals 17.3.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 6Found 16/25 approved changesets -- score normalized to 6
Maintained🟢 1018 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/globals 17.3.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 6Found 16/25 approved changesets -- score normalized to 6
Maintained🟢 1018 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • app/package-lock.json
  • package-lock.json

gkorland added a commit that referenced this pull request Feb 22, 2026
Python:
- fastapi: 0.124.0 → 0.129.2
- uvicorn: 0.40.0 → 0.41.0
- litellm: 1.80.9 → 1.81.14
- playwright: 1.57.0 → 1.58.0
- pytest-asyncio: 1.2.0 → 1.3.0

GitHub Actions:
- actions/checkout: v4 → v6

npm:
- date-fns: 3.6.0 → 4.1.0
- next-themes: 0.3.0 → 0.4.6
- react-resizable-panels: 2.1.9 → 4.0.13
- sonner: 1.7.4 → 2.0.7
- globals: 15.15.0 → 17.3.0

Consolidates PRs: #421, #420, #419, #418, #417, #416, #415, #414, #413, #412, #322, #321, #319, #318, #317

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@gkorland

Copy link
Copy Markdown
Contributor

@dependabot recreate

Bumps [globals](https://github.com/sindresorhus/globals) from 15.15.0 to 17.3.0.
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v15.15.0...v17.3.0)

---
updated-dependencies:
- dependency-name: globals
  dependency-version: 17.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/app/staging/globals-17.3.0 branch from c829b39 to fd06cc6 Compare February 24, 2026 13:03
@gkorland

Copy link
Copy Markdown
Contributor

@copilot can you please fix the CI?

Copilot AI commented Feb 25, 2026

Copy link
Copy Markdown
Contributor

@gkorland I've opened a new pull request, #434, to work on those changes. Once the pull request is ready, I'll request review from you.

* Initial plan

* Fix: update root package-lock.json to include globals@17.3.0

Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
@gkorland

Copy link
Copy Markdown
Contributor

duplicate #439

@gkorland gkorland closed this Feb 25, 2026
@dependabot @github

dependabot Bot commented on behalf of github Feb 25, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/app/staging/globals-17.3.0 branch February 25, 2026 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants