deps(deps): bump the production-dependencies group with 3 updates#429
deps(deps): bump the production-dependencies group with 3 updates#429dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f19d741915
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| vite: | ||
| specifier: npm:rolldown-vite@7.1.14 | ||
| version: rolldown-vite@7.1.14(esbuild@0.25.10)(sugarss@5.0.1(postcss@8.5.6)) | ||
| version: 8.0.0(sugarss@5.0.1(postcss@8.5.6)) |
There was a problem hiding this comment.
This lockfile change upgrades wesley-website from rolldown-vite@7.1.14 to vite@8.0.0 even though wesley-website/package.json:61 still pins vite to npm:rolldown-vite@7.1.14. At the same time, vitest@4.0.18 is still resolved against rolldown-vite@7.1.14 in pnpm-lock.yaml:7053-7057, so the website is now tested with one bundler and built/deployed with another. That mismatch makes this dependency bump risky: a Vite 8-only regression in the production site can pass the current test suite unnoticed unless the website manifest and test stack are upgraded together.
Useful? React with 👍 / 👎.
Bumps the production-dependencies group with 3 updates: [@mantine/hooks](https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/hooks), [@supabase/pg-parser](https://github.com/supabase-community/pg-parser/tree/HEAD/packages/pg-parser) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `@mantine/hooks` from 8.3.5 to 8.3.18 - [Release notes](https://github.com/mantinedev/mantine/releases) - [Changelog](https://github.com/mantinedev/mantine/blob/master/CHANGELOG.md) - [Commits](https://github.com/mantinedev/mantine/commits/8.3.18/packages/@mantine/hooks) Updates `@supabase/pg-parser` from 0.1.3 to 0.1.7 - [Release notes](https://github.com/supabase-community/pg-parser/releases) - [Changelog](https://github.com/supabase-community/pg-parser/blob/main/packages/pg-parser/CHANGELOG.md) - [Commits](https://github.com/supabase-community/pg-parser/commits/v0.1.7/packages/pg-parser) Updates `vite` from 7.3.1 to 8.0.0 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.0/packages/vite) --- updated-dependencies: - dependency-name: "@mantine/hooks" dependency-version: 8.3.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@supabase/pg-parser" dependency-version: 0.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: vite dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/main/production-dependencies-0813ff24ca
branch
from
f19d741 to
ccccb8f
Compare
🔍 The Case of Pull Request #429🕵️ SHA-lock HOLMES's Investigation (click to expand)🕵️ SHA-lock HOLMES Investigation
🔍 Executive Deduction"Watson, after careful examination of the evidence, I deduce..." Weighted Completion: ██████░░░░ 60.0% 🧩 SCS Breakdown
🧪 TCI Breakdown
|
| Component | Risk Share | Points | Count |
|---|---|---|---|
| Drops | 100.0% | 20 | 0 |
| Renames Without Uid | 0.0% | 0 | 0 |
| Add Not Null Without Default | 0.0% | 0 | 0 |
| Non Concurrent Indexes | 0.0% | 0 | 0 |
📊 The Weight of Evidence
"Observe, Watson, how not all features carry equal importance..."
| Element | Weight | Status | Evidence | Deduction |
|---|---|---|---|---|
| schema | 5 | ✅ SQL & tests | out/schema.sql:1-9999@c671d4a | Elementary! |
🚪 Security & Performance Gates
"Elementary security measures, Watson..."
| Gate | Status | Evidence | Holmes's Ruling |
|---|---|---|---|
| Migration Risk | ✅ | MRI: 20.0% | "Acceptable risk" |
| Test Coverage | TCI: 70.0% | "Insufficient coverage" | |
| Sensitive Fields | ✅ | 0 fields | "All secured" |
📋 The Verdict
"Some clues remain unclear. Address the noted issues."
Signed and sealed,
- S. Holmes, Consulting Detective
[END OF INVESTIGATION FOR COMMIT c671d4a]
🩺 Dr. WATSON's Verification (click to expand)
🩺 Dr. Watson's Independent Verification Report
Medical Examination of Evidence
- Examination Date: 2026-03-18T13:13:22.808Z
- Patient SHA: c671d4a
🔬 Citation Verification
"Let me examine each piece of evidence independently..."
- Citations Examined: 2
- Verified: 0 ✅
- Failed: 0 ❌
- Unable to Verify: 2
Verification Rate: 0.0%
📊 Mathematical Verification
"I shall recalculate Holmes's arithmetic..."
Holmes claimed SCS: 60.0%
Watson calculates: 100.0%
Difference:
🔍 Consistency Analysis
"Checking for contradictions in Holmes's deductions..."
✅ No logical inconsistencies detected
🩺 Dr. Watson's Medical Opinion
VERIFICATION: CONCERNS NOTED
"While Holmes's methods are generally sound, I have noted some"
"discrepancies that warrant further investigation."
Respectfully submitted,
- Dr. J. Watson, M.D.
Medical Examiner & Verification Specialist
🔮 Professor MORIARTY's Predictions (click to expand)
🧠 Professor Moriarty's Temporal Predictions
The Mathematics of Inevitability
- Analysis Date: 2026-03-18T13:14:07.505Z
🔮 Current State
SCS: ██████░░░░ 60.0%
TCI: ███████░░░ 70.0%
MRI: 20.0% risk
📈 Velocity Analysis
SCS Velocity: +0.00%/day
Git Activity (window): 24h · commits 24 (1 relevant) · ~24.00 commits/day
↳ Magnitude: ~8 relevant LOC/day across ~1.0 files/day
Activity Index: 14 / 100 (PR 0, Window 36)
Blended Velocity: +0.09%/day
Commit Size Burstiness: 0 / 100 (higher = more uneven commit sizes)
⏰ Completion Predictions
ETA: Cannot predict (insufficient velocity)
"At current velocity, completion is... improbable."
🧪 Readiness EXPLAIN
- SCS ≥ 80% → FAIL ❌ (actual 60.0%)
- TCI ≥ 70% → PASS ✅ (actual 70.0%)
- MRI ≤ 40% → PASS ✅ (actual 20.0%)
- CI Stability ≥ 90% (branch main) → FAIL ❌ (actual 90% over ~168h)
- Delivery context (last 168h): 0 issues closed · 0 PRs merged (informational, not gating)
Signals blend: SCS velocity (70%) + Git activity (30%, branch-first). Activity only suppresses false plateaus; it never inflates readiness.
📊 Historical Trajectory
03-18: ██████░░░░ 60.0%
03-18: ██████░░░░ 60.0%
03-18: ██████░░░░ 60.0%
"Every problem becomes elementary when reduced to mathematics"
— Professor Moriarty
Machine-readable reports: holmes-report.json · watson-report.json · moriarty-report.json (see workflow artifacts).
Filed at 221B Repository Street
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/main/production-dependencies-0813ff24ca
branch
1 participant
Bumps the production-dependencies group with 3 updates: @mantine/hooks, @supabase/pg-parser and vite.
Updates
@mantine/hooksfrom 8.3.5 to 8.3.18Release notes
Sourced from
@mantine/hooks's releases.... (truncated)
Commits
530249f[release] Version: 8.3.18bac61d6[release] Version: 8.3.176b3fdee[refactor] Fix formattingc048f99[@mantine/hooks] use-list-state: Add memoization to all handlers (#8739)dbb8732[release] Version: 8.3.16649f781[release] Version: 8.3.15ac8b0a2[release] Version: 8.3.14b7ffe40[release] Version: 8.3.131155613[release] Version: 8.3.12ca83059[release] Version: 8.3.11Updates
@supabase/pg-parserfrom 0.1.3 to 0.1.7Release notes
Sourced from
@supabase/pg-parser's releases.Changelog
Sourced from
@supabase/pg-parser's changelog.Commits
b1ff1d0chore(main): release 0.1.7 (#21)6ca903cperf: skip closure compiler in debug builds (#22)842be01feat: scanner/lexer (#20)4190f35chore(main): release 0.1.6 (#19)dfeadddMerge pull request #18 from supabase-community/fix/npm-provenancee1a05d1fix: repository field for npm provenance verificationff42e2echore(main): release 0.1.51c427fcfix: next.js compatibility (SSR + client components)b15d839v0.1.48a17765chore: remove unused dependencyMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for
@supabase/pg-parsersince your current version.Updates
vitefrom 7.3.1 to 8.0.0Release notes
Sourced from vite's releases.
... (truncated)
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
ea68a88chore(deps): update rolldown-related dependencies (#20810)693d255release: v7.1.798a3484fix(hmr): wait forimport.meta.hot.prunecallbacks to complete before runni...9f32b1dfix(hmr): trigger prune event when import is removed from non hmr module (#20...9f2247cfix(deps): update all non-major dependencies (#20811)105abe8fix(glob): handle glob imports from folders starting with dot (#20800)4c4583cfix(build): fix ssr environmentemitAssets: truewhen `sharedConfigBuild: t...9bc9d12fix(client): use CSP nonce when rendering error overlay (#20791)54377f7release: v7.1.688af2aefix(deps): update all non-major dependencies (#20773)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions