chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#436
Merged
mpaulosky merged 6 commits intoJul 7, 2026
Merged
Conversation
#422) …rceBuilderExtensions (#262) ## Summary Extracts the inline `WithCommand` clear-data block from `AppHost.cs` into a new `MongoDbResourceBuilderExtensions` class. ## Changes - **New**: `src/AppHost/MongoDbResourceBuilderExtensions.cs` — contains `WithMongoDbDevCommands` public entry point and private `WithClearDatabaseCommand` - **Simplified**: `src/AppHost/AppHost.cs` — reduced from ~157 lines to ~30 lines; single `mongo.WithMongoDbDevCommands("myblog")` call ## Testing All 10 existing tests pass: - 5 unit tests in `MongoDbClearCommandTests` - 5 integration tests in `MongoClearDataIntegrationTests` Closes #259 Working as Sam (Backend/.NET) Co-authored-by: Boromir <boromir@squad.dev> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>## Summary <!-- Describe what this PR does and why. Link the issue it closes. --> Closes #<!-- issue number --> ## Type of Change <!-- Check all that apply --> - [ ] 🐛 Bug fix (non-breaking change that fixes an issue) - [ ] ✨ Feature (non-breaking change that adds functionality) - [ ] ♻️ Refactor (no behavior change, code cleanup/restructure) - [ ] 🧪 Tests (new or updated tests only) - [ ] 📝 Docs (README, XML docs, comments) - [ ] ⚙️ Infra/CI (GitHub Actions, Aspire, NuGet, deployment) - [ ] 🔒 Security (auth, permissions, secrets, headers) - [ ] 💥 Breaking change (existing behavior changes) ## Domain Affected <!-- Check all that apply — this determines which reviewers are required --> - [ ] 🏗️ Architecture / domain logic / CQRS → **Aragorn required** - [ ] 🔧 Backend (handlers, repositories, API endpoints, MediatR) → **Sam required** - [ ] ⚛️ Frontend (Blazor components, Razor pages, CSS, JS) → **Legolas required** - [ ] 🧪 Unit / bUnit / integration tests → **Gimli required** - [ ] 🧪 E2E / Playwright / Aspire integration tests → **Pippin required** - [ ] ⚙️ CI/CD / GitHub Actions / NuGet / Aspire AppHost → **Boromir required** - [ ] 🔒 Auth0 / authorization / security-relevant changes → **Gandalf required** - [ ] 📝 Docs / README / XML docs → **Frodo required** ## Self-Review Checklist <!-- Complete before requesting review — incomplete PRs will be returned --> ### Code Quality - [ ] I ran `dotnet build MyBlog.slnx --configuration Release` — 0 errors, 0 warnings - [ ] I ran `dotnet test MyBlog.slnx --configuration Release --no-build` — all pass - [ ] No TODO/FIXME left unless tracked in a follow-up issue (link it) - [ ] No secrets, API keys, or credentials committed ### Architecture - [ ] New handlers follow the `Command`/`Query`/`Handler`/`Validator` naming conventions - [ ] New handlers are `sealed` - [ ] Domain layer has no references to `Web` or `Persistence.*` projects - [ ] `Result<T>` / `ResultErrorCode` used for expected failures (no exception-driven control flow) - [ ] DTOs are records in `Domain.DTOs`; Models are in `Domain.Models` - [ ] No DTO types embedded in Model classes ### Tests - [ ] New code has corresponding unit tests - [ ] Integration tests use domain-specific collections (`[Collection("XxxIntegration")]`) - [ ] No test compares two `IssueDto.Empty` / `CommentDto.Empty` instances directly ### Security (check if security-relevant) - [ ] New endpoints have appropriate `RequireAuthorization` / policy applied - [ ] No `MarkupString` used with user-supplied content - [ ] No user input reflected in MongoDB queries without sanitization ### Merge Readiness - [ ] Branch is up to date with `main` (no merge conflicts) - [ ] CI checks are green (do not request review while checks are pending/failing) - [ ] PR description is complete — reviewers should not have to ask what this does ## Screenshots / Evidence <!-- For UI changes: before/after screenshots. For fixes: evidence the bug is resolved. --> ## Notes for Reviewers <!-- Anything you want reviewers to pay special attention to, or context they need. --> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Boromir <boromir@squad.dev> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: GitHub Copilot <copilot@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Boromir <lead-organizer@squad.local> Co-authored-by: mpaulosky <mpaulosky@users.noreply.github.com>
Unblocks PR #427 by harmonizing the remaining conflict hotspots in main. - .github/workflows/squad-standard-lint-markdown.yml - .github/workflows/squad-standard-lint-yaml.yml - tests/AppHost.Tests/Infrastructure/AspireManager.cs Refs #427 Co-authored-by: mpaulosky <mpaulosky@users.noreply.github.com>
…dates Bumps the npm_and_yarn group with 1 update in the /src/Web directory: [js-yaml](https://github.com/nodeca/js-yaml). Updates `js-yaml` from 4.1.1 to 5.2.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.1...5.2.0) Updates `markdown-it` from 14.1.1 to 14.2.0 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.1...14.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 5.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: 14.2.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
🤖 Dependency Update PRThis PR was opened by dependabot[bot] and has been automatically labeled for Boromir (DevOps) to review. Labels applied:
|
Contributor
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## dev #436 +/- ##
===========================================
- Coverage 87.49% 76.73% -10.77%
===========================================
Files 71 71
Lines 1775 1775
Branches 214 214
===========================================
- Hits 1553 1362 -191
- Misses 145 336 +191
Partials 77 77 🚀 New features to boost your workflow:
|
mpaulosky
enabled auto-merge (squash)
July 4, 2026 16:03
#427) …rceBuilderExtensions (#262) ## Summary Extracts the inline `WithCommand` clear-data block from `AppHost.cs` into a new `MongoDbResourceBuilderExtensions` class. ## Changes - **New**: `src/AppHost/MongoDbResourceBuilderExtensions.cs` — contains `WithMongoDbDevCommands` public entry point and private `WithClearDatabaseCommand` - **Simplified**: `src/AppHost/AppHost.cs` — reduced from ~157 lines to ~30 lines; single `mongo.WithMongoDbDevCommands("myblog")` call ## Testing All 10 existing tests pass: - 5 unit tests in `MongoDbClearCommandTests` - 5 integration tests in `MongoClearDataIntegrationTests` Closes #259 Working as Sam (Backend/.NET) Co-authored-by: Boromir <boromir@squad.dev> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>## Summary <!-- Describe what this PR does and why. Link the issue it closes. --> Closes #<!-- issue number --> ## Type of Change <!-- Check all that apply --> - [ ] 🐛 Bug fix (non-breaking change that fixes an issue) - [ ] ✨ Feature (non-breaking change that adds functionality) - [ ] ♻️ Refactor (no behavior change, code cleanup/restructure) - [ ] 🧪 Tests (new or updated tests only) - [ ] 📝 Docs (README, XML docs, comments) - [ ] ⚙️ Infra/CI (GitHub Actions, Aspire, NuGet, deployment) - [ ] 🔒 Security (auth, permissions, secrets, headers) - [ ] 💥 Breaking change (existing behavior changes) ## Domain Affected <!-- Check all that apply — this determines which reviewers are required --> - [ ] 🏗️ Architecture / domain logic / CQRS → **Aragorn required** - [ ] 🔧 Backend (handlers, repositories, API endpoints, MediatR) → **Sam required** - [ ] ⚛️ Frontend (Blazor components, Razor pages, CSS, JS) → **Legolas required** - [ ] 🧪 Unit / bUnit / integration tests → **Gimli required** - [ ] 🧪 E2E / Playwright / Aspire integration tests → **Pippin required** - [ ] ⚙️ CI/CD / GitHub Actions / NuGet / Aspire AppHost → **Boromir required** - [ ] 🔒 Auth0 / authorization / security-relevant changes → **Gandalf required** - [ ] 📝 Docs / README / XML docs → **Frodo required** ## Self-Review Checklist <!-- Complete before requesting review — incomplete PRs will be returned --> ### Code Quality - [ ] I ran `dotnet build MyBlog.slnx --configuration Release` — 0 errors, 0 warnings - [ ] I ran `dotnet test MyBlog.slnx --configuration Release --no-build` — all pass - [ ] No TODO/FIXME left unless tracked in a follow-up issue (link it) - [ ] No secrets, API keys, or credentials committed ### Architecture - [ ] New handlers follow the `Command`/`Query`/`Handler`/`Validator` naming conventions - [ ] New handlers are `sealed` - [ ] Domain layer has no references to `Web` or `Persistence.*` projects - [ ] `Result<T>` / `ResultErrorCode` used for expected failures (no exception-driven control flow) - [ ] DTOs are records in `Domain.DTOs`; Models are in `Domain.Models` - [ ] No DTO types embedded in Model classes ### Tests - [ ] New code has corresponding unit tests - [ ] Integration tests use domain-specific collections (`[Collection("XxxIntegration")]`) - [ ] No test compares two `IssueDto.Empty` / `CommentDto.Empty` instances directly ### Security (check if security-relevant) - [ ] New endpoints have appropriate `RequireAuthorization` / policy applied - [ ] No `MarkupString` used with user-supplied content - [ ] No user input reflected in MongoDB queries without sanitization ### Merge Readiness - [ ] Branch is up to date with `main` (no merge conflicts) - [ ] CI checks are green (do not request review while checks are pending/failing) - [ ] PR description is complete — reviewers should not have to ask what this does ## Screenshots / Evidence <!-- For UI changes: before/after screenshots. For fixes: evidence the bug is resolved. --> ## Notes for Reviewers <!-- Anything you want reviewers to pay special attention to, or context they need. --> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Boromir <boromir@squad.dev> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: GitHub Copilot <copilot@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Boromir <lead-organizer@squad.local> Co-authored-by: mpaulosky <mpaulosky@users.noreply.github.com>
mpaulosky
deleted the
dependabot/npm_and_yarn/src/Web/npm_and_yarn-4a95add1bb
branch
July 7, 2026 15:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 1 update in the /src/Web directory: js-yaml.
Updates
js-yamlfrom 4.1.1 to 5.2.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
c28ed5e5.2.0 released125cd5aAddmaxAliasesoption3105455ReplacemaxMergeSeqLengthoption withmaxTotalMergeKeys(more robust)39d00d6numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...eb5cb5bfix: round-trip integers that stringify in exponential notation (#771)89024c4Update migration info, close #770f1e45cd5.1.0 released53b22beFix constructor coveragea1eaa2bFix quote style options and restore forceQuotes0532e7dAdd finalizers for immutable collection tagsUpdates
markdown-itfrom 14.1.1 to 14.2.0Changelog
Sourced from markdown-it's changelog.
Commits
829797a14.2.0 released9ce2087Fix smartquotes perfomance02e73b8linkify-it bump68cfb8cfix: don't end HTML comment blocks on a blank line (#1155)1083137Readme cleanup97c7ca2Update funding infoc471b55Changelog update7769621isPunctChar => isPunctCharCodeaa2aa70fix: always reset parentType in lheading rule (#1131)59955f2Polish PRs #1072, #1074Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.