Skip to content

chore(deps): pin dependencies#115

Closed
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pin-dependencies
Closed

chore(deps): pin dependencies#115
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pin-dependencies

Conversation

@renovate

@renovate renovate Bot commented Mar 31, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change OpenSSF
@testing-library/dom devDependencies pin ^10.4.110.4.1 OpenSSF Scorecard
@vitest/browser-playwright (source) devDependencies pin ^4.1.74.1.7 OpenSSF Scorecard
codemirror devDependencies pin ^6.0.26.0.2 OpenSSF Scorecard
jsdom devDependencies pin ^29.0.029.1.1 OpenSSF Scorecard
oxlint (source) devDependencies pin ^1.66.01.66.0 OpenSSF Scorecard
playwright (source) devDependencies pin ^1.57.01.60.0 OpenSSF Scorecard
typescript (source) devDependencies pin ^6.0.06.0.3 OpenSSF Scorecard
vite (source) devDependencies pin ^8.0.08.0.14 OpenSSF Scorecard
vitest (source) devDependencies pin ^4.1.74.1.7 OpenSSF Scorecard

⚠️ Renovate's pin functionality does not currently wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/pin-dependencies branch from 21435b0 to 1488715 Compare April 6, 2026 14:10
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from 28fa86a to a67b9ca Compare May 12, 2026 18:03
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 7 times, most recently from 0d72bf9 to 1ab1f60 Compare May 29, 2026 14:43
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch from 1ab1f60 to 86a0fc9 Compare May 29, 2026 14:46
@renovate

renovate Bot commented May 29, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
? Verifying lockfile against supply-chain policies (197 entries)...
✗ Lockfile failed supply-chain policy check (197 entries in 3.2s)
[ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION] 53 lockfile entries failed verification:
  @exodus/bytes@1.15.1 was published at 2026-05-20T10:53:15.306Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxc-project/types@0.132.0 was published at 2026-05-18T11:14:14.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-android-arm-eabi@1.66.0 was published at 2026-05-19T08:07:03.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-android-arm64@1.66.0 was published at 2026-05-19T08:06:33.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-darwin-arm64@1.66.0 was published at 2026-05-19T08:06:27.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-darwin-x64@1.66.0 was published at 2026-05-19T08:07:50.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-freebsd-x64@1.66.0 was published at 2026-05-19T08:08:01.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-arm-gnueabihf@1.66.0 was published at 2026-05-19T08:07:08.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-arm-musleabihf@1.66.0 was published at 2026-05-19T08:07:13.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-arm64-gnu@1.66.0 was published at 2026-05-19T08:06:46.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-arm64-musl@1.66.0 was published at 2026-05-19T08:06:52.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-ppc64-gnu@1.66.0 was published at 2026-05-19T08:07:25.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-riscv64-gnu@1.66.0 was published at 2026-05-19T08:07:31.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-riscv64-musl@1.66.0 was published at 2026-05-19T08:07:36.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-s390x-gnu@1.66.0 was published at 2026-05-19T08:07:44.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-x64-gnu@1.66.0 was published at 2026-05-19T08:08:08.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-linux-x64-musl@1.66.0 was published at 2026-05-19T08:08:14.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-openharmony-arm64@1.66.0 was published at 2026-05-19T08:06:58.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-win32-arm64-msvc@1.66.0 was published at 2026-05-19T08:06:40.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  @oxlint/binding-win32-ia32-msvc@1.66.0 was published at 2026-05-19T08:07:19.000Z, within the minimumReleaseAge cutoff (2026-05-15T14:49:53.543Z)
  …and 33 more

The lockfile contains entries that the active policies reject. This can mean the lockfile is stale, or that someone committed a lockfile that bypassed the policy locally — inspect recent changes to pnpm-lock.yaml before trusting it. If the changes look expected, run "pnpm clean --lockfile" and then "pnpm install" to rebuild from a fresh resolution. Alternatively, relax the policy that flagged them.

@Light2Dark Light2Dark closed this May 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant