Skip to content

chore(deps): bump the production-minor-patch group across 1 directory with 21 updates#673

Merged
coderdan merged 3 commits into
mainfrom
chore/deps-production-minor-patch
Jul 16, 2026
Merged

chore(deps): bump the production-minor-patch group across 1 directory with 21 updates#673
coderdan merged 3 commits into
mainfrom
chore/deps-production-minor-patch

Conversation

@coderdan

Copy link
Copy Markdown
Contributor

Replaces #660 — Dependabot-authored PRs fail CI because the dependabot actor does not receive the repo secrets the test jobs need; this is the same change re-pushed from a maintainer branch so CI runs with full credentials.

Contents are the cherry-picked Dependabot commit; for the npm groups the lockfile was regenerated against current main (post-#667, which removed packages/drizzle from the workspace). Verified locally: build green + stash unit suite (487/487).

When this merges, Dependabot will detect the dependencies are current and close #660 automatically.

https://claude.ai/code/session_01MxTTPaPP16m6br7Hoab94w

@coderdan
coderdan requested a review from a team as a code owner July 16, 2026 06:53
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@coderdan, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 27 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: da87e5b3-ac40-4181-abec-08dd0a4a576f

📥 Commits

Reviewing files that changed from the base of the PR and between 7d1226a and 2375a24.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (12)
  • .github/dependabot.yml
  • examples/basic/package.json
  • packages/bench/package.json
  • packages/cli/package.json
  • packages/migrate/package.json
  • packages/nextjs/package.json
  • packages/prisma-next/package.json
  • packages/protect/package.json
  • packages/stack-supabase/package.json
  • packages/stack/package.json
  • packages/wizard/package.json
  • pnpm-workspace.yaml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/deps-production-minor-patch

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@changeset-bot

changeset-bot Bot commented Jul 16, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 2375a24

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

dependabot Bot and others added 3 commits July 16, 2026 17:12
… with 21 updates

Bumps the production-minor-patch group with 21 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.22.0` |
| [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `1.4.0` | `1.7.0` |
| [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.34.2` | `5.40.0` |
| [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) | `4.60.4` | `4.62.2` |
| [arktype](https://github.com/arktypeio/arktype/tree/HEAD/ark/type) | `2.2.0` | `2.2.3` |
| [@cipherstash/protect-ffi](https://github.com/cipherstash/protectjs-ffi) | `0.23.0` | `0.28.0` |
| [@stricli/core](https://github.com/bloomberg/stricli) | `1.2.7` | `1.2.9` |
| [uuid](https://github.com/uuidjs/uuid) | `14.0.0` | `14.0.1` |
| [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.143` | `0.3.204` |
| [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.106.0` | `0.110.0` |
| @cipherstash/auth-darwin-arm64 | `0.41.0` | `0.42.0` |
| @cipherstash/auth-darwin-x64 | `0.41.0` | `0.42.0` |
| @cipherstash/auth-linux-arm64-gnu | `0.41.0` | `0.42.0` |
| @cipherstash/auth-linux-x64-gnu | `0.41.0` | `0.42.0` |
| @cipherstash/auth-linux-x64-musl | `0.41.0` | `0.42.0` |
| @cipherstash/auth-win32-x64-msvc | `0.41.0` | `0.42.0` |
| [@clerk/nextjs](https://github.com/clerk/javascript/tree/HEAD/packages/nextjs) | `7.3.5` | `7.5.14` |
| [next](https://github.com/vercel/next.js) | `15.5.18` | `15.5.20` |
| [tsx](https://github.com/privatenumber/tsx) | `4.22.1` | `4.23.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.6` | `3.2.7` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.13` | `8.1.3` |

Updates `pg` from 8.20.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `@clack/prompts` from 1.4.0 to 1.7.0
- [Release notes](https://github.com/bombshell-dev/clack/releases)
- [Changelog](https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md)
- [Commits](https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.7.0/packages/prompts)

Updates `posthog-node` from 5.34.2 to 5.40.0
- [Release notes](https://github.com/PostHog/posthog-js/releases)
- [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.40.0/packages/node)

Updates `@rollup/rollup-linux-x64-gnu` from 4.60.4 to 4.62.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.60.4...v4.62.2)

Updates `arktype` from 2.2.0 to 2.2.3
- [Release notes](https://github.com/arktypeio/arktype/releases)
- [Changelog](https://github.com/arktypeio/arktype/blob/main/ark/type/CHANGELOG.md)
- [Commits](https://github.com/arktypeio/arktype/commits/arktype@2.2.3/ark/type)

Updates `@cipherstash/protect-ffi` from 0.23.0 to 0.28.0
- [Release notes](https://github.com/cipherstash/protectjs-ffi/releases)
- [Changelog](https://github.com/cipherstash/protectjs-ffi/blob/main/CHANGELOG.md)
- [Commits](cipherstash/protectjs-ffi@v0.23.0...v0.28.0)

Updates `@stricli/core` from 1.2.7 to 1.2.9
- [Release notes](https://github.com/bloomberg/stricli/releases)
- [Changelog](https://github.com/bloomberg/stricli/blob/main/CHANGELOG.md)
- [Commits](bloomberg/stricli@v1.2.7...v1.2.9)

Updates `uuid` from 14.0.0 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v14.0.0...v14.0.1)

Updates `@anthropic-ai/claude-agent-sdk` from 0.3.143 to 0.3.204
- [Release notes](https://github.com/anthropics/claude-agent-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/claude-agent-sdk-typescript@v0.3.143...v0.3.204)

Updates `@anthropic-ai/sdk` from 0.106.0 to 0.110.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.106.0...sdk-v0.110.0)

Updates `@cipherstash/auth-darwin-arm64` from 0.41.0 to 0.42.0

Updates `@cipherstash/auth-darwin-x64` from 0.41.0 to 0.42.0

Updates `@cipherstash/auth-linux-arm64-gnu` from 0.41.0 to 0.42.0

Updates `@cipherstash/auth-linux-x64-gnu` from 0.41.0 to 0.42.0

Updates `@cipherstash/auth-linux-x64-musl` from 0.41.0 to 0.42.0

Updates `@cipherstash/auth-win32-x64-msvc` from 0.41.0 to 0.42.0

Updates `@clerk/nextjs` from 7.3.5 to 7.5.14
- [Release notes](https://github.com/clerk/javascript/releases)
- [Changelog](https://github.com/clerk/javascript/blob/main/packages/nextjs/CHANGELOG.md)
- [Commits](https://github.com/clerk/javascript/commits/@clerk/nextjs@7.5.14/packages/nextjs)

Updates `next` from 15.5.18 to 15.5.20
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v15.5.18...v15.5.20)

Updates `tsx` from 4.22.1 to 4.23.0
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.22.1...v4.23.0)

Updates `vitest` from 3.2.6 to 3.2.7
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.7/packages/vitest)

Updates `vite` from 8.0.13 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

---
updated-dependencies:
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@clack/prompts"
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: posthog-node
  dependency-version: 5.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@rollup/rollup-linux-x64-gnu"
  dependency-version: 4.62.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: arktype
  dependency-version: 2.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: "@cipherstash/protect-ffi"
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@stricli/core"
  dependency-version: 1.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: "@anthropic-ai/claude-agent-sdk"
  dependency-version: 0.3.204
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.110.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@cipherstash/auth-darwin-arm64"
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@cipherstash/auth-darwin-x64"
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@cipherstash/auth-linux-arm64-gnu"
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@cipherstash/auth-linux-x64-gnu"
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@cipherstash/auth-linux-x64-musl"
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@cipherstash/auth-win32-x64-msvc"
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: "@clerk/nextjs"
  dependency-version: 7.5.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: next
  dependency-version: 15.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: tsx
  dependency-version: 4.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: vitest
  dependency-version: 3.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Dependabot's group update moved protect-ffi to 0.28.0 everywhere for group
consistency — which UPGRADED the sunsetting legacy packages/protect from its
pinned 0.23.0 (0.24+ renames the ProtectError/ProtectErrorCode exports it
imports, breaking its build) while DOWNGRADING the stack packages from 0.29.0.
protect-ffi is release-managed manually in this repo; restore every pin to
main's values and regenerate the lockfile.

Claude-Session: https://claude.ai/code/session_01MxTTPaPP16m6br7Hoab94w
protect-ffi is release-managed manually alongside stack releases, and grouped
bumps are actively harmful: "group consistency" upgraded the sunsetting
packages/protect off its 0.23.0 pin (0.24+ renames the exports it imports)
while DOWNGRADING the stack packages from 0.29.0. Ignore it like the other
manually-managed @cipherstash deps so Dependabot stops re-proposing the bump.

Claude-Session: https://claude.ai/code/session_01MxTTPaPP16m6br7Hoab94w
@coderdan
coderdan force-pushed the chore/deps-production-minor-patch branch from 792259b to 2375a24 Compare July 16, 2026 07:14
@coderdan
coderdan merged commit 0ac45e8 into main Jul 16, 2026
15 checks passed
@coderdan
coderdan deleted the chore/deps-production-minor-patch branch July 16, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant