Lock file maintenance npm dependencies (main)#3370
Conversation
|
🤖 Finished Review · ✅ Success · Started 4:49 AM UTC · Completed 4:58 AM UTC |
Codecov Report✅ All modified and coverable lines are covered by tests.
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
|
Looks good to me Labels: Lock file maintenance PR updating npm dependencies fits the 'dependencies' label. Previous runReviewFindingsHigh
Low
Labels: PR contains a dependency version bump that requires manual verification for supply chain integrity |
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
976122f to
4cf619c
Compare
|
🤖 Finished Review · ✅ Success · Started 2:22 AM UTC · Completed 2:29 AM UTC |
| "version": "4.17.21", | ||
| "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", | ||
| "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", | ||
| "version": "4.18.1", |
There was a problem hiding this comment.
[low] Supply Chain
lodash is being bumped from 4.17.21 to 4.18.1. This version was independently verified as a legitimate release published on 2026-04-01 by jonchurch (current lodash maintainer) via the lodash GitHub repository. The release contains bug fixes for ReferenceError in template and fromPairs functions in modular builds. No supply chain concern remains.
This PR contains the following updates:
Warning
Some dependencies could not be looked up. Check the warning logs for more information.
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: (UTC)
* 0-4 * * *)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.