Skip to content

♻️ Pin dependencies#30

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pin-dependencies
Open

♻️ Pin dependencies#30
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pin-dependencies

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Aug 7, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
@eslint/js (source) devDependencies pin ^9.26.09.39.4
@modelcontextprotocol/sdk (source) dependencies pin ^1.26.01.26.0
@stricli/core (source) devDependencies pin ^1.1.11.1.1
@types/express (source) devDependencies pin ^4.17.214.17.25
decimal.js dependencies pin ^10.4.310.6.0
eslint (source) devDependencies pin ^9.26.09.39.4
express (source) devDependencies pin ^4.21.24.22.1
globals devDependencies pin ^15.14.015.15.0
typescript (source) devDependencies pin ~5.8.35.8.3
typescript-eslint (source) devDependencies pin ^8.26.08.59.0
zod (source) dependencies pin ^3.25.0 || ^4.0.03.25.76

⚠️ Renovate's pin functionality does not currently wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

Configuration

📅 Schedule: (in timezone America/Chicago)

  • Branch creation
    • "after 2pm every weekday,before 5am every weekday,every weekend"
  • Automerge
    • "after 6pm every weekday,before 9am every weekday,every weekend"

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested review from a team, atonks2 and gamell August 7, 2025 01:57
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 7 times, most recently from debab31 to 2fabdb1 Compare August 14, 2025 00:34
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from a0e3d5a to 5079b70 Compare August 21, 2025 14:54
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from 8cb0ba8 to d05eec2 Compare August 29, 2025 00:33
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 3 times, most recently from e2cb1db to e126e6a Compare September 5, 2025 00:31
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from b68a9cf to 6802e4c Compare September 16, 2025 00:30
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from 5130ec4 to cfc60f7 Compare September 22, 2025 19:50
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from f86da93 to c462495 Compare October 23, 2025 00:32
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from 6369b62 to 9fb562b Compare October 30, 2025 00:33
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 11 times, most recently from 8cddd2a to b13d630 Compare November 8, 2025 00:31
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 7 times, most recently from cd2a290 to 9c431ee Compare November 14, 2025 23:18
cursor[bot]
cursor Bot reviewed Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit baa0724. Configure here.

Comment thread package.json Outdated
"zod": "^3.25.0 || ^4.0.0"
"@modelcontextprotocol/sdk": "1.26.0",
"decimal.js": "10.6.0",
"zod": "3.25.49"
Copy link
Copy Markdown

@cursor cursor Bot Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bun.lock not updated to match pinned versions

Medium Severity

package.json and package-lock.json were pinned to exact versions, but bun.lock was not regenerated. Its workspace block still records the old caret/tilde ranges, and several resolved entries (e.g. @modelcontextprotocol/sdk@1.29.0, eslint@9.39.4, @eslint/js@9.39.4, typescript-eslint@8.46.2) no longer satisfy the new exact pins. Since the build, test setup, and bun src/mcp-server/build.mts flow rely on bun install, npm and bun consumers will end up on different dependency graphs.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit baa0724. Configure here.

@cursor
Copy link
Copy Markdown

cursor Bot commented Apr 26, 2026

You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace.

To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard.

1 similar comment
@cursor
Copy link
Copy Markdown

cursor Bot commented May 2, 2026

You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace.

To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@atonks2 atonks2 Awaiting requested review from atonks2

@gamell gamell Awaiting requested review from gamell

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants