Skip to content

chore(deps): bump the npm-minor-patch group across 1 directory with 13 updates#382

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-patch-3b39113210
Open

chore(deps): bump the npm-minor-patch group across 1 directory with 13 updates#382
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-patch-3b39113210

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor-patch group with 13 updates in the / directory:

Package From To
tsx 4.22.4 4.23.1
turbo 2.10.0 2.10.4
@vercel/node 5.8.22 5.8.23
js-yaml 5.2.0 5.2.1
postcss 8.5.16 8.5.19
@anthropic-ai/sdk 0.107.0 0.111.0
nodemailer 9.0.1 9.0.3
lru-cache 11.5.1 11.5.2
prettier 3.9.3 3.9.5
three 0.185.0 0.185.1
@types/three 0.185.0 0.185.1
react-router-dom 7.18.0 7.18.1
hardhat 2.22.5 2.28.6

Updates tsx from 4.22.4 to 4.23.1

Release notes

Sourced from tsx's releases.

v4.23.1

4.23.1 (2026-07-13)

Bug Fixes

  • support tsImport after global preload (8d4ffc2)
  • watch: avoid clearing piped output (95d0672)
  • watch: treat script and dependency paths literally (79fddde)

Performance Improvements

  • index transform cache lazily (e818ad6)
  • load esbuild lazily in CLI (d067938)
  • map Node TypeScript formats directly (cdcc623)
  • use sync module hooks on Node v22.22.3+ (f8992f1)

This release is also available on:

v4.23.0

4.23.0 (2026-07-03)

Bug Fixes

Features


This release is also available on:

v4.22.5

4.22.5 (2026-07-02)

Bug Fixes

  • isolate hook state per async module.register() registration (a305f36)

This release is also available on:

Commits
  • 79fddde fix(watch): treat script and dependency paths literally
  • e818ad6 perf: index transform cache lazily
  • cdcc623 perf: map Node TypeScript formats directly
  • d067938 perf: load esbuild lazily in CLI
  • 95d0672 fix(watch): avoid clearing piped output
  • 6fd4607 docs: add per-page metadata
  • f4176d8 docs: generate sitemap
  • 8d4ffc2 fix: support tsImport after global preload
  • f0e89b2 docs: document Node's public type-stripping API vs internal loader path
  • f8992f1 perf: use sync module hooks on Node v22.22.3+
  • Additional commits viewable in compare view

Updates turbo from 2.10.0 to 2.10.4

Release notes

Sourced from turbo's releases.

Turborepo v2.10.4

What's Changed

Changelog

... (truncated)

Commits
  • 1506a11 publish 2.10.4 to registry
  • 11a68c7 fix: Stop flagging relative imports that resolve into node_modules in boundar...
  • 947b478 fix: Raise the open-file soft limit at startup (#13282)
  • ddc584d feat: Make turbo prune Cargo-aware (#13281)
  • ff0d508 perf: Skip dependency-closure assembly for toolchains that derive nothing (#1...
  • 39d623e feat: Make turbo watch Cargo-aware (#13280)
  • af01fdf fix: Collapse nested package-manager fallback conditional (#13279)
  • 7e02f94 release(turborepo): 2.10.4-canary.2 (#13278)
  • 8e3a59f release(library): 0.0.1-canary.23 (#13276)
  • ce18f0a test: Add end-to-end coverage for Cargo workspaces (#13274)
  • Additional commits viewable in compare view

Updates @vercel/node from 5.8.22 to 5.8.23

Release notes

Sourced from @​vercel/node's releases.

@​vercel/node@​5.8.23

Patch Changes

  • Updated dependencies [7b30856]
    • @​vercel/build-utils@​13.32.3
Changelog

Sourced from @​vercel/node's changelog.

5.8.23

Patch Changes

  • Updated dependencies [7b30856]
    • @​vercel/build-utils@​13.32.3
Commits

Updates js-yaml from 5.2.0 to 5.2.1

Changelog

Sourced from js-yaml's changelog.

[5.2.1] - 2026-07-02

Fixed

  • Add Map support to !!omap (should work when realMapTag used)

Security

  • Remove quadratic complexity from !!omap addItem. Regression from v5 (usually not critical, because YAML11_SCHEMA is not default anymore).

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.
Commits

Updates postcss from 8.5.16 to 8.5.19

Release notes

Sourced from postcss's releases.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).

8.5.18

  • Restricted loading previous source maps file to the opts.from folder for security reasons (use unsafeMap: true to disable the check).

8.5.17

  • Fixed Maximum call stack size exceeded error.
  • Fixed Prototype hijacking for postcss.fromJSON().
  • Fixed Input#origin() for unmapped end position (by @​chatman-media).
Changelog

Sourced from postcss's changelog.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).

8.5.18

  • Restricted loading previous source maps file to the opts.from folder for security reasons (use unsafeMap: true to disable the check).

8.5.17

  • Fixed Maximum call stack size exceeded error.
  • Fixed Prototype hijacking for postcss.fromJSON().
  • Fixed Input#origin() for unmapped end position (by @​chatman-media).
Commits
  • 9543b22 Release 8.5.19 version
  • 3d13bf9 Fix CI on Windows too
  • 00d0dd2 Keep explicitly set raws.before when inserting nodes into root (#2111)
  • 7a05b33 Temporary fix CI
  • 4c0d194 Release 8.5.18 version
  • 92b4e78 Update dependencies
  • 95663d3 Limit where source map can be loaded for security reasons
  • 74e25ae Release 8.5.17 version
  • d1518af Fix Maximum call stack size exceeded error
  • 2421312 Fix linter
  • Additional commits viewable in compare view

Updates @anthropic-ai/sdk from 0.107.0 to 0.111.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.111.0

0.111.0 (2026-07-10)

Full Changelog: sdk-v0.110.0...sdk-v0.111.0

Features

  • api: add support for dreaming (77b28a6)
  • tools: gate session tool calls on evaluated_permission; bound idle by server stop_reason (68a6d7b)

Chores

  • docs: small updates to field descriptions (e25b885)
  • docs: update model example (a33f3f0)
  • docs: updates to descriptions and examples (eac4bac)

sdk: v0.110.0

0.110.0 (2026-07-02)

Full Changelog: sdk-v0.109.1...sdk-v0.110.0

Features

  • api: add agent-memory-2026-07-22 beta header (a470e10)

sdk: v0.109.1

0.109.1 (2026-07-01)

Full Changelog: sdk-v0.109.0...sdk-v0.109.1

Chores

  • api: remove some nonfunctional types from the SDKs (cc4dd4e)

sdk: v0.109.0

0.109.0 (2026-06-30)

Full Changelog: sdk-v0.108.0...sdk-v0.109.0

Features

  • api: add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (7f3211b)

sdk: v0.108.0

0.108.0 (2026-06-30)

Full Changelog: sdk-v0.107.0...sdk-v0.108.0

Features

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.111.0 (2026-07-10)

Full Changelog: sdk-v0.110.0...sdk-v0.111.0

Features

  • api: add support for dreaming (77b28a6)
  • tools: gate session tool calls on evaluated_permission; bound idle by server stop_reason (68a6d7b)

Chores

  • docs: small updates to field descriptions (e25b885)
  • docs: update model example (a33f3f0)
  • docs: updates to descriptions and examples (eac4bac)

0.110.0 (2026-07-02)

Full Changelog: sdk-v0.109.1...sdk-v0.110.0

Features

  • api: add agent-memory-2026-07-22 beta header (a470e10)

0.109.1 (2026-07-01)

Full Changelog: sdk-v0.109.0...sdk-v0.109.1

Chores

  • api: remove some nonfunctional types from the SDKs (cc4dd4e)

0.109.0 (2026-06-30)

Full Changelog: sdk-v0.108.0...sdk-v0.109.0

Features

  • api: add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (7f3211b)

0.108.0 (2026-06-30)

Full Changelog: sdk-v0.107.0...sdk-v0.108.0

Features

  • api: add support for claude-sonnet-5 (4588db0)

Bug Fixes

... (truncated)

Commits
  • 9e46760 chore: release main
  • 8d461ea feat(api): add support for dreaming
  • 9436e29 codegen metadata
  • 0aec1e7 feat(tools): gate session tool calls on evaluated_permission; bound idle by s...
  • ac2fc67 chore(docs): update model example
  • c8af65d chore(docs): updates to descriptions and examples
  • 2a3a904 codegen metadata
  • 57c56c9 chore(docs): small updates to field descriptions
  • 4f2eb80 chore: release main (#1107)
  • 96d1a99 chore: release main (#1106)
  • Additional commits viewable in compare view

Updates nodemailer from 9.0.1 to 9.0.3

Release notes

Sourced from nodemailer's releases.

v9.0.3

9.0.3 (2026-06-30)

Bug Fixes

  • smtp-connection: harden STARTTLS upgrade and secure socket handling (#1835) (07d8253)

v9.0.2

9.0.2 (2026-06-29)

Bug Fixes

  • addressparser: keep operator chars inside an address-literal as text (#1829) (9ba1064)
  • harden smtp-connection low-severity issues (22ddcea)
  • harden smtp-connection response parsing and socket lifecycle (68860b9)
  • prevent SES transport callback double-invocation and hang on sync errors (#1831) (9517bc5)
  • reject CRLF in HTTP proxy CONNECT destination to prevent request injection (6347b47)
Changelog

Sourced from nodemailer's changelog.

9.0.3 (2026-06-30)

Bug Fixes

  • smtp-connection: harden STARTTLS upgrade and secure socket handling (#1835) (07d8253)

9.0.2 (2026-06-29)

Bug Fixes

  • addressparser: keep operator chars inside an address-literal as text (#1829) (9ba1064)
  • harden smtp-connection low-severity issues (22ddcea)
  • harden smtp-connection response parsing and socket lifecycle (68860b9)
  • prevent SES transport callback double-invocation and hang on sync errors (#1831) (9517bc5)
  • reject CRLF in HTTP proxy CONNECT destination to prevent request injection (6347b47)
Commits
  • 1f61eb4 chore(master): release 9.0.3 (#1836)
  • 07d8253 fix(smtp-connection): harden STARTTLS upgrade and secure socket handling (#1835)
  • 4801f3a chore(master): release 9.0.2 (#1832)
  • 9ba1064 fix(addressparser): keep operator chars inside an address-literal as text (#1...
  • 22ddcea fix: harden smtp-connection low-severity issues
  • af002eb chore: add Node.js 26 to the CI test matrix
  • 6347b47 fix: reject CRLF in HTTP proxy CONNECT destination to prevent request injection
  • 68860b9 fix: harden smtp-connection response parsing and socket lifecycle
  • 9517bc5 fix: prevent SES transport callback double-invocation and hang on sync errors...
  • See full diff in compare view

Updates lru-cache from 11.5.1 to 11.5.2

Commits

Updates prettier from 3.9.3 to 3.9.5

Release notes

Sourced from prettier's releases.

3.9.5

🔗 Changelog

3.9.4

  • Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.5

diff

Markdown: Cap ordered list mark at 999,999,999 (#19351 by @​tats-u)

CommonMark parsers only support ordered list item numbers up to 999,999,999.

With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:

<!-- Input -->
999999998. text
999999998. text
999999998. text
999999998. text
1234567890123456789012) text
<!-- Prettier 3.9.4 -->
999999998. text
999999999. text
1000000000. text
1000000001. text
1234567890123456789012) text
<!-- Prettier 3.9.5 -->
999999998. text
999999999. text
999999999. text
999999999. text
1234567890123456789012) text

Markdown: Avoid corrupting empty link with title (#19487 by @​andersk)

Do not remove <> from an inline link or image with an empty URL and a title, as this removal would change its interpretation.

<!-- Input -->
[link](https://github.com/prettier/prettier/blob/main/<> "title")
<!-- Prettier 3.9.4 -->
[link](https://github.com/prettier/prettier/blob/main/ "title")
<!-- Prettier 3.9.5 -->
</tr></table>

... (truncated)

Commits

Updates three from 0.185.0 to 0.185.1

Commits

Updates @types/three from 0.185.0 to 0.185.1

Commits

Updates @types/three from 0.185.0 to 0.185.1

Commits

Updates react-router-dom from 7.18.0 to 7.18.1

Changelog

Sourced from react-router-dom's changelog.

v7.18.1

Patch Changes

Commits

Updates hardhat from 2.22.5 to 2.28.6

Changelog

Sourced from hardhat's changelog.

hardhat

3.9.1

Patch Changes

  • #8234 81871fd Thanks @​tenderdeve! - Explain the unsupported cheatcode eip712HashType(string,string) and point to the documentation for the alternative instead.

  • #8400 2f48724 Thanks @​kanej! - Support setting the transaction gas cap in Solidity Tests

  • #8367 82d00fc Thanks @​alcuadrado! - Lazy load dependencies to optimize bootstrap time

  • #8391 f3c5727 Thanks @​schaable! - Make hardhat test solidity --snapshot-check read-only. It no longer rewrites or deletes .gas-snapshot or snapshots/*.json files, and instead reports differences. The command now fails when a stored gas value differs from the current one, or when no baseline exists, with a hint to run --snapshot.

  • #8332 e542a48 Thanks @​gultekinmakif! - Fixed a crash that could occur when a network returned an unexpected response while resolving the default sender account

  • #8385 946e379 Thanks @​BROCCOLO1D! - When a Hardhat 2 plugin calls an API that no longer exists in Hardhat 3, the error now names the specific API that was used and explains how to migrate it to Hardhat 3.

  • Updated dependencies:

    • @​nomicfoundation/hardhat-errors@​3.0.16
    • @​nomicfoundation/hardhat-utils@​4.1.4

3.9.0

Minor Changes

  • #8380 0fd498d Thanks @​kanej! - Added support for coverage.skipFiles, a list of globs of Solidity files to exclude from coverage instrumentation and reporting during a --coverage run.

Patch Changes

  • #8383 1660f1e Thanks @​schaable! - Fixed an intermittent "Provider for provided chain type does not exist" error that could occur when multiple network connections were created concurrently.

  • #8371 287620e Thanks @​gultekinmakif! - Account overrides that share an address with the network's built-in genesis accounts are now correctly merged into a single genesis entry.

  • #8375 931a5f0 Thanks @​schaable! - Suppressed the solc initcode size warning for Solidity test contracts and when running under --coverage.

  • #8372 5f6aff2 Thanks @​gultekinmakif! - Improved validation for initialDate network configuration. Invalid Date objects and unparseable date strings are now rejected during config loading rather than causing a runtime error later.

3.8.0

Minor Changes

  • #8339 f21390f Thanks @​alcuadrado! - Added definePlugin, a new helper exported from hardhat/plugins. Plugin authors should wrap their plugin literal with it so the default export of their index module becomes:

    import type { HardhatPlugin } from "hardhat/types/plugins";
    import { definePlugin } from "hardhat/plugins";
    const hardhatPlugin: HardhatPlugin = definePlugin({

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hardhat since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…3 updates

Bumps the npm-minor-patch group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [tsx](https://github.com/privatenumber/tsx) | `4.22.4` | `4.23.1` |
| [turbo](https://github.com/vercel/turborepo) | `2.10.0` | `2.10.4` |
| [@vercel/node](https://github.com/vercel/vercel/tree/HEAD/packages/node) | `5.8.22` | `5.8.23` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `5.2.0` | `5.2.1` |
| [postcss](https://github.com/postcss/postcss) | `8.5.16` | `8.5.19` |
| [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.107.0` | `0.111.0` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `9.0.1` | `9.0.3` |
| [lru-cache](https://github.com/isaacs/node-lru-cache) | `11.5.1` | `11.5.2` |
| [prettier](https://github.com/prettier/prettier) | `3.9.3` | `3.9.5` |
| [three](https://github.com/mrdoob/three.js) | `0.185.0` | `0.185.1` |
| [@types/three](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/three) | `0.185.0` | `0.185.1` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.18.0` | `7.18.1` |
| [hardhat](https://github.com/NomicFoundation/hardhat/tree/HEAD/packages/hardhat) | `2.22.5` | `2.28.6` |



Updates `tsx` from 4.22.4 to 4.23.1
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.22.4...v4.23.1)

Updates `turbo` from 2.10.0 to 2.10.4
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.10.0...v2.10.4)

Updates `@vercel/node` from 5.8.22 to 5.8.23
- [Release notes](https://github.com/vercel/vercel/releases)
- [Changelog](https://github.com/vercel/vercel/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/vercel/vercel/commits/@vercel/[email protected]/packages/node)

Updates `js-yaml` from 5.2.0 to 5.2.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.2.0...5.2.1)

Updates `postcss` from 8.5.16 to 8.5.19
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.16...8.5.19)

Updates `@anthropic-ai/sdk` from 0.107.0 to 0.111.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.107.0...sdk-v0.111.0)

Updates `nodemailer` from 9.0.1 to 9.0.3
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v9.0.1...v9.0.3)

Updates `lru-cache` from 11.5.1 to 11.5.2
- [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-lru-cache@v11.5.1...v11.5.2)

Updates `prettier` from 3.9.3 to 3.9.5
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.9.3...3.9.5)

Updates `three` from 0.185.0 to 0.185.1
- [Release notes](https://github.com/mrdoob/three.js/releases)
- [Commits](https://github.com/mrdoob/three.js/commits)

Updates `@types/three` from 0.185.0 to 0.185.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/three)

Updates `@types/three` from 0.185.0 to 0.185.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/three)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/[email protected]/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/[email protected]/packages/react-router-dom)

Updates `hardhat` from 2.22.5 to 2.28.6
- [Release notes](https://github.com/NomicFoundation/hardhat/releases)
- [Changelog](https://github.com/NomicFoundation/hardhat/blob/main/packages/hardhat/CHANGELOG.md)
- [Commits](https://github.com/NomicFoundation/hardhat/commits/[email protected]/packages/hardhat)

---
updated-dependencies:
- dependency-name: tsx
  dependency-version: 4.23.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
- dependency-name: turbo
  dependency-version: 2.10.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: "@vercel/node"
  dependency-version: 5.8.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: postcss
  dependency-version: 8.5.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.111.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
- dependency-name: nodemailer
  dependency-version: 9.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: lru-cache
  dependency-version: 11.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: prettier
  dependency-version: 3.9.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: three
  dependency-version: 0.185.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: "@types/three"
  dependency-version: 0.185.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: "@types/three"
  dependency-version: 0.185.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: hardhat
  dependency-version: 2.28.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

Copy link
Copy Markdown
Contributor

🌀 Mobius PR Bot — EPICON-02 Check: ❌ FAIL

Intent Publication

Field Value
ledger_id ``
scope ``
mode normal
emergency_scope ``
issued_at ``
expires_at ``
justification_hash (sha256) ``
previous_hash (none)

Divergence Severity

🔴 HIGH

Changed Files

  • apps/api-gateway/package.json
  • apps/aurea-site/package.json
  • apps/broker-api/package.json
  • apps/dva-lite-api/package.json
  • apps/encyclopedia-api/package.json
  • apps/gic-gateway/package.json
  • apps/habits-api/package.json
  • apps/habits-web/package.json
  • apps/hub-web/package.json
  • apps/integrity-pulse/package.json
  • apps/mcp-server/package.json
  • apps/mobius-landing/package.json
  • apps/portal/package.json
  • apps/shield-api/package.json
  • labs/lab6-proof/package.json
  • … +11 more

Labels Applied

  • (none)

Notes

  • ⚠️ counterfactuals missing (recommended): add at least 1

Failures

  • ❌ Missing required header: 'EPICON-02 INTENT PUBLICATION'
  • ❌ Missing required field: ledger_id
  • ❌ Missing required field: scope
  • ❌ Missing required field: issued_at
  • ❌ Missing required field: expires_at
  • ❌ Missing required field: justification
  • ❌ Scope violation: PR changes files outside declared scope
  • ❌ Out-of-scope files:
  • apps/api-gateway/package.json
  • apps/aurea-site/package.json
  • apps/broker-api/package.json
  • apps/dva-lite-api/package.json
  • apps/encyclopedia-api/package.json
  • apps/gic-gateway/package.json
  • apps/habits-api/package.json
  • apps/habits-web/package.json
  • apps/hub-web/package.json
  • apps/integrity-pulse/package.json
  • apps/mcp-server/package.json
  • apps/mobius-landing/package.json
  • apps/portal/package.json
  • apps/shield-api/package.json
  • labs/lab6-proof/package.json
  • package-lock.json
  • package.json
  • packages/codex-agentic/package.json
  • packages/gic-registry-contracts/package.json
  • packages/integrity-core/package.json
  • ❌ ... and 6 more

📝 Auto-Generated Template

Paste this template into your PR description and fill it out:

EPICON-02 INTENT PUBLICATION

ledger_id: mobius:<your-ledger-id>
scope: core, labs
mode: normal
issued_at: 2026-07-13T15:55:32Z
expires_at: 2026-10-11T15:55:32Z
justification: |
  This change modifies core application code.
counterfactuals:
  - If this change breaks existing functionality, it should be reverted.

How to Fix

  1. Ensure the PR body includes the EPICON-02 INTENT PUBLICATION block
  2. Fill all required fields: ledger_id, scope, issued_at, expires_at, justification
  3. Keep scope aligned with changed files (or reduce PR surface)
  4. Use ISO-8601 timestamps with Z suffix
  5. If justification changes, set intent_evolution: true with supersedes_hash and evolution_reason
  6. For emergency mode: set mode: emergency AND emergency_scope (≤72h window)

🔎 Why This Failed

  • Authority was exercised without a published intent.
  • Changed files affect governance control-plane.
  • EPICON-02 requires time-bounded, auditable justification.

👉 Learn more: docs/epicon/EXPLAIN_FAILURE.md


EPICON-02 Reference · Formal Invariants

@github-actions

Copy link
Copy Markdown
Contributor

Drift Compliance: All test vectors passed GI threshold validation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants