Bump bonjour-service from 1.3.0 to 1.4.0 in /apps/desktop

[dependabot]

Bumps bonjour-service from 1.3.0 to 1.4.0.

Release notes

Sourced from bonjour-service's releases.

1.4.0

What's Changed

• Always define start and stop on Service by @​EvanHahn in onlxltd/bonjour-service#48
• feat: track service ttl and lastSeen by @​Julusian in onlxltd/bonjour-service#55
• Bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in onlxltd/bonjour-service#71
• feat: add types to browser eventemitter by @​Julusian in onlxltd/bonjour-service#56
• feat: add srv-update event by @​Julusian in onlxltd/bonjour-service#57
• fix: Properly advertise service type for discovery in mDNS browsers. by @​Zandor300 in onlxltd/bonjour-service#67

New Contributors

• @​EvanHahn made their first contribution in onlxltd/bonjour-service#48
• @​Julusian made their first contribution in onlxltd/bonjour-service#55
• @​Zandor300 made their first contribution in onlxltd/bonjour-service#67

Full Changelog: onlxltd/bonjour-service@1.3.0...1.4.0

Commits

• 92b7148 Update README.md
• b011099 Delete install-state.gz
• 3525cb6 Update .gitignore
• 332e76e Update publish-release.yml
• 52c88c2 Update publish-release.yml
• fb7e6ec Update build-and-test.yml
• abfdf05 Update build-and-test.yml
• b08aa2f Update build-and-test.yml
• 5f1e277 Update build-and-test.yml
• 531026f Update build-and-test.yml
• Additional commits viewable in compare view

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
ade	Ignored	Preview	May 31, 2026 12:07am

[greptile-apps]

PR author is in the excluded authors list.

[capy-ai]

Capy auto-review is paused for this organization because the monthly auto-review limit has been reached. Increase the limit or turn it off in billing settings to resume automatic reviews.

[cursor]

PR Review

Scope: 2 file(s), +5 / −5
Verdict: Needs changes

Dependabot bumps bonjour-service from 1.3.0 to 1.4.0 in apps/desktop only (lockfile + package.json). No application source changes. The blocker is that 1.4.0 changes the package's TypeScript export shape, which breaks the existing named type imports in LAN runtime discovery code and will fail the typecheck-desktop CI job.

---

🐛 Functionality

[High] bonjour-service@1.4.0 breaks desktop typecheck

File: apps/desktop/src/main/services/remoteRuntime/runtimeDiscovery.ts:L6-L7,L267,L269
Issue: Version 1.4.0 ships export = Bonjour with Service and Browser exposed as namespace values, not type-only exports. The existing import { …, type Browser, type Service as BonjourService } from "bonjour-service" then fails tsc with TS2749 ("refers to a value, but is being used as a type") on the BonjourServiceLike, Browser, and event-handler parameter types.
Repro: On the PR branch, run cd apps/desktop && npm ci && npm run typecheck — three errors in runtimeDiscovery.ts (verified locally against 1.4.0; clean with 1.3.0).
Fix: Either adjust imports to match 1.4.0's typings (e.g. import Bonjour, { Service, Browser } from "bonjour-service" and use import type / InstanceType<typeof Service> as needed), or pin at 1.3.0 until call sites are updated. apps/desktop/package.json:L84 is the version line that triggers the break.

---

Notes

• Positive: 1.4.0 adds browser srv-update, TTL/lastSeen tracking, and a publish-side fix for _services._dns-sd._udp browsing (#67). Desktop only browses _ade-sync._tcp in discoverLanRuntimes, so the publish fix mainly matters if apps/ade-cli is bumped too (it still pins ^1.3.0).
• Security / dependency: Same MIT package and maintainer; no new trust boundary in this diff. mDNS TXT is already normalized in discoveredRuntimeFromBonjourService before use — unchanged by this bump.
• Follow-up: Consider a coordinated Dependabot PR for apps/ade-cli if you want the publish-side discovery improvements on the sync host path.

  

_{Sent by Cursor Automation: BUGBOT in Versic}