Skip to content

update deps + pnpm #2228

Merged
r0b1n merged 2 commits into
mainfrom
snyk/brace
May 26, 2026
Merged

update deps + pnpm #2228
r0b1n merged 2 commits into
mainfrom
snyk/brace

Conversation

@r0b1n
Copy link
Copy Markdown
Collaborator

@r0b1n r0b1n commented May 26, 2026

No description provided.

@r0b1n r0b1n requested a review from a team as a code owner May 26, 2026 07:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026

AI Code Review

⚠️ Approved with suggestions — low-severity items only, safe to merge

What was reviewed

File Change
package.json packageManager field bumped from pnpm@10.28.2 to pnpm@10.33.4 with updated SHA512 hash

Skipped (out of scope): pnpm-lock.yaml (lockfile), CI checks (approval required in this environment)

Findings

⚠️ Low — engines.pnpm upper bound may be too broad

File: package.json line ~34
Note: The engines field still reads "pnpm": "<11.x.x". While this technically allows 10.33.4, the constraint syntax <11.x.x is non-standard semver — <11 is the canonical form. Worth tidying alongside this bump so the constraint is unambiguous.

Positives

  • SHA512 hash is updated alongside the version bump, ensuring integrity verification stays in sync with the new pnpm release.
  • Lockfile (pnpm-lock.yaml) correctly re-resolves brace-expansion from 5.0.55.0.6 and minimatch transitive snapshots, keeping the lockfile consistent with the new pnpm version.

@r0b1n r0b1n merged commit 130cd9b into main May 26, 2026
23 checks passed
@r0b1n r0b1n deleted the snyk/brace branch May 26, 2026 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gjulivan gjulivan gjulivan approved these changes

@iobuhov iobuhov iobuhov approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@r0b1n @gjulivan @iobuhov