Skip to content

fix(deps): update patch tuesday #1882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
simonknittel merged 1 commit into from
Jan 27, 2026
Merged

fix(deps): update patch tuesday #1882

simonknittel merged 1 commit into from
Jan 27, 2026

Conversation

@simonknittel
Copy link
Owner

@simonknittel simonknittel commented Jan 27, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@aws-sdk/client-dynamodb (source) 3.968.0 -> 3.971.0 age confidence dependencies minor 3.975.0 (+2)
@aws-sdk/client-eventbridge (source) 3.968.0 -> 3.971.0 age confidence dependencies minor 3.975.0 (+2)
@aws-sdk/client-s3 (source) 3.968.0 -> 3.971.0 age confidence dependencies minor 3.975.0 (+2)
@aws-sdk/client-ssm (source) 3.968.0 -> 3.971.0 age confidence dependencies minor 3.975.0 (+2)
@aws-sdk/s3-request-presigner (source) 3.968.0 -> 3.971.0 age confidence dependencies minor 3.975.0 (+2)
@paralleldrive/cuid2 3.0.6 -> 3.1.0 age confidence dependencies minor 3.3.0 (+1)
@tanstack/eslint-plugin-query (source) 5.91.2 -> 5.91.3 age confidence devDependencies patch
@tanstack/react-query (source) 5.90.16 -> 5.90.19 age confidence dependencies patch 5.90.20
@types/aws-lambda (source) 8.10.159 -> 8.10.160 age confidence devDependencies patch
@types/node (source) 22.19.6 -> 22.19.7 age confidence devDependencies patch
@typescript-eslint/eslint-plugin (source) 8.53.0 -> 8.53.1 age confidence devDependencies patch 8.54.0
@typescript-eslint/parser (source) 8.53.0 -> 8.53.1 age confidence devDependencies patch 8.54.0
actions/setup-node v6.1.0 -> v6.2.0 age confidence action minor
eslint-config-next (source) 16.1.1 -> 16.1.4 age confidence devDependencies patch 16.1.5
next (source) 16.1.1 -> 16.1.4 age confidence dependencies patch 16.1.5
node 22.21.1-bookworm -> 22.22.0-bookworm age confidence final minor
oven-sh/setup-bun v2.1.0 -> v2.1.2 age confidence action patch
prettier (source) 3.7.4 -> 3.8.0 age confidence devDependencies minor 3.8.1
react-error-boundary (source) 6.0.3 -> 6.1.0 age confidence dependencies minor
react-hotkeys-hook (source) 5.2.1 -> 5.2.3 age confidence dependencies patch

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-dynamodb)

v3.971.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-dynamodb

v3.970.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-dynamodb

v3.969.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-dynamodb

aws/aws-sdk-js-v3 (@​aws-sdk/client-eventbridge)

v3.971.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-eventbridge

v3.970.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-eventbridge

v3.969.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-eventbridge

aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)

v3.971.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.970.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.969.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

aws/aws-sdk-js-v3 (@​aws-sdk/client-ssm)

v3.971.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ssm

v3.970.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ssm

v3.969.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-ssm

aws/aws-sdk-js-v3 (@​aws-sdk/s3-request-presigner)

v3.971.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.970.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.969.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

ericelliott/cuid2 (@​paralleldrive/cuid2)

v3.1.0

Compare Source

TanStack/query (@​tanstack/eslint-plugin-query)

v5.91.3

Compare Source

Patch Changes
  • exhaustive-deps rule fixed for vue files (#​10011)
TanStack/query (@​tanstack/react-query)

v5.90.19

Compare Source

Patch Changes

v5.90.18

Compare Source

Patch Changes

v5.90.17

Compare Source

Patch Changes
typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.53.1

Compare Source

🩹 Fixes
  • utils: make RuleCreator root defaultOptions optional (#​11956)
  • eslint-plugin: [consistent-indexed-object-style] skip fixer if interface is a default export (#​11951)
❤️ Thank You

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.53.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

actions/setup-node (actions/setup-node)

v6.2.0

Compare Source

What's Changed
Documentation
Dependency updates:
New Contributors

Full Changelog: actions/setup-node@v6...v6.2.0

vercel/next.js (eslint-config-next)

v16.1.4

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
  • Only filter next config if experimental flag is enabled (#​88733)
Credits

Huge thanks to @​mischnic for helping!

v16.1.3

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
  • Fix linked list bug in LRU deleteFromLru (#​88652)
  • Fix relative same host redirects in node middleware (#​88253)
Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
  • Turbopack: Update to swc_core v50.2.3 (#​87841) (#​88296)
    • Fixes a crash when processing mdx files with multibyte characters. (#​87713)
  • Turbopack: mimalloc upgrade and enabling it on musl (#​88503) (#​87815) (#​88426)
    • Fixes a significant performance issue on musl-based Linux distributions (e.g. Alpine in Docker) related to musl's allocator.
    • Other platforms have always used mimalloc, but we previously did not use mimalloc on musl because of compilation issues that have since been resolved.
Credits

Huge thanks to @​mischnic for helping!

nodejs/node (node)

v22.22.0: 2026-01-13, Version 22.22.0 'Jod' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

  • (CVE-2025-59465) add TLSSocket default error handler
  • (CVE-2025-55132) disable futimes when permission model is enabled
    lib,permission:
  • (CVE-2025-55130) require full read and write to symlink APIs
    src:
  • (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
    src,lib:
  • (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
    tls:
  • (CVE-2026-21637) route callback exceptions through error handlers
Commits
oven-sh/setup-bun (oven-sh/setup-bun)

v2.1.2

Compare Source

oven-sh/setup-bun is the github action for setting up Bun.

What's Changed

Full Changelog: oven-sh/setup-bun@v2...v2.1.2

v2.1.1

Compare Source

oven-sh/setup-bun is the github action for setting up Bun.

What's Changed

Full Changelog: oven-sh/setup-bun@v2.1.0...v2.1.1

prettier/prettier (prettier)

v3.8.0

Compare Source

diff

🔗 Release Notes

bvaughn/react-error-boundary (react-error-boundary)

v6.1.0

Compare Source

  • #​235: Fix error type (Error -> unknown)
  • Export getErrorMessage helper method
JohannesKlauss/react-keymap-hook (react-hotkeys-hook)

v5.2.3

Compare Source

What's Changed

New Contributors

Full Changelog: JohannesKlauss/react-hotkeys-hook@v5.2.1...v5.2.3

v5.2.2

Compare Source

Configuration

📅 Schedule: Branch creation - "before 7am on Tuesday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Copilot AI review requested due to automatic review settings January 27, 2026 00:27
@vercel
Copy link

vercel bot commented Jan 27, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
sam Ignored Ignored Jan 27, 2026 0:27am

Copilot AI reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates multiple dependencies across the repository, primarily focusing on AWS SDK packages, development tools, and GitHub Actions. The updates include patch and minor version bumps for various packages.

Changes:

  • Updated AWS SDK packages from 3.968.0 to 3.971.0
  • Updated Node.js from 22.21.1 to 22.22.0 (security release)
  • Updated build tools and development dependencies including TypeScript ESLint, Prettier, and Next.js

Reviewed changes

Copilot reviewed 10 out of 12 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pnpm-monorepo/packages/database/package.json Updated @types/node to 22.19.7
pnpm-monorepo/package.json Updated pnpm to 10.28.1 and Prettier to 3.8.0
pnpm-monorepo/apps/lambda/package.json Updated AWS SDK packages and @types dependencies
app/package.json Updated multiple dependencies including AWS SDK, Next.js, React libraries, and development tools
app/.devcontainer/Dockerfile Updated Node.js base image to 22.22.0
.github/workflows/validate-app.yml Updated actions/setup-node to v6.2.0
.github/workflows/production-database-migrations.yml Updated actions/setup-node to v6.2.0
.github/workflows/commitlint.yml Updated actions/setup-node to v6.2.0
.github/workflows/build-lambda-functions.yml Updated oven-sh/setup-bun to v2.1.2
.github/workflows/build-lambda-functions-pnpm.yml Updated pnpm version to 10.28.1 and actions/setup-node to v6.2.0
Files not reviewed (1)
  • pnpm-monorepo/pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@socket-security
Copy link

socket-security bot commented Jan 27, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​typescript-eslint/​parser@​8.53.0 ⏵ 8.53.11001007198100
Updatedesbuild@​0.25.2 ⏵ 0.27.29110073 +189100
Added@​types/​web-push@​3.6.41001007380100
Updated@​tanstack/​eslint-plugin-query@​5.91.2 ⏵ 5.91.3100 +110074 +194 +4100
Addedlodash@​4.17.23761008689100
Added@​types/​aws-lambda@​8.10.1601001007891100
Updated@​typescript-eslint/​eslint-plugin@​8.53.0 ⏵ 8.53.19910080 +198100
Addedweb-push@​3.6.7991001008070
Updated@​types/​node@​22.19.6 ⏵ 22.19.71001008196100
Addedprettier-plugin-organize-imports@​4.3.010010010081100
Added@​prisma/​adapter-pg@​6.19.21001008398100
Added@​prisma/​client@​6.17.1941008598100
Addedaws-xray-sdk-core@​3.12.09810010087100
Addedserialize-error@​12.0.010010010087100
Updated@​tanstack/​react-query@​5.90.16 ⏵ 5.90.19991008899 +2100
Addedtypescript@​5.9.31001009010090
Addedprettier@​3.8.0901009799100
Added@​paralleldrive/​cuid2@​3.1.010010010092100
Addedprisma@​6.17.1941009897100
Updatedzod@​3.25.76 ⏵ 4.3.5100 +210010096100
Added@​aws-sdk/​client-ssm@​3.971.09810010098100
Updated@​aws-sdk/​client-eventbridge@​3.968.0 ⏵ 3.971.09810010098100
Added@​aws-sdk/​client-dynamodb@​3.971.09810010098100
Updated@​aws-sdk/​s3-request-presigner@​3.968.0 ⏵ 3.971.010010010098100
Updated@​aws-sdk/​client-s3@​3.968.0 ⏵ 3.971.09810010098100

View full report

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 27, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@socket-security
Copy link

socket-security bot commented Jan 27, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm safer-buffer is 94.0% likely obfuscated

Confidence: 0.94

Location: Package overview

From: pnpm-monorepo/pnpm-lock.yamlnpm/web-push@3.6.7npm/safer-buffer@2.1.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@simonknittel simonknittel merged commit 0ad339b into develop Jan 27, 2026
9 checks passed
@simonknittel simonknittel deleted the renovate-self-hosted/patch-tuesday branch January 27, 2026 06:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simonknittel @renovate-bot