Skip to content

chore(deps-dev): bump turbo from 2.8.13 to 2.9.14#806

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/turbo-2.9.14
Open

chore(deps-dev): bump turbo from 2.8.13 to 2.9.14#806
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/turbo-2.9.14

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 21, 2026

Copy link
Copy Markdown
Contributor

Bumps turbo from 2.8.13 to 2.9.14.

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

Low:

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

... (truncated)

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@vercel

vercel Bot commented May 21, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
langfuse-js Ready Ready Preview Jun 18, 2026 4:18pm

Request Review

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, straightforward Dependabot dev-dependency bump for turbo.

Extended reasoning...

Overview

This PR bumps the turbo dev dependency from 2.8.13 to 2.9.14 in package.json and updates the corresponding entries in pnpm-lock.yaml. The lockfile changes also reflect upstream turbo's restructuring of platform-specific binaries from turbo-<platform> to scoped @turbo/<platform> packages.

Security risks

None for this repo. The turbo release notes mention security fixes for the Turborepo VS Code extension and the turbo login flow — neither of which is invoked in this project's build pipeline. turbo is only used as a task runner via turbo run build/turbo run check:* scripts.

Level of scrutiny

Low. This is a dev-only dependency used as a monorepo task runner; it doesn't ship in any published package. Dependabot-generated, mechanical version bump.

Other factors

No bugs flagged by the bug-hunting system. No source code modified. Lockfile changes are consistent with the version bump.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 623c40d to c40c57f Compare May 27, 2026 18:55
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from c40c57f to 1c9f3ea Compare May 29, 2026 18:09
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch 2 times, most recently from e5b71ed to 37f73fd Compare June 11, 2026 12:40
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 37f73fd to 433722f Compare June 11, 2026 13:04
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 433722f to 5d145c2 Compare June 11, 2026 13:43
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 5d145c2 to 7927715 Compare June 18, 2026 12:22
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 7927715 to 4508563 Compare June 18, 2026 13:24
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 4508563 to fe2c844 Compare June 18, 2026 15:47
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from fe2c844 to 0c300b1 Compare June 18, 2026 16:07
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 0c300b1 to 915a1e5 Compare June 18, 2026 16:11
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from 915a1e5 to ff7cdf1 Compare June 18, 2026 16:15
Bumps [turbo](https://github.com/vercel/turborepo) from 2.8.13 to 2.9.14.
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.8.13...v2.9.14)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.14
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.14 branch from ff7cdf1 to 4c594bc Compare June 18, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants