chore(deps-dev): bump turbo from 2.8.13 to 2.9.14#806
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
LGTM, straightforward Dependabot dev-dependency bump for turbo.
Extended reasoning...
Overview
This PR bumps the turbo dev dependency from 2.8.13 to 2.9.14 in package.json and updates the corresponding entries in pnpm-lock.yaml. The lockfile changes also reflect upstream turbo's restructuring of platform-specific binaries from turbo-<platform> to scoped @turbo/<platform> packages.
Security risks
None for this repo. The turbo release notes mention security fixes for the Turborepo VS Code extension and the turbo login flow — neither of which is invoked in this project's build pipeline. turbo is only used as a task runner via turbo run build/turbo run check:* scripts.
Level of scrutiny
Low. This is a dev-only dependency used as a monorepo task runner; it doesn't ship in any published package. Dependabot-generated, mechanical version bump.
Other factors
No bugs flagged by the bug-hunting system. No source code modified. Lockfile changes are consistent with the version bump.
623c40d to
c40c57f
Compare
c40c57f to
1c9f3ea
Compare
e5b71ed to
37f73fd
Compare
37f73fd to
433722f
Compare
433722f to
5d145c2
Compare
5d145c2 to
7927715
Compare
7927715 to
4508563
Compare
4508563 to
fe2c844
Compare
fe2c844 to
0c300b1
Compare
0c300b1 to
915a1e5
Compare
915a1e5 to
ff7cdf1
Compare
Bumps [turbo](https://github.com/vercel/turborepo) from 2.8.13 to 2.9.14. - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.8.13...v2.9.14) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.9.14 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
ff7cdf1 to
4c594bc
Compare
Bumps turbo from 2.8.13 to 2.9.14.
Release notes
Sourced from turbo's releases.
... (truncated)
Commits
fc62fe0publish 2.9.14 to registryfb8c9aechore: Release 2.9.13 (#12803)e8e629dfix: Avoid project-local Yarn during detection (#12801)91c90cbfix: Harden VS Code extension command execution (#12800)84f4508fix: Validate auth callback state (#12802)1779ad7Removed unneeded import form hash creation script in docs (#12799)71f8c90test: Validate lockfiles without dependency downloads (#12789)5fcb960ci: Scope GitHub Actions caches by branch (#12788)4cf9fabci: Usepull_requestfor PR title linting (#12787)859c629fix: Restore docs mobile menu (#12782)