Skip to content

build(deps): bump minor and patch versions across workspaces#193

Merged
svozza merged 1 commit into
aws-samples:mainfrom
jeromevdl:deps/minor-patch-upgrades
May 31, 2026
Merged

build(deps): bump minor and patch versions across workspaces#193
svozza merged 1 commit into
aws-samples:mainfrom
jeromevdl:deps/minor-patch-upgrades

Conversation

@jeromevdl

Copy link
Copy Markdown
Contributor

Updates from open Dependabot PRs (minor/patch only) plus latest in-range versions discovered via npm outdated.

Root:

  • @aws-sdk/* (6 packages) -> 3.1054.0
  • oxfmt 0.51 -> 0.52, oxlint 1.66 -> 1.67, vitest 4.1.6 -> 4.1.7
  • @smithy/config-resolver, gremlin (lockfile only)

frontend:

  • lucide-react 0.574 -> 0.577
  • react-resizable-panels 4.6.4 -> 4.11.2
  • tailwind-merge 3.5 -> 3.6
  • @tailwindcss/postcss 4.2.4 -> 4.3.0
  • tailwindcss 4.1.18 -> 4.3.0
  • @types/node 24.10 -> 24.12
  • aws-amplify 6.16 -> 6.17
  • react-router-dom 7.13 -> 7.15
  • vite 8.0.12 -> 8.0.14
  • npm audit fix: js-cookie 3.0.5 -> 3.0.7 (closes build(deps): bump js-cookie from 3.0.5 to 3.0.7 in /frontend #178), fast-xml-parser, uuid

lambda/agents:

  • @aws-sdk/client-ecr, client-ssm, lib-dynamodb -> 3.1054.0

lambda/agents-ecs:

  • @aws-sdk/client-ssm, lib-dynamodb -> 3.1054.0

lambda/agents-ecs/mcp-server-graph:

lambda/questions, lambda/submit-question:

  • @aws-sdk/lib-dynamodb -> 3.1054.0

Skipped majors: aws-jwt-verify 4 -> 5 (#108), lucide-react 0 -> 1 (#146), @smithy/node-config-provider 3 -> 4 (#154,#158,#161,#166), testcontainers 11 -> 12, @types/node 24 -> 25, zod 3 -> 4.

Verified: 175/175 root tests pass on vitest 4.1.7; frontend builds clean; frontend audit reports 0 vulnerabilities.

Supersedes #61, #83, #139, #143, #144, #148, #150, #152, #153, #155, #156, #157, #162, #163, #164, #165, #178, #187, #188, #189, #190, #191, #192

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Updates from open Dependabot PRs (minor/patch only) plus latest
in-range versions discovered via npm outdated.

Root:
- @aws-sdk/* (6 packages) -> 3.1054.0
- oxfmt 0.51 -> 0.52, oxlint 1.66 -> 1.67, vitest 4.1.6 -> 4.1.7
- @smithy/config-resolver, gremlin (lockfile only)

frontend:
- lucide-react 0.574 -> 0.577
- react-resizable-panels 4.6.4 -> 4.11.2
- tailwind-merge 3.5 -> 3.6
- @tailwindcss/postcss 4.2.4 -> 4.3.0
- tailwindcss 4.1.18 -> 4.3.0
- @types/node 24.10 -> 24.12
- aws-amplify 6.16 -> 6.17
- react-router-dom 7.13 -> 7.15
- vite 8.0.12 -> 8.0.14
- npm audit fix: js-cookie 3.0.5 -> 3.0.7 (closes aws-samples#178), fast-xml-parser, uuid

lambda/agents:
- @aws-sdk/client-ecr, client-ssm, lib-dynamodb -> 3.1054.0

lambda/agents-ecs:
- @aws-sdk/client-ssm, lib-dynamodb -> 3.1054.0

lambda/agents-ecs/mcp-server-graph:
- npm audit fix: qs 6.15.1 -> 6.15.2 (closes aws-samples#187)
- @modelcontextprotocol/sdk 1.26 -> 1.29 (lockfile)

lambda/questions, lambda/submit-question:
- @aws-sdk/lib-dynamodb -> 3.1054.0

Skipped majors: aws-jwt-verify 4 -> 5 (aws-samples#108), lucide-react 0 -> 1 (aws-samples#146),
@smithy/node-config-provider 3 -> 4 (aws-samples#154,aws-samples#158,aws-samples#161,aws-samples#166),
testcontainers 11 -> 12, @types/node 24 -> 25, zod 3 -> 4.

Verified: 175/175 root tests pass on vitest 4.1.7; frontend builds clean;
frontend audit reports 0 vulnerabilities.
@svozza

svozza commented May 27, 2026

Copy link
Copy Markdown
Contributor

I would rather we do not update the frontend dependencies here. Dependebot updates on the frontend (where we have no test coverage) have already resulted in the UI breaking twice since we released. The backend ones are fine.

@jeromevdl

Copy link
Copy Markdown
Contributor Author

@svozza but this is where the security issues are the most dangerous. And we cannot let them indefinitely, the AWS checks will pass here at some point. I can test on my deployed version.

@svozza

svozza commented May 27, 2026

Copy link
Copy Markdown
Contributor

Yes, as long as you do some UI smoke tests on a deployed version with the changes then fine but there was no mention of that in the original PR.

@jeromevdl

Copy link
Copy Markdown
Contributor Author

Will do that and let you know.

@svozza

svozza commented May 27, 2026

Copy link
Copy Markdown
Contributor

Good stuff!

@jeromevdl

Copy link
Copy Markdown
Contributor Author

@svozza All good! I deployed it, browse the main pages, looks good.

@svozza

svozza commented May 31, 2026

Copy link
Copy Markdown
Contributor

Nice!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants