依赖更新审计 - 2026-05-27
自动扫描发现 21 个依赖可以升级。
由 choko (security agent) 通过 multica autopilot 任务 STU-120 自动生成。
标 ⚠️ 的是 major 版本升级,可能含 breaking changes,需评估后升级。
bun
| Package |
Current |
Latest |
Bump |
date-fns |
4.1.0 |
4.3.0 |
minor/patch |
echarts |
6.0.0 |
6.1.0 |
minor/patch |
esbuild |
0.27.7 |
0.28.0 |
minor/patch |
hono |
4.12.18 |
4.12.23 |
minor/patch |
lucide-react |
0.577.0 |
1.16.0 |
⚠️ major |
postcss |
8.5.10 |
8.5.15 |
minor/patch |
react |
19.2.5 |
19.2.6 |
minor/patch |
react-dom |
19.2.5 |
19.2.6 |
minor/patch |
tailwind-merge |
3.5.0 |
3.6.0 |
minor/patch |
zod |
4.3.6 |
4.4.3 |
minor/patch |
@playwright/test (dev) |
1.59.1 |
1.60.0 |
minor/patch |
@tailwindcss/postcss (dev) |
4.2.2 |
4.3.0 |
minor/patch |
@types/bun (dev) |
1.3.12 |
1.3.14 |
minor/patch |
@types/node (dev) |
20.19.39 |
25.9.1 |
⚠️ major |
@types/react (dev) |
19.2.14 |
19.2.15 |
minor/patch |
@vitest/coverage-v8 (dev) |
4.1.5 |
4.1.7 |
minor/patch |
eslint (dev) |
9.39.4 |
10.4.0 |
⚠️ major |
lint-staged (dev) |
16.4.0 |
17.0.5 |
⚠️ major |
tailwindcss (dev) |
4.2.2 |
4.3.0 |
minor/patch |
typescript (dev) |
5.9.3 |
6.0.3 |
⚠️ major |
vitest (dev) |
4.1.5 |
4.1.7 |
minor/patch |
建议处理方式:
- 优先升级 minor/patch(安全且向后兼容)
- 5 个 major 升级需 review changelog 后再合(可能 breaking)
- 升级后跑测试 + 视觉冒烟验证
- 升级命令参考:
bun update / pnpm update / npm update / uv pip compile
依赖更新审计 - 2026-05-27
自动扫描发现 21 个依赖可以升级。
bun
date-fnsechartsesbuildhonolucide-reactpostcssreactreact-domtailwind-mergezod@playwright/test (dev)@tailwindcss/postcss (dev)@types/bun (dev)@types/node (dev)@types/react (dev)@vitest/coverage-v8 (dev)eslint (dev)lint-staged (dev)tailwindcss (dev)typescript (dev)vitest (dev)建议处理方式:
bun update/pnpm update/npm update/uv pip compile