Bump undici from 6.19.7 to removed in the npm_and_yarn group across 1 directory #24
Conversation
Bumps the npm_and_yarn group with 1 update in the / directory: [undici](https://github.com/nodejs/undici). Removes `undici` --- updated-dependencies: - dependency-name: undici dependency-version: dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
|
@dependabot rebase |
There was a problem hiding this comment.
Pull request overview
This Dependabot PR effectively upgrades the project’s Firebase JS SDK (and its transitive dependency tree), which in turn removes the previously-installed transitive undici package.
Changes:
- Bump
firebasedependency from^10.8.0to^12.9.0inpackage.json. - Update
package-lock.jsonto reflect the Firebase v12 dependency graph, including removal of transitiveundiciand addition of new Firebase subpackages (e.g.@firebase/ai) andweb-vitals.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updates the direct Firebase dependency version to v12.9.0. |
| package-lock.json | Re-locks dependencies for Firebase v12, removing transitive undici and updating many @firebase/* packages (including new Node engine constraints). |
| "class-variance-authority": "^0.7.0", | ||
| "clsx": "^2.1.0", | ||
| "firebase": "^10.8.0", | ||
| "firebase": "^12.9.0", |
There was a problem hiding this comment.
This PR upgrades firebase from v10 to v12 (major version change). Firebase v12 packages in the updated lockfile require Node >=20; consider explicitly pinning/declaring the required Node version (e.g., via package.json.engines and tooling/CI) to avoid installs failing on Node 18/19 environments.
| "class-variance-authority": "^0.7.0", | ||
| "clsx": "^2.1.0", | ||
| "firebase": "^10.8.0", | ||
| "firebase": "^12.9.0", |
There was a problem hiding this comment.
PR title/description says this is a Dependabot update removing undici, but the only direct dependency change shown is a major firebase bump (10.x -> 12.x), with undici only disappearing as a transitive dependency. Please update the PR title/description (or Dependabot group config) so reviewers understand the real impact of the change.
1 participant
Bumps the npm_and_yarn group with 1 update in the / directory: undici.
Removes
undiciDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.