deps(frontend)(deps): bump date-fns from 4.3.0 to 4.4.0 in /frontend#142
Closed
dependabot[bot] wants to merge 1 commit into
Closed
deps(frontend)(deps): bump date-fns from 4.3.0 to 4.4.0 in /frontend#142dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [date-fns](https://github.com/date-fns/date-fns) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/date-fns/date-fns/releases) - [Commits](date-fns/date-fns@v4.3.0...v4.4.0) --- updated-dependencies: - dependency-name: date-fns dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Owner
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Owner
|
Superseded by #148, which consolidates all open Dependabot bumps and resolves each dependency to the latest compatible release (this PR's bump is included there). |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/frontend/date-fns-4.4.0
branch
pacphi
added a commit
that referenced
this pull request
Jun 8, 2026
…#148) * chore(deps): consolidate Dependabot PRs #125–#147 (latest compatible) Applies every open Dependabot bump on one branch, resolving each dependency to the latest compatible release rather than the (sometimes already-stale) version the PR pinned. Where the applied version is newer than the PR target, it is noted below. Frontend (pnpm): - vitest: → 4.1.8 [#127, target 4.1.7 superseded] - @storybook/react + storybook: → 10.4.2 [#128, target 10.4.1 superseded] - eslint: → 10.4.1; typescript-eslint: → 8.61.0 [#139, ts-eslint 8.60.1 superseded] - idb-keyval: → 6.2.5 [#140] - vite: → 8.0.16 [#141] - date-fns: → 4.4.0 [#142] - turbo: → 2.9.16 [#143] - @tanstack/react-query 5.101.0, react-router 1.170.15 (target 1.170.11 superseded), react-virtual 3.14.2 [#144] - react-dom: → 19.2.7 [#145]; react bumped to 19.2.7 to satisfy peer - zustand: → 5.0.14 [#146] Backend (Cargo): - openssl: → 0.10.80 [#125] - serde_json: → 1.0.150 [#132] - axum-test: → 20.1.0 [#133] - redis: → 1.2.2 [#134] - sqlx: 0.8 → 0.9.0 [#135] (breaking — see below) - fastembed: → 5.16.0 [#136, target 5.15.0 superseded] - uuid: → 1.23.2 [#137] - llama-cpp-4: 0.2 → 0.3.1 [#138, target 0.3.0 superseded] Rust toolchain: - Docker base image rust 1.95-slim → 1.96-slim [#147] - Align rust-toolchain.toml channel and Cargo.toml MSRV to 1.96.0, plus docker-compose RUST_VERSION and the setup/deployment/maintainer/README docs. sqlx 0.9 breaking change: - sqlx 0.9 only implements SqlSafeStr for &'static str; runtime-built query strings now require an explicit safety assertion. Added a single audited choke point `db::audited_sql()` (wraps sqlx::AssertSqlSafe) with one authoritative doc comment, and routed all dynamic-SQL call sites through it (vectors, api, cleanup, mcp, main, integration tests). Every such string is composed only from literals and bind-parameter markers; all values are bound. Verified: backend build (all targets) + 1900+ tests + clippy (strict) + fmt; frontend typecheck + build + tests + eslint + prettier; markdown/yaml lint + internal link check. * docs: align remaining Rust version refs in plan docs to 1.96 Follow-up to the dep consolidation: bump the two plan-doc Rust references (builtin-llm prerequisites and the illustrative CI Dockerfile snippet) from 1.95 to 1.96 to match the upgraded toolchain. Immutable historical records (ADRs, the march-2026 audit) are intentionally left as-is.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps date-fns from 4.3.0 to 4.4.0.
Release notes
Sourced from date-fns's releases.
Commits
cd53d25Promote to v4.4.0d948ec1Preserve but deprecate CDN versions for v4, set up v5 with polyfillsee65753Add rootmise :formattask9f5bdf5Add positional argument totest/smoke.shscript651ead6Split CDN bundles into separate@date-fns/cdnpackage224c1a2Deprecate type tests as attw hangs on date-fns package7bb2842SwitchPACKAGE_OUTPUT_PATHto--distflag in the package build scriptb6ad5acAdd flags to control package build script424a783Fix docs release after moving to monorepo setupDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)