Skip to content

Update npm dependencies#57

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-dependencies
Open

Update npm dependencies#57
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-dependencies

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented Apr 24, 2026

This PR contains the following updates:

Package Change Age Confidence
@aws-sdk/client-cognito-identity (source) 3.991.03.1032.0 age confidence
@types/node (source) 25.2.325.6.0 age confidence

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-cognito-identity)

v3.1032.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1031.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1030.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1029.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1028.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1027.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1026.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1025.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1021.0

Compare Source

Bug Fixes
  • codegen: sync for adaptive retry throttling detection fix (#​7905) (03f108d)

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1015.0

Compare Source

Bug Fixes
  • core/protocols: use composite error registry for error handling, revert default error message to "UnknownError" (#​7877) (55f7726)

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1013.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1012.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1011.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1010.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1009.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1008.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1007.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1006.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1005.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1004.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1003.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1002.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1001.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1000.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.999.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.998.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.997.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.996.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.995.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.994.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.993.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.992.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

Configuration

📅 Schedule: (in timezone Europe/Paris)

  • Branch creation
    • "after 7am every weekday,before 8pm every weekday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner April 24, 2026 09:43
@renovate
Copy link
Copy Markdown
Author

renovate Bot commented Apr 24, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined
Post-upgrade command 'pre-commit autoupdate --freeze || true' has not been added to the allowed list in allowedCommands

@sonarqube-cloud-us
Copy link
Copy Markdown

sonarqube-cloud-us Bot commented Apr 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha Bot commented Apr 24, 2026
edited
Loading

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

Renovate dependency update PR that bumps two packages in package.json:

  • @aws-sdk/client-cognito-identity: 3.750.0 → 3.1032.0 (significant jump, 282+ minor versions)
  • @types/node: 25.2.3 → 25.6.0 (minor patch update)

All changes are version updates in package.json with corresponding lock file entries updated. No code changes.

What reviewers should know

What to review:

  • The AWS SDK jump is substantial but uses caret versioning (^3.1032.0), indicating the new version is expected to be backward compatible
  • @types/node is a safe minor bump within the 25.x range
  • No source code changes, only dependency versions

Testing:

  • Verify the dependencies install without conflicts
  • The main value is ensuring AWS SDK compatibility with the action's usage of Cognito Identity client
  • Check that TypeScript types from updated @types/node don't break any existing code
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is one blocking issue: the compiled dist bundles were not rebuilt, so the action runtime still uses the old SDK version despite the package.json update. The summary below covers the full picture.

The dist files (credential-setup/dist/index.js, credential-guard/dist/main/index.js, credential-guard/dist/post/index.js) are self-contained bundles produced by @vercel/ncc and committed to the repo. Inspecting the current HEAD bundle confirms it still embeds @aws-sdk/client-cognito-identity version 3.991.0 — the version this PR intends to replace. Until npm run build is run and the updated bundles are committed, this PR has no runtime effect.

🗣️ Give feedback

Comment thread package.json
"dependencies": {
"@actions/core": "^1.11.1",
"@aws-sdk/client-cognito-identity": "^3.750.0"
"@aws-sdk/client-cognito-identity": "^3.1032.0"
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dist bundles were not rebuilt. The action runs from the committed credential-setup/dist/ and credential-guard/dist/ files, which @vercel/ncc packages at build time — they are not regenerated during a GitHub Actions run.

Searching the current bundle for version strings confirms it still embeds @aws-sdk/client-cognito-identity@3.991.0. Run npm run build and commit the updated dist files for this change to have any runtime effect.

  • Mark as noise

Comment thread package-lock.json
"resolved": "https://repox.jfrog.io/artifactory/api/npm/npm/@aws-sdk/client-cognito-identity/-/client-cognito-identity-3.991.0.tgz",
"integrity": "sha512-U3Qh+SPWQQiK+ON6fCOC+SctNlsigATTnz1TkD28l35j6fs7+QAEjbtP07LpfZ926mx3ibBN3jMRDFsOKSXwRQ==",
"version": "3.1032.0",
"resolved": "https://registry.npmjs.org/@aws-sdk/client-cognito-identity/-/client-cognito-identity-3.1032.0.tgz",
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The AWS SDK packages (and their transitive @smithy/* dependencies) now resolve from registry.npmjs.org, while all other unchanged packages (vitest, rollup, esbuild, @actions/*, etc.) still resolve from repox.jfrog.io — the private JFrog Artifactory mirror.

This mixed-registry state means npm install fetches from two different sources and could fail in environments that only have access to the private mirror. If Renovate ran without access to that mirror, all changed packages should ideally be re-mirrored into Artifactory and the lock file regenerated from there, as was done for the previous dependency versions.

  • Mark as noise

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants