Bump the tanstack group across 1 directory with 6 updates#611
Conversation
|
@dependabot rebase |
Bumps the tanstack group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.1` | `5.101.1` | | [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) | `1.168.23` | `1.170.16` | | [@tanstack/eslint-plugin-query](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query) | `5.100.1` | `5.101.1` | | [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.100.1` | `5.101.1` | | [@tanstack/react-router-devtools](https://github.com/TanStack/router/tree/HEAD/packages/react-router-devtools) | `1.166.13` | `1.167.0` | | [@tanstack/router-vite-plugin](https://github.com/TanStack/router/tree/HEAD/packages/router-vite-plugin) | `1.166.38` | `1.167.18` | Updates `@tanstack/react-query` from 5.100.1 to 5.101.1 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.1/packages/react-query) Updates `@tanstack/react-router` from 1.168.23 to 1.170.16 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.170.16/packages/react-router) Updates `@tanstack/eslint-plugin-query` from 5.100.1 to 5.101.1 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/eslint-plugin-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/eslint-plugin-query@5.101.1/packages/eslint-plugin-query) Updates `@tanstack/react-query-devtools` from 5.100.1 to 5.101.1 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.101.1/packages/react-query-devtools) Updates `@tanstack/react-router-devtools` from 1.166.13 to 1.167.0 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router-devtools/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router-devtools@1.167.0/packages/react-router-devtools) Updates `@tanstack/router-vite-plugin` from 1.166.38 to 1.167.18 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/router-vite-plugin/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/router-vite-plugin@1.167.18/packages/router-vite-plugin) --- updated-dependencies: - dependency-name: "@tanstack/eslint-plugin-query" dependency-version: 5.101.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: tanstack - dependency-name: "@tanstack/react-query" dependency-version: 5.101.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: tanstack - dependency-name: "@tanstack/react-query-devtools" dependency-version: 5.101.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: tanstack - dependency-name: "@tanstack/react-router" dependency-version: 1.170.16 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: tanstack - dependency-name: "@tanstack/react-router-devtools" dependency-version: 1.167.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: tanstack - dependency-name: "@tanstack/router-vite-plugin" dependency-version: 1.167.18 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: tanstack ... Signed-off-by: dependabot[bot] <support@github.com>
adc9bb2 to
089bd21
Compare
bgentry
left a comment
There was a problem hiding this comment.
🤖 Codex review: Security review looks good to me.
I reviewed this as a dependency-upgrade supply-chain/security pass for the rebased TanStack group at head 089bd21bbc32df39105892a928d95a0ed1428bf6.
Scope reviewed:
- Manifest and lockfile changes for
@tanstack/react-query,@tanstack/react-router,@tanstack/eslint-plugin-query,@tanstack/react-query-devtools,@tanstack/react-router-devtools, and@tanstack/router-vite-plugin. - Notable transitives including
@tanstack/router-plugin,@tanstack/router-generator,@tanstack/router-core,jiti,chokidar,picomatch,readdirp,seroval, andunplugin. - Lockfile structure for lifecycle hooks, bins, native/platform packages, registry URLs, integrity algorithms, and same-version integrity rewrites.
- Static risk areas around build-time router codegen/plugin behavior, file watching, dynamic loading/cache behavior, env/CI flags, process execution, network access, and credential handling.
No blocking supply-chain issue found. The rebased lockfile has no added or changed install scripts, no added bins, no non-registry tarballs, no non-sha512 integrities, and no same-version integrity rewrites. The old TanStack intent bins and the old tsx bin are removed, and the old native-ish watcher surface is reduced rather than expanded. Package provenance/repository signals stayed within the expected TanStack Query/Router upstreams.
Residual risk is mainly ordinary generated/build-time plugin volume in the TanStack router packages and jiti; I reviewed the relevant metadata, lockfile structure, and high-risk source/artifact areas rather than line-reviewing every generated artifact.
Self-verification passed locally on the PR merge ref after installing the PR dependency set with lifecycle scripts disabled:
npm run lintnpm run test:once(30 files / 205 tests)npm run build
The remaining failed GitHub riverproui image checks are consistent with the known Dependabot OIDC/publish limitation, while JS/Go/release and riverui image jobs passed.
Bumps the tanstack group with 6 updates in the / directory:
5.100.15.101.11.168.231.170.165.100.15.101.15.100.15.101.11.166.131.167.01.166.381.167.18Updates
@tanstack/react-queryfrom 5.100.1 to 5.101.1Release notes
Sourced from @tanstack/react-query's releases.
... (truncated)
Changelog
Sourced from @tanstack/react-query's changelog.
Commits
b809297ci: Version Packages (#10977)ccc843etest({react,preact}-query/useQueries): move type-only tests to 'useQueries.te...4154613test({react,preact}-query/useMutation): split 'should handle conditional logi...8bb5fdetest({react,preact}-query/useMutation): split 'should pass meta to mutation' ...87426a3test(react-query): replace deprecated 'toBeCalledTimes' with 'toHaveBeenCalle...feb1efdtest(*): move 'vi.useRealTimers' to the end of 'afterEach' so cleanup runs un...f3d8d2aci: Version Packages (#10774)532bb29fix(tests): disable local coverage instrumentation (#10776)ba6e7beci: Version Packages (#10767)ed20b6dfix(react): do not go into optimistic fetching state when not subscribed (#10...Updates
@tanstack/react-routerfrom 1.168.23 to 1.170.16Release notes
Sourced from @tanstack/react-router's releases.
Changelog
Sourced from @tanstack/react-router's changelog.
... (truncated)
Commits
f23ed0fci: Version Packages (#7576)689c5abchore(react-router): silence AbortError in renderRouterToStream (#7627)a2b9d51docs: fix duplicate "to" typos (#7370)56bd271perf(react-router): add match selector compares (#7596)52db703fix(react-router): avoid throwing in useMatch selector (#7595)689d88erefactor(react-router): Reduce bundle size by sharing hook structuralSharing ...4a93cffrefactor(react-router): useMatches skips useRef during SSR (#7575)10a7ff8ci: Version Packages (#7563)996b9beci: Version Packages (#7561)65ad906ci: Version Packages (#7556)Updates
@tanstack/eslint-plugin-queryfrom 5.100.1 to 5.101.1Release notes
Sourced from @tanstack/eslint-plugin-query's releases.
Changelog
Sourced from @tanstack/eslint-plugin-query's changelog.
Commits
b809297ci: Version Packages (#10977)f3d8d2aci: Version Packages (#10774)dc54932fix(eslint-plugin-query): detect rest destructuring on custom query hooks (#1...dcdd552fix(eslint-plugin-query): track custom query hook wrappers (#10730)532bb29fix(tests): disable local coverage instrumentation (#10776)ba6e7beci: Version Packages (#10767)05cf2bcci: Version Packages (#10758)5ff4f69ci: Version Packages (#10755)2ccdae8fix(eslint-plugin-query): handle array-destructured useQueries results in no-...bb4556afix(eslint-plugin-query): allow suspense queries combine deps (#10642)Updates
@tanstack/react-query-devtoolsfrom 5.100.1 to 5.101.1Release notes
Sourced from @tanstack/react-query-devtools's releases.
Changelog
Sourced from @tanstack/react-query-devtools's changelog.
Commits
b809297ci: Version Packages (#10977)f3d8d2aci: Version Packages (#10774)2d27c4etest(react-query-devtools/ReactQueryDevtools{,Panel}): add tests for the full...e0245c7test(react-query-devtools/ReactQueryDevtools): add tests for forwarding 'butt...532bb29fix(tests): disable local coverage instrumentation (#10776)ba6e7beci: Version Packages (#10767)05cf2bcci: Version Packages (#10758)5ff4f69ci: Version Packages (#10755)3e85350ci: Version Packages (#10706)9d2692cci: Version Packages (#10695)Updates
@tanstack/react-router-devtoolsfrom 1.166.13 to 1.167.0Changelog
Sourced from @tanstack/react-router-devtools's changelog.
Commits
ae64839ci: Version Packages (#7405)91a7089rsbuild plugin (#7228)Updates
@tanstack/router-vite-pluginfrom 1.166.38 to 1.167.18Release notes
Sourced from @tanstack/router-vite-plugin's releases.
Changelog
Sourced from @tanstack/router-vite-plugin's changelog.
... (truncated)
Commits
10a7ff8ci: Version Packages (#7563)996b9beci: Version Packages (#7561)65ad906ci: Version Packages (#7556)a8647d2ci: Version Packages (#7554)7fc7c34ci: Version Packages (#7525)0ac831bci: Version Packages (#7508)8b36591ci: Version Packages (#7504)658c224ci: Version Packages (#7478)b47b338ci: Version Packages (#7467)65b4abeci: Version Packages (#7454)