Skip to content

Lock file maintenance #46634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ZeeshanTamboli merged 1 commit into from
Aug 11, 2025
Merged

Lock file maintenance #46634

ZeeshanTamboli merged 1 commit into from
Aug 11, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 1, 2025
edited
Loading

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "before 6:00am on the first day of the month" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Update of dependencies. label Aug 1, 2025
@mui-bot
Copy link

mui-bot commented Aug 1, 2025
edited
Loading

Netlify deploy preview

https://deploy-preview-46634--material-ui.netlify.app/

Bundle size report

Bundle Parsed Size Gzip Size
@mui/material 🔺+1B(0.00%) 🔺+5B(0.00%)
@mui/lab 🔺+1B(0.00%) 🔺+4B(+0.01%)
@mui/system 0B(0.00%) 0B(0.00%)
@mui/utils 0B(0.00%) 0B(0.00%)

Details of bundle changes

Generated by 🚫 dangerJS against 5d7dd1d

@oliviertassinari
Copy link
Member

oliviertassinari commented Aug 9, 2025

We have a lot of dependencies security alerts in https://github.com/mui/material-ui/security/dependabot vs. https://github.com/mui/mui-x/security/dependabot that has almost none. The only difference I'm aware of between the two repositories is that here we don't merge the "Lock file maintenance" PRs, while they do. Trying this out.

@oliviertassinari oliviertassinari force-pushed the renovate/lock-file-maintenance branch 2 times, most recently from 7506f06 to b27cf31 Compare August 9, 2025 23:01
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch 3 times, most recently from 0e70fef to e45414f Compare August 11, 2025 12:48
@github-actions github-actions bot added the PR: out-of-date The pull request has merge conflicts and can't be merged. label Aug 11, 2025
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from e45414f to 613bf9a Compare August 11, 2025 12:54
@github-actions github-actions bot removed the PR: out-of-date The pull request has merge conflicts and can't be merged. label Aug 11, 2025
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 613bf9a to 2cce272 Compare August 11, 2025 12:57
@github-actions github-actions bot added the PR: out-of-date The pull request has merge conflicts and can't be merged. label Aug 11, 2025
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 2cce272 to 5d7dd1d Compare August 11, 2025 13:18
@github-actions github-actions bot removed the PR: out-of-date The pull request has merge conflicts and can't be merged. label Aug 11, 2025
@ZeeshanTamboli ZeeshanTamboli merged commit bd5b945 into master Aug 11, 2025
19 checks passed
@ZeeshanTamboli ZeeshanTamboli deleted the renovate/lock-file-maintenance branch August 11, 2025 13:39
@oliviertassinari
Copy link
Member

oliviertassinari commented Aug 12, 2025
edited
Loading

The only difference I'm aware of between the two repositories is that here we don't merge the "Lock file maintenance" PRs, while they do. Trying this out.

Ok, it didn't help much, the root seems closer to be about: dependabot/dependabot-core#4364. Most of the alerts are not about the root pnpm-lock.yaml file.

I have closed all the ones related to a different manifest file: https://github.com/mui/material-ui/security/dependabot?q=is%3Aopen+-manifest%3Apnpm-lock.yaml+.

The rest of the issues https://github.com/mui/material-ui/security/dependabot seems to come from:

@oliviertassinari oliviertassinari mentioned this pull request Aug 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZeeshanTamboli ZeeshanTamboli ZeeshanTamboli approved these changes

Assignees

No one assigned

Labels

dependencies Update of dependencies.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mui-bot @oliviertassinari @ZeeshanTamboli