Skip to content

chore(deps): bump shiki from 3.23.0 to 4.3.0#529

Merged
izadoesdev merged 3 commits into
stagingfrom
dependabot/npm_and_yarn/staging/shiki-4.3.0
Jul 1, 2026
Merged

chore(deps): bump shiki from 3.23.0 to 4.3.0#529
izadoesdev merged 3 commits into
stagingfrom
dependabot/npm_and_yarn/staging/shiki-4.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps shiki from 3.23.0 to 4.3.0.

Release notes

Sourced from shiki's releases.

v4.3.0

   🚀 Features

    View changes on GitHub

v4.2.0

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

   🐞 Bug Fixes

    View changes on GitHub

v4.0.2

   🐞 Bug Fixes

    View changes on GitHub

v4.0.1

   🐞 Bug Fixes

    View changes on GitHub

v4.0.0

   🚨 Breaking Changes

   🚀 Features

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by cubic

Upgrade shiki from 3.23.0 to 4.3.0 in apps/dashboard and apps/docs for the latest highlighter features and fixes. v4 drops Node 18; builds must run on Node 20+.

  • Dependencies

    • Bump shiki to ^4.3.0.
    • Sync bun.lock to new @shikijs/* v4 packages.
  • Migration

    • Ensure Node 20+ in CI and local dev.
    • Reinstall and rebuild; verify code block highlighting in dashboard and docs.

Written for commit 641ebc1. Summary will update on new commits.

Review in cubic

Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 3.23.0 to 4.3.0.
- [Release notes](https://github.com/shikijs/shiki/releases)
- [Commits](https://github.com/shikijs/shiki/commits/v4.3.0/packages/shiki)

---
updated-dependencies:
- dependency-name: shiki
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dashboard Ready Ready Preview, Comment Jul 1, 2026 11:08am
databuddy-status Ready Ready Preview, Comment Jul 1, 2026 11:08am
documentation Ready Ready Preview, Comment Jul 1, 2026 11:08am

@unkey-deploy

unkey-deploy Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Unkey Deploy

Name Status Preview Inspect Updated (UTC)
api (preview) Ready Visit Preview Inspect Jul 1, 2026 11:06am

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedshiki@​4.3.01001007797100

View full report

@izadoesdev

Copy link
Copy Markdown
Member

Reviewed and fixed before merge.

What changed:

  • Merged current staging into the Shiki bump branch.
  • Synced bun.lock so dashboard/docs direct shiki dependencies resolve to 4.3.0.
  • Confirmed existing transitive Shiki 3 packages remain from docs tooling and are not direct app imports.

Local verification:

  • bun install --frozen-lockfile --ignore-scripts
  • bun run lint
  • bun run check-types
  • direct shiki codeToHtml smoke in apps/dashboard
  • sync highlighter smoke using shiki/core, shiki/engine/javascript, language, and theme subpath imports in apps/docs
  • bun run --cwd apps/docs build
  • dotenv -e /Users/iza/Dev/Databuddy/.env -- env NODE_ENV=production bun run --cwd apps/dashboard build

Fresh CI on commit 641ebc1 is green, including Lint, Check Types, Test, Dashboard Playwright, health checks, CodeQL/Analyze, Socket, and Vercel previews. Base branch is staging, so this is ready to land there.

@izadoesdev izadoesdev left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved after lockfile sync and green local/fresh CI. Shiki 4 direct app usage is covered by type/build checks and targeted syntax-highlighting smokes.

@izadoesdev
izadoesdev merged commit b8e75b9 into staging Jul 1, 2026
15 checks passed
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/staging/shiki-4.3.0 branch July 1, 2026 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant