chore(deps): bump @protobufjs/utf8 from 1.1.0 to 1.1.1#2953
chore(deps): bump @protobufjs/utf8 from 1.1.0 to 1.1.1#2953dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/dcodeIO/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1) --- updated-dependencies: - dependency-name: "@protobufjs/utf8" dependency-version: 1.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
dosubot
Bot
added
the
size:XS
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM, dependabot lock-file bump.
Extended reasoning...
Overview
This PR is a Dependabot dependency bump for @protobufjs/utf8 from 1.1.0 to 1.1.1. Only pnpm-lock.yaml is modified — no source code or package.json changes. The diff also includes transitive lockfile updates for AWS SDK, Smithy, and OpenTelemetry packages, which are normal side-effects of pnpm install regenerating the lock when a related dep changes.
Security risks
None identified. @protobufjs/utf8 1.1.1 is a long-standing released version; this is a lockfile-only change with no logic modifications. The transitive bumps are patch-level updates to well-known SDK packages.
Level of scrutiny
Minimal — this is a mechanical lockfile bump in a docs repository, labeled auto-merge and generated by Dependabot. No application code is touched.
Other factors
The bug hunting system found no bugs. The Vercel deployment shows an error but that is unrelated to this lockfile change (it's a separate deployment-time issue and not something that affects approval of the dependency bump itself).
Bumps @protobufjs/utf8 from 1.1.0 to 1.1.1.
Release notes
Sourced from @protobufjs/utf8's releases.
Commits
644d588chore: release master (#1865)e42eea4fix(cli): fix relative path to Google pb files (#1859)dce9a2efix: use bundled filename to fix common pb includes (#1860)64e8936fix: use ES5 style function syntax (#1830)4489fa7Revert "fix: error should be thrown (#1817)" (#1864)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.