Skip to content

build(deps-dev): bump oxfmt from 0.53.0 to 0.54.0 in the development-minor-and-patch group across 1 directory#129

Merged
steipete merged 1 commit into
mainfrom
dependabot/npm_and_yarn/development-minor-and-patch-bd58c18417
Jun 8, 2026
Merged

build(deps-dev): bump oxfmt from 0.53.0 to 0.54.0 in the development-minor-and-patch group across 1 directory#129
steipete merged 1 commit into
mainfrom
dependabot/npm_and_yarn/development-minor-and-patch-bd58c18417

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-minor-and-patch group with 1 update in the / directory: oxfmt.

Updates oxfmt from 0.53.0 to 0.54.0

Changelog

Sourced from oxfmt's changelog.

[0.54.0] - 2026-06-08

📚 Documentation

  • dadafe3 oxlint, oxfmt: Mention migrate skills in npm READMEs (#22965) (Boshen)
  • f88961a oxfmt: Annotate each config option with supported languages (#22953) (leaysgur)

[0.52.0] - 2026-05-26

🚀 Features

  • 16b8058 oxfmt: Support vite-plus/resolveConfig for vite.config.ts (#22454) (leaysgur)

[0.50.0] - 2026-05-15

🐛 Bug Fixes

  • 43b9978 formatter/sort_imports: Treat subpath imports as internal (#22440) (leaysgur)

[0.49.0] - 2026-05-11

🚀 Features

  • 6e8e818 oxfmt: Experimental .svelte support (#21700) (leaysgur)

[0.45.0] - 2026-04-13

🐛 Bug Fixes

  • 50c389b oxfmt: Support .editorconfig quote_type (#20989) (leaysgur)

[0.44.0] - 2026-04-06

🐛 Bug Fixes

  • dd2df87 npm: Export package.json for oxlint and oxfmt (#20784) (kazuya kawaguchi)
  • 4216380 oxfmt: Support .editorconfig tab_width fallback (#20988) (leaysgur)

[0.43.0] - 2026-03-30

🚀 Features

  • 6ef440a oxfmt: Support bool for object style options (#20853) (leaysgur)

[0.42.0] - 2026-03-24

🚀 Features

  • 416865a formatter,oxfmt: Add doc comments for JsdocConfig (#20644) (leaysgur)
  • 4fec907 formatter: Add JSDoc comment formatting support (#19828) (Dunqing)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the development-minor-and-patch group with 1 update in the / directory: [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt).


Updates `oxfmt` from 0.53.0 to 0.54.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.54.0/npm/oxfmt)

---
updated-dependencies:
- dependency-name: oxfmt
  dependency-version: 0.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 8, 2026 20:47
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
@clawsweeper

clawsweeper Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Codex review: needs maintainer review before merge. Reviewed June 8, 2026, 4:56 PM ET / 20:56 UTC.

Summary
The branch updates oxfmt from ^0.53.0/lockfile 0.53.0 to ^0.54.0/lockfile 0.54.0 in package.json and pnpm-lock.yaml.

Reproducibility: not applicable. this is a dependency maintenance pull request, not a bug report. The relevant check is whether the package and lockfile update is consistent, which source and diff inspection confirm.

Review metrics: none identified.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🌊 off-meta tidepool
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • none.

Next step before merge

  • No ClawSweeper repair lane is needed because the PR is narrow and has no concrete patch defect to repair.

Security
Cleared: The diff only updates a direct dev formatter dependency and matching lockfile entries; no workflow, script, runtime dependency, secret-handling, or package-publishing surface changed.

Review details

Best possible solution:

Merge the narrow dependency bump after the normal dependency and test checks remain acceptable; pnpm format:check is the most relevant extra validation if maintainers want formatter-specific proof.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a dependency maintenance pull request, not a bug report. The relevant check is whether the package and lockfile update is consistent, which source and diff inspection confirm.

Is this the best way to solve the issue?

Yes; updating package.json plus the pnpm lockfile is the narrow maintainable path for this formatter dev dependency bump. No duplicate implementation or broader product change is involved.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 8880f675269c.

Label changes

Label changes:

  • add P3: This is a low-risk development dependency maintenance update with no direct user-facing runtime change.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: This is a Dependabot bot PR, so the external contributor real-behavior proof gate does not apply.

Label justifications:

  • P3: This is a low-risk development dependency maintenance update with no direct user-facing runtime change.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: This is a Dependabot bot PR, so the external contributor real-behavior proof gate does not apply.
Evidence reviewed

What I checked:

  • Repository policy read: The root AGENTS.md was read fully and its Node 22/pnpm, format, and generated-output guidance was applied to this dependency review. (AGENTS.md:1, 8880f675269c)
  • Current main dependency state: Current main declares oxfmt as ^0.53.0, so the proposed 0.54.0 update is not already implemented on main. (package.json:37, 8880f675269c)
  • Current main lockfile state: Current main locks the root importer to oxfmt version 0.53.0. (pnpm-lock.yaml:18, 8880f675269c)
  • PR diff scope: The fetched PR diff changes only package.json and pnpm-lock.yaml, retargeting oxfmt and its @oxfmt/binding-* optional packages from 0.53.0 to 0.54.0. (package.json:37, 9aafabec1b21)
  • Supply-chain spot check: npm view oxfmt@0.54.0 reports version 0.54.0, the same Node engine range, and an integrity value matching the PR lockfile entry for oxfmt@0.54.0. (pnpm-lock.yaml:568, 9aafabec1b21)
  • Package history provenance: Blame shows the current oxfmt 0.53.0 pin came from the prior merged dependency update, and recent package/lockfile dependency maintenance was also touched on current main. (package.json:37, d5e764d12a82)

Likely related people:

  • Peter Steinberger: Authored the current main dependency refresh touching package.json and pnpm-lock.yaml, and authored the release commit that established the package metadata baseline. (role: recent area contributor; confidence: high; commits: 8880f675269c, d407835d91c7; files: package.json, pnpm-lock.yaml)
  • dependabot[bot]: Introduced the current oxfmt 0.53.0 pin in the preceding merged dependency group update, so this PR follows the same automation path. (role: dependency update automation; confidence: medium; commits: d5e764d12a82; files: package.json, pnpm-lock.yaml)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. labels Jun 8, 2026
@steipete steipete merged commit 98f51b3 into main Jun 8, 2026
5 checks passed
@steipete steipete deleted the dependabot/npm_and_yarn/development-minor-and-patch-bd58c18417 branch June 8, 2026 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant