chore(deps): bulk Dependabot bumps — 5 npm (/ui) + 5 GitHub Actions#380
Conversation
Consolidates ten open Dependabot PRs (#370–#379) into one branch. npm (/ui): - @tanstack/react-query 5.62.16 → 5.100.14 (#377) - react + react-dom 19.2.x → 19.2.7, @types/react 19.2.15 → 19.2.16 (#378) - eslint-config-next 16.2.6 → 16.2.7 (#376) - postcss 8.4.49 → 8.5.15 (#379) - vitest 4.1.7 → 4.1.8 (#375) react-dom was bumped in lockstep with react (Dependabot's #378 bumped only react, which fails React's exact-version-match requirement and broke all 135 vitest component files until react-dom matched). GitHub Actions: - actions/setup-python 5 → 6 (#374) - actions/upload-pages-artifact 3 → 5 (#370) - actions/deploy-pages 4 → 5 (#373) - actions/upload-artifact 4 → 7 (#372) - github/codeql-action 3 → 4 (#371) Verified: ui typecheck + lint (0 errors) + 998 tests across 135 files + production build all green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: SoundMindsAI <eric.starr@soundminds.ai>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates several frontend dependencies in ui/package.json and updates the pnpm-lock.yaml file accordingly, notably bumping react and react-dom to ^19.2.7 and @tanstack/react-query to ~5.100.14. Feedback points out a version mismatch between @tanstack/react-query and @tanstack/react-query-devtools, which should be kept in sync to prevent potential runtime errors or unexpected behavior.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "@radix-ui/react-tabs": "~1.1.13", | ||
| "@radix-ui/react-tooltip": "~1.2.8", | ||
| "@tanstack/react-query": "~5.62.16", | ||
| "@tanstack/react-query": "~5.100.14", |
There was a problem hiding this comment.
There is a version mismatch between @tanstack/react-query (bumped to ~5.100.14) and @tanstack/react-query-devtools (left at ~5.62.16). These packages should be kept in sync to prevent potential runtime errors, incompatible types, or unexpected behavior.
…ct-query Addresses Gemini Code Assist review on PR #380: bumping react-query to 5.100.14 while leaving react-query-devtools at 5.62.16 left a large version skew. Bump devtools to ~5.100.14 to match. typecheck + 998 tests + build re-verified green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: SoundMindsAI <eric.starr@soundminds.ai>
Gemini Code Assist adjudication
1 finding, accepted and fixed. Note: the |
1 participant
Consolidates ten open Dependabot PRs into a single branch so they merge as one unit. Closes #370, #371, #372, #373, #374, #375, #376, #377, #378, #379. (#365 deliberately excluded — it's a human contributor's docs PR, not Dependabot.)
npm (
/ui)@tanstack/react-queryreact+react-dom@types/reacteslint-config-next(dev)postcss(dev)vitest(dev)Note on
react-dom: Dependabot's #378 bumped onlyreact(to 19.2.7), leavingreact-domat 19.2.6. React enforces an exact version match between the two, so that bump alone failed to load all 135 vitest component files (Incompatible React versions). This PR bumpsreact-domin lockstep — the correct way to land #378.GitHub Actions
actions/setup-pythonactions/upload-pages-artifactactions/deploy-pagesactions/upload-artifactgithub/codeql-actionVerification
Local
/uigates all green after the bumps:pnpm typecheck— cleanpnpm lint— 0 errors (pre-existing security-plugin warnings only)pnpm test— 998 tests across 135 files passingpnpm build— production build compiles + static-generates🤖 Generated with Claude Code