Skip to content

chore(deps): bump the frontend group in /frontend with 2 updates#248

Merged
querwurzel merged 1 commit intomainfrom
dependabot/npm_and_yarn/frontend/frontend-41ab16bbe7
Mar 18, 2026
Merged

chore(deps): bump the frontend group in /frontend with 2 updates#248
querwurzel merged 1 commit intomainfrom
dependabot/npm_and_yarn/frontend/frontend-41ab16bbe7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the frontend group in /frontend with 2 updates: mvp.css and pnpm.

Updates mvp.css from 1.17.2 to 1.17.3

Commits

Updates pnpm from 10.29.2 to 10.30.3

Release notes

Sourced from pnpm's releases.

pnpm 10.30.3

Patch Changes

  • Fixed version switching via packageManager field failing when pnpm is installed as a standalone executable in environments without a system Node.js #10687.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.30.3

Patch Changes

  • Fixed version switching via packageManager field failing when pnpm is installed as a standalone executable in environments without a system Node.js #10687.

10.30.2

Patch Changes

  • Fix auto-installed peer dependencies ignoring overrides when a stale version exists in the lockfile.
  • Fixed "input line too long" error on Windows when running lifecycle scripts with the global virtual store enabled #10673.
  • Update @​zkochan/js-yaml to fix moderate vulnerability.

10.30.1

Patch Changes

  • Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #10649.

10.30.0

Minor Changes

  • pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

  • Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #7122.
  • Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #10596.

10.29.3

Patch Changes

  • Fixed an out-of-memory error in pnpm list (and pnpm why) on large dependency graphs by replacing the recursive tree builder with a two-phase approach: a BFS dependency graph followed by cached tree materialization. Duplicate subtrees are now deduplicated in the output, shown as "deduped (N deps hidden)" #10586.
  • Fixed allowBuilds not working when set via .pnpmfile.cjs #10516.
  • When the enableGlobalVirtualStore option is set, the pnpm deploy command would incorrectly create symlinks to the global virtual store. To keep the deploy directory self-contained, pnpm deploy now ignores this setting and always creates a localized virtual store within the deploy directory.
  • Fixed minimumReleaseAgeExclude not being respected by pnpm dlx #10338.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the frontend group in /frontend with 2 updates
27f51f4 
Bumps the frontend group in /frontend with 2 updates: [mvp.css](https://github.com/andybrewer/mvp) and [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm).


Updates `mvp.css` from 1.17.2 to 1.17.3
- [Release notes](https://github.com/andybrewer/mvp/releases)
- [Commits](https://github.com/andybrewer/mvp/commits)

Updates `pnpm` from 10.29.2 to 10.30.3
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/v10.30.3/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.30.3/pnpm)

---
updated-dependencies:
- dependency-name: mvp.css
  dependency-version: 1.17.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend
- dependency-name: pnpm
  dependency-version: 10.30.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: frontend
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 1, 2026
@querwurzel querwurzel merged commit 84d20b1 into main Mar 18, 2026
3 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/frontend/frontend-41ab16bbe7 branch March 18, 2026 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@querwurzel querwurzel querwurzel approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@querwurzel