[security](deps-dev): bump playwright from 1.58.1 to 1.58.2#122
[security](deps-dev): bump playwright from 1.58.1 to 1.58.2#122dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Required keyword not found in PR title or description. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b8ffeef3b4
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "fast-check": "^4.5.3", | ||
| "hono": "^4.12.7", | ||
| "playwright": "^1.58.1", | ||
| "playwright": "^1.58.2", |
There was a problem hiding this comment.
Bumping only playwright here leaves the root test runner on @playwright/test 1.58.1 (same devDependencies block), so frozen installs keep mixed Playwright patch versions in the workspace. That can cause playwright test runs to execute against an older playwright-core than the one this security bump intended to roll out, and it also increases the chance of version-mismatch behavior in CI.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Summary
- Aligned the root Playwright test runner dependency with the security bump by changing
@playwright/testfrom^1.58.1to^1.58.2inpackage.json, so it matchesplaywrightand avoids mixed patch versions. package.jsonL102-L120 - Refreshed the lockfile so the root importer now resolves both
@playwright/testandplaywrightto1.58.2, including the@playwright/test@1.58.2 -> playwright: 1.58.2snapshot linkage. pnpm-lock.yamlL60-L86 pnpm-lock.yamlL10089-L10092 - Updated
FORJAMIE.mdper the repo’s living-map rule (status date, dependency-hygiene note, and a new 2026-03-17 Recent Changes entry for this alignment). FORJAMIE.mdL19-L27 FORJAMIE.mdL70-L76 FORJAMIE.mdL114-L119 - Committed changes on branch
workwith commit0b0d08dand created a follow-up PR viamake_prtitled “fix: align @playwright/test with Playwright 1.58.2 security bump.”
Testing
- ✅
source scripts/codex-preflight.sh && preflight_repo - ✅
mise trust && mise list | head - ✅
curl -s https://api.github.com/repos/microsoft/playwright/releases/tags/v1.58.2 | jq '.tag_name, .name' - ✅
cat package.json | jq . > /dev/null && echo OK - ✅
pnpm up @playwright/test@^1.58.2 --lockfile-only - ✅
pnpm list @playwright/test playwright --depth 0
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/playwright-1.58.2
branch
from
b8ffeef to
e29ed56
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e29ed56f6e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "fast-check": "^4.5.3", | ||
| "hono": "^4.12.7", | ||
| "playwright": "^1.58.1", | ||
| "playwright": "^1.58.2", |
There was a problem hiding this comment.
Bumping only playwright here leaves the workspace test runner on @playwright/test 1.58.1, which still resolves playwright/playwright-core 1.58.1 in the lockfile (pnpm-lock.yaml shows @playwright/test at 1.58.1 and playwright: 1.58.1). In environments that execute tests through @playwright/test (CI/local playwright test), this keeps the older Playwright bits installed, so the security update is only partial and versions are mixed.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Summary
- Addressed the review feedback at
package.jsonby aligning the root Playwright test runner version:@playwright/testis now^1.58.2to matchplaywright^1.58.2. package.jsonL101-L116 - Updated the lockfile so the workspace root importer resolves
@playwright/testto1.58.2, and the snapshot now binds it toplaywright: 1.58.2(removing the mixed 1.58.1/1.58.2 state). pnpm-lock.yamlL60-L68 pnpm-lock.yamlL2505-L2508 pnpm-lock.yamlL10089-L10091 - Updated
FORJAMIE.mdper the repo’s living-map rule, including a new2026-03-17recent-change entry for this dependency-alignment fix and refreshed status metadata date. FORJAMIE.mdL19-L27 FORJAMIE.mdL114-L119 - Committed as
d898a38and opened a follow-up PR viamake_prwith a title/body describing this fix on top of the original Dependabot PR.
Testing
- ✅
source scripts/codex-preflight.sh && preflight_repo - ✅
mise trust /workspace/Design-System/mise.toml && mise list | head -n 20 - ✅
python - <<'PY' ... registry.npmjs.org ...(verified latest published versions forplaywrightand@playwright/testare both1.58.2) - ✅
pnpm add -Dw @playwright/test@^1.58.2 --lockfile-only - ✅
cat package.json | jq . >/dev/null - ✅
rg -n "'@playwright/test'|@playwright/test@1.58.2|playwright: 1.58.2" pnpm-lock.yaml | head -n 20
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/playwright-1.58.2
branch
from
e29ed56 to
d6bf05f
Compare
|
@dependabot recreate |
Bumps [playwright](https://github.com/microsoft/playwright) from 1.58.1 to 1.58.2. - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.58.1...v1.58.2) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.58.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/playwright-1.58.2
branch
from
d6bf05f to
b75b5bb
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b75b5bbc1f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "fast-check": "^4.5.3", | ||
| "hono": "^4.12.7", | ||
| "playwright": "^1.58.1", | ||
| "playwright": "^1.58.2", |
There was a problem hiding this comment.
Root AGENTS.md:23-39 makes FORJAMIE.md updates mandatory for any tooling/config change in the same change-set. This line bumps the repo’s Playwright toolchain, but FORJAMIE.md still reports Last updated: 2026-03-10 and has no corresponding Recent Changes entry (FORJAMIE.md:19, FORJAMIE.md:114-129), so the required project map is already stale as soon as this commit lands.
Useful? React with 👍 / 👎.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Bumps playwright from 1.58.1 to 1.58.2.
Release notes
Sourced from playwright's releases.
Commits
ce480a9cherry-pick(#39171): devops: add ubuntu-22.04-arm bote40c137chore: mark v1.58.2 (#39155)50b7296cherry-pick(#39152): chore: fix execSync inheriting stdiof3dcf50cherry-pick(#39129): fix: do not force swiftshader on chromium mac8684e08cherry-pick(#39121): fix(trace viewer): make paths via stdin workDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)