[security](deps-dev): bump msw from 2.12.10 to 2.12.14#130
[security](deps-dev): bump msw from 2.12.10 to 2.12.14#130dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [msw](https://github.com/mswjs/msw) from 2.12.10 to 2.12.14. - [Release notes](https://github.com/mswjs/msw/releases) - [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md) - [Commits](mswjs/msw@v2.12.10...v2.12.14) --- updated-dependencies: - dependency-name: msw dependency-version: 2.12.14 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Required keyword not found in PR title or description. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 37a7f85c2e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "agentation": "^2.3.3", | ||
| "dialkit": "^1.1.0", | ||
| "msw": "^2.12.10", | ||
| "msw": "^2.12.14", |
There was a problem hiding this comment.
Storybook actually serves a committed service worker from platforms/web/apps/storybook/public/mockServiceWorker.js, and that file still hard-codes PACKAGE_VERSION = "2.12.10"/the old checksum at lines 10-11 while .storybook/preview.tsx:8-18 initializes MSW on every browser run. In this repo, pnpm 10 will not fix that automatically because the root package.json:168-174 only allows install scripts for sharp and workerd, so msw's postinstall is blocked. A fresh install of this commit therefore keeps serving the 2.12.10 worker, which leaves Storybook and any browser-based tests on the pre-upgrade interception code and defeats the purpose of the security bump until the worker is regenerated manually.
Useful? React with 👍 / 👎.
|
Closing: failing CI checks. Dependabot will regenerate if needed. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Bumps msw from 2.12.10 to 2.12.14.
Release notes
Sourced from msw's releases.
Commits
afa3606chore(release): v2.12.14f90bf49fix: support wildcard ports in url matching (#2677)002f3e7test: fix flakyws.clients.browsertest (#2679)5f4cccechore(release): v2.12.134b8c330fix(GraphQL): supportapplication/graphql-response+jsonresponse `content-t...98716e7fix(HttpResponse): mark implicitcontent-typeheaders with a symbol (#2675)e6a7f81chore(release): v2.12.1251e920echore: fix flaky tests (#2673)cd52873fix: minor improvements (#2672)b79d7aefix: handle special characters inpostinstallscript (#2649)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)