Skip to content

chore(deps): bump the frontend-dependencies group with 9 updates#198

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/frontend-dependencies-bfe050c856
Mar 16, 2026
Merged

chore(deps): bump the frontend-dependencies group with 9 updates#198
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/frontend-dependencies-bfe050c856

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited by cubic-dev-ai bot
Loading

Bumps the frontend-dependencies group with 9 updates:

Package From To
@polar-sh/sdk 0.46.2 0.46.4
framer-motion 12.34.3 12.36.0
@commitlint/cli 20.4.2 20.5.0
@commitlint/config-conventional 20.4.2 20.5.0
@iconify-json/lucide 1.2.96 1.2.98
rollup-plugin-visualizer 6.0.8 6.0.11
lru-cache 11.2.6 11.2.7
mongoose 9.2.2 9.3.0
svix 1.86.0 1.88.0

Updates @polar-sh/sdk from 0.46.2 to 0.46.4

Release notes

Sourced from @​polar-sh/sdk's releases.

typescript - v0.46.4 - 2026-03-13 07:47:12

Generated by Speakeasy CLI

@​polar-sh/sdk 0.46.4

Typescript SDK Changes:

  • polar.events.list(): response.union(ListResource_Event_).items[].union(SystemEvent).union(subscription.updated) Added (Breaking ⚠️)
  • polar.organizations.create():
    • request Changed (Breaking ⚠️)
    • response Changed
  • polar.events.get(): response.union(SystemEvent).union(subscription.updated) Added (Breaking ⚠️)
  • polar.organizations.update():
    • request.organizationUpdate Changed (Breaking ⚠️)
    • response Changed
  • polar.checkoutLinks.create(): response.discount Changed
  • polar.discounts.list(): response.items[] Changed
  • polar.subscriptions.get(): response Changed
  • polar.subscriptions.revoke(): response Changed
  • polar.subscriptions.update():
    • request.subscriptionUpdate.union(SubscriptionUpdateProduct).prorationBehavior.enum(nextPeriod) Added
    • response Changed
    • error.status[402] Added
  • polar.discounts.create():
    • request Changed
    • response Changed
  • polar.orders.get(): response.discount Changed
  • polar.orders.update(): response.discount Changed
  • polar.checkouts.list(): response.items[].discount Changed
  • polar.checkouts.create(): response.discount Changed
  • polar.checkouts.get(): response.discount Changed
  • polar.checkouts.update(): response.discount Changed
  • polar.checkouts.clientGet(): response Changed
  • polar.checkouts.clientUpdate(): response Changed
  • polar.checkouts.clientConfirm(): response Changed
  • polar.checkoutLinks.list(): response.items[].discount Changed
  • polar.organizations.list(): response.items[] Changed
  • polar.checkoutLinks.get(): response.discount Changed
  • polar.subscriptions.create(): response Changed
  • polar.checkoutLinks.update(): response.discount Changed
  • polar.orders.list(): response.items[].discount Changed
  • polar.discounts.get(): response Changed
  • polar.discounts.update():
    • request.discountUpdate.amounts Added
    • response Changed
  • polar.customerPortal.benefitGrants.list(): response.items[].union(CustomerBenefitGrantDiscord).benefit.organization.prorationBehavior.enum(nextPeriod) Added
  • polar.customerPortal.benefitGrants.get(): response.union(CustomerBenefitGrantGitHubRepository).benefit.organization.prorationBehavior.enum(nextPeriod) Added
  • polar.customerPortal.benefitGrants.update(): response.union(CustomerBenefitGrantLicenseKeys).benefit.organization.prorationBehavior.enum(nextPeriod) Added
  • polar.customerPortal.seats.listClaimedSubscriptions(): response.items[] Changed
  • polar.customerPortal.orders.list(): response.items[].product.organization.prorationBehavior.enum(nextPeriod) Added
  • polar.customerPortal.orders.get(): response.product.organization.prorationBehavior.enum(nextPeriod) Added
  • polar.customerPortal.orders.update(): response.product.organization.prorationBehavior.enum(nextPeriod) Added
  • polar.customerPortal.organizations.get(): response.organization.prorationBehavior.enum(nextPeriod) Added

... (truncated)

Changelog

Sourced from @​polar-sh/sdk's changelog.

2024-09-02 09:49:03

Changes

Based on:

Generated

  • [typescript v0.6.1] .

Releases

2024-09-04 00:24:19

Changes

Based on:

Generated

  • [typescript v0.7.0] .

Releases

2024-09-05 00:24:10

Changes

Based on:

Generated

  • [typescript v0.7.1] .

Releases

2024-09-13 00:24:28

Changes

Based on:

Generated

  • [typescript v0.8.0] .

Releases

2024-09-16 00:26:12

Changes

Based on:

Generated

  • [typescript v0.8.1] .

Releases

... (truncated)

Commits
  • dd61fd3 Merge pull request #164 from polarsource/speakeasy-sdk-regen-1773103093
  • 8bc8ac5 empty commit to trigger [run-tests] workflow
  • 52631a8 ## Typescript SDK Changes:
  • 6fa8eb1 Merge pull request #165 from polarsource/fix/add-missing-webhook-event-types
  • 915fa3e fix: add missing webhook event types to parseEvent
  • ec38712 ## Typescript SDK Changes:
  • See full diff in compare view

Updates framer-motion from 12.34.3 to 12.36.0

Changelog

Sourced from framer-motion's changelog.

[12.36.0] 2026-03-09

Added

  • Allow dragSnapToOrigin to accept "x" or "y" for per-axis snapping.
  • Added axis-locked layout animations with layout="x" and layout="y".
  • Added skipInitialAnimation to useSpring.

Fixed

  • Fixed height and width: auto animations with box-sizing: border-box.
  • Reset component values when exit animation finishes.
  • Ensure anticipate easing returns 1 at p === 1.
  • Fix @emotion/is-prop-valid resolve error in Storybook.
  • Remove data-pop-layout-id from exiting elements when animation interrupted.
  • Ensure we skip WAAPI for non-animatable keyframes.
  • Ensure we skip WAAPI for SVG transforms.
  • Ensure MotionValue props are not passed to SVG.
  • AnimatePresence: Prevent mode="wait" elements from getting stuck when switched rapidly.

[12.35.2] 2026-03-09

Fixed

  • Reduced filesize of styleEffect.
  • Fix rounding from popLayout.
  • opacity animations in React Strict Mode in development.
  • Ensure useSpring is not affected by monitor framerate.
  • Updating animations sequence segment types to exclude lifecycle handlers.
  • Fix layout animations with parents offset by a %-based translation.
  • Fix autoplay: false with WAAPI animations.
  • Fix layout jump in React Strict Mode in development.
  • Detect divide-by-zero in CSS calc() values before making animatable templates.

[12.35.1] 2026-03-06

Fixed

  • Fixing combination of string keyframes, spring and delay.
  • Gracefully handle negative scroll values.
  • Fix one-frame visual gap when rapidly switching WAAPI animations.
  • animation.time = 0 on a finished animation sets the playhead in a paused state.

[12.35.0] 2026-03-03

Added

  • ViewTimeline support for scroll and useScroll.

[12.34.6] 2026-03-03

... (truncated)

Commits
  • ea66e17 v12.36.0
  • db5726d Adding tests for exit animations
  • 5ccc21a Updating changelog
  • 06159b3 Latest
  • ed64e5f Merge pull request #3625 from motiondivision/worktree-fix-issue-3141
  • 5fad98c Merge pull request #3627 from motiondivision/worktree-fix-issue-3103
  • f084bb2 Simplify axis-snap logic: use copyAxisInto, remove redundant isShared block
  • 3204711 Merge pull request #3626 from motiondivision/audit/motion-dom-frameloop
  • 25bf593 Merge pull request #3629 from motiondivision/worktree-fix-issue-3082
  • 0dad36b Merge pull request #3634 from motiondivision/worktree-fix-issue-3102
  • Additional commits viewable in compare view

Updates @commitlint/cli from 20.4.2 to 20.5.0

Release notes

Sourced from @​commitlint/cli's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

Features

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

v20.4.3

20.4.3 (2026-03-03)

Bug Fixes

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

20.5.0 (2026-03-15)

Bug Fixes

  • cli: validate that --cwd directory exists before execution (#4658) (cf80f75), closes #4595

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/cli

20.4.3 (2026-03-03)

Bug Fixes

Commits

Updates @commitlint/config-conventional from 20.4.2 to 20.5.0

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

Features

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

v20.4.3

20.4.3 (2026-03-03)

Bug Fixes

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.5.0 (2026-03-15)

Note: Version bump only for package @​commitlint/config-conventional

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/config-conventional

20.4.3 (2026-03-03)

Bug Fixes

Commits

Updates @iconify-json/lucide from 1.2.96 to 1.2.98

Commits

Updates rollup-plugin-visualizer from 6.0.8 to 6.0.11

Changelog

Sourced from rollup-plugin-visualizer's changelog.

6.0.11

  • Identical to 6.0.5 to have latest v6 that is not deprecated
Commits

Updates lru-cache from 11.2.6 to 11.2.7

Commits
  • e787b9f 11.2.7
  • e6f15bf format tests, update project ci settings
  • 2ec0b52 abstract out the update autopurge fn, formatting
  • 879f8b1 abstract out setPurgeTimer (internal)
  • 88ae941 fix: reschedule autopurge timer when updateAgeOnGet resets TTL start
  • 757c157 remove unused polyfills from tests
  • See full diff in compare view

Updates mongoose from 9.2.2 to 9.3.0

Release notes

Sourced from mongoose's releases.

9.3.0 / 2026-03-10

  • feat(schema): support discriminators option inline for better TypeScript support #16053
  • feat(aggregate): add pipelineForUnionWith() helper to allow reusing pipelines with $unionWith in TypeScript #16033
  • feat(setDefaultsOnInsert): pass query as context to default functions #16041 #16025
  • fix: resolve deeply nested discriminator paths in arrayFilters #16072 Yatin81
  • fix(changeStream): emit ready on next tick to allow stream to initialize
  • fix(connection): handle calling watch() on disconnected connection
  • fix: remove references to mongodb option "promiseLibrary" hasezoey
  • fix(model+query): backwards compatible validateBeforeSave handling and avoid TypeError in removeUnusedArrayFilters on nullish update
  • perf(model): remove unnecessary overhead when saving new doc
  • types(InferRawDocType): fall back to using InferRawDocType instead of pulling non-raw inferred doc type if EnforcedDocType not set #16053
  • types: add type constraints for Document#$model() and Document#model() mrazauskas
  • docs: fix broken links and update MongoDB documentation links #16037 hasezoey
  • docs(contributing): update issue tracker links to Automattic org AkaHarshit

9.2.4 / 2026-03-03

  • types(models): allow unknown keys in subdocs while retaining autocomplete suggestions #16048
  • types(schema): fix issues related to defining timestamps and virtuals with methods and/or statics in schema options #16052 #16046
  • docs: use lowercase primitive types in JSDoc and fix incorrect @returns declarations #16036 #16018
  • docs(field-level-encryption): improve CSFLE docs with model registration guidance and schema definition example #16065 #16015

9.2.3 / 2026-02-26

  • types(model): make bulkSave() correctly take array of THydratedDocumentType #16032
Changelog

Sourced from mongoose's changelog.

9.3.0 / 2026-03-10

  • feat(schema): support discriminators option inline for better TypeScript support #16053
  • feat(aggregate): add pipelineForUnionWith() helper to allow reusing pipelines with $unionWith in TypeScript #16033
  • feat(setDefaultsOnInsert): pass query as context to default functions #16041 #16025
  • fix: resolve deeply nested discriminator paths in arrayFilters #16072 Yatin81
  • fix(changeStream): emit ready on next tick to allow stream to initialize
  • fix(connection): handle calling watch() on disconnected connection
  • fix: remove references to mongodb option "promiseLibrary" hasezoey
  • fix(model+query): backwards compatible validateBeforeSave handling and avoid TypeError in removeUnusedArrayFilters on nullish update
  • perf(model): remove unnecessary overhead when saving new doc
  • types(InferRawDocType): fall back to using InferRawDocType instead of pulling non-raw inferred doc type if EnforcedDocType not set #16053
  • types: add type constraints for Document#$model() and Document#model() mrazauskas
  • docs: fix broken links and update MongoDB documentation links #16037 hasezoey
  • docs(contributing): update issue tracker links to Automattic org AkaHarshit

9.2.4 / 2026-03-03

  • types(models): allow unknown keys in subdocs while retaining autocomplete suggestions #16048
  • types(schema): fix issues related to defining timestamps and virtuals with methods and/or statics in schema options #16052 #16046
  • docs: use lowercase primitive types in JSDoc and fix incorrect @returns declarations #16036 #16018
  • docs(field-level-encryption): improve CSFLE docs with model registration guidance and schema definition example #16065 #16015

9.2.3 / 2026-02-26

  • types(model): make bulkSave() correctly take array of THydratedDocumentType #16032
Commits

Updates svix from 1.86.0 to 1.88.0

Release notes

Sourced from svix's releases.

Release v1.88.0

What's Changed

  • Libs/Go: Add support for v1.management.authentication.patch-api-token (Internal endpoint)
  • Libs/Go: Add TransportWrapper option to SvixOptions (thanks @​piotrdomagalski)

Full Changelog: svix/svix-webhooks@v1.87.0...v1.88.0

v1.87.0

What's Changed

  • Server: Respect retry-after header on error responses (within limits) (thanks @​vinay0826)

Full Changelog: svix/svix-webhooks@v1.86.0...v1.87.0

Changelog

Sourced from svix's changelog.

Version 1.88.0

  • Libs/Go: Add support for v1.management.authentication.patch-api-token (Internal endpoint)
  • Libs/Go: Add TransportWrapper option to SvixOptions (thanks @​piotrdomagalski)

Version 1.87.0

  • Server: Respect retry-after header on error responses (within limits) (thanks @​vinay0826)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by cubic

Update frontend dependency group to pick up recent fixes and features. Notable bumps include @polar-sh/sdk 0.46.4, framer-motion 12.36.0, and mongoose 9.3.0.

  • Dependencies

    • @polar-sh/sdk → 0.46.4 (API/type changes to events and organizations)
    • framer-motion → 12.36.0 (axis-locked layout animations, bug fixes)
    • @commitlint/cli and @commitlint/config-conventional → 20.5.0
    • mongoose → 9.3.0 (TS improvements, new helpers)
    • lru-cache → 11.2.7 (autopurge timer fix)
    • Plus minor updates: @iconify-json/lucide, rollup-plugin-visualizer, svix

  • Migration

    • @polar-sh/sdk: re-check usages of polar.events.* and organization endpoints; run type checks and adjust for updated response/request shapes.

Written for commit 9e18516. Summary will update on new commits.

@dependabot
chore(deps): bump the frontend-dependencies group with 9 updates
9e18516 
Bumps the frontend-dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [@polar-sh/sdk](https://github.com/polarsource/polar-js) | `0.46.2` | `0.46.4` |
| [framer-motion](https://github.com/motiondivision/motion) | `12.34.3` | `12.36.0` |
| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.4.2` | `20.5.0` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.4.2` | `20.5.0` |
| [@iconify-json/lucide](https://github.com/iconify/icon-sets) | `1.2.96` | `1.2.98` |
| [rollup-plugin-visualizer](https://github.com/btd/rollup-plugin-visualizer) | `6.0.8` | `6.0.11` |
| [lru-cache](https://github.com/isaacs/node-lru-cache) | `11.2.6` | `11.2.7` |
| [mongoose](https://github.com/Automattic/mongoose) | `9.2.2` | `9.3.0` |
| [svix](https://github.com/svix/svix-webhooks) | `1.86.0` | `1.88.0` |


Updates `@polar-sh/sdk` from 0.46.2 to 0.46.4
- [Release notes](https://github.com/polarsource/polar-js/releases)
- [Changelog](https://github.com/polarsource/polar-js/blob/main/RELEASES.md)
- [Commits](polarsource/polar-js@v0.46.2...v0.46.4)

Updates `framer-motion` from 12.34.3 to 12.36.0
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.34.3...v12.36.0)

Updates `@commitlint/cli` from 20.4.2 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.4.2 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/config-conventional)

Updates `@iconify-json/lucide` from 1.2.96 to 1.2.98
- [Commits](https://github.com/iconify/icon-sets/commits)

Updates `rollup-plugin-visualizer` from 6.0.8 to 6.0.11
- [Changelog](https://github.com/btd/rollup-plugin-visualizer/blob/master/CHANGELOG.md)
- [Commits](btd/rollup-plugin-visualizer@v6.0.8...v6.0.11)

Updates `lru-cache` from 11.2.6 to 11.2.7
- [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-lru-cache@v11.2.6...v11.2.7)

Updates `mongoose` from 9.2.2 to 9.3.0
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@9.2.2...9.3.0)

Updates `svix` from 1.86.0 to 1.88.0
- [Release notes](https://github.com/svix/svix-webhooks/releases)
- [Changelog](https://github.com/svix/svix-webhooks/blob/main/ChangeLog.md)
- [Commits](svix/svix-webhooks@v1.86.0...v1.88.0)

---
updated-dependencies:
- dependency-name: "@polar-sh/sdk"
  dependency-version: 0.46.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-dependencies
- dependency-name: framer-motion
  dependency-version: 12.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: frontend-dependencies
- dependency-name: "@commitlint/cli"
  dependency-version: 20.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: frontend-dependencies
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: frontend-dependencies
- dependency-name: "@iconify-json/lucide"
  dependency-version: 1.2.98
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: frontend-dependencies
- dependency-name: rollup-plugin-visualizer
  dependency-version: 6.0.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: frontend-dependencies
- dependency-name: lru-cache
  dependency-version: 11.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-dependencies
- dependency-name: mongoose
  dependency-version: 9.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: frontend-dependencies
- dependency-name: svix
  dependency-version: 1.88.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: frontend-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 16, 2026

Assignees

The following users could not be added as assignees: TomCo, Tomco. Either they do not exist or they do not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: auto-update, dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel
Copy link

vercel bot commented Mar 16, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
tc-dynamics Ready Ready Preview, Comment Mar 16, 2026 6:19am

@github-actions github-actions bot merged commit d8a3714 into main Mar 16, 2026
2 of 4 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/frontend-dependencies-bfe050c856 branch March 16, 2026 06:17
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Mar 16, 2026

Greptile Summary

Dependabot PR bumping 9 frontend/API dependencies to their latest patch/minor versions. The actual changes in the manifest files are limited to: @polar-sh/sdk (0.46.3→0.46.4), lru-cache (11.2.6→11.2.7), @commitlint/cli and @commitlint/config-conventional (20.4.4→20.5.0). The remaining packages listed in the PR description (framer-motion, @iconify-json/lucide, rollup-plugin-visualizer, mongoose, svix) were already at their target versions on the base branch from prior commits.

  • @polar-sh/sdk 0.46.4 includes breaking changes to organizations.create() and organizations.update() request signatures — verify API usage is compatible
  • The package-lock.json contains an accidental downgrade of the svix specifier from ^1.88.0 to ^1.86.0 in the packages.api section, mismatching api/package.json which still declares ^1.88.0. This should be corrected before merging

Confidence Score: 3/5

  • Generally safe dependency bumps, but the lockfile has a svix version mismatch that should be fixed before merging
  • The package.json changes are straightforward minor/patch bumps. However, the lockfile contains an inconsistency where svix is downgraded from ^1.88.0 to ^1.86.0 while api/package.json still requires ^1.88.0. Additionally, the @polar-sh/sdk update includes breaking API changes that should be verified.
  • Pay close attention to package-lock.json for the svix version mismatch

Important Files Changed

Filename Overview
api/package.json Minor patch bumps for @polar-sh/sdk (0.46.3→0.46.4) and lru-cache (11.2.6→11.2.7). No issues found.
apps/frontend/package.json Bumps @polar-sh/sdk (0.46.3→0.46.4), @commitlint/cli and @commitlint/config-conventional (20.4.4→20.5.0). No issues found.
package-lock.json Lockfile regenerated with updated dependency versions, but contains an accidental downgrade of the svix specifier from ^1.88.0 to ^1.86.0 in the packages.api section, creating a mismatch with api/package.json.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot PR] --> B[api/package.json]
    A --> C[apps/frontend/package.json]
    A --> D[package-lock.json]
    
    B --> B1["@polar-sh/sdk ^0.46.3 → ^0.46.4"]
    B --> B2["lru-cache ^11.2.6 → ^11.2.7"]
    
    C --> C1["@polar-sh/sdk ^0.46.3 → ^0.46.4"]
    C --> C2["@commitlint/cli ^20.4.4 → ^20.5.0"]
    C --> C3["@commitlint/config-conventional ^20.4.4 → ^20.5.0"]
    
    D --> D1["Updated dependency resolutions"]
    D --> D2["⚠️ svix: ^1.88.0 → ^1.86.0 (unintended downgrade)"]
    
    style D2 fill:#ff6b6b,color:#fff
Loading

Last reviewed commit: 9e18516

greptile-apps[bot]
greptile-apps bot reviewed Mar 16, 2026
View reviewed changes
package-lock.json
"mongoose": "^9.3.0",
"resend": "^6.9.3",
"svix": "^1.88.0"
"svix": "^1.86.0"
Copy link
Contributor

@greptile-apps greptile-apps bot Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Svix version downgraded in lockfile

The packages.api.dependencies.svix specifier was changed from "^1.88.0" to "^1.86.0", but api/package.json still declares "svix": "^1.88.0". This creates a mismatch between the lockfile and the manifest. The base branch correctly had "^1.88.0" here.

This looks like a Dependabot regeneration artifact. After merging, an npm install would likely correct the lockfile, but the inconsistency could cause confusion or unexpected resolution behavior in CI. Consider running npm install to regenerate the lockfile before merging.

Suggested change
"svix": "^1.86.0"
"svix": "^1.88.0"

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 3 files

Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/frontend/package.json">

<violation number="1" location="apps/frontend/package.json:53">
P2: This dependency bump is incomplete without updating the root lockfile, so clean installs will keep using the previous @polar-sh/sdk version.</violation>

<violation number="2" location="apps/frontend/package.json:82">
P2: The commitlint version bump is also missing the corresponding root lockfile update, so CI will keep installing the old 20.4.2 packages.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

apps/frontend/package.json
"devDependencies": {
"@commitlint/cli": "^20.4.4",
"@commitlint/config-conventional": "^20.4.4",
"@commitlint/cli": "^20.5.0",
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot Mar 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: The commitlint version bump is also missing the corresponding root lockfile update, so CI will keep installing the old 20.4.2 packages.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At apps/frontend/package.json, line 82:

<comment>The commitlint version bump is also missing the corresponding root lockfile update, so CI will keep installing the old 20.4.2 packages.</comment>

<file context>
@@ -79,8 +79,8 @@
   "devDependencies": {
-    "@commitlint/cli": "^20.4.4",
-    "@commitlint/config-conventional": "^20.4.4",
+    "@commitlint/cli": "^20.5.0",
+    "@commitlint/config-conventional": "^20.5.0",
     "@eslint/js": "^9.39.4",
</file context>
Fix with Cubic

apps/frontend/package.json
"@clerk/types": "^4.101.18",
"@modelcontextprotocol/sdk": "^1.27.1",
"@polar-sh/sdk": "^0.46.3",
"@polar-sh/sdk": "^0.46.4",
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot Mar 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: This dependency bump is incomplete without updating the root lockfile, so clean installs will keep using the previous @polar-sh/sdk version.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At apps/frontend/package.json, line 53:

<comment>This dependency bump is incomplete without updating the root lockfile, so clean installs will keep using the previous @polar-sh/sdk version.</comment>

<file context>
@@ -50,7 +50,7 @@
     "@clerk/types": "^4.101.18",
     "@modelcontextprotocol/sdk": "^1.27.1",
-    "@polar-sh/sdk": "^0.46.3",
+    "@polar-sh/sdk": "^0.46.4",
     "@radix-ui/react-alert-dialog": "^1.1.15",
     "@radix-ui/react-dialog": "^1.1.15",
</file context>
Fix with Cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants