[security](deps): Bump @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.18#186
[security](deps): Bump @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.18#186dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@radix-ui/react-dropdown-menu](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dropdown-menu) from 2.1.16 to 2.1.18. - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dropdown-menu/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dropdown-menu) --- updated-dependencies: - dependency-name: "@radix-ui/react-dropdown-menu" dependency-version: 2.1.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1458872612
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "@radix-ui/react-dialog": "^1.1.15", | ||
| "@radix-ui/react-direction": "^1.1.0", | ||
| "@radix-ui/react-dropdown-menu": "^2.1.16", | ||
| "@radix-ui/react-dropdown-menu": "^2.1.18", |
There was a problem hiding this comment.
If this security bump is meant to clear the @radix-ui/react-dropdown-menu 2.1.16 advisory, this only updates the direct package: the lockfile still installs 2.1.16 through @openai/apps-sdk-ui → radix-ui@1.4.3 (pnpm-lock.yaml:9210-9215, pnpm-lock.yaml:13961-13979). Workspaces that include @openai/apps-sdk-ui will still have the old dropdown package in the install graph and dependency scanners can keep flagging it; add an override/update for that transitive path as well.
Useful? React with 👍 / 👎.
| "@radix-ui/react-dialog": "^1.1.15", | ||
| "@radix-ui/react-dismissable-layer": "^1.1.11", | ||
| "@radix-ui/react-dropdown-menu": "^2.1.16", | ||
| "@radix-ui/react-dropdown-menu": "^2.1.18", |
There was a problem hiding this comment.
This dependency bump changes package configuration but the commit does not include a FORJAMIE.md update. The root AGENTS.md hard rule says config/tooling changes must update FORJAMIE.md in the same change-set, including a Recent Changes entry, so this change will miss the repo's doc gate unless the map is updated with the Radix bump and impact.
Useful? React with 👍 / 👎.
1 participant
Bumps @radix-ui/react-dropdown-menu from 2.1.16 to 2.1.18.
Changelog
Sourced from @radix-ui/react-dropdown-menu's changelog.
Commits
Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@radix-ui/react-dropdown-menusince your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)