chore(deps): bump @opencode-ai/sdk from 1.3.0 to 1.14.19#347
chore(deps): bump @opencode-ai/sdk from 1.3.0 to 1.14.19#347dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@opencode-ai/sdk](https://github.com/sst/opencode-sdk-js) from 1.3.0 to 1.14.19. - [Release notes](https://github.com/sst/opencode-sdk-js/releases) - [Changelog](https://github.com/anomalyco/opencode-sdk-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/sst/opencode-sdk-js/commits) --- updated-dependencies: - dependency-name: "@opencode-ai/sdk" dependency-version: 1.14.19 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
Issue Linking ReminderThis PR doesn't appear to have a linked issue. Consider linking to:
Using If this PR doesn't need an issue, you can ignore this message. |
✔️ Bundle Size Analysis
Bundle breakdown |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — routine Dependabot lock file update with no application code changes.
Extended reasoning...
Overview
Only pnpm-lock.yaml is modified. The primary change is resolving @opencode-ai/sdk from 1.3.0 to 1.14.19 (within the existing ^1.2.25 specifier), plus patch bumps for rollup (4.60.1 → 4.60.2) and postcss (8.5.9 → 8.5.10). No source code is touched.
Security risks
The new version of @opencode-ai/sdk picks up cross-spawn@7.0.6 as a transitive dependency. cross-spawn is a well-established, low-risk package for cross-platform child process spawning. No auth, crypto, or permission-sensitive code is affected by any of these changes.
Level of scrutiny
Low. This is a standard Dependabot lock file PR — no application logic is altered and all version bumps stay within the already-accepted semver ranges declared in package.json. The 11-minor-version jump in the SDK is noteworthy but is within the pre-approved ^ range, and no API call sites in the codebase are modified.
Other factors
No bugs were reported by the automated bug-hunting system. There are no outstanding reviewer comments to address. The rollup and postcss bumps are patch releases and carry negligible risk.
|
Superseded by #352. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/opencode-ai/sdk-1.14.19
branch
Bumps @opencode-ai/sdk from 1.3.0 to 1.14.19.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)