hyperdx

mirror of https://github.com/hyperdxio/hyperdx synced 2026-04-21 13:37:15 +00:00

Author	SHA1	Message	Date
github-actions[bot]	f086842f3c	Release HyperDX (#2097 ) Some checks are pending Knip - Unused Code Analysis / knip (push) Waiting to run Details Main / lint (push) Waiting to run Details Main / unit (push) Waiting to run Details Main / integration (push) Waiting to run Details Main / otel-unit-test (push) Waiting to run Details Main / otel-smoke-test (push) Waiting to run Details Main / e2e-tests (push) Waiting to run Details Main / End-to-End Tests (push) Blocked by required conditions Details Main / ClickHouse Bundle Build (push) Waiting to run Details Push Downstream / push-downstream (push) Waiting to run Details Release / Build OTel Collector (arm64) (push) Blocked by required conditions Details Release / Check Changesets (push) Waiting to run Details Release / Check if version exists (push) Blocked by required conditions Details Release / Build OTel Collector (amd64) (push) Blocked by required conditions Details Release / Publish OTel Collector Manifest (push) Blocked by required conditions Details Release / Build App (amd64) (push) Blocked by required conditions Details Release / Build App (arm64) (push) Blocked by required conditions Details Release / Publish App Manifest (push) Blocked by required conditions Details Release / Build Local (amd64) (push) Blocked by required conditions Details Release / Build Local (arm64) (push) Blocked by required conditions Details Release / Publish Local Manifest (push) Blocked by required conditions Details Release / Build All-in-One (amd64) (push) Blocked by required conditions Details Release / Build All-in-One (arm64) (push) Blocked by required conditions Details Release / Publish All-in-One Manifest (push) Blocked by required conditions Details Release / Release CLI Binaries (push) Blocked by required conditions Details Release / Notify Helm-Charts Downstream (push) Blocked by required conditions Details Release / Notify CH Downstream (push) Blocked by required conditions Details Release / notify_clickhouse_clickstack (push) Blocked by required conditions Details Release / OpenTelemetry Export Trace (push) Blocked by required conditions Details Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-20 00:00:40 -07:00
Brandon Pereira	7335a23acd	chore: improve integration test infrastructure (#2126 ) ## Summary Currently it's hard to debug integration tests because of all the extra logging/warnings/open handler issues (wasn't sure if I introduced an open handler or was existing). This fixes that. - Bump Jest from v28 to v30 in api and common-utils packages, syncing with app's existing setup - Replace legacy `preset: 'ts-jest'` with modern `createJsWithTsPreset()` spread pattern across all packages - Fix open handles that required `--forceExit` and `--detectOpenHandles` workarounds - Suppress noisy console and logger output during test runs via targeted mocks ## Changes ### Jest/ts-jest upgrade - Bump `jest` 28 → 30, `@types/jest` 28 → 29 in api and common-utils - Adopt `createJsWithTsPreset()` config pattern (matching app) - Add `isolatedModules: true` to common-utils tsconfig to fix ts-jest warning with Node16 module kind - Update snapshot files and inline snapshots for Jest 30 format changes - Replace removed `toThrowError()` with `toThrow()` - Fix team.test.ts inline snapshot that depended on dynamic Mongo ObjectIds ### Open handle fixes - Add `close()` method to `BaseClickhouseClient` in common-utils - Call `mongoose.disconnect()` in `closeDB()` (api fixtures) - Add `closeTestFixtureClickHouseClient()` and call it in `MockServer.stop()` - Fix common-utils integration tests to close both `hdxClient` and raw `client` in `afterAll` - Disable `usageStats()` interval in CI to prevent leaked timers - Remove `--forceExit` from common-utils CI/dev scripts and api dev script - Remove `--detectOpenHandles` from all dev scripts ### Log noise suppression - Use `jest.spyOn` for console methods instead of global console object override - Add per-file `console.warn`/`console.error` suppression in test files that exercise error paths - Mock pino logger module in api jest.setup.ts to suppress expected operational logs (validation errors, MCP tool errors, etc.) - Use pino logger instead of `console.error` in Express error handler (`middleware/error.ts`) - Add console suppression to app setupTests.tsx ## Testing - `make ci-lint` — passes - `make ci-unit` — 2177 tests pass, zero console noise - `make ci-int` — 642 tests pass (606 api + 36 common-utils), zero log noise	2026-04-16 00:12:13 +00:00
dependabot[bot]	28b81dd8a9	chore(deps): bump @hono/node-server from 1.19.12 to 1.19.13 (#2111 ) Bumps [@hono/node-server](https://github.com/honojs/node-server) from 1.19.12 to 1.19.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/node-server/releases"><code>@hono/node-server</code>'s releases</a>.</em></p> <blockquote> <h2>v1.19.13</h2> <h2>Security Fix</h2> <p>Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (<code>//</code>) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.</p> <p>See GHSA-92pp-h63x-v22m for details.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fd64e659a3`"><code>fd64e65</code></a> 1.19.13</li> <li><a href="`025c30f55d`"><code>025c30f</code></a> Merge commit from fork</li> <li>See full diff in <a href="https://github.com/honojs/node-server/compare/v1.19.12...v1.19.13">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@hono/node-server&package-manager=npm_and_yarn&previous-version=1.19.12&new-version=1.19.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-04-14 18:12:15 +00:00
dependabot[bot]	7a49c74835	chore(deps): bump hono from 4.12.9 to 4.12.12 (#2112 ) Bumps [hono](https://github.com/honojs/hono) from 4.12.9 to 4.12.12. e notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.12</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>Middleware bypass via repeated slashes in serveStatic</h3> <p>Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (<code>//</code>) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c</p> <h3>Path traversal in toSSG() allows writing files outside the output directory</h3> <p>Affects: <code>toSSG()</code> for Static Site Generation. Fixes a path traversal issue where crafted <code>ssgParams</code> values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx</p> <h3>Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses</h3> <p>Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. <code>::ffff:127.0.0.1</code>) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g</p> <h3>Missing validation of cookie name on write path in setCookie()</h3> <p>Affects: <code>setCookie()</code>, <code>serialize()</code>, and <code>serializeSigned()</code> from <code>hono/cookie</code>. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm</p> <h3>Non-breaking space prefix bypass in cookie name handling in getCookie()</h3> <p>Affects: <code>getCookie()</code> from <code>hono/cookie</code>. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4</p> <hr /> <p>Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.</p> <h2>v4.12.11</h2> <h2>What's Changed</h2> <ul> <li>feat(css): add classNameSlug option to createCssContext by <a href="https://github.com/flow-pie"><code>@flow-pie</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/flow-pie"><code>@flow-pie</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.10...v4.12.11">https://github.com/honojs/hono/compare/v4.12.10...v4.12.11</a></p> <h2>v4.12.10</h2> <h2>What's Changed</h2> <ul> <li>test(router): fix <code>Simple capturing group</code> test by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4838">honojs/hono#4838</a></li> <li>docs: fix impaired -> inspired typo in benchmark READMEs by <a href="https://github.com/Abhi3975"><code>@Abhi3975</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li> <li>fix(jsx/dom): apply select value after children are rendered by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4847">honojs/hono#4847</a></li> <li>fix(compress): convert strong ETag to weak ETag when compressing by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4848">honojs/hono#4848</a></li> <li>docs(ip-restriction): add clear JSDoc examples and param types by <a href="https://github.com/VISHNU7KASIREDDY"><code>@VISHNU7KASIREDDY</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Abhi3975"><code>@Abhi3975</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li> <li><a href="https://github.com/VISHNU7KASIREDDY"><code>@VISHNU7KASIREDDY</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c37ba26da9`"><code>c37ba26</code></a> 4.12.12</li> <li><a href="`cc067c8559`"><code>cc067c8</code></a> Merge commit from fork</li> <li><a href="`a586cd72e3`"><code>a586cd7</code></a> Merge commit from fork</li> <li><a href="`48fa2233bc`"><code>48fa223</code></a> Merge commit from fork</li> <li><a href="`b470278920`"><code>b470278</code></a> Merge commit from fork</li> <li><a href="`9aff14bd72`"><code>9aff14b</code></a> Merge commit from fork</li> <li><a href="`2c403c67eb`"><code>2c403c6</code></a> 4.12.11</li> <li><a href="`f82aba8e8e`"><code>f82aba8</code></a> feat(css): add classNameSlug option to createCssContext (<a href="https://redirect.github.com/honojs/hono/issues/4834">#4834</a>)</li> <li><a href="`9f374a55b2`"><code>9f374a5</code></a> 4.12.10</li> <li><a href="`a8c56a6620`"><code>a8c56a6</code></a> docs(ip-restriction): add clear JSDoc examples and param types (<a href="https://redirect.github.com/honojs/hono/issues/4851">#4851</a>)</li> <li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.9...v4.12.12">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hono&package-manager=npm_and_yarn&previous-version=4.12.9&new-version=4.12.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-04-14 17:55:07 +00:00
Brandon Pereira	9781ae6387	feat: integrate Model Context Protocol (MCP) server for dashboards & investigations (#2030 ) ## Summary Adds an MCP (Model Context Protocol) server to the HyperDX API, enabling AI assistants (Claude, Cursor, OpenCode, etc.) to query observability data, manage dashboards, and explore data sources directly via standardized tool calls. Key changes: - MCP server (`packages/api/src/mcp/`) — Streamable HTTP transport at `/api/mcp`, authenticated via Personal API Access Key - Tools — `hyperdx_list_sources`, `hyperdx_query`, `hyperdx_get_dashboard`, `hyperdx_save_dashboard`, `hyperdx_delete_dashboard`, `hyperdx_query_tile` - Dashboard prompts — Detailed prompt templates that guide LLMs in generating valid, high-quality dashboards - Shared logic — Refactored dashboard validation/transformation out of the external API router into reusable utils (`packages/api/src/routers/external-api/v2/utils/dashboards.ts`) - Documentation — `MCP.md` with setup instructions for Claude Code, OpenCode, Cursor, MCP Inspector, and other clients - Tests — Unit tests for dashboard tools, query tools, tracing, and response trimming ### Screenshots https://github.com/user-attachments/assets/8c5aa582-c79e-47e0-8f75-e03feabdf8a6 ### How to test locally 1. Start the dev stack: `yarn dev` 2. Connect an MCP client (e.g. MCP Inspector): ```bash cd packages/api && yarn dev:mcp ``` Then configure the inspector: - Transport Type: Streamable HTTP - URL: `http://localhost:8080/api/mcp` - Header: `Authorization: Bearer <your-personal-access-key>` - Click Connect 3. Alternatively, connect via Claude Code or OpenCode: ```bash claude mcp add --transport http hyperdx http://localhost:8080/api/mcp \ --header "Authorization: Bearer <your-personal-access-key>" ``` 4. Try listing sources, querying data, or creating/updating a dashboard through the connected AI assistant. 5. Run unit tests: ```bash cd packages/api && yarn ci:unit ``` ### References - Linear Issue: HDX-3710	2026-04-14 14:39:07 +00:00
Brandon Pereira	0bfec14830	[HDX-3981] Upgrade Mantine v7 to v9 (#2096 ) ## Summary Upgrade all `@mantine/` packages from v7.17.8 to v9.0.0 (skipping the v8 intermediate step since the breaking changes were manageable in a single pass). This improves React 19 compatibility and keeps the UI library current. ### Breaking changes resolved v7 → v8 changes:* - `DateTimePicker`/`DateInput` `onChange` now returns a date string instead of a `Date` object — updated handlers in `AlertScheduleFields.tsx` and `SourceForm.tsx` - Updated `postcss-preset-mantine` to ^1.18.0 v8 → v9 changes: - `Collapse`: renamed `in` prop to `expanded` (11 instances across 10 files) - `Grid`: removed deprecated `overflow="hidden"` prop (5 instances, 3 files) — v9 uses native CSS `gap` instead of negative margins - `Text`/`Anchor`: renamed `color` prop to `c` style prop (7 instances, 5 files) - `SourceSchemaPreview`: replaced removed `TextProps` `color` key with `React.CSSProperties` - Theme: set `defaultRadius: 'sm'` in both theme configs to preserve existing visual appearance (v9 changed default from `sm` to `md`) - Updated test for Collapse visibility behavior change in jsdom ### Not affected (verified) - No `@mantine/carousel` or `@mantine/tiptap` usage — embla and Tiptap migrations not needed - No `TypographyStylesProvider`, `Spoiler`, `positionDependencies`, `useFullscreen`, `useMouse`, `useMutationObserver`, or `zodResolver` from `@mantine/form` usage - All `useLocalStorage` calls from `@mantine/hooks` already provide `defaultValue` - `react-hook-form-mantine` has a peer dep mismatch (expects `@mantine/core ^7.0.0`) but its thin wrappers are compatible at runtime ### How to test locally or on Vercel 1. Start the dev stack with `yarn dev` 2. Navigate through key pages: search, dashboards, alerts, services dashboard, Kubernetes pages 3. Verify Collapse animations work correctly (alert details, nav sub-menus, advanced settings) 4. Verify Grid layouts render properly on services dashboard side panels 5. Verify no visual regressions in border-radius, spacing, or color across components ### References - Linear Issue: https://linear.app/clickhouse/issue/HDX-3981/upgrade-mantine-v7-v9 - [Mantine v9 Changelog](https://mantine.dev/changelog/9-0-0/) - [7.x → 8.x Migration Guide](https://mantine.dev/guides/7x-to-8x/) - [8.x → 9.x Migration Guide](https://mantine.dev/guides/8x-to-9x/)	2026-04-13 16:03:29 +00:00
github-actions[bot]	edb55b4bca	Release HyperDX (#2060 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-09 17:33:14 -07:00
Warren Lee	d995b78c66	[HDX-3919] Add @hyperdx/cli package — terminal TUI, source map upload, and agent-friendly commands (#2043 ) ## Summary Adds `packages/cli` (`@hyperdx/cli`) — a unified CLI for HyperDX that provides an interactive TUI for searching/tailing logs and traces, source map upload (migrated from `hyperdx-js`), and agent-friendly commands for programmatic access. Ref: HDX-3919 Ref: HDX-3920 ### CLI Commands ``` hdx tui -s <url> # Interactive TUI (main command) hdx sources -s <url> # List sources with ClickHouse schemas hdx sources -s <url> --json # JSON output for agents / scripts hdx dashboards -s <url> # List dashboards with tile summaries hdx dashboards -s <url> --json # JSON output for agents / scripts hdx query --source "Logs" --sql "SELECT count() FROM default.otel_logs" hdx upload-sourcemaps -k <key> # Upload source maps (ported from hyperdx-js) hdx auth login -s <url> # Sign in (interactive or -e/-p flags) hdx auth status # Show auth status hdx auth logout # Clear saved session ``` ### Key Features Interactive TUI (`hdx tui`) - Table view with dynamic columns derived from query results (percentage-based widths) - Follow mode (live tail) enabled by default, auto-pauses when detail panel is open - Vim-like keybindings: j/k navigation, G/g jump, Ctrl+D/U half-page scroll - `/` for Lucene search, `s` to edit SELECT clause in `$EDITOR`, `t` to edit time range - Tab to cycle between sources and saved searches - `w` to toggle line wrap Detail Panel (3 tabs, full-screen with Ctrl+D/U scrolling) - Overview — Structured view: Top Level Attributes, Log/Span Attributes, Resource Attributes - Column Values — Full `SELECT ` row data with `__hdx_` aliased columns - Trace — Waterfall chart (port of `DBTraceWaterfallChart` DAG builder) with correlated log events, j/k span navigation, inverse highlight, Event Details section Agent-friendly commands - `hdx sources --json` — Full source metadata with ClickHouse `CREATE TABLE` DDL, expression mappings, and correlated source IDs. Detailed `--help` describes the JSON schema for LLM consumption. Schema queries run in parallel. - `hdx dashboards --json` — Dashboard metadata with simplified tile summaries (name, type, source, sql). Resolves source names for human-readable output. - `hdx query --source <name> --sql <query>` — Raw SQL execution against any source's ClickHouse connection. Supports `--format` for ClickHouse output formats (JSON, JSONEachRow, CSV, etc.). Source map upload (`hdx upload-sourcemaps`) - Ported from `hyperdx-js/packages/cli` to consolidate on a single `@hyperdx/cli` package - Authenticates via service account API key (`-k` / `HYPERDX_SERVICE_KEY` env var) - Globs `.js` and `.js.map` files, handles Next.js route groups - Uploads to presigned URLs in parallel with retry (3 attempts) and progress - Modernized: native `fetch` (Node 22+), ESM-compatible, proper TypeScript types ### Architecture ``` packages/cli/ ├── src/ │ ├── cli.tsx # Commander CLI: tui, sources, dashboards, query, │ │ # upload-sourcemaps, auth │ ├── App.tsx # Ink app shell (login → source picker → EventViewer) │ ├── sourcemaps.ts # Source map upload logic (ported from hyperdx-js) │ ├── api/ │ │ ├── client.ts # ApiClient + ProxyClickhouseClient │ │ └── eventQuery.ts # Query builders (renderChartConfig, raw SQL) │ ├── components/ │ │ ├── EventViewer/ # Main TUI (9 files) │ │ │ ├── EventViewer.tsx # Orchestrator (state, hooks, render shell) │ │ │ ├── types.ts # Shared types & constants │ │ │ ├── utils.ts # Row formatting functions │ │ │ ├── SubComponents.tsx # Header, TabBar, SearchBar, Footer, HelpScreen, TableHeader │ │ │ ├── TableView.tsx # Table rows rendering │ │ │ ├── DetailPanel.tsx # Detail panel (overview/columns/trace tabs) │ │ │ ├── useEventData.ts # Data fetching hook │ │ │ └── useKeybindings.ts # Input handler hook │ │ ├── TraceWaterfall/ # Trace chart (6 files) │ │ │ ├── TraceWaterfall.tsx # Orchestrator + render │ │ │ ├── types.ts # SpanRow, SpanNode, props │ │ │ ├── utils.ts # Duration/status/bar helpers │ │ │ ├── buildTree.ts # DAG builder (port of DBTraceWaterfallChart) │ │ │ └── useTraceData.ts # Data fetching hook │ │ ├── RowOverview.tsx │ │ ├── ColumnValues.tsx │ │ ├── LoginForm.tsx │ │ └── SourcePicker.tsx │ ├── shared/ # Ported from packages/app (@source annotated) │ └── utils/ # Config, editor, log silencing ├── AGENTS.md ├── CONTRIBUTING.md └── README.md ``` ### Tech Stack - Ink v6.8.0 (React 19 for terminals) + Commander.js - @clickhouse/client via ProxyClickhouseClient (routes through `/clickhouse-proxy`) - @hyperdx/common-utils for query generation (`renderChartConfig`, `chSqlToAliasMap`) - glob v13 for source map file discovery - tsup for bundling (all deps bundled via `noExternal: [/./]`, zero runtime deps) - Bun 1.3.11* for standalone binary compilation - Session stored at `~/.config/hyperdx/cli/session.json` ### CI/CD (`release.yml`) - CLI binaries compiled for macOS ARM64, macOS x64, and Linux x64 - GitHub Release created with download instructions - Version-change gate: skips release if `cli-v{version}` tag already exists - `softprops/action-gh-release` pinned to full SHA (v2.6.1) for supply chain safety - Bun pinned to `1.3.11` for reproducible builds - npm publishing handled by changesets ### Keybindings \| Key \| Action \| \|---\|---\| \| `j/k` \| Navigate rows (or spans in Trace tab) \| \| `l/Enter` \| Expand row detail \| \| `h/Esc` \| Close detail / blur search \| \| `G/g` \| Jump to newest/oldest \| \| `Ctrl+D/U` \| Scroll half-page (table, detail panels, Event Details) \| \| `/` \| Search (global or detail filter) \| \| `Tab` \| Cycle sources/searches or detail tabs \| \| `s` \| Edit SELECT clause in $EDITOR \| \| `t` \| Edit time range in $EDITOR \| \| `f` \| Toggle follow mode (live tail) \| \| `w` \| Toggle line wrap \| \| `?` \| Help screen \| ### Demo #### Main Search View <img width="1004" height="1014" alt="image" src="https://github.com/user-attachments/assets/bb6a7f00-38c9-4281-9915-c71b65d852f8" /> #### Event Details Overview <img width="1003" height="1024" alt="image" src="https://github.com/user-attachments/assets/57025fa5-fddb-452a-9320-93465538d5b2" /> #### Trace Waterfall <img width="1004" height="1029" alt="image" src="https://github.com/user-attachments/assets/3443c898-ea0d-47f3-acc5-edb7cdd31946" />	2026-04-09 20:21:34 +00:00
github-actions[bot]	8125d249d9	Release HyperDX (#2009 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-03 15:17:53 -07:00
Drew Davis	58e2e8c660	chore: Enable and fix @eslint-react/no-unstable-default-props (#1989 ) ## Summary This PR 1. Replaces `eslint-config-react` with the modernized equivalent `@eslint-react/eslint-plugin`. Note that `eslint-config-react` was not actually enabled previously, as none of its rules were added to the eslint config. 2. Enables the `no-unstable-default-props` rule and fixes existing violations. This rule catches components with optional props of unstable types (objects, arrays) which have a default value assigned. The default value changes on each render, which can cause unecessary re-renders and re-computations of useMemos and useEffects. We can enable more rules from this plugin in future PRs. ### Screenshots or video There are no expected behavior changes ### How to test locally or on Vercel The app can be regression tested in the preview environment. ### References - Linear Issue: Closes HDX-3809 - Related PRs:	2026-04-03 14:19:52 +00:00
dependabot[bot]	7af5d8c674	chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#1996 ) Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.8 to 4.7.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/releases">handlebars's releases</a>.</em></p> <blockquote> <h2>v4.7.9</h2> <ul> <li>fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2</li> <li>fix type "RuntimeOptions" also accepting string partials - eab1d14</li> <li>feat(types): set <code>hash</code> to be a <code>Record<string, any></code> - de4414d</li> <li>fix non-contiguous program indices - 4512766</li> <li>refactor: rename i to startPartIndex - e497a35</li> <li>security: fix security issues - 68d8df5 <ul> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2</a></li> </ul> </li> </ul> <p><a href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">Commits</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.9 - March 26th, 2026</h2> <ul> <li>fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2</li> <li>fix type "RuntimeOptions" also accepting string partials - eab1d14</li> <li>feat(types): set <code>hash</code> to be a <code>Record<string, any></code> - de4414d</li> <li>fix non-contiguous program indices - 4512766</li> <li>refactor: rename i to startPartIndex - e497a35</li> <li>security: fix security issues - 68d8df5</li> </ul> <p><a href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">Commits</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`dce542c9a6`"><code>dce542c</code></a> v4.7.9</li> <li><a href="`8a41389ba5`"><code>8a41389</code></a> Update release notes</li> <li><a href="`68d8df5a88`"><code>68d8df5</code></a> Fix security issues</li> <li><a href="`b2a083136b`"><code>b2a0831</code></a> Fix browser tests</li> <li><a href="`9f98c16298`"><code>9f98c16</code></a> Fix release script</li> <li><a href="`45443b4290`"><code>45443b4</code></a> Revert "Improve partial indenting performance"</li> <li><a href="`8841a5f6d3`"><code>8841a5f</code></a> Fix CI errors with linting</li> <li><a href="`e0137c26f2`"><code>e0137c2</code></a> fix: enable shell mode for spawn to resolve Windows EINVAL issue</li> <li><a href="`e914d6037f`"><code>e914d60</code></a> Improve rendering performance</li> <li><a href="`7de4b41c34`"><code>7de4b41</code></a> Upgrade GitHub Actions checkout and setup-node on 4.x branch</li> <li>Additional commits viewable in <a href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=handlebars&package-manager=npm_and_yarn&previous-version=4.7.8&new-version=4.7.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-04-01 04:29:51 +00:00
dependabot[bot]	afe8dd5572	chore(deps): bump smol-toml from 1.3.4 to 1.6.1 (#1992 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-31 21:21:18 -07:00
dependabot[bot]	15d4158116	chore(deps): bump picomatch from 2.3.1 to 2.3.2 (#1993 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-31 21:20:42 -07:00
Brandon Pereira	c4dcfd75e2	chore: set yarn npmMinimalAgeGate (#2022 ) ## Summary In response to the recent [axios supply chain attack](https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan), we are tightening package management controls to reduce our exposure to malicious or compromised npm packages. Changes: - Updated `yarnPath` in `.yarnrc.yml` to point to Yarn 4.13.0 - Updated `packageManager` in `package.json` to reflect Yarn 4.13.0 - Removed old Yarn releases (4.5.1 and 1.22.18) from the `releases/` directory - Added Yarn 4.13.0 to the `releases/` directory - Set `npmMinimalAgeGate: 7` in `.yarnrc.yml` — Yarn will now block installation of any package version published less than 7 days ago, providing a buffer against freshly-injected malicious releases ### How to test locally or on Vercel 1. Pull this branch and run `yarn --version` — confirm it outputs `4.13.0`. 2. Run `yarn install` and verify it completes without errors. 3. Attempt to add a package version published within the last 7 days (e.g. a freshly released patch) and confirm Yarn rejects it with an age gate error. 4. Add a package version older than 7 days and confirm it installs successfully. 5. Confirm the old Yarn release files (`4.5.1`, `1.22.18`) are no longer present in `releases/`. ### References - Blog post: [axios compromised on npm — malicious versions drop remote access trojan](https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan)	2026-03-31 18:37:07 +00:00
Karl Power	a55b151e84	fix: render clickhouse keywords in codemirror (#2008 ) ## Summary - A newer version of the `sql-formatter` dependency has built-in support for ClickHouse SQL. This PR removes the custom ClickHouse SQL dialect code, and uses the built-in dialect. - Uses this new dialect from `sql-formatter` to create a ClickHouse dialect for CodeMirror, based on the default CodeMirror SQL one. - Uses the custom CodeMirror dialect for rendering SQL in CodeMirror. - Uses dynamic color theme for CodeMirror instances. ### Screenshots or video \| Before \| After \| \| :----- \| :---- \| \| <img width="759" height="501" alt="before_search" src="https://github.com/user-attachments/assets/1ee6568c-6cf6-41d1-b3fc-86a60b8fd47e" /> \| <img width="759" height="501" alt="after_search" src="https://github.com/user-attachments/assets/df7e3bc4-545b-44d3-8f71-fdaaa8dca112" /> \| \| <img width="599" height="693" alt="raw_sql_before" src="https://github.com/user-attachments/assets/546c77ee-3772-484b-8fc7-c1a42b66e974" /> \| <img width="599" height="693" alt="raw_sql_after" src="https://github.com/user-attachments/assets/8f962b0f-25b4-4137-a5c1-9d8164c8b6cb" /> \| \| <img width="469" height="343" alt="ch_before" src="https://github.com/user-attachments/assets/6e5122e2-8820-4916-abc5-4aa37a6d1867" /> \| <img width="469" height="343" alt="ch_after" src="https://github.com/user-attachments/assets/5d4c0e72-3266-4c28-ae67-38bba31516a5" /> \| ### How to test locally or on Vercel 1. Check the SQL rendering anywhere the `SQLPreview` or `ChartSQLPreview` components are used, e.g. the search page, under charts, in expanded row of ClickHouse dashboard `Slowest Queries` logs table. 2. Check the rendering and autocompletion of the SQL editor e.g. in raw SQL charts. ### References - Linear Issue: Closes HDX-3841 - Related PRs:	2026-03-30 12:38:51 +00:00
github-actions[bot]	af86da601e	Release HyperDX (#1955 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-03-27 13:26:45 -07:00
Brandon Pereira	c72d7baa7f	chore: resolve remaining knip issues (#1991 ) ## Summary Resolve all remaining knip issues — removes unused exports/types, adds missing direct dependencies, deletes dead code, and updates knip config. Dependency fixes: - Root: swapped unused `eslint-config-next`/`eslint-plugin-react-hooks` for actually-imported `@eslint/js`, `typescript-eslint`, `tslib` - App: added directly-used transitive deps (`@codemirror/`, `react-resizable`, `postcss-simple-vars`, `rimraf`, `serve`, `@next/eslint-plugin-next`, `eslint-plugin-react`); removed unused `@storybook/react` Dead code removal:* - Removed ~100 unused exports/types across api and app packages (removed `export` keyword where used locally, deleted entirely where not) - Fixed duplicate `DBRowTableIconButton` default+named export; updated consumers to use named import knip.json updates: - Added `fixtures.ts` entry point and `opamp/**` ignore for api package - Excluded `enumMembers` and `duplicates` issue types - Enabled `ignoreExportsUsedInFile` ### How to test locally or on Vercel 1. `yarn install && yarn knip` — should produce zero output 2. `make ci-lint` — all packages pass 3. `make ci-unit` — all unit tests pass	2026-03-27 20:17:47 +00:00
dependabot[bot]	c9ab6dd0f8	chore(deps): bump flatted from 3.3.3 to 3.4.2 (#1949 ) Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2. <details> <summary>Commits</summary> <ul> <li><a href="`3bf09091c3`"><code>3bf0909</code></a> 3.4.2</li> <li><a href="`885ddcc33c`"><code>885ddcc</code></a> fix CWE-1321</li> <li><a href="`0bdba705d1`"><code>0bdba70</code></a> added flatted-view to the benchmark</li> <li><a href="`2a02dce7c6`"><code>2a02dce</code></a> 3.4.1</li> <li><a href="`fba4e8f2e1`"><code>fba4e8f</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/89">#89</a> from WebReflection/python-fix</li> <li><a href="`5fe86485e6`"><code>5fe8648</code></a> added "when in Rome" also a test for PHP</li> <li><a href="`53517adbef`"><code>53517ad</code></a> some minor improvement</li> <li><a href="`b3e2a0c387`"><code>b3e2a0c</code></a> Fixing recursion issue in Python too</li> <li><a href="`c4b46dbcbf`"><code>c4b46db</code></a> Add SECURITY.md for security policy and reporting</li> <li><a href="`f86d071e0f`"><code>f86d071</code></a> Create dependabot.yml for version updates</li> <li>Additional commits viewable in <a href="https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=flatted&package-manager=npm_and_yarn&previous-version=3.3.3&new-version=3.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-03-26 02:25:06 +00:00
Brandon Pereira	4318d0a3c3	chore: remove unused files, dependencies, and exports flagged by knip (#1982 ) ## Summary Cleans up dead code and unused dependencies identified by [knip](https://knip.dev/). All removals were individually verified to have zero imports or references across the codebase. No functional changes. Deleted 9 unused files: - `packages/api/src/clickhouse/__tests__/clickhouse.V1_DEPRECATED_test.ts` — skipped deprecated test - `packages/api/src/utils/email.ts` — empty stub functions, never imported - `packages/api/src/utils/queue.ts` — unused utility class - `packages/app/src/Checkbox.tsx` — replaced by Mantine Checkbox, never imported - `packages/app/src/components/DBSearchPageFilters/index.ts` — dead barrel file (shadowed by sibling `.tsx`) - `packages/app/src/components/Sources/index.ts` — dead barrel file (all consumers import submodules directly) - `packages/app/src/components/WhereLanguageControlled.tsx` — unused component - `packages/app/src/TabBarWithContent.tsx` — unused component - `packages/app/src/vsc-dark-plus.ts` — unused Prism theme Removed 14 unused dependencies from `packages/api`, `packages/app`, and `packages/common-utils` (e.g. `semver`, `react-query`, `react-sortable-hoc`, `@microsoft/fetch-event-source`, `store2`, `uuid`, etc.) Removed 17 unused devDependencies across root, api, app, and common-utils (e.g. `@nx/workspace`, `@typescript-eslint/eslint-plugin`, `@typescript-eslint/parser`, `@types/semver`, `@types/react-table`, `rimraf`, `supertest`, `ts-node`, `tsc-alias`, `tsconfig-paths`, etc.) Replaced `react-papaparse` with `papaparse` — code imports `papaparse` directly, not the React wrapper. Added `@types/papaparse` since the package doesn't bundle its own types. Cleaned up unused exports: - Trimmed barrel files (`AppNav/index.ts`, `SearchInput/index.ts`) to only re-export what's actually consumed - Removed duplicate named exports where only the default export is used (`DBRowTableFieldWithPopover`, `DBRowTableRowButtons`) - Un-exported interfaces and constants that are only used locally (`DBRowTableFieldWithPopoverProps`, `DBRowTableIconButtonProps`, `DBRowTableRowButtonsProps`, `BASE_URL`, `makeHandler`) - Removed stale `supertest` from `allowModules` in `common-utils/eslint.config.mjs` ### How to test locally or on Vercel 1. `yarn install` — lockfile should resolve cleanly 2. `yarn workspace @hyperdx/common-utils ci:lint` — should pass (the only package where lint+tsc fully passes on this branch) 3. `npx knip` — should show reduced issue counts vs. main ### References - Related PRs: #1973 (knip CI workflow)	2026-03-25 20:32:03 +00:00
Vineet Ahirkar	47e1f565ee	feat: Add OpenAI provider support for AI assistance (#1960 )	2026-03-23 16:27:19 -06:00
Brandon Pereira	b642ce43d3	feat: Add Knip for unused code analysis with CI reporting (#1954 ) ## Summary Adds [Knip](https://knip.dev) to the monorepo to detect unused files, dependencies, and exports. The goal is to reduce dead code over time and prevent new unused code from accumulating. What's included: - Root-level `knip.json` configured for all three workspaces (`packages/app`, `packages/api`, `packages/common-utils`) - `yarn knip` and `yarn knip:ci` scripts for local and CI usage - GitHub Action (`.github/workflows/knip.yml`) that runs on every PR to `main`, compares results against the base branch, and posts a summary comment showing any increase or decrease in unused code - Removed the previous app-only `packages/app/knip.json` in favor of the monorepo-wide config How the CI workflow works: 1. Runs Knip on the PR branch 2. Checks out `main` and runs Knip there 3. Compares issue counts per category and posts/updates a PR comment with a diff table This is additive — Knip runs as an informational check and does not block PRs.	2026-03-23 14:41:44 +00:00
github-actions[bot]	5d2ebc46ee	Release HyperDX (#1884 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-03-20 14:22:09 -07:00
Elizabet Oliveira	3d15b3de93	feat: Enhance data source select with context-aware icons and inline actions (#1948 ) ## Summary Closes [HDX-3784](https://linear.app/clickhouse/issue/HDX-3784/increase-discoverability-of-trace-sources) - Context-aware icons for all source kinds: The data source dropdown now shows icons for every source type — `IconLogs` for logs, `IconConnection` for traces, `IconDeviceLaptop` for sessions, and `IconChartLine` for metrics. Falls back to `IconStack` when no source is selected. - Inline source actions: "Create New Source" and "Edit Sources" actions are now part of the dropdown itself under an "Actions" group with a labeled separator, replacing the separate gear icon menu (`SourceEditMenu`). - Dependency update: Updated `@tabler/icons-react` from v3.5.0 to v3.40.0 to get `IconConnection`. - Fix: source management regression when `HDX_LOCAL_DEFAULT_SOURCES` is set: Before this PR, there were two ways to create/edit sources: (1) options inside the dropdown, which were hidden when `HDX_LOCAL_DEFAULT_SOURCES` is set, and (2) a gear icon button next to the dropdown, which was always visible. This PR removed the gear icon and kept only the dropdown options, but they were still configured to hide when `HDX_LOCAL_DEFAULT_SOURCES` is set — leaving users with no way to manage sources. Fixed by removing that guard so the dropdown options always appear. <img width="1236" height="492" alt="image" src="https://github.com/user-attachments/assets/6999626b-685b-4037-a003-b09018cfbadf" /> <img width="426" height="240" alt="Screenshot 2026-03-20 at 17 49 30" src="https://github.com/user-attachments/assets/28aaef44-7574-4c54-b721-b2a3a79b3507" /> ## Changes - `packages/app/src/components/SourceSelect.tsx` -- Dynamic left icon based on selected source kind (all 4 kinds: log, trace, session, metric), `onEdit` prop, grouped action items with icons, `renderOption` for source kind and action item icons. Removed `hasLocalDefaultSources` guard so source management actions are always available. - `packages/app/src/components/SelectControlled.tsx` -- Added `onEdit` callback support, fixed `selected` check to handle grouped data. - `packages/app/src/DBSearchPage.tsx` -- Removed `SourceEditMenu` component, added `onEditSources` callback, wired `onEdit` to `SourceSelectControlled`. - `packages/app/styles/SourceSelectControlled.module.scss` -- Group label separator styling with semantic `--color-border` token. - `packages/app/package.json` -- Updated `@tabler/icons-react` to `^3.39.0`. ## Test plan - [ ] Select a log source and verify `IconLogs` appears as the left icon - [ ] Select a trace source and verify `IconConnection` appears as the left icon - [ ] Select a session source and verify `IconDeviceLaptop` appears as the left icon - [ ] Select a metric source and verify `IconChartLine` appears as the left icon - [ ] Verify each source in the dropdown shows its corresponding kind icon - [ ] Open the dropdown and verify "Create New Source" and "Edit Sources" appear under the "Actions" group with icons - [ ] Click "Create New Source" and verify the modal opens - [ ] Click "Edit Sources" and verify navigation to edit (local mode: modal, cloud mode: /team) - [ ] Verify the gear icon menu is no longer present next to the select - [ ] With `NEXT_PUBLIC_HDX_LOCAL_DEFAULT_SOURCES` set: verify "Create New Source" and "Edit Sources" still appear in the dropdown and work correctly	2026-03-20 19:21:51 +00:00
Drew Davis	f5ce232976	ci: Add linting for openapi specs (#1945 ) ## Summary This PR adds the Spectral linter for linting our OpenAPI spec, with rules preventing fields with missing examples or descriptions, which are often enforced in the Control Plane repo. This PR also resolves lint errors that were already present. ### Screenshots or video ### How to test locally or on Vercel Run `make ci-lint` to lint the openapi specs ### References - Linear Issue: Closes HDX-3768 - Related PRs:	2026-03-20 15:13:19 +00:00
dependabot[bot]	50aa44bd39	chore(deps): bump next from 16.1.5 to 16.1.7 (#1932 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-18 17:15:20 -04:00
Tom Alexander	de914816f7	deps: bump fast-xml-parser to fix CVE-2026-25896 (#1940 ) Fixes: CVE-2026-25896 Fixes: HDX-3758	2026-03-18 20:01:45 +00:00
Brandon Pereira	f410e6dc1b	chore: Bump ai sdk to v6 (#1898 ) ## Summary This PR refactors part of the agent infrastructure to improve internal structure and long-term maintainability. There are no functional or user-facing changes. The Graph Explorer continues to behave exactly as before. > Note: This lays groundwork for future extensibility around agent capabilities. --- ### Screenshots or video No UI changes. --- ### How to test locally or on Vercel 1. Start the app locally 2. Navigate to Graph Explorer. 3. Use the AI generation feature to generate a query. 4. Verify that: * Query generation works as expected. * No regressions or behavioral changes are observed. --- ### References Fixes HDX-3109	2026-03-13 14:44:01 +00:00
Warren Lee	25a3291f57	feat: Attach service version to all internal telemetry (#1891 ) ## Summary - Bump `@hyperdx/browser` to 0.22.0 and pass `service.version` as an OTel resource attribute to the browser SDK, so all frontend telemetry includes the app version - Inject `OTEL_RESOURCE_ATTRIBUTES=service.version=$CODE_VERSION` in API and all-in-one Dockerfiles (prod) and `.env.development` (dev) so the Node OTel SDK attaches service version to all backend traces, metrics, and logs - Remove the standalone Next.js health endpoint — `/api/health` now proxies through to the API server. The original `/api/health` page was redundant since `/api/config` already serves the same purpose	2026-03-12 16:50:46 +00:00
github-actions[bot]	5f105bb1b5	Release HyperDX (#1832 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-03-10 18:14:11 -07:00
dependabot[bot]	d032e54777	chore(deps): bump immutable from 4.2.4 to 4.3.8 (#1852 ) Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.2.4 to 4.3.8. Sourced from <a/immutable-js/immutable-js/releases">immutable's releases</a>.</em></p> <blockquote> <h2>v4.3.8</h2> <p>Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable</p> <h2>v4.3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue with slice negative of filtered sequence by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2006">immutable-js/immutable-js#2006</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v4.3.6...v4.3.7">https://github.com/immutable-js/immutable-js/compare/v4.3.6...v4.3.7</a></p> <h2>v4.3.6</h2> <h2>What's Changed</h2> <ul> <li>Fix Repeat(<!-- raw HTML omitted -->).equals(undefined) incorrectly returning true by <a href="https://github.com/butchler"><code>@butchler</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1994">immutable-js/immutable-js#1994</a></li> </ul> <h3>Internals</h3> <ul> <li>change youtube image by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1973">immutable-js/immutable-js#1973</a></li> <li>Upgrade eslint and ignore no-constructor-return rule for actual constructors by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1974">immutable-js/immutable-js#1974</a></li> <li>upgrate documentation website to next 14 by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1975">immutable-js/immutable-js#1975</a></li> <li>start migrating to nextjs app router by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1976">immutable-js/immutable-js#1976</a></li> <li>upgrade next sitemap by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1978">immutable-js/immutable-js#1978</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/butchler"><code>@butchler</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1994">immutable-js/immutable-js#1994</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v4.3.5...v4.3.6">https://github.com/immutable-js/immutable-js/compare/v4.3.5...v4.3.6</a></p> <h2>v4.3.5</h2> <h2>What's Changed</h2> <ul> <li>Fix Set.fromKeys types with Map constructor in TS 5.0 by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1971">immutable-js/immutable-js#1971</a></li> <li>upgrade to TS 5.1 by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1972">immutable-js/immutable-js#1972</a></li> <li>fix dist-stats command by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1964">immutable-js/immutable-js#1964</a></li> <li>fix Read the Docs link on readme by <a href="https://github.com/joshding"><code>@joshding</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1970">immutable-js/immutable-js#1970</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joshding"><code>@joshding</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1970">immutable-js/immutable-js#1970</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v4.3.4...v4.3.5">https://github.com/immutable-js/immutable-js/compare/v4.3.4...v4.3.5</a></p> <h2>4.3.4</h2> <h2>What's Changed</h2> <ul> <li>Rollback toJS type due to circular reference error by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1958">immutable-js/immutable-js#1958</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v4.3.3...v4.3.4">https://github.com/immutable-js/immutable-js/compare/v4.3.3...v4.3.4</a></p> <h2>v4.3.3</h2> <h2>What's Changed</h2> <ul> <li>[typescript] manage to handle toJS circular reference. <a href="https://redirect.github.com/immutable-js/immutable-js/pull/1932">#1932</a> by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md">immutable's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and this project adheres to <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>. Dates are formatted as YYYY-MM-DD.</p> <h2>Unreleased</h2> <h2>5.1.5</h2> <ul> <li>Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable</li> </ul> <h2>5.1.4</h2> <ul> <li>Migrate some files to TS by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2125">immutable-js/immutable-js#2125</a> <ul> <li>Iterator.ts</li> <li>PairSorting.ts</li> <li>toJS.ts</li> <li>Math.ts</li> <li>Hash.ts</li> </ul> </li> <li>Extract CollectionHelperMethods and convert to TS by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2131">immutable-js/immutable-js#2131</a></li> <li>Use npm <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing only</a> to avoid token stealing.</li> </ul> <h3>Documentation</h3> <ul> <li>Fix/a11y issues by <a href="https://github.com/lyannel"><code>@lyannel</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2136">immutable-js/immutable-js#2136</a></li> <li>Doc add Map.get signature update by <a href="https://github.com/borracciaBlu"><code>@borracciaBlu</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2138">immutable-js/immutable-js#2138</a></li> <li>fix(doc):minor-issues#2132 by <a href="https://github.com/JayMeDotDot"><code>@JayMeDotDot</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2133">immutable-js/immutable-js#2133</a></li> <li>Fix algolia search by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2135">immutable-js/immutable-js#2135</a></li> <li>Typo in OrderedMap by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2144">immutable-js/immutable-js#2144</a></li> </ul> <h3>Internal</h3> <ul> <li>chore: Sort all imports and activate eslint import rule by <a href="https://github.com/jdeniau"><code>@jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2119">immutable-js/immutable-js#2119</a></li> </ul> <h2>5.1.3</h2> <h3>TypeScript</h3> <ul> <li>fix: allow readonly map entry constructor by <a href="https://github.com/septs"><code>@septs</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2123">immutable-js/immutable-js#2123</a></li> </ul> <h3>Documentation</h3> <p>There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: <a href="https://immutable-js.com/browser-extension/">https://immutable-js.com/browser-extension/</a></p> <h3>Internal</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`485cbe0edf`"><code>485cbe0</code></a> 4.3.8</li> <li><a href="`6ed4eb6269`"><code>6ed4eb6</code></a> Merge commit from fork</li> <li><a href="`94bcd3c799`"><code>94bcd3c</code></a> fix new proto key injection</li> <li><a href="`faeb58b0cc`"><code>faeb58b</code></a> fix Prototype Pollution in mergeDeep, toJS, etc.</li> <li><a href="`37ca417006`"><code>37ca417</code></a> release 4.3.7 (<a href="https://redirect.github.com/immutable-js/immutable-js/issues/2007">#2007</a>)</li> <li><a href="`23daf26b51`"><code>23daf26</code></a> Fix issue with slice negative of filtered sequence (<a href="https://redirect.github.com/immutable-js/immutable-js/issues/2006">#2006</a>)</li> <li><a href="`493afba6ec`"><code>493afba</code></a> release 4.3.6 (<a href="https://redirect.github.com/immutable-js/immutable-js/issues/1997">#1997</a>)</li> <li><a href="`be3cb9a7ae`"><code>be3cb9a</code></a> Fix Repeat(<value>).equals(undefined) incorrectly returning true (<a href="https://redirect.github.com/immutable-js/immutable-js/issues/1994">#1994</a>)</li> <li><a href="`d7664bf9d3`"><code>d7664bf</code></a> generate sitemap in path that will be deployed</li> <li><a href="`f8327b1db0`"><code>f8327b1</code></a> upgrade next sitemap (<a href="https://redirect.github.com/immutable-js/immutable-js/issues/1978">#1978</a>)</li> <li>Additional commits viewable in <a href="https://github.com/immutable-js/immutable-js/compare/v4.2.4...v4.3.8">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for immutable since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=immutable&package-manager=npm_and_yarn&previous-version=4.2.4&new-version=4.3.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-03-05 15:09:09 +00:00
dependabot[bot]	afd39d1248	chore(deps): bump rollup from 4.35.0 to 4.59.0 (#1809 ) Bumps [rollup](https://github.com/rollup/rollup) from 4.35.0 to 4.59.0. Sourced from <a href="https://github.com/rollup/rollup/releases">rollup's releases</a>.</em></p> <blockquote> <h2>v4.59.0</h2> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>v4.58.0</h2> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>v4.57.1</h2> <h2>4.57.1</h2> <p><em>2026-01-30</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix heap corruption issue in Windows (<a href="https://redirect.github.com/rollup/rollup/issues/6251">#6251</a>)</li> <li>Ensure exports of a dynamic import are fully included when called from a try...catch (<a href="https://redirect.github.com/rollup/rollup/issues/6254">#6254</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6251">#6251</a>: fix: Isolate and cache <code>process.report.getReport()</code> calls in a child process for robust environment detection (<a href="https://github.com/alan-agius4"><code>@alan-agius4</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/blob/master/CHANGELOG.md">rollup's changelog</a>.</em></p> <blockquote> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>4.57.1</h2> <p><em>2026-01-30</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix heap corruption issue in Windows (<a href="https://redirect.github.com/rollup/rollup/issues/6251">#6251</a>)</li> <li>Ensure exports of a dynamic import are fully included when called from a try...catch (<a href="https://redirect.github.com/rollup/rollup/issues/6254">#6254</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6251">#6251</a>: fix: Isolate and cache <code>process.report.getReport()</code> calls in a child process for robust environment detection (<a href="https://github.com/alan-agius4"><code>@alan-agius4</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6252">#6252</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6253">#6253</a>: chore(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6254">#6254</a>: Fully include dynamic imports in a try-catch (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`ae846957f1`"><code>ae84695</code></a> 4.59.0</li> <li><a href="`b39616e917`"><code>b39616e</code></a> Update audit-resolve</li> <li><a href="`c60770d7aa`"><code>c60770d</code></a> Validate bundle stays within output dir (<a href="https://redirect.github.com/rollup/rollup/issues/6275">#6275</a>)</li> <li><a href="`33f39c1f20`"><code>33f39c1</code></a> 4.58.0</li> <li><a href="`b61c40803b`"><code>b61c408</code></a> forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...</li> <li><a href="`7f00689ec9`"><code>7f00689</code></a> Extend agent instructions</li> <li><a href="`e7b2b85af0`"><code>e7b2b85</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/rollup/rollup/issues/6270">#6270</a>)</li> <li><a href="`2aa5da9baf`"><code>2aa5da9</code></a> fix(deps): update minor/patch updates (<a href="https://redirect.github.com/rollup/rollup/issues/6267">#6267</a>)</li> <li><a href="`4319837c54`"><code>4319837</code></a> chore(deps): update dependency lru-cache to v11 (<a href="https://redirect.github.com/rollup/rollup/issues/6269">#6269</a>)</li> <li><a href="`c3b6b4bdc4`"><code>c3b6b4b</code></a> chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://redirect.github.com/rollup/rollup/issues/6268">#6268</a>)</li> <li>Additional commits viewable in <a href="https://github.com/rollup/rollup/compare/v4.35.0...v4.59.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for rollup since your current version.</p> </details> <details> <summary>Install script changes</summary> <p>This version modifies <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rollup&package-manager=npm_and_yarn&previous-version=4.35.0&new-version=4.59.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-03-02 17:59:43 +00:00
dependabot[bot]	a6c88b5818	chore(deps-dev): bump storybook from 10.1.10 to 10.2.10 (#1815 ) Bumps [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) from 10.1.10 to 10.2.10. Sourced from <a href="https://github.com/storybookjs/storybook/releases">storybook's releases</a>.</em></p> <blockquote> <h2>v10.2.10</h2> <h2>10.2.10</h2> <ul> <li>Core: Require token for websocket connections - <a href="https://redirect.github.com/storybookjs/storybook/pull/33820">#33820</a>, thanks <a href="https://github.com/ghengeveld"><code>@ghengeveld</code></a>!</li> </ul> <h2>v10.2.9</h2> <h2>10.2.9</h2> <ul> <li>Addon-Vitest: Improve config file detection in monorepos - <a href="https://redirect.github.com/storybookjs/storybook/pull/33814">#33814</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Builder-Vite: Update dependencies react-vite framework - <a href="https://redirect.github.com/storybookjs/storybook/pull/33810">#33810</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Builder-Vite: Use relative path for mocker entry in production builds - <a href="https://redirect.github.com/storybookjs/storybook/pull/33792">#33792</a>, thanks <a href="https://github.com/DukeDeSouth"><code>@DukeDeSouth</code></a>!</li> <li>Next.js: Fix Link component override in appDirectory configuration - <a href="https://redirect.github.com/storybookjs/storybook/pull/31251">#31251</a>, thanks <a href="https://github.com/yatishgoel"><code>@yatishgoel</code></a>!</li> </ul> <h2>v10.2.8</h2> <h2>10.2.8</h2> <ul> <li>Telemetry: Add Expo metaframework - <a href="https://redirect.github.com/storybookjs/storybook/pull/33783">#33783</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> <li>Telemetry: Add init exit event - <a href="https://redirect.github.com/storybookjs/storybook/pull/33773">#33773</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Telemetry: Add share events - <a href="https://redirect.github.com/storybookjs/storybook/pull/33766">#33766</a>, thanks <a href="https://github.com/ndelangen"><code>@ndelangen</code></a>!</li> <li>Test: Update event creation logic in user-event package - <a href="https://redirect.github.com/storybookjs/storybook/pull/33787">#33787</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> </ul> <h2>v10.2.7</h2> <h2>10.2.7</h2> <ul> <li>CSF: Fix cross-file story imports in csf-factories codemod - <a href="https://redirect.github.com/storybookjs/storybook/pull/33723">#33723</a>, thanks <a href="https://github.com/yatishgoel"><code>@yatishgoel</code></a>!</li> <li>Core: Fix rendering of View Transitions in Firefox - <a href="https://redirect.github.com/storybookjs/storybook/pull/33651">#33651</a>, thanks <a href="https://github.com/ghengeveld"><code>@ghengeveld</code></a>!</li> <li>Globals: Repair dynamicTitle: false for user-defined tools - <a href="https://redirect.github.com/storybookjs/storybook/pull/33284">#33284</a>, thanks <a href="https://github.com/ia319"><code>@ia319</code></a>!</li> <li>Logger: Honor --loglevel for npmlog output - <a href="https://redirect.github.com/storybookjs/storybook/pull/33776">#33776</a>, thanks <a href="https://github.com/LouisLau-art"><code>@LouisLau-art</code></a>!</li> </ul> <h2>v10.2.6</h2> <h2>10.2.6</h2> <ul> <li>Addon-Vitest: Skip postinstall setup when configured - <a href="https://redirect.github.com/storybookjs/storybook/pull/33712">#33712</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Addon-Vitest: Support vite/vitest config with deferred export - <a href="https://redirect.github.com/storybookjs/storybook/pull/33755">#33755</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>CLI: Support addon-vitest setup when --skip-install is passed - <a href="https://redirect.github.com/storybookjs/storybook/pull/33718">#33718</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Manager: Update logic to use base path instead of full pathname - <a href="https://redirect.github.com/storybookjs/storybook/pull/33686">#33686</a>, thanks <a href="https://github.com/JSMike"><code>@JSMike</code></a>!</li> </ul> <h2>v10.2.5</h2> <h2>10.2.5</h2> <ul> <li>Angular: fix --loglevel options in docs and descriptions - <a href="https://redirect.github.com/storybookjs/storybook/pull/33726">#33726</a>, thanks <a href="https://github.com/theRuslan"><code>@theRuslan</code></a>!</li> <li>Builder-Vite: Add plugin to enforce Storybook's output directory in Vite build configuration - <a href="https://redirect.github.com/storybookjs/storybook/pull/33740">#33740</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Core: Invalidate cache on Storybook version upgrade - <a href="https://redirect.github.com/storybookjs/storybook/pull/33717">#33717</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> </ul> <h2>v10.2.4</h2> <h2>10.2.4</h2> <ul> <li>CSF-Factories: Fix codemod for preview files without exports - <a href="https://redirect.github.com/storybookjs/storybook/pull/33673">#33673</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>CSF: Fix false positive detection of Zod v4 .meta() as CSF Factory - <a href="https://redirect.github.com/storybookjs/storybook/pull/33666">#33666</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>CSFFactories: Add non-interactive mode and --glob flag - <a href="https://redirect.github.com/storybookjs/storybook/pull/33648">#33648</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md">storybook's changelog</a>.</em></p> <blockquote> <h2>10.2.10</h2> <ul> <li>Core: Require token for websocket connections - <a href="https://redirect.github.com/storybookjs/storybook/pull/33820">#33820</a>, thanks <a href="https://github.com/ghengeveld"><code>@ghengeveld</code></a>!</li> </ul> <h2>10.2.9</h2> <ul> <li>Addon-Vitest: Improve config file detection in monorepos - <a href="https://redirect.github.com/storybookjs/storybook/pull/33814">#33814</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Builder-Vite: Update dependencies react-vite framework - <a href="https://redirect.github.com/storybookjs/storybook/pull/33810">#33810</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Builder-Vite: Use relative path for mocker entry in production builds - <a href="https://redirect.github.com/storybookjs/storybook/pull/33792">#33792</a>, thanks <a href="https://github.com/DukeDeSouth"><code>@DukeDeSouth</code></a>!</li> <li>Next.js: Fix Link component override in appDirectory configuration - <a href="https://redirect.github.com/storybookjs/storybook/pull/31251">#31251</a>, thanks <a href="https://github.com/yatishgoel"><code>@yatishgoel</code></a>!</li> </ul> <h2>10.2.8</h2> <ul> <li>Telemetry: Add Expo metaframework - <a href="https://redirect.github.com/storybookjs/storybook/pull/33783">#33783</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> <li>Telemetry: Add init exit event - <a href="https://redirect.github.com/storybookjs/storybook/pull/33773">#33773</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Telemetry: Add share events - <a href="https://redirect.github.com/storybookjs/storybook/pull/33766">#33766</a>, thanks <a href="https://github.com/ndelangen"><code>@ndelangen</code></a>!</li> <li>Test: Update event creation logic in user-event package - <a href="https://redirect.github.com/storybookjs/storybook/pull/33787">#33787</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> </ul> <h2>10.2.7</h2> <ul> <li>CSF: Fix cross-file story imports in csf-factories codemod - <a href="https://redirect.github.com/storybookjs/storybook/pull/33723">#33723</a>, thanks <a href="https://github.com/yatishgoel"><code>@yatishgoel</code></a>!</li> <li>Core: Fix rendering of View Transitions in Firefox - <a href="https://redirect.github.com/storybookjs/storybook/pull/33651">#33651</a>, thanks <a href="https://github.com/ghengeveld"><code>@ghengeveld</code></a>!</li> <li>Globals: Repair dynamicTitle: false for user-defined tools - <a href="https://redirect.github.com/storybookjs/storybook/pull/33284">#33284</a>, thanks <a href="https://github.com/ia319"><code>@ia319</code></a>!</li> <li>Logger: Honor --loglevel for npmlog output - <a href="https://redirect.github.com/storybookjs/storybook/pull/33776">#33776</a>, thanks <a href="https://github.com/LouisLau-art"><code>@LouisLau-art</code></a>!</li> </ul> <h2>10.2.6</h2> <ul> <li>Addon-Vitest: Skip postinstall setup when configured - <a href="https://redirect.github.com/storybookjs/storybook/pull/33712">#33712</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Addon-Vitest: Support vite/vitest config with deferred export - <a href="https://redirect.github.com/storybookjs/storybook/pull/33755">#33755</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>CLI: Support addon-vitest setup when --skip-install is passed - <a href="https://redirect.github.com/storybookjs/storybook/pull/33718">#33718</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Manager: Update logic to use base path instead of full pathname - <a href="https://redirect.github.com/storybookjs/storybook/pull/33686">#33686</a>, thanks <a href="https://github.com/JSMike"><code>@JSMike</code></a>!</li> </ul> <h2>10.2.5</h2> <ul> <li>Angular: fix --loglevel options in docs and descriptions - <a href="https://redirect.github.com/storybookjs/storybook/pull/33726">#33726</a>, thanks <a href="https://github.com/theRuslan"><code>@theRuslan</code></a>!</li> <li>Builder-Vite: Add plugin to enforce Storybook's output directory in Vite build configuration - <a href="https://redirect.github.com/storybookjs/storybook/pull/33740">#33740</a>, thanks <a href="https://github.com/valentinpalkovic"><code>@valentinpalkovic</code></a>!</li> <li>Core: Invalidate cache on Storybook version upgrade - <a href="https://redirect.github.com/storybookjs/storybook/pull/33717">#33717</a>, thanks <a href="https://github.com/copilot-swe-agent"><code>@copilot-swe-agent</code></a>!</li> </ul> <h2>10.2.4</h2> <ul> <li>CSF-Factories: Fix codemod for preview files without exports - <a href="https://redirect.github.com/storybookjs/storybook/pull/33673">#33673</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>CSF: Fix false positive detection of Zod v4 .meta() as CSF Factory - <a href="https://redirect.github.com/storybookjs/storybook/pull/33666">#33666</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>CSFFactories: Add non-interactive mode and --glob flag - <a href="https://redirect.github.com/storybookjs/storybook/pull/33648">#33648</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>CSFFactories: Preserve leading comments when adding imports - <a href="https://redirect.github.com/storybookjs/storybook/pull/33645">#33645</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>Codemod: Fix csf-2-to-3 failing due to quoted filenames - <a href="https://redirect.github.com/storybookjs/storybook/pull/33646">#33646</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>Codemod: Fix glob pattern handling on Windows - <a href="https://redirect.github.com/storybookjs/storybook/pull/33714">#33714</a>, thanks <a href="https://github.com/kasperpeulen"><code>@kasperpeulen</code></a>!</li> <li>Manager: Remove deprecated <code>active</code> prop warning in ZoomButton - <a href="https://redirect.github.com/storybookjs/storybook/pull/33697">#33697</a>, thanks <a href="https://github.com/yatishgoel"><code>@yatishgoel</code></a>!</li> <li>Next.js: Alias AppRouterContext to shared runtime to fix Link navigation - <a href="https://redirect.github.com/storybookjs/storybook/pull/33419">#33419</a>, thanks <a href="https://github.com/pallaprolus"><code>@pallaprolus</code></a>!</li> </ul> <h2>10.2.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c812573ca3`"><code>c812573</code></a> Bump version from "10.2.9" to "10.2.10" [skip ci]</li> <li><a href="`fd275fb2cb`"><code>fd275fb</code></a> Merge pull request <a href="https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/33820">#33820</a> from storybookjs/harden-websocket-security</li> <li><a href="`4cdde82a07`"><code>4cdde82</code></a> Bump version from "10.2.8" to "10.2.9" [skip ci]</li> <li><a href="`719b6ca555`"><code>719b6ca</code></a> Bump version from "10.2.7" to "10.2.8" [skip ci]</li> <li><a href="`78f274b91a`"><code>78f274b</code></a> Merge pull request <a href="https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/33773">#33773</a> from storybookjs/valentin/add-exit-telemetry</li> <li><a href="`0ca727889b`"><code>0ca7278</code></a> Merge pull request <a href="https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/33766">#33766</a> from storybookjs/norbert/share-channel-events</li> <li><a href="`1c96212e70`"><code>1c96212</code></a> Merge pull request <a href="https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/33783">#33783</a> from storybookjs/copilot/add-expo-telemetry-patch-l...</li> <li><a href="`8d687eccec`"><code>8d687ec</code></a> Bump version from "10.2.6" to "10.2.7" [skip ci]</li> <li><a href="`711e245523`"><code>711e245</code></a> Merge pull request <a href="https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/33776">#33776</a> from LouisLau-art/fix/loglevel-flag-works</li> <li><a href="`3802165246`"><code>3802165</code></a> Merge pull request <a href="https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/33284">#33284</a> from ia319/bug/33281-dynamic-title-select</li> <li>Additional commits viewable in <a href="https://github.com/storybookjs/storybook/commits/v10.2.10/code/core">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=storybook&package-manager=npm_and_yarn&previous-version=10.1.10&new-version=10.2.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-03-02 17:51:46 +00:00
dependabot[bot]	8a4ca3029c	build(deps): bump semver from 5.7.1 to 7.7.3 (#1702 ) Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 7.7.3. Sourced from <a href="https://github.com/npm/node-semver/releases">semver's releases</a>.</em></p> <blockquote> <h2>v7.7.3</h2> <h2><a href="https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3">7.7.3</a> (2025-10-06)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`e37e0ca0b5`"><code>e37e0ca</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/813">#813</a> faster paths for compare (<a href="https://redirect.github.com/npm/node-semver/issues/813">#813</a>) (<a href="https://github.com/H4ad"><code>@H4ad</code></a>)</li> <li><a href="`2471d7543e`"><code>2471d75</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/811">#811</a> x-range build metadata support (i529015)</li> </ul> <h3>Chores</h3> <ul> <li><a href="`8f05c87f56`"><code>8f05c87</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/807">#807</a> bump <code>@npmcli/template-oss</code> from 4.25.0 to 4.25.1 (<a href="https://redirect.github.com/npm/node-semver/issues/807">#807</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot], <a href="https://github.com/owlstronaut"><code>@owlstronaut</code></a>)</li> </ul> <h2>v7.7.2</h2> <h2><a href="https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2">7.7.2</a> (2025-05-12)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`fcafb61ed5`"><code>fcafb61</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/780">#780</a> add missing <code>'use strict'</code> directives (<a href="https://redirect.github.com/npm/node-semver/issues/780">#780</a>) (<a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a>)</li> <li><a href="`c99f336fa3`"><code>c99f336</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/781">#781</a> prerelease identifier starting with digits (<a href="https://redirect.github.com/npm/node-semver/issues/781">#781</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>)</li> </ul> <h3>Chores</h3> <ul> <li><a href="`c760403b93`"><code>c760403</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/784">#784</a> template-oss-apply for workflow permissions (<a href="https://redirect.github.com/npm/node-semver/issues/784">#784</a>) (<a href="https://github.com/wraithgar"><code>@wraithgar</code></a>)</li> <li><a href="`2677f2a883`"><code>2677f2a</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/778">#778</a> bump <code>@npmcli/template-oss</code> from 4.23.6 to 4.24.3 (<a href="https://redirect.github.com/npm/node-semver/issues/778">#778</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot"><code>@npm-cli-bot</code></a>)</li> </ul> <h2>v7.7.1</h2> <h2><a href="https://github.com/npm/node-semver/compare/v7.7.0...v7.7.1">7.7.1</a> (2025-02-03)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`af761c05bd`"><code>af761c0</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/764">#764</a> inc: fully capture prerelease identifier (<a href="https://redirect.github.com/npm/node-semver/issues/764">#764</a>) (<a href="https://github.com/wraithgar"><code>@wraithgar</code></a>)</li> </ul> <h2>v7.7.0</h2> <h2><a href="https://github.com/npm/node-semver/compare/v7.6.3...v7.7.0">7.7.0</a> (2025-01-29)</h2> <h3>Features</h3> <ul> <li><a href="`0864b3ce79`"><code>0864b3c</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/753">#753</a> add "release" inc type (<a href="https://redirect.github.com/npm/node-semver/issues/753">#753</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><a href="`d588e37828`"><code>d588e37</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/755">#755</a> diff: fix prerelease to stable version diff logic (<a href="https://redirect.github.com/npm/node-semver/issues/755">#755</a>) (<a href="https://github.com/eminberkayd"><code>@eminberkayd</code></a>, berkay.daglar)</li> <li><a href="`8a34bdecc7`"><code>8a34bde</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/754">#754</a> add identifier validation to <code>inc()</code> (<a href="https://redirect.github.com/npm/node-semver/issues/754">#754</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>)</li> </ul> <h3>Documentation</h3> <ul> <li><a href="`67e54785a0`"><code>67e5478</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/756">#756</a> readme: added missing period for consistency (<a href="https://redirect.github.com/npm/node-semver/issues/756">#756</a>) (<a href="https://github.com/shaymolcho"><code>@shaymolcho</code></a>)</li> <li><a href="`868d4bbe3d`"><code>868d4bb</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/749">#749</a> clarify comment about obsolete prefixes (<a href="https://redirect.github.com/npm/node-semver/issues/749">#749</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>, <a href="https://github.com/ljharb"><code>@ljharb</code></a>)</li> </ul> <h3>Chores</h3> <ul> <li><a href="`145c554b8c`"><code>145c554</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/741">#741</a> bump <code>@npmcli/eslint-config</code> from 4.0.5 to 5.0.0 (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li><a href="`753e02b9d0`"><code>753e02b</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/747">#747</a> bump <code>@npmcli/template-oss</code> from 4.23.3 to 4.23.4 (<a href="https://redirect.github.com/npm/node-semver/issues/747">#747</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot"><code>@npm-cli-bot</code></a>)</li> <li><a href="`0b812d5fb5`"><code>0b812d5</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/744">#744</a> postinstall for dependabot template-oss PR (<a href="https://github.com/hashtagchris"><code>@hashtagchris</code></a>)</li> </ul> <h2>v7.6.3</h2> <h2><a href="https://github.com/npm/node-semver/compare/v7.6.2...v7.6.3">7.6.3</a> (2024-07-16)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`73a3d79c4e`"><code>73a3d79</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/726">#726</a> optimize Range parsing and formatting (<a href="https://redirect.github.com/npm/node-semver/issues/726">#726</a>) (<a href="https://github.com/jviide"><code>@jviide</code></a>)</li> </ul> <h3>Documentation</h3> <ul> <li><a href="`2975ece120`"><code>2975ece</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/719">#719</a> fix extra backtick typo (<a href="https://redirect.github.com/npm/node-semver/issues/719">#719</a>) (<a href="https://github.com/stdavis"><code>@stdavis</code></a>)</li> </ul> <h2>v7.6.2</h2> <h2><a href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">7.6.2</a> (2024-05-09)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3">7.7.3</a> (2025-10-06)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`e37e0ca0b5`"><code>e37e0ca</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/813">#813</a> faster paths for compare (<a href="https://redirect.github.com/npm/node-semver/issues/813">#813</a>) (<a href="https://github.com/H4ad"><code>@H4ad</code></a>)</li> <li><a href="`2471d7543e`"><code>2471d75</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/811">#811</a> x-range build metadata support (i529015)</li> </ul> <h3>Chores</h3> <ul> <li><a href="`8f05c87f56`"><code>8f05c87</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/807">#807</a> bump <code>@npmcli/template-oss</code> from 4.25.0 to 4.25.1 (<a href="https://redirect.github.com/npm/node-semver/issues/807">#807</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot], <a href="https://github.com/owlstronaut"><code>@owlstronaut</code></a>)</li> </ul> <h2><a href="https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2">7.7.2</a> (2025-05-12)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`fcafb61ed5`"><code>fcafb61</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/780">#780</a> add missing <code>'use strict'</code> directives (<a href="https://redirect.github.com/npm/node-semver/issues/780">#780</a>) (<a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a>)</li> <li><a href="`c99f336fa3`"><code>c99f336</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/781">#781</a> prerelease identifier starting with digits (<a href="https://redirect.github.com/npm/node-semver/issues/781">#781</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>)</li> </ul> <h3>Chores</h3> <ul> <li><a href="`c760403b93`"><code>c760403</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/784">#784</a> template-oss-apply for workflow permissions (<a href="https://redirect.github.com/npm/node-semver/issues/784">#784</a>) (<a href="https://github.com/wraithgar"><code>@wraithgar</code></a>)</li> <li><a href="`2677f2a883`"><code>2677f2a</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/778">#778</a> bump <code>@npmcli/template-oss</code> from 4.23.6 to 4.24.3 (<a href="https://redirect.github.com/npm/node-semver/issues/778">#778</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot"><code>@npm-cli-bot</code></a>)</li> </ul> <h2><a href="https://github.com/npm/node-semver/compare/v7.7.0...v7.7.1">7.7.1</a> (2025-02-03)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`af761c05bd`"><code>af761c0</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/764">#764</a> inc: fully capture prerelease identifier (<a href="https://redirect.github.com/npm/node-semver/issues/764">#764</a>) (<a href="https://github.com/wraithgar"><code>@wraithgar</code></a>)</li> </ul> <h2><a href="https://github.com/npm/node-semver/compare/v7.6.3...v7.7.0">7.7.0</a> (2025-01-29)</h2> <h3>Features</h3> <ul> <li><a href="`0864b3ce79`"><code>0864b3c</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/753">#753</a> add "release" inc type (<a href="https://redirect.github.com/npm/node-semver/issues/753">#753</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><a href="`d588e37828`"><code>d588e37</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/755">#755</a> diff: fix prerelease to stable version diff logic (<a href="https://redirect.github.com/npm/node-semver/issues/755">#755</a>) (<a href="https://github.com/eminberkayd"><code>@eminberkayd</code></a>, berkay.daglar)</li> <li><a href="`8a34bdecc7`"><code>8a34bde</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/754">#754</a> add identifier validation to <code>inc()</code> (<a href="https://redirect.github.com/npm/node-semver/issues/754">#754</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>)</li> </ul> <h3>Documentation</h3> <ul> <li><a href="`67e54785a0`"><code>67e5478</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/756">#756</a> readme: added missing period for consistency (<a href="https://redirect.github.com/npm/node-semver/issues/756">#756</a>) (<a href="https://github.com/shaymolcho"><code>@shaymolcho</code></a>)</li> <li><a href="`868d4bbe3d`"><code>868d4bb</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/749">#749</a> clarify comment about obsolete prefixes (<a href="https://redirect.github.com/npm/node-semver/issues/749">#749</a>) (<a href="https://github.com/mbtools"><code>@mbtools</code></a>, <a href="https://github.com/ljharb"><code>@ljharb</code></a>)</li> </ul> <h3>Chores</h3> <ul> <li><a href="`145c554b8c`"><code>145c554</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/741">#741</a> bump <code>@npmcli/eslint-config</code> from 4.0.5 to 5.0.0 (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li> <li><a href="`753e02b9d0`"><code>753e02b</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/747">#747</a> bump <code>@npmcli/template-oss</code> from 4.23.3 to 4.23.4 (<a href="https://redirect.github.com/npm/node-semver/issues/747">#747</a>) (<a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot"><code>@npm-cli-bot</code></a>)</li> <li><a href="`0b812d5fb5`"><code>0b812d5</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/744">#744</a> postinstall for dependabot template-oss PR (<a href="https://github.com/hashtagchris"><code>@hashtagchris</code></a>)</li> </ul> <h2><a href="https://github.com/npm/node-semver/compare/v7.6.2...v7.6.3">7.6.3</a> (2024-07-16)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`73a3d79c4e`"><code>73a3d79</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/726">#726</a> optimize Range parsing and formatting (<a href="https://redirect.github.com/npm/node-semver/issues/726">#726</a>) (<a href="https://github.com/jviide"><code>@jviide</code></a>)</li> </ul> <h3>Documentation</h3> <ul> <li><a href="`2975ece120`"><code>2975ece</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/719">#719</a> fix extra backtick typo (<a href="https://redirect.github.com/npm/node-semver/issues/719">#719</a>) (<a href="https://github.com/stdavis"><code>@stdavis</code></a>)</li> </ul> <h2><a href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">7.6.2</a> (2024-05-09)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="`6466ba9b54`"><code>6466ba9</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/713">#713</a> lru: use map.delete() directly (<a href="https://redirect.github.com/npm/node-semver/issues/713">#713</a>) (<a href="https://github.com/negezor"><code>@negezor</code></a>, <a href="https://github.com/lukekarrys"><code>@lukekarrys</code></a>)</li> </ul> <h2><a href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1">7.6.1</a> (2024-05-04)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a25789b09b`"><code>a25789b</code></a> chore: release 7.7.3 (<a href="https://redirect.github.com/npm/node-semver/issues/812">#812</a>)</li> <li><a href="`e37e0ca0b5`"><code>e37e0ca</code></a> fix: faster paths for compare (<a href="https://redirect.github.com/npm/node-semver/issues/813">#813</a>)</li> <li><a href="`2471d7543e`"><code>2471d75</code></a> fix: x-range build metadata support</li> <li><a href="`8f05c87f56`"><code>8f05c87</code></a> chore: bump <code>@npmcli/template-oss</code> from 4.25.0 to 4.25.1 (<a href="https://redirect.github.com/npm/node-semver/issues/807">#807</a>)</li> <li><a href="`d17aebf848`"><code>d17aebf</code></a> chore: bump <code>@npmcli/template-oss</code> from 4.24.4 to 4.25.0 (<a href="https://redirect.github.com/npm/node-semver/issues/797">#797</a>)</li> <li><a href="`3b03e3b4ec`"><code>3b03e3b</code></a> chore: bump <code>@npmcli/template-oss</code> from 4.24.3 to 4.24.4 (<a href="https://redirect.github.com/npm/node-semver/issues/790">#790</a>)</li> <li><a href="`281055e771`"><code>281055e</code></a> chore: release 7.7.2 (<a href="https://redirect.github.com/npm/node-semver/issues/783">#783</a>)</li> <li><a href="`fcafb61ed5`"><code>fcafb61</code></a> fix: add missing <code>'use strict'</code> directives (<a href="https://redirect.github.com/npm/node-semver/issues/780">#780</a>)</li> <li><a href="`c760403b93`"><code>c760403</code></a> chore: template-oss-apply for workflow permissions (<a href="https://redirect.github.com/npm/node-semver/issues/784">#784</a>)</li> <li><a href="`c99f336fa3`"><code>c99f336</code></a> fix: prerelease identifier starting with digits (<a href="https://redirect.github.com/npm/node-semver/issues/781">#781</a>)</li> <li>Additional commits viewable in <a href="https://github.com/npm/node-semver/compare/v5.7.1...v7.7.3">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for semver since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semver&package-manager=npm_and_yarn&previous-version=5.7.1&new-version=7.7.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-03-02 17:47:44 +00:00
dependabot[bot]	65b9f6bfb1	build(deps): bump webpack from 5.91.0 to 5.105.0 (#1707 ) Bumps [webpack](https://github.com/webpack/webpack) from 5.91.0 to 5.105.0. Sourced from <a href="https://github.com/webpack/webpack/releases">webpack's releases</a>.</em></p> <blockquote> <h2>v5.105.0</h2> <h3>Minor Changes</h3> <ul> <li> <p>Allow resolving worker module by export condition name when using <code>new Worker()</code> (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20353">#20353</a>)</p> </li> <li> <p>Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20320">#20320</a>)</p> </li> <li> <p>Added the <code>tsconfig</code> option for the <code>resolver</code> options (replacement for <code>tsconfig-paths-webpack-plugin</code>). Can be <code>false</code> (disabled), <code>true</code> (use the default <code>tsconfig.json</code> file to search for it), a string path to <code>tsconfig.json</code>, or an object with <code>configFile</code> and <code>references</code> options. (by <a href="https://github.com/alexander-akait"><code>@alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20400">#20400</a>)</p> </li> <li> <p>Support <code>import.defer()</code> for context modules. (by <a href="https://github.com/ahabhgk"><code>@ahabhgk</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20399">#20399</a>)</p> </li> <li> <p>Added support for array values to the <code>devtool</code> option. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20191">#20191</a>)</p> </li> <li> <p>Improve rendering node built-in modules for ECMA module output. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20255">#20255</a>)</p> </li> <li> <p>Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20312">#20312</a>)</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>Fixed ESM default export handling for <code>.mjs</code> files in Module Federation (by <a href="https://github.com/y-okt"><code>@y-okt</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20189">#20189</a>)</p> </li> <li> <p>Optimized <code>import.meta.env</code> handling in destructuring assignments by using cached stringified environment definitions. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20313">#20313</a>)</p> </li> <li> <p>Respect the <code>stats.errorStack</code> option in stats output. (by <a href="https://github.com/samarthsinh2660"><code>@samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20258">#20258</a>)</p> </li> <li> <p>Fixed a bug where declaring a <code>module</code> variable in module scope would conflict with the default <code>moduleArgument</code>. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20265">#20265</a>)</p> </li> <li> <p>Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., <code>virtual:routes</code>), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20390">#20390</a>)</p> </li> <li> <p>Fixed Worker self-import handling to support various URL patterns (e.g., <code>import.meta.url</code>, <code>new URL(import.meta.url)</code>, <code>new URL(import.meta.url, import.meta.url)</code>, <code>new URL("./index.js", import.meta.url)</code>). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20381">#20381</a>)</p> </li> <li> <p>Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20345">#20345</a>)</p> </li> <li> <p>Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by <a href="https://github.com/samarthsinh2660"><code>@samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20251">#20251</a>)</p> </li> <li> <p>Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20346">#20346</a>)</p> </li> <li> <p>Fixed <code>import.meta.env.xxx</code> behavior: when accessing a non-existent property, it now returns empty object instead of full object at runtime. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20289">#20289</a>)</p> </li> <li> <p>Improved parsing error reporting by adding a link to the loader documentation. (by <a href="https://github.com/gaurav10gg"><code>@gaurav10gg</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20244">#20244</a>)</p> </li> <li> <p>Fix typescript types. (by <a href="https://github.com/alexander-akait"><code>@alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20305">#20305</a>)</p> </li> <li> <p>Add declaration for unused harmony import specifier. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20286">#20286</a>)</p> </li> <li> <p>Fix compressibility of modules while retaining portability. (by <a href="https://github.com/dmichon-msft"><code>@dmichon-msft</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20287">#20287</a>)</p> </li> <li> <p>Optimize source map generation: only include <code>ignoreList</code> property when it has content, avoiding empty arrays in source maps. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20319">#20319</a>)</p> </li> <li> <p>Preserve star exports for dependencies in ECMA module output. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20293">#20293</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack/blob/main/CHANGELOG.md">webpack's changelog</a>.</em></p> <blockquote> <h2>5.105.0</h2> <h3>Minor Changes</h3> <ul> <li> <p>Allow resolving worker module by export condition name when using <code>new Worker()</code> (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20353">#20353</a>)</p> </li> <li> <p>Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20320">#20320</a>)</p> </li> <li> <p>Added the <code>tsconfig</code> option for the <code>resolver</code> options (replacement for <code>tsconfig-paths-webpack-plugin</code>). Can be <code>false</code> (disabled), <code>true</code> (use the default <code>tsconfig.json</code> file to search for it), a string path to <code>tsconfig.json</code>, or an object with <code>configFile</code> and <code>references</code> options. (by <a href="https://github.com/alexander-akait"><code>@alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20400">#20400</a>)</p> </li> <li> <p>Support <code>import.defer()</code> for context modules. (by <a href="https://github.com/ahabhgk"><code>@ahabhgk</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20399">#20399</a>)</p> </li> <li> <p>Added support for array values to the <code>devtool</code> option. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20191">#20191</a>)</p> </li> <li> <p>Improve rendering node built-in modules for ECMA module output. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20255">#20255</a>)</p> </li> <li> <p>Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20312">#20312</a>)</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>Fixed ESM default export handling for <code>.mjs</code> files in Module Federation (by <a href="https://github.com/y-okt"><code>@y-okt</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20189">#20189</a>)</p> </li> <li> <p>Optimized <code>import.meta.env</code> handling in destructuring assignments by using cached stringified environment definitions. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20313">#20313</a>)</p> </li> <li> <p>Respect the <code>stats.errorStack</code> option in stats output. (by <a href="https://github.com/samarthsinh2660"><code>@samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20258">#20258</a>)</p> </li> <li> <p>Fixed a bug where declaring a <code>module</code> variable in module scope would conflict with the default <code>moduleArgument</code>. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20265">#20265</a>)</p> </li> <li> <p>Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., <code>virtual:routes</code>), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20390">#20390</a>)</p> </li> <li> <p>Fixed Worker self-import handling to support various URL patterns (e.g., <code>import.meta.url</code>, <code>new URL(import.meta.url)</code>, <code>new URL(import.meta.url, import.meta.url)</code>, <code>new URL("./index.js", import.meta.url)</code>). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20381">#20381</a>)</p> </li> <li> <p>Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20345">#20345</a>)</p> </li> <li> <p>Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by <a href="https://github.com/samarthsinh2660"><code>@samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20251">#20251</a>)</p> </li> <li> <p>Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20346">#20346</a>)</p> </li> <li> <p>Fixed <code>import.meta.env.xxx</code> behavior: when accessing a non-existent property, it now returns empty object instead of full object at runtime. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20289">#20289</a>)</p> </li> <li> <p>Improved parsing error reporting by adding a link to the loader documentation. (by <a href="https://github.com/gaurav10gg"><code>@gaurav10gg</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20244">#20244</a>)</p> </li> <li> <p>Fix typescript types. (by <a href="https://github.com/alexander-akait"><code>@alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20305">#20305</a>)</p> </li> <li> <p>Add declaration for unused harmony import specifier. (by <a href="https://github.com/hai-x"><code>@hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20286">#20286</a>)</p> </li> <li> <p>Fix compressibility of modules while retaining portability. (by <a href="https://github.com/dmichon-msft"><code>@dmichon-msft</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20287">#20287</a>)</p> </li> <li> <p>Optimize source map generation: only include <code>ignoreList</code> property when it has content, avoiding empty arrays in source maps. (by <a href="https://github.com/xiaoxiaojx"><code>@xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20319">#20319</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1486f9aacc`"><code>1486f9a</code></a> chore(release): new release</li> <li><a href="`1a517f665a`"><code>1a517f6</code></a> feat: added the <code>tsconfig</code> option for the <code>resolver</code> options (<a href="https://redirect.github.com/webpack/webpack/issues/20400">#20400</a>)</li> <li><a href="`7b3b0f795d`"><code>7b3b0f7</code></a> feat: support <code>import.defer()</code> for context modules</li> <li><a href="`c4a6a922de`"><code>c4a6a92</code></a> refactor: more types and increase types coverage</li> <li><a href="`5ecc58d722`"><code>5ecc58d</code></a> feat: consider asset module as side-effect-free (<a href="https://redirect.github.com/webpack/webpack/issues/20352">#20352</a>)</li> <li><a href="`cce0f69898`"><code>cce0f69</code></a> test: avoid comma operator in BinaryMiddleware test (<a href="https://redirect.github.com/webpack/webpack/issues/20398">#20398</a>)</li> <li><a href="`cd4793d50e`"><code>cd4793d</code></a> feat: support import specifier guard (<a href="https://redirect.github.com/webpack/webpack/issues/20320">#20320</a>)</li> <li><a href="`fe486552d0`"><code>fe48655</code></a> docs: update examples (<a href="https://redirect.github.com/webpack/webpack/issues/20397">#20397</a>)</li> <li><a href="`de107f8767`"><code>de107f8</code></a> fix(VirtualUrlPlugin): set resourceData.context to avoid invalid fallback (<a href="https://redirect.github.com/webpack/webpack/issues/2">#2</a>...</li> <li><a href="`a656ab1fd1`"><code>a656ab1</code></a> test: add self-import test case for dynamic import (<a href="https://redirect.github.com/webpack/webpack/issues/20389">#20389</a>)</li> <li>Additional commits viewable in <a href="https://github.com/webpack/webpack/compare/v5.91.0...v5.105.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for webpack since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webpack&package-manager=npm_and_yarn&previous-version=5.91.0&new-version=5.105.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-03-02 17:42:19 +00:00
github-actions[bot]	4a89e1f616	Release HyperDX (#1790 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-27 08:38:01 -08:00
Rahul	ef66cba8cd	build(deps): add security resolutions for vulnerable npm packages (#1740 ) ## Summary Addresses npm security vulnerabilities in transitive dependencies. Prefer direct dependency upgrades over broad resolutions where possible. ## Changes Direct upgrade: - `@slack/webhook`: `^6.1.0` → `^7.0.0` — v7 natively uses axios v1, eliminating the axios@0.21.4 SSRF/redirect vulnerabilities. Only breaking change in v7 is dropping Node <18 (we're on Node 22). Resolutions for transitive deps with no direct upgrade path: - `fast-xml-parser`: `^4.4.0` — fixes prototype pollution (High) - `systeminformation`: `^5.24.0` — fixes command injection (High) ## Removed/Not Done - `axios` resolution removed — covered by the `@slack/webhook` upgrade instead - `tar` resolution removed — was a v6→v7 major jump on build-only tools (`cacache`, `node-gyp`); not present in the production image - `glob` resolution removed — was breaking test coverage tooling (`test-exclude@6` depends on glob@^7) ## Related Follow-up to #1731 which addressed base image vulnerabilities (Node, Go, ClickHouse).	2026-02-26 02:14:24 +00:00
dependabot[bot]	81a3259074	chore(deps): bump lodash-es from 4.17.21 to 4.17.23 (#1638 ) Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. <details> <summary>Commits</summary> <ul> <li><a href="`dec55b7a3b`"><code>dec55b7</code></a> Bump main to v4.17.23 (<a href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li> <li><a href="`19c9251b36`"><code>19c9251</code></a> fix: setCacheHas JSDoc return type should be boolean (<a href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li> <li><a href="`b5e672995a`"><code>b5e6729</code></a> jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li> <li><a href="`edadd45214`"><code>edadd45</code></a> Prevent prototype pollution on baseUnset function</li> <li><a href="`4879a7a7d0`"><code>4879a7a</code></a> doc: fix autoLink function, conversion of source links (<a href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li> <li><a href="`9648f692b0`"><code>9648f69</code></a> chore: remove <code>yarn.lock</code> file (<a href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li> <li><a href="`dfa407db0b`"><code>dfa407d</code></a> ci: remove legacy configuration files (<a href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li> <li><a href="`156e1965ae`"><code>156e196</code></a> feat: add renovate setup (<a href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li> <li><a href="`933e1061b8`"><code>933e106</code></a> ci: add pipeline for Bun (<a href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li> <li><a href="`072a807ff7`"><code>072a807</code></a> docs: update links related to Open JS Foundation (<a href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash-es&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.17.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-02-24 19:03:37 +00:00
dependabot[bot]	3dd8a7b995	chore(deps): bump lodash from 4.17.21 to 4.17.23 (#1641 ) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. <details> <summary>Commits</summary> <ul> <li><a href="`dec55b7a3b`"><code>dec55b7</code></a> Bump main to v4.17.23 (<a href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li> <li><a href="`19c9251b36`"><code>19c9251</code></a> fix: setCacheHas JSDoc return type should be boolean (<a href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li> <li><a href="`b5e672995a`"><code>b5e6729</code></a> jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li> <li><a href="`edadd45214`"><code>edadd45</code></a> Prevent prototype pollution on baseUnset function</li> <li><a href="`4879a7a7d0`"><code>4879a7a</code></a> doc: fix autoLink function, conversion of source links (<a href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li> <li><a href="`9648f692b0`"><code>9648f69</code></a> chore: remove <code>yarn.lock</code> file (<a href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li> <li><a href="`dfa407db0b`"><code>dfa407d</code></a> ci: remove legacy configuration files (<a href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li> <li><a href="`156e1965ae`"><code>156e196</code></a> feat: add renovate setup (<a href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li> <li><a href="`933e1061b8`"><code>933e106</code></a> ci: add pipeline for Bun (<a href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li> <li><a href="`072a807ff7`"><code>072a807</code></a> docs: update links related to Open JS Foundation (<a href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.17.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-02-24 18:59:44 +00:00
dependabot[bot]	44af73a98b	build(deps): bump bn.js from 4.12.0 to 4.12.3 (#1793 ) Bumps [bn.js](https://github.com/indutny/bn.js) from 4.12.0 to 4.12.3. <details> <summary>Commits</summary> <ul> <li><a href="`39fe4389c7`"><code>39fe438</code></a> 4.12.3</li> <li><a href="`67ecb35dab`"><code>67ecb35</code></a> backport(4.x): fix imaskn state (<a href="https://redirect.github.com/indutny/bn.js/issues/317">#317</a>)</li> <li><a href="`c4098bac24`"><code>c4098ba</code></a> 4.12.2</li> <li><a href="`6277fd705e`"><code>6277fd7</code></a> backport(4.x): Fix imuln/muln with zero (backport of <a href="https://redirect.github.com/indutny/bn.js/issues/313">#313</a>) (<a href="https://redirect.github.com/indutny/bn.js/issues/314">#314</a>)</li> <li><a href="`ac0d4afaae`"><code>ac0d4af</code></a> 4.12.1</li> <li><a href="`a5f14b43ec`"><code>a5f14b4</code></a> Fix serious issue in <code>.toString(16)</code> (<a href="https://redirect.github.com/indutny/bn.js/issues/309">#309</a>)</li> <li><a href="`0cd2661b9d`"><code>0cd2661</code></a> Remove package-lock.json added by npm</li> <li>See full diff in <a href="https://github.com/indutny/bn.js/compare/v4.12.0...v4.12.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bn.js&package-manager=npm_and_yarn&previous-version=4.12.0&new-version=4.12.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts). </details>	2026-02-24 18:55:50 +00:00
github-actions[bot]	9488421ac6	Release HyperDX (#1777 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-24 06:21:31 +01:00
github-actions[bot]	d1288cf67b	Release HyperDX (#1752 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-21 07:08:56 +01:00
github-actions[bot]	7679b80f13	Release HyperDX (#1718 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-18 14:06:08 -08:00
dependabot[bot]	35494dc032	build(deps): bump qs from 6.12.1 to 6.14.2 (#1736 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-13 20:13:21 +01:00
Rahul	b991e7bd37	fix: improve Docker Scout scores for clickstack images (#1731 ) Updates base images and patches vulnerable dependencies: - Node.js 22.16.0 -> 22.22-alpine - Go 1.25 -> 1.26-alpine - Express 4.19.2 -> 4.22.1 - Cookie, send, serve-static, and other npm packages - Fix ENV format warnings in Dockerfile Reduces vulnerabilities from 178 to 168 (9C, 52H, 98M, 9L). Tested: all services start correctly, health checks pass.	2026-02-13 18:21:19 +00:00
Warren Lee	651bf99bd3	chore: deprecate Nextra and remove related code (#1728 ) - Remove unused `nextra` and `nextra-theme-docs` dependencies from packages/app - No .mdx content pages existed — nextra was only wired up as configuration with no actual consumers	2026-02-12 18:32:15 +00:00
github-actions[bot]	a33efbc4b5	Release HyperDX (#1701 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-09 15:14:05 -08:00
Aaron Knudtson	e11b313807	fix: add react-hooks eslint to catch pitfalls (#1661 ) Had a couple of files with large fixes, I tested AutocompleteInput.tsx and SessionSubpanel.tsx quite a bit. Tested most others as well. I didn't act on some due to either a) correct usage or b) they are stable and I don't want to alter it. In both those cases, I added `eslint-disable-next-line` before each relevant line References HDX-2955	2026-02-04 22:04:01 +00:00
github-actions[bot]	00703bc121	Release HyperDX (#1696 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-04 12:30:19 -08:00
github-actions[bot]	a8457e2be9	Release HyperDX (#1688 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-04 05:21:21 +01:00
github-actions[bot]	d78df68e87	Release HyperDX (#1656 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-02-02 07:43:34 -08:00

1 2 3 4 5

229 commits