Dep Updates 2026-04-03

[mynameistito]

Dep Updates 2026-04-03

---

Summary by cubic

Update dependencies to keep runtime and tooling current. Adds a changeset for a patch release of github-archiver due to the p-queue bump.

• Dependencies
  • p-queue: ^9.1.0 → ^9.1.1
  • @biomejs/biome: ^2.4.9 → ^2.4.10
  • esbuild: ^0.27.4 → ^0.28.0
  • ultracite: ^7.4.0 → ^7.4.2

^{Written for commit 075c9e2. Summary will update on new commits.}

Greptile Summary

This PR bumps four dev/runtime dependencies: p-queue (patch), @biomejs/biome (patch), ultracite (patch), and esbuild (minor: 0.27.4 → 0.28.0). The bun.lock is updated consistently. The changeset and lockfile changes look mechanically correct, though the changeset omits three of the four bumped packages.

• p-queue, @biomejs/biome, and ultracite are routine patch bumps with no expected behavior changes.
• esbuild receives a minor version bump (0.27.x → 0.28.0); esbuild's 0.x versioning scheme means minor bumps can carry breaking changes — worth verifying the build still passes after this change.
• The changeset file only records the p-queue update, leaving @biomejs/biome, esbuild, and ultracite undocumented in the changelog.

Confidence Score: 4/5

Safe to merge; all changes are dependency version bumps with consistent lockfile updates. Minor concern around the esbuild minor bump and the incomplete changeset entry.

Three of the four bumps are patch-level with low risk. The esbuild minor bump (0.27 → 0.28) warrants a build verification since esbuild treats minor versions as potentially breaking, but the lockfile is consistent and no application source code was changed. The only non-trivial issue is the changeset file omitting three of the four updated packages.

.changeset/dep-updates-1775192544530.md — incomplete documentation of all dependency updates.

Important Files Changed

Filename	Overview
.changeset/dep-updates-1775192544530.md	New changeset documenting the dep updates — only mentions the p-queue patch bump, omitting the biome, esbuild, and ultracite updates.
package.json	Bumps p-queue (patch), @biomejs/biome (patch), ultracite (patch), and esbuild (minor: 0.27.4 → 0.28.0) version ranges.
bun.lock	Lockfile updated consistently with package.json to reflect all four dependency version bumps.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR: Dep Updates 2026-04-03] --> B[package.json]
    A --> C[bun.lock]
    A --> D[changeset md]

    B --> E["p-queue: 9.1.0 to 9.1.1 - patch"]
    B --> F["biome: 2.4.9 to 2.4.10 - patch"]
    B --> G["esbuild: 0.27.4 to 0.28.0 - minor"]
    B --> H["ultracite: 7.4.0 to 7.4.2 - patch"]

    C --> I[All package hashes updated]

    D --> J["Only documents p-queue - missing biome, esbuild, ultracite"]

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: .changeset/dep-updates-1775192544530.md
Line: 5-6

Comment:
**Changeset missing three of four updated dependencies**

The changeset only documents the `p-queue` patch bump, but `package.json` (and `bun.lock`) also update:

- `@biomejs/biome`: `^2.4.9` → `^2.4.10` (patch)
- `esbuild`: `^0.27.4` → `^0.28.0` (minor — esbuild uses `0.x` for potentially breaking changes)
- `ultracite`: `^7.4.0` → `^7.4.2` (patch)

Consider including all updated packages so the changelog accurately reflects what changed in this release:

```suggestion
---
"github-archiver": patch
---

Updated dependencies:
- p-queue: ^9.1.0 → ^9.1.1
- @biomejs/biome: ^2.4.9 → ^2.4.10
- esbuild: ^0.27.4 → ^0.28.0
- ultracite: ^7.4.0 → ^7.4.2
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "dep updates 2026-04-03" | Re-trigger Greptile}

Greptile also left 1 inline comment on this PR.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

Release Notes

• Chores
  • Updated core dependencies to their latest versions to enhance stability, performance, and maintain security standards.

Walkthrough

This pull request updates package dependencies for the github-archiver package. A changeset file records the update to p-queue from ^9.1.0 to ^9.1.1. Additionally, package.json is updated with version bumps for p-queue, @biomejs/biome, esbuild, and ultracite.

Changes

Cohort / File(s)	Summary
Dependency Updates .changeset/dep-updates-1775192544530.md, package.json	Adds changeset record and updates package versions: p-queue (^9.1.0 → ^9.1.1), @biomejs/biome (^2.4.9 → ^2.4.10), esbuild (^0.27.4 → ^0.28.0), and ultracite (^7.4.0 → ^7.4.2).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• dep update #11: Updates the same devDependencies (@biomejs/biome and ultracite) in package.json.
• Dep Updates 2026-03-29 #19: Modifies the ultracite package dependency that is also updated in this PR.

Poem

🐰 Dependencies hop and play,
New versions come to save the day!
P-queue, biome, and ultracite too,
Version bumps—there's nothing to chew!
✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Dep Updates 2026-04-03' directly matches the changeset content—updating dependencies on a specific date. However, it is somewhat generic and lacks specificity about which dependencies or the nature of the updates (e.g., patch vs. minor bumps).
Description check	✅ Passed	The description provides comprehensive details about the dependency updates, including a summary of changes, lists of updated packages with version ranges, and contextual notes from both cubic and Greptile about the changes and their impact.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/dep-updates-2026-04-03-1775192544530

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	esbuild@​0.28.0

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[greptile-apps]

Changeset missing three of four updated dependencies

The changeset only documents the p-queue patch bump, but package.json (and bun.lock) also update:

• @biomejs/biome: ^2.4.9 → ^2.4.10 (patch)
• esbuild: ^0.27.4 → ^0.28.0 (minor — esbuild uses 0.x for potentially breaking changes)
• ultracite: ^7.4.0 → ^7.4.2 (patch)

Consider including all updated packages so the changelog accurately reflects what changed in this release:

Suggested change

	Updated dependencies:
	- p-queue: ^9.1.0 → ^9.1.1
	---
	"github-archiver": patch
	---
	Updated dependencies:
	- p-queue: ^9.1.0 → ^9.1.1
	- @biomejs/biome: ^2.4.9 → ^2.4.10
	- esbuild: ^0.27.4 → ^0.28.0
	- ultracite: ^7.4.0 → ^7.4.2

Prompt To Fix With AI

This is a comment left during a code review.
Path: .changeset/dep-updates-1775192544530.md
Line: 5-6

Comment:
**Changeset missing three of four updated dependencies**

The changeset only documents the `p-queue` patch bump, but `package.json` (and `bun.lock`) also update:

- `@biomejs/biome`: `^2.4.9` → `^2.4.10` (patch)
- `esbuild`: `^0.27.4` → `^0.28.0` (minor — esbuild uses `0.x` for potentially breaking changes)
- `ultracite`: `^7.4.0` → `^7.4.2` (patch)

Consider including all updated packages so the changelog accurately reflects what changed in this release:

```suggestion
---
"github-archiver": patch
---

Updated dependencies:
- p-queue: ^9.1.0 → ^9.1.1
- @biomejs/biome: ^2.4.9 → ^2.4.10
- esbuild: ^0.27.4 → ^0.28.0
- ultracite: ^7.4.0 → ^7.4.2
```

How can I resolve this? If you propose a fix, please make it concise.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.changeset/dep-updates-1775192544530.md:
- Around line 1-6: The changeset currently only documents the runtime update to
p-queue; update the changeset text to also list the three devDependency
bumps—@biomejs/biome: ^2.4.9 → ^2.4.10, esbuild: ^0.27.4 → ^0.28.0, and
ultracite: ^7.4.0 → ^7.4.2—so the file reflects all dependency changes and
matches package.json; ensure the changeset body includes these devDependency
lines (or a devDependencies section) and that version strings exactly match the
updated package.json entries.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 12e031e9-7da2-4f71-9ede-24a7203dd2fb

📥 Commits

Reviewing files that changed from the base of the PR and between 19b516d and 075c9e2.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• .changeset/dep-updates-1775192544530.md
• package.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Changeset is incomplete - missing devDependency updates.

The changeset only documents the p-queue update, but package.json also updated three devDependencies:

• @biomejs/biome: ^2.4.9 → ^2.4.10
• esbuild: ^0.27.4 → ^0.28.0
• ultracite: ^7.4.0 → ^7.4.2

While it's common to focus on runtime dependencies in changelogs, devDependency updates (especially the esbuild minor version bump) may be worth documenting for transparency and traceability.

📝 Proposed fix to include all dependency updates

 ---
 "github-archiver": patch
 ---
 
 Updated dependencies:
 - p-queue: ^9.1.0 → ^9.1.1
+
+Updated devDependencies:
+- `@biomejs/biome`: ^2.4.9 → ^2.4.10
+- esbuild: ^0.27.4 → ^0.28.0
+- ultracite: ^7.4.0 → ^7.4.2

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	---
	"github-archiver": patch
	---
	Updated dependencies:
	- p-queue: ^9.1.0 → ^9.1.1
	---
	"github-archiver": patch
	---
	Updated dependencies:
	- p-queue: ^9.1.0 → ^9.1.1
	Updated devDependencies:
	- `@biomejs/biome`: ^2.4.9 → ^2.4.10
	- esbuild: ^0.27.4 → ^0.28.0
	- ultracite: ^7.4.0 → ^7.4.2

🧰 Tools

🪛 markdownlint-cli2 (0.22.0)

[warning] 5-5: First line in a file should be a top-level heading

(MD041, first-line-heading, first-line-h1)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.changeset/dep-updates-1775192544530.md around lines 1 - 6, The changeset
currently only documents the runtime update to p-queue; update the changeset
text to also list the three devDependency bumps—@biomejs/biome: ^2.4.9 →
^2.4.10, esbuild: ^0.27.4 → ^0.28.0, and ultracite: ^7.4.0 → ^7.4.2—so the file
reflects all dependency changes and matches package.json; ensure the changeset
body includes these devDependency lines (or a devDependencies section) and that
version strings exactly match the updated package.json entries.

[cubic-dev-ai]

No issues found across 3 files