chore(deps-dev): bump turbo from 2.6.1 to 2.6.3#37
Conversation
Bumps [turbo](https://github.com/vercel/turborepo) from 2.6.1 to 2.6.3. - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.6.1...v2.6.3) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.6.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Note Free review on us!CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made. Comment |
|
A newer version of turbo exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
|
Superseded by #110, which consolidates all open dependabot updates into one build-verified PR. Closing in favor of that. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
* chore(deps): consolidate open dependabot updates Roll the open dependabot PRs into a single change so they can be merged and verified together rather than five separate bumps. * deps-dev: bump @biomejs/biome 2.4.15 -> 2.4.16 (#106) * deps-dev: bump typescript ^5.x -> ^6.0.3 across the workspace root and the builder, cli, and simulator packages (#98) * ci: bump the actions-deps group with 7 updates (#104) - harden-runner, actions/checkout, codeql-action, create-github-app-token, setup-node, upload-artifact, verified-bot-commit vitest (#52) and turbo (#37) are already superseded on main (^4.1.6 and ^2.9.14), so those PRs are closed as obsolete with no change needed here. The typescript 6.0 major bump is verified: build, types, lint, and the test suite all pass. @types/node is kept at 25.9.1 (dependabot #98 had introduced a 25.0.3 typo in the cli package). Closes #106 Closes #104 Closes #98 Closes #52 Closes #37 * ci(scorecard): correct actions/checkout version comment The pinned SHA df4cb1c is actions/checkout v6.0.3, matching the same bump in the other workflows. Dependabot left the stale # v4.5.4 comment, which is misleading. Refs: #110 * ci(scorecard): correct codeql-action version comment The pinned SHA 87557b9 is codeql-action v4 (matching codeql.yml), not v3.29.5. Fix the stale comment for consistency. Refs: #110
1 participant
Bumps turbo from 2.6.1 to 2.6.3.
Release notes
Sourced from turbo's releases.
... (truncated)
Changelog
Sourced from turbo's changelog.
... (truncated)
Commits
13612aapublish 2.6.3 to registryfe34922fix: Command injection inturbo-ignore(#11154)d5162c0fix(vercel-api): AddVIEWER_FOR_PLUSandSECURITYrole variants (#11169)ab3259efix: Normalize config dir env vars to absolute (#11146)164606fexamples(security): UpgradeNext.jsversions (#11195)91a194cci: Remove debug logging (#11193)0412c00ci: Fix integration test logging style (#11194)8c4ac9bfix: Handle pidlock AlreadyOwned without failing init in LSP (#10831)2ceec77release(turborepo): 2.6.3-canary.0 (#11191)2bb1cc2docs: Updating READMEs (#11190)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for turbo since your current version.
You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)