chore(deps): bump protobufjs from 7.5.6 to 7.6.0 in /workspaces/lightspeed

[dependabot]

Bumps protobufjs from 7.5.6 to 7.6.0.

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.6.0

7.6.0 (2026-05-18)

Features

• Support BigInt conversions (7.x) (#2258) (f769242)

protobufjs: v7.5.9

7.5.9 (2026-05-17)

Bug Fixes

• Backport bundler-safe optional module lookups (#2254) (0853a62)

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

Changelog

Sourced from protobufjs's changelog.

7.6.0 (2026-05-18)

Features

• Support BigInt conversions (7.x) (#2258) (f769242)

7.5.9 (2026-05-17)

Bug Fixes

• Backport bundler-safe optional module lookups (#2254) (0853a62)

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

Commits

• e30c334 chore: release protobufjs-v7.x (#2260)
• f769242 feat: Support BigInt conversions (7.x) (#2258)
• ab3862d chore: release protobufjs-v7.x (#2255)
• 0853a62 fix: Backport bundler-safe optional module lookups (#2254)
• d7035f9 chore: release protobufjs-v7.x (#2248)
• 54b593f fix: Backport parser hardening to 7.x (#2245)
• e88fcea chore: release protobufjs-v7.x (#2239)
• cc7d595 fix: Restore first-match namespace lookup (#2236)
• 3abc9b5 chore: release protobufjs-v7.x (#2190)
• a0bf2df fix: Update CLI peer dependency (7.x) (#2189)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[gabemontero]

needs a dedup:

Run node scripts/ci/verify-lockfile-duplicates.js workspaces/lightspeed/yarn.lock
  node scripts/ci/verify-lockfile-duplicates.js workspaces/lightspeed/yarn.lock
  shell: /usr/bin/bash -e {0}
Checking lock file workspaces/lightspeed/yarn.lock
(node:2473) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
(Use `node --trace-deprecation ...` to show where the warning was created)

*************************************************************************************
➤ YN0000: ┌ Deduplication step
* You have duplicate versions of some packages in a yarn.lock file.                 *
* To solve this, run the following command from the project root and commit all     *
*************************************************************************************

Deduplication step
  ➤ YN0000: │ long@npm:^5.0.0 can be deduped from long@npm:5.2.3 to long@npm:5.3.2
  ➤ YN0000: │ long@npm:^5.2.1 can be deduped from long@npm:5.2.3 to long@npm:5.3.2
  ➤ YN0000: │ 2 packages can be deduped using the highest strategy
➤ YN0000: └ Completed in 0s 310ms
* yarn.lock changes.                                                                *
*                                                                                   *
*   yarn --cwd workspaces/lightspeed dedupe                                         *
Error: Process completed with exit code 1.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[rhdh-qodo-merge]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Workspace lightspeed, Verify step

Failed stage: Verify lockfile duplicates [❌]

Failed test name: ""

Failure summary: The action failed during the Yarn install/link phase because the workflow detected that yarn.lock is not deduped and would change. - Yarn reported duplicate package versions in yarn.lock and required running yarn --cwd workspaces/lightspeed dedupe and committing the resulting yarn.lock changes. - The job then exited with code 1 after the deduplication check (##[error]Process completed with exit code 1.). Additional warnings were present (peer dependency mismatches, e.g., prettier@3.7.4 not satisfying @spotify/prettier-config's ^2.0.0, and missing @typescript-eslint/parser), but the explicit failure shown is the dedupe/lockfile consistency check.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 151: �[94m➤�[39m �[90mYN0000�[39m: ┌ Post-resolution validation 152: ##[group]Post-resolution validation 153: �[93m➤�[39m YN0060: │ �[38;5;173mprettier�[39m is listed by your project with version �[38;5;111m3.7.4�[39m (�[38;5;111mpc2ecd8�[39m), which doesn't satisfy what �[38;5;166m@spotify/�[39m�[38;5;173mprettier-config�[39m and other dependencies request (�[38;5;37m^2.0.0�[39m). 154: �[93m➤�[39m YN0002: │ �[38;5;166m@redhat-developer/�[39m�[38;5;173mrhdh-plugins�[39m�[38;5;111m@�[39m�[38;5;111mworkspace:.�[39m doesn't provide �[38;5;166m@typescript-eslint/�[39m�[38;5;173mparser�[39m (�[38;5;111mp8d7c5c�[39m), requested by �[38;5;166m@spotify/�[39m�[38;5;173meslint-plugin�[39m. 155: �[93m➤�[39m YN0086: │ Some peer dependencies are incorrectly met by your project; run �[38;5;111myarn explain peer-requirements <hash>�[39m for details, where �[38;5;111m<hash>�[39m is the six-letter p-prefixed code. 156: �[93m➤�[39m YN0086: │ Some peer dependencies are incorrectly met by dependencies; run �[38;5;111myarn explain peer-requirements�[39m for details. 157: ##[endgroup] 158: �[94m➤�[39m �[90mYN0000�[39m: └ Completed 159: �[94m➤�[39m �[90mYN0000�[39m: ┌ Fetch step 160: ##[group]Fetch step 161: �[94m➤�[39m YN0013: │ �[38;5;220m1548�[39m packages were added to the project (�[38;5;160m+ 336.33 MiB�[39m). 162: ##[endgroup] 163: �[94m➤�[39m �[90mYN0000�[39m: └ Completed in 5s 592ms 164: �[94m➤�[39m �[90mYN0000�[39m: ┌ Link step 165: ##[group]Link step 166: �[94m➤�[39m YN0007: │ �[38;5;173mesbuild�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.21.5�[39m must be built because it never has been before or the last one failed 167: �[94m➤�[39m YN0007: │ �[38;5;166m@swc/�[39m�[38;5;173mcore�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.4.13 [366d3]�[39m must be built because it never has been before or the last one failed 168: �[94m➤�[39m YN0007: │ �[38;5;173mesbuild�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.23.1�[39m must be built because it never has been before or the last one failed 169: �[94m➤�[39m YN0007: │ �[38;5;173mesbuild�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.20.2�[39m must be built because it never has been before or the last one failed 170: �[94m➤�[39m YN0007: │ �[38;5;173mcore-js-pure�[39m�[38;5;111m@�[39m�[38;5;111mnpm:3.36.1�[39m must be built because it never has been before or the last one failed 171: �[94m➤�[39m YN0007: │ �[38;5;166m@redhat-developer/�[39m�[38;5;173mrhdh-plugins�[39m�[38;5;111m@�[39m�[38;5;111mworkspace:.�[39m must be built because it never has been before or the last one failed 172: ##[endgroup] ... 181: (Use `node --trace-deprecation ...` to show where the warning was created) 182: ************************************************************************************* 183: * You have duplicate versions of some packages in a yarn.lock file. * 184: �[94m➤�[39m �[90mYN0000�[39m: ┌ Deduplication step 185: * To solve this, run the following command from the project root and commit all * 186: ************************************************************************************* 187: ##[group]Deduplication step 188: �[94m➤�[39m YN0000: │ �[38;5;173mlong�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^5.0.0�[39m can be deduped from �[38;5;173mlong�[39m�[38;5;111m@�[39m�[38;5;111mnpm:5.2.3�[39m to �[38;5;173mlong�[39m�[38;5;111m@�[39m�[38;5;111mnpm:5.3.2�[39m 189: �[94m➤�[39m YN0000: │ �[38;5;173mlong�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^5.2.1�[39m can be deduped from �[38;5;173mlong�[39m�[38;5;111m@�[39m�[38;5;111mnpm:5.2.3�[39m to �[38;5;173mlong�[39m�[38;5;111m@�[39m�[38;5;111mnpm:5.3.2�[39m 190: �[94m➤�[39m YN0000: │ 2 packages can be deduped using the �[38;5;111mhighest�[39m strategy 191: ##[endgroup] 192: �[94m➤�[39m �[90mYN0000�[39m: └ Completed in 0s 284ms 193: * yarn.lock changes. * 194: * * 195: * yarn --cwd workspaces/lightspeed dedupe * 196: ##[error]Process completed with exit code 1. 197: Post job cleanup.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.41%. Comparing base (7d93262) to head (46d6a39).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3201   +/-   ##
=======================================
  Coverage   53.41%   53.41%           
=======================================
  Files        2373     2373           
  Lines       84895    84895           
  Branches    23568    23566    -2     
=======================================
  Hits        45349    45349           
  Misses      39200    39200           
  Partials      346      346           

Flag	Coverage Δ		*Carryforward flag
adoption-insights	83.58% <ø> (ø)		Carriedforward from 7d93262
ai-integrations	70.03% <ø> (ø)		Carriedforward from 7d93262
app-defaults	69.60% <ø> (ø)		Carriedforward from 7d93262
augment	46.68% <ø> (ø)		Carriedforward from 7d93262
bulk-import	72.86% <ø> (ø)		Carriedforward from 7d93262
cost-management	16.49% <ø> (ø)		Carriedforward from 7d93262
dcm	32.85% <ø> (ø)		Carriedforward from 7d93262
extensions	61.79% <ø> (ø)		Carriedforward from 7d93262
global-floating-action-button	74.30% <ø> (ø)		Carriedforward from 7d93262
global-header	61.68% <ø> (ø)		Carriedforward from 7d93262
homepage	50.92% <ø> (ø)		Carriedforward from 7d93262
konflux	91.01% <ø> (ø)		Carriedforward from 7d93262
lightspeed	68.33% <ø> (ø)
mcp-integrations	81.59% <ø> (ø)		Carriedforward from 7d93262
orchestrator	36.36% <ø> (ø)		Carriedforward from 7d93262
quickstart	62.88% <ø> (ø)		Carriedforward from 7d93262
sandbox	79.49% <ø> (ø)		Carriedforward from 7d93262
scorecard	83.84% <ø> (ø)		Carriedforward from 7d93262
theme	64.54% <ø> (ø)		Carriedforward from 7d93262
translations	8.49% <ø> (ø)		Carriedforward from 7d93262
x2a	78.59% <ø> (ø)		Carriedforward from 7d93262

*This pull request uses carry forward flags. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7d93262...46d6a39. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.