chore(deps): bump lucide-react from 0.546.0 to 1.14.0#158
Merged
Conversation
Bumps [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) from 0.546.0 to 1.14.0. - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.14.0/packages/lucide-react) --- updated-dependencies: - dependency-name: lucide-react dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
jrphilo
added
the
ralphie:skip-manual-upgrade
Contributor
|
Ralphie skipped this for: skip-manual-upgrade What I saw: lucide-react jumps from 0.546.0 to 1.14.0 — a pre-1.0 → 1.0 jump on a runtime dependency. The 1.x release notes mention switching ESM bundles to .mjs and reworking dynamic imports / RSC client directives, which can change how icons resolve in the Next.js App Router build. What would unblock it: A maintainer reads the v1.0 release notes, confirms our icon import patterns still tree-shake and render correctly under the new ESM/RSC behavior, and verifies the build before merging. |
4 tasks
jrphilo
added a commit
that referenced
this pull request
May 2, 2026
Two structural changes from observed loop drift on #155 and #158: 1. Drop Rules 2 (CI red unrelated to bump) and 3 (framework / security-sensitive / pre-1.0 → 1.0 categories) from triage. These were category-based auto-skips that punted real work to the human. Phase 2's verification + investigation already produces the same verdicts with cited evidence — we just have to let it run. Triage's job collapses to Rule 1 (protected paths). Everything that passes Rule 1 flows to Phase 2. 2. Move skip-ci-red, skip-manual-upgrade, and the lockfile- regeneration carve-out into Phase 2's decision tree: - Path A (verify + investigate): can land on ready-to-merge, skip-needs-review, or skip-manual-upgrade (when migration scope exceeds the loop's reach), all with evidence-cited comments. - Path B.1: skip-ci-red when failure reproduces on a clean main checkout (pre-existing breakage, not caused by the bump). - Path B.2: lockfile-regeneration replacement PR when ERR_PNPM_LOCKFILE_CONFIG_MISMATCH (or similar) was the verification failure. No changelog citation required — the fixup is the regenerated lockfile, not behavioral. - Path B.3: standard breaking-change fixups (existing flow). 3. Add an explicit "elevated scrutiny" classification at session start (step 0d) for framework majors / security-sensitive / pre-1.0 → 1.0 / multi-major bumps. The investigation bar is higher for these; defaulting toward skip-needs-review or skip-manual-upgrade is correct when the agent can't be thorough. Net: every Dependabot PR that doesn't touch protected paths gets real verification and a real comment. The loop's "I checked X, here's what I found" replaces "go read the release notes." For follow-up: re-label #158 (gh pr edit 158 --remove-label "ralphie:skip-manual-upgrade") so the loop can pick it up under the new rules. #155 is already eligible. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jrphilo
added
ralphie:skip-manual-upgrade
Contributor
|
Ralphie skipped this for: skip-manual-upgrade What I saw: lucide-react 0.546.0 → 1.14.0 is a pre-1.0 → 1.0 jump on a runtime dependency. The 1.x commit log shows real shape changes — switching ESM bundles to What would unblock it: A maintainer reads the v1.0 release notes, confirms our icon imports still tree-shake and render correctly under the new ESM/RSC behavior (App Router server + client components, including any dynamic icon usage), and verifies the production build before merging. |
jrphilo
removed
the
ralphie:skip-manual-upgrade
Contributor
|
Ralphie verified this — ready to merge. Verification
Changelog highlights
Investigation
RecommendationSafe to merge. The pre-1.0 → 1.0 risk shape is "import resolution / icon removal / RSC boundary mishandling," and all three are verified inert here: type-check catches the removal class, the import shape is uniform/named, and every importing file is already a client component. Same maintainer, no security advisory, no auth/secrets surface. |
jrphilo
added
the
ralphie:ready-to-merge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps lucide-react from 0.546.0 to 1.14.0.
Release notes
Sourced from lucide-react's releases.
... (truncated)
Commits
50d8af5docs(readme): Update readme files (#4320)653e44bfeat(packages): use .mjs for ESM bundles (#4285)7623e23feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...dada0a8fix(lucide-react): Fix dynamic imports (#4210)a6e648afix(lucide-react): correct client directives in RSC files (#4189)1f010a3fix(lucide-react): Fixes provider export and RSC render issues (#4175)484f2c9docs(version-1): Version 1 website (#4142)a0e202dfeat(packages/angular): add new@lucide/angularpackage (#3897)c5b155eMerge branch 'main' of https://github.com/lucide-icons/lucide into nextf6c0d06chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for lucide-react since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)