chore(deps): bump the docusaurus-dependencies group across 1 directory with 6 updates#599
Merged
katriendg merged 1 commit intoMay 5, 2026
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
github-actions
Bot
changed the title
Contributor
Dependency ReviewThe following issues were found:
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #599 +/- ##
=======================================
Coverage 77.27% 77.27%
=======================================
Files 272 272
Lines 18140 18140
Branches 2493 2493
=======================================
Hits 14018 14018
Misses 3698 3698
Partials 424 424
*This pull request uses carry forward flags. Click here to find out more. 🚀 New features to boost your workflow:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Advisory Review Summary
Surfaces touched: docs/docusaurus (documentation site npm packages — isolated from production surfaces)
| Package | From | To | Severity | Surface |
|---|---|---|---|---|
@docusaurus/core |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/plugin-client-redirects |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/preset-classic |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/module-type-aliases |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/tsconfig |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/types |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/* (grouped patch)
Advisory summary: No GHSA or CVE identifiers were found in the PR body. The security(deps): title prefix indicates Dependabot flagged this as security-related; however no published advisory record was identifiable — GHSA API and OSV.dev were unavailable in the sandbox. If a specific advisory was linked by Dependabot, it can be verified at github.com/advisories.
Release notes (sourced from Docusaurus releases):
3.10.1 (2026-04-30) — Bug Fix
docusaurus-bundler: fix(bundler): fix v3 webpackbar bug due to webpack breaking change (#11981)Maintenance
docusaurus: chore: cherry-pick commits for v3.10.1 patch release (#11982)
Repo-specific risk notes:
- Patch bump (3.10.0 → 3.10.1); no major or minor version boundary crossed.
- Both
docs/docusaurus/package.json(manifest) anddocs/docusaurus/package-lock.json(lockfile) are updated — this is not a lockfile-only transitive pin. docs/docusaurusis the documentation site only, isolated fromdata-management/viewer/frontend/, training, evaluation, and infrastructure surfaces. No ABI sensitivity, no CUDA/numpy concerns, no peer-dep conflicts with production code.- Manifest is covered by
.github/dependabot.ymlunderdirectory: "/docs/docusaurus"with groupdocusaurus-dependencies. No uncovered-manifest note required.
Validation Signal
Deterministic CI: PR Validation: in_progress:in_progress
Static impact reasoning: Only docs/docusaurus/package.json and docs/docusaurus/package-lock.json are modified. No training, evaluation, terraform, or infrastructure manifests are touched. The Isaac Sim ABI guard (numpy >=1.26.0,<2.0.0), torch/tensordict/onnxruntime-gpu checks, and Terraform provider breaking-change checks do not apply.
Advisory verdict: COMMENT — CI conclusion is pending; the security(deps): prefix could not be resolved to a specific advisory identifier. Low inherent risk (patch, docs-only surface); APPROVE may be appropriate once CI is green and, if applicable, the linked advisory is confirmed fixed.
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
- #599
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by AW Dependabot PR Review for issue #599 · ● 1.3M
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/docs/docusaurus/docusaurus-dependencies-e287f7b829
branch
from
1c75ec2 to
e67ba84
Compare
Contributor
There was a problem hiding this comment.
Advisory Review Summary
- Ecosystem / surface: npm —
docs/docusaurus(documentation site, not a runtime surface) - Update type: Grouped patch bump — 6
@docusaurus/*packages, all 3.10.0 → 3.10.1 - Security advisories: None — no GHSA or CVE identifiers present in this PR
- High-risk triggers: None
| Package | From | To | Severity | Surface |
|---|---|---|---|---|
@docusaurus/core |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/plugin-client-redirects |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/preset-classic |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/module-type-aliases |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/tsconfig |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/types |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/* (grouped)
Advisory summary: No security advisories found for any of the six packages in this bump. No GHSA or CVE identifiers appear in the PR body or linked release notes.
Release notes (3.10.1 — 2026-04-30):
Bug Fix:
fix(bundler): fix v3 webpackbar bug due to webpack breaking change(#11981)
Maintenance: Cherry-pick commits for v3.10.1 patch release (#11982)Source: github.com/facebook/docusaurus/releases
Repo-specific risk notes:
- Patch-only bump within the 3.x line — no breaking changes, no API surface changes.
- All six packages are part of a single Docusaurus monorepo release; they must be co-bumped together, which this PR correctly does.
- Manifests touched:
docs/docusaurus/package.json(all 6 packages updated) anddocs/docusaurus/package-lock.json(lockfile update). - This surface (
docs/docusaurus) is a documentation-only site and is isolated from all runtime surfaces:training-rl-abi,python-runtime,dataviewer-frontend,terraform-providers, andgomodsurfaces are unaffected. - Existing
overridesinpackage.json(express,follow-redirects,lodash,path-to-regexp,qs,serialize-javascript) are unchanged by this PR — no transitive security overrides are disrupted. - No peer-dep conflicts expected: React 19, TypeScript 6.0.3, and the bundled versions remain unchanged. The webpackbar fix is internal to the Docusaurus bundler layer.
Validation Signal
Deterministic CI: PR Validation: in_progress:in_progress
⚠️ Deterministic CI conclusion not yet available; verdict is advisory only.The
PR Validationorchestrator is still running at the time of this review. See: workflow run
No per-surface check runs are applicable to this change from the surface map (the docs/docusaurus npm path is outside all mapped surfaces). The closest mapped surface would be dataviewer-frontend, but that covers only data-management/viewer/frontend/ — not the docs site.
Static impact reasoning: No ABI-sensitive packages are involved. The Isaac Sim numpy guard, torch/tensordict/onnxruntime-gpu checks, and Terraform provider guards are all inapplicable to this documentation-only npm bump.
Advisory verdict: COMMENT — CI validation is still in progress. No security advisories or high-risk triggers identified; this is a low-risk patch bump of the documentation site tooling. Safe to merge once CI passes.
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
- #599
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by AW Dependabot PR Review for issue #599 · ● 527K
Collaborator
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/docs/docusaurus/docusaurus-dependencies-e287f7b829
branch
from
e67ba84 to
09c010f
Compare
Contributor
There was a problem hiding this comment.
Advisory Review Summary
Ecosystems and surfaces touched: npm — documentation tooling (docs/docusaurus/). This surface is not in the high-risk rubric (not dataviewer-frontend, not any Python/Terraform/Go surface).
| Package | From | To | Severity | Surface |
|---|---|---|---|---|
@docusaurus/core |
3.10.0 | 3.10.1 | None | docs/docusaurus (npm) |
@docusaurus/plugin-client-redirects |
3.10.0 | 3.10.1 | None | docs/docusaurus (npm) |
@docusaurus/preset-classic |
3.10.0 | 3.10.1 | None | docs/docusaurus (npm) |
@docusaurus/module-type-aliases |
3.10.0 | 3.10.1 | None | docs/docusaurus (npm) |
@docusaurus/tsconfig |
3.10.0 | 3.10.1 | None | docs/docusaurus (npm) |
@docusaurus/types |
3.10.0 | 3.10.1 | None | docs/docusaurus (npm) |
@docusaurus/* (grouped — all 6 packages)
Advisory summary: No GHSA or CVE identifiers appear in the PR body or changelog. No advisory records were found for any of the bumped packages at 3.10.0. Source: GitHub Advisory Database (no results).
Release notes highlights (sourced from facebook/docusaurus releases):
3.10.1 (2026-04-30)
Repo-specific risk notes:
- Patch bump only; no major or minor version crossing.
- All 6 packages are in the same Docusaurus monorepo release train and were bumped together — no version skew between core and its companion packages.
- The diff is lockfile-heavy (
docs/docusaurus/package-lock.json): transitive Algolia client packages (@algolia/*5.50.1 → 5.52.0,@algolia/abtesting1.16.1 → 1.18.0) and@docsearch/*(4.6.2 → 4.6.3) are also updated as transitive dependencies of Docusaurus. None carry known CVEs. - Surface is documentation tooling only (
docs/docusaurus/); zero impact on training, evaluation, dataviewer, or infrastructure paths. - No peer-dependency conflicts applicable — the docs site does not share its npm lockfile with
data-management/viewer/frontend/. - Isaac Sim ABI guard: not applicable (no Python or
training/rl/manifests touched).
Validation Signal
-
Deterministic CI:
PR Validation: in_progress:in_progress— the orchestrator has not completed at the time this review was posted. Per-surface check runs are not yet available. (PR Validation run)⚠️ Deterministic CI conclusion not yet available; verdict is advisory only. -
Static impact reasoning: The diff only touches
docs/docusaurus/package-lock.json. No Python manifests, no Terraform providers, no GitHub Actions workflow files, and nodata-management/viewer/frontend/package.jsonare in scope. The Isaac Sim ABI guard and Torch/tensordict/onnxruntime-gpu checks are not applicable.
Advisory verdict: COMMENT — CI is still in progress; no advisory concerns were identified, but the verdict cannot be upgraded to APPROVE until the PR Validation orchestrator concludes successfully.
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
- #599
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by AW Dependabot PR Review for issue #599 · ● 724.3K
Collaborator
|
@dependabot rebase |
…y with 6 updates Bumps the docusaurus-dependencies group with 6 updates in the /docs/docusaurus directory: | Package | From | To | | --- | --- | --- | | [@docusaurus/core](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus) | `3.10.0` | `3.10.1` | | [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects) | `3.10.0` | `3.10.1` | | [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic) | `3.10.0` | `3.10.1` | | [@docusaurus/module-type-aliases](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-module-type-aliases) | `3.10.0` | `3.10.1` | | [@docusaurus/tsconfig](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig) | `3.10.0` | `3.10.1` | | [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types) | `3.10.0` | `3.10.1` | Updates `@docusaurus/core` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus) Updates `@docusaurus/plugin-client-redirects` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-plugin-client-redirects) Updates `@docusaurus/preset-classic` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-preset-classic) Updates `@docusaurus/module-type-aliases` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-module-type-aliases) Updates `@docusaurus/tsconfig` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-tsconfig) Updates `@docusaurus/types` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-types) --- updated-dependencies: - dependency-name: "@docusaurus/core" dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/module-type-aliases" dependency-version: 3.10.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/plugin-client-redirects" dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/preset-classic" dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/tsconfig" dependency-version: 3.10.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/types" dependency-version: 3.10.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: docusaurus-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/docs/docusaurus/docusaurus-dependencies-e287f7b829
branch
from
09c010f to
4812fb0
Compare
Contributor
There was a problem hiding this comment.
Advisory Review Summary
- Ecosystem: npm
- Surface: Documentation site (
docs/docusaurus/) — not in the ABI-sensitive surfaces; no Isaac Sim, Terraform, Python runtime, or dataviewer-frontend exposure - Manifest touched:
docs/docusaurus/package.json+docs/docusaurus/package-lock.json(both manifest and lockfile updated; not a transitive-only pin) - Dependabot coverage:
/docs/docusaurusis declared in.github/dependabot.yml✓
| Package | From | To | Severity | Surface |
|---|---|---|---|---|
@docusaurus/core |
3.10.0 |
3.10.1 |
None | docs-site (npm) |
@docusaurus/plugin-client-redirects |
3.10.0 |
3.10.1 |
None | docs-site (npm) |
@docusaurus/preset-classic |
3.10.0 |
3.10.1 |
None | docs-site (npm) |
@docusaurus/module-type-aliases |
3.10.0 |
3.10.1 |
None | docs-site (npm) |
@docusaurus/tsconfig |
3.10.0 |
3.10.1 |
None | docs-site (npm) |
@docusaurus/types |
3.10.0 |
3.10.1 |
None | docs-site (npm) |
@docusaurus/* (grouped patch release)
Advisory: No GHSA or CVE identifiers present in the PR body or linked advisories. No records returned from GHSA/OSV/NVD for Docusaurus 3.10.1.
Release notes (3.10.1, 2026-04-30) — source:
Bug Fix:
docusaurus-bundler: fix v3 webpackbar bug due to webpack breaking change (#11981)Maintenance:
docusaurus: cherry-pick commits for v3.10.1 patch release (#11982)
Risk notes:
- Semver patch release (3.10.0 → 3.10.1); no breaking changes expected.
- All six packages are from the same Docusaurus monorepo and are released together — no version skew risk.
- No ABI-sensitive runtimes (Isaac Sim, CUDA, torch, numpy) are in scope.
- No peer-dependency conflicts to evaluate; the docs site does not share the
data-management/viewer/frontend/lockfile.
Validation Signal
Deterministic CI: PR Validation: in_progress:in_progress
- CI orchestrator is still running at the time of this review; individual per-surface check-run results are not yet available.
- The
docs/docusaurusnpm surface is not mapped to any dedicated check-run in the surface table (no dataviewer, training, terraform, or Go paths touched). - PR Validation run: https://github.com/microsoft/physical-ai-toolchain/actions/runs/25383564165
Static impact reasoning: No ABI-sensitive manifests (training/rl/requirements.txt, training/rl/pyproject.toml) are touched; Isaac Sim ABI guard is not applicable. No peer-dependency conflicts identified against the docs site's own react@19.2.5 and typescript@6.0.3 pins.
Advisory verdict: COMMENT — CI is still in progress; no advisory findings or high-risk triggers identified. This is a routine patch bump fixing a webpack bundler regression in the documentation site only.
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
- #599
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by AW Dependabot PR Review for issue #599 · ● 759.8K
katriendg
approved these changes
May 5, 2026
katriendg
deleted the
dependabot/npm_and_yarn/docs/docusaurus/docusaurus-dependencies-e287f7b829
branch
WilliamBerryiii
pushed a commit
that referenced
this pull request
May 8, 2026
🤖 I have created a release *beep* *boop* --- ## [0.8.0](v0.7.4...v0.8.0) (2026-05-08) ### ⚠ BREAKING CHANGES * **dataviewer:** bump frontend stack to React 19, Vite 8, Tailwind v4, MSAL 5, ESLint 10 ([#524](#524)) ### ✨ Features * **agents:** add automated validation for high-risk Dependabot bumps ([#574](#574)) ([8c3686a](8c3686a)), closes [#573](#573) * **data:** add camera selector to annotation workspace and fix AV1 frame extraction ([#591](#591)) ([c809d2f](c809d2f)) * **data:** seed dataviewer frontend test foundation and per-section codecov flags ([#594](#594)) ([c06c4e3](c06c4e3)) * **dataviewer:** add OWASP security middleware stack ([#439](#439)) ([239edb9](239edb9)) * **infrastructure:** add conversion pipeline Terraform module ([#542](#542)) ([244531e](244531e)) * **infrastructure:** upgrade OSMO to chart 1.2.1 / image 6.2 with secure auth and skrl 2.0.0 compatibility ([#492](#492)) ([edfd7a5](edfd7a5)) * **pipeline:** add ACSA setup for ROS2 bag sync to Blob ([#451](#451)) ([c271a54](c271a54)) * **workflows:** add advisory Dependabot PR reviewer agentic workflow ([#498](#498)) ([d4bb140](d4bb140)) * **workflows:** trigger AW Dependabot PR reviewer after PR Validation ([#580](#580)) ([7ab3d16](7ab3d16)) ### 🐛 Bug Fixes * **ci:** correct stale version comment for actions/create-github-app-token ([#506](#506)) ([b2e9a54](b2e9a54)) * **ci:** restore data-pipeline and training broken tests by domain folder restructure ([#547](#547)) ([06d8472](06d8472)) * **docs:** update remaining stale 'Coming soon' labels in docs/README.md ([#507](#507)) ([02439d6](02439d6)) * **docs:** update stale coming soon label for Training section ([#472](#472)) ([46db49b](46db49b)) * **evaluation:** scope SIL AzureML validation code path and script reference ([#387](#387)) ([9f138a9](9f138a9)) * **infrastructure:** OSMO workflow execution, PostgreSQL public access, and quickstart corrections ([#477](#477)) ([9ed2da6](9ed2da6)) * **scripts:** exclude CHANGELOG.md from changed-files msdate check ([#644](#644)) ([8133bdc](8133bdc)) * **workflows:** allow dependabot[bot] to activate AW Dependabot PR Review ([#586](#586)) ([39dc022](39dc022)) * **workflows:** correct branches filter on AW Dependabot PR Review workflow_run trigger ([#584](#584)) ([fe06b52](fe06b52)) * **workflows:** normalize validate.yaml placeholder env/compute values ([#510](#510)) ([340ff44](340ff44)) * **workflows:** recompile aw-dependabot-pr-review lock file ([#576](#576)) ([d77c167](d77c167)) * **workflows:** switch AW Dependabot PR Review to pull_request_target ([#589](#589)) ([3f1edd1](3f1edd1)) ### 📚 Documentation * **docs:** Fix deployment guide links ([#614](#614)) ([0070b04](0070b04)) * document dependency-pinning-artifacts directory purpose ([#508](#508)) ([50e0010](50e0010)) ### 📦 Build System * **training:** standardize on Python 3.12 across manifests, containers, and runtime scripts ([#541](#541)) ([7ad014a](7ad014a)) ### 🔧 Operations * **build:** add Copilot cloud agent setup-steps workflow ([#593](#593)) ([c912668](c912668)) ### 🔧 Miscellaneous * **build:** exclude auto-generated CHANGELOG.md from cspell and seed dictionary ([#582](#582)) ([de1dd57](de1dd57)) * **build:** redesign codecov flags and split pytest CI per component ([#520](#520)) ([357e745](357e745)) * **dataviewer:** bump frontend stack to React 19, Vite 8, Tailwind v4, MSAL 5, ESLint 10 ([#524](#524)) ([50f8ad4](50f8ad4)) * **dataviewer:** repoint stale src/dataviewer references to data-management/viewer ([#504](#504)) ([88fa1b4](88fa1b4)), closes [#503](#503) * **deps-dev:** bump basic-ftp from 5.3.0 to 5.3.1 ([#618](#618)) ([ca10f2a](ca10f2a)) * **deps-dev:** bump globals from 15.15.0 to 17.5.0 in /data-management/viewer/frontend ([#527](#527)) ([0e0b2ae](0e0b2ae)) * **deps-dev:** bump ip-address from 10.1.0 to 10.2.0 ([#616](#616)) ([816c9cf](816c9cf)) * **deps-dev:** bump lint-staged from 16.4.0 to 17.0.2 in the root-npm-dependencies group across 1 directory ([#626](#626)) ([0e2f293](0e2f293)) * **deps-dev:** bump pydantic from 2.13.3 to 2.13.4 in the python-dependencies group across 1 directory ([#629](#629)) ([c24f1c1](c24f1c1)) * **deps-dev:** bump the python-dependencies group across 1 directory with 2 updates ([#514](#514)) ([8410f4b](8410f4b)) * **deps:** bump azure-core from 1.39.0 to 1.40.0 in /evaluation in the inference-dependencies group across 1 directory ([#597](#597)) ([6141db4](6141db4)) * **deps:** bump cryptography from 46.0.6 to 46.0.7 in /data-management/viewer ([#424](#424)) ([5fb6d58](5fb6d58)) * **deps:** bump cryptography from 46.0.6 to 46.0.7 in /data-management/viewer/backend ([#423](#423)) ([b516ad5](b516ad5)) * **deps:** bump lucide-react from 0.469.0 to 1.8.0 in /data-management/viewer/frontend ([#528](#528)) ([1bdfc1e](1bdfc1e)) * **deps:** bump nginx from `8aa63af` to `5616878` in /data-management/viewer/frontend ([#511](#511)) ([9e7e20e](9e7e20e)) * **deps:** bump nginx from 1.27-alpine to 1.29-alpine in /data-management/viewer/frontend ([#484](#484)) ([0e5c3dd](0e5c3dd)) * **deps:** bump node from `435f353` to `e49fd70` in /data-management/viewer/frontend ([#560](#560)) ([2884649](2884649)) * **deps:** bump react-is from 18.3.1 to 19.2.5 in /data-management/viewer/frontend ([#530](#530)) ([d51318c](d51318c)) * **deps:** bump tensordict from 0.11.0 to 0.12.1 in /evaluation in the inference-dependencies group across 1 directory ([#456](#456)) ([b24e733](b24e733)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 2 updates ([#531](#531)) ([171a1da](171a1da)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 5 updates ([#516](#516)) ([4f9a577](4f9a577)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 5 updates ([#602](#602)) ([6c27ab5](6c27ab5)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 2 updates ([#529](#529)) ([8646971](8646971)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 3 updates ([#601](#601)) ([d28fb50](d28fb50)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 3 updates ([#632](#632)) ([4ca5f3e](4ca5f3e)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 5 updates ([#515](#515)) ([109ee81](109ee81)) * **deps:** bump the dataviewer-frontend-patch-minor group across 1 directory with 6 updates ([#630](#630)) ([04d5dfd](04d5dfd)) * **deps:** bump the dataviewer-frontend-patch-minor group across 1 directory with 9 updates ([#563](#563)) ([c08f450](c08f450)) * **deps:** bump the docusaurus-dependencies group across 1 directory with 4 updates ([#627](#627)) ([f5825fc](f5825fc)) * **deps:** bump the docusaurus-dependencies group across 1 directory with 6 updates ([#599](#599)) ([b859344](b859344)) * **deps:** bump the github-actions group across 1 directory with 4 updates ([#459](#459)) ([2609c52](2609c52)) * **deps:** bump the github-actions group across 1 directory with 4 updates ([#517](#517)) ([f54bf5d](f54bf5d)) * **deps:** bump the inference-dependencies group across 1 directory with 11 updates ([#562](#562)) ([087f53a](087f53a)) * **deps:** bump the inference-dependencies group across 1 directory with 2 updates ([#628](#628)) ([4a3be47](4a3be47)) * **deps:** bump the pip group across 2 directories with 1 update ([#494](#494)) ([a14b6b0](a14b6b0)) * **docs:** update stale Python 3.11 references to 3.12 ([#575](#575)) ([6f85c95](6f85c95)) * **scripts:** remove redundant SC1091 disables in OSMO deploy scripts ([#509](#509)) ([ae1cb82](ae1cb82)) ### 🔒 Security * **build:** pin dependencies and hash-verify downloads ([#465](#465)) ([0289f49](0289f49)) * **build:** remediate dependency security advisories ([#479](#479)) ([7196d6d](7196d6d)) * **deps-dev:** bump basic-ftp from 5.2.1 to 5.2.2 ([#454](#454)) ([cb158f1](cb158f1)) * **deps-dev:** bump basic-ftp from 5.2.2 to 5.3.0 ([#495](#495)) ([e983b8b](e983b8b)) * **deps-dev:** bump hypothesis from 6.152.3 to 6.152.4 in the python-dependencies group ([#598](#598)) ([83384d2](83384d2)) * **deps-dev:** bump markdownlint-cli2 from 0.22.0 to 0.22.1 in the root-npm-dependencies group ([#559](#559)) ([32bde35](32bde35)) * **deps-dev:** bump picomatch from 2.3.1 to 2.3.2 in /docs/docusaurus ([#455](#455)) ([66f86ca](66f86ca)) * **deps-dev:** bump postcss from 8.5.10 to 8.5.12 in /data-management/viewer/frontend ([#569](#569)) ([a652dba](a652dba)) * **deps-dev:** bump the python-dependencies group with 2 updates ([#457](#457)) ([749d231](749d231)) * **deps-dev:** bump the python-dependencies group with 2 updates ([#485](#485)) ([71b44fd](71b44fd)) * **deps-dev:** bump the python-dependencies group with 3 updates ([#564](#564)) ([9fc52fd](9fc52fd)) * **deps-dev:** bump typescript from 6.0.2 to 6.0.3 in /docs/docusaurus in the docusaurus-dependencies group ([#513](#513)) ([5694dbc](5694dbc)) * **deps:** bump azureml/openmpi4.1.0-ubuntu22.04 from 20260303.v5 to 20260409.v4 in /evaluation/sil/docker ([#480](#480)) ([25d4df8](25d4df8)) * **deps:** bump cryptography from 46.0.6 to 46.0.7 in /evaluation in the uv group across 1 directory ([#538](#538)) ([92c5b2e](92c5b2e)) * **deps:** bump diffusers from 0.35.2 to 0.38.0 in /training/il/lerobot ([#638](#638)) ([6261d19](6261d19)) * **deps:** bump follow-redirects from 1.15.11 to 1.16.0 in /docs/docusaurus ([#469](#469)) ([0458908](0458908)) * **deps:** bump gitpython and mako for lerobot IL training ([#623](#623)) ([9f8022b](9f8022b)) * **deps:** bump node from 24.14.1-slim to 25.9.0-slim in /data-management/viewer/frontend ([#482](#482)) ([1532d09](1532d09)) * **deps:** bump packaging from 26.0 to 26.1 in /evaluation in the inference-dependencies group ([#483](#483)) ([f4afb6c](f4afb6c)) * **deps:** bump pillow from 12.1.1 to 12.2.0 ([#467](#467)) ([39fb663](39fb663)) * **deps:** bump python from 3.11-slim to 3.14-slim in /data-management/viewer/backend ([#481](#481)) ([7af9dfc](7af9dfc)) * **deps:** bump the dataviewer-backend-dependencies group across 1 directory with 15 updates ([#428](#428)) ([e4446a2](e4446a2)) * **deps:** bump the dataviewer-backend-dependencies group in /data-management/viewer/backend with 4 updates ([#487](#487)) ([0f57c5b](0f57c5b)) * **deps:** bump the dataviewer-backend-dependencies group in /data-management/viewer/backend with 8 updates ([#566](#566)) ([d6e7869](d6e7869)) * **deps:** bump the dataviewer-dependencies group across 1 directory with 5 updates ([#464](#464)) ([24c208d](24c208d)) * **deps:** bump the dataviewer-dependencies group in /data-management/viewer with 2 updates ([#486](#486)) ([90149f3](90149f3)) * **deps:** bump the dataviewer-dependencies group in /data-management/viewer with 6 updates ([#565](#565)) ([f0bb36b](f0bb36b)) * **deps:** bump the dataviewer-frontend-patch-minor group across 1 directory with 10 updates ([#613](#613)) ([e481f83](e481f83)) * **deps:** bump the github-actions group across 1 directory with 4 updates ([#534](#534)) ([5478ab6](5478ab6)) * **deps:** bump the github-actions group with 2 updates ([#488](#488)) ([4e6ce98](4e6ce98)) * **deps:** bump the github-actions group with 3 updates ([#567](#567)) ([48c38dc](48c38dc)) * **deps:** bump the github-actions group with 3 updates ([#634](#634)) ([00cfb49](00cfb49)) * **deps:** bump the github-actions group with 6 updates ([#603](#603)) ([73eb79a](73eb79a)) * **deps:** bump the training-dependencies group across 1 directory with 23 updates ([#463](#463)) ([d5a8656](d5a8656)) * **deps:** bump yaml from 2.8.2 to 2.8.3 in /data-management/viewer/frontend ([#453](#453)) ([10449df](10449df)) * pytest harness, dependabot advisories, and OSSF Scorecard remediations ([#501](#501)) ([e8756e8](e8756e8)) * **scripts:** pin and hash-verify all shell script downloads ([#468](#468)) ([0c2bb9c](0c2bb9c)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: physical-ai-toolchain-release[bot] <267194360+physical-ai-toolchain-release[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the docusaurus-dependencies group with 6 updates in the /docs/docusaurus directory:
3.10.03.10.13.10.03.10.13.10.03.10.13.10.03.10.13.10.03.10.13.10.03.10.1Updates
@docusaurus/corefrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/core's releases.
Changelog
Sourced from @docusaurus/core's changelog.
Commits
41c1a45v3.10.1d4164aechore: cherry-pick commits for v3.10.1 patch release (#11982)Updates
@docusaurus/plugin-client-redirectsfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/plugin-client-redirects's releases.
Changelog
Sourced from @docusaurus/plugin-client-redirects's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/preset-classicfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/preset-classic's releases.
Changelog
Sourced from @docusaurus/preset-classic's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/module-type-aliasesfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/module-type-aliases's releases.
Changelog
Sourced from @docusaurus/module-type-aliases's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/tsconfigfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/tsconfig's releases.
Changelog
Sourced from @docusaurus/tsconfig's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/typesfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/types's releases.
Changelog
Sourced from @docusaurus/types's changelog.
Commits
41c1a45v3.10.1