Bump rollup from 2.79.2 to 2.80.0 in /frontend#547
Open
dependabot[bot] wants to merge 698 commits intomasterfrom
Open
Bump rollup from 2.79.2 to 2.80.0 in /frontend#547dependabot[bot] wants to merge 698 commits intomasterfrom
dependabot[bot] wants to merge 698 commits intomasterfrom
Conversation
Add link to .NET quickstart
Update README.md
Update requirements.txt
Update quickstart app to fetch transactions data via /transactions/sync
Fix WORKDIR
Update Dockerfile
Update README.md
Update README.md
This reverts commit f5eeac6.
Revert "Update Dockerfile"
link to tiny quickstart
Create README.md
EUWECRY-1084: Refactor Quickstart app for UK/EU payment initiation
Removes [got](https://github.com/sindresorhus/got). It's no longer used after updating ancestor dependency [nodemon](https://github.com/remy/nodemon). These dependencies need to be updated together. Removes `got` Updates `nodemon` from 2.0.5 to 2.0.20 - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](remy/nodemon@v2.0.5...v2.0.20) --- updated-dependencies: - dependency-name: got dependency-type: indirect - dependency-name: nodemon dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [shell-quote](https://github.com/ljharb/shell-quote) to 1.7.3 and updates ancestor dependency [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts). These dependencies need to be updated together. Updates `shell-quote` from 1.7.2 to 1.7.3 - [Release notes](https://github.com/ljharb/shell-quote/releases) - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...1.7.3) Updates `react-scripts` from 4.0.1 to 5.0.1 - [Release notes](https://github.com/facebook/create-react-app/releases) - [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-4.x.md) - [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts) --- updated-dependencies: - dependency-name: shell-quote dependency-type: indirect - dependency-name: react-scripts dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…nd-nodemon--removed Bump got and nodemon in /node
Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.4. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@2.2.3...2.2.4) --- updated-dependencies: - dependency-name: rack dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…hell-quote-and-react-scripts-1.7.3 Bump shell-quote and react-scripts in /frontend
Bump rack from 2.2.3 to 2.2.4 in /ruby
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.7. - [Release notes](https://github.com/minimistjs/minimist/releases) - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.7) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.15.2. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.7...v1.15.2) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ollow-redirects-1.15.2 Bump follow-redirects from 1.14.7 to 1.15.2 in /frontend
Co-authored-by: Todd Kerpelman <4397978+ToddKerpelman@users.noreply.github.com>
Updates to Balance and Signal for new Signal Rules flows. Also updates dependencies and Plaid client libraries
Updated test credentials and OAuth testing instructions.
Revise Transactions test credentials and OAuth section
Removed an accidental stray entry in the .env.template added in the last update Fixed a bug in the Go quickstart in which it would panic if /transactions/sync was called before the initial update transactions fetch had completed Fixed an issue for CRA in which the quickstart frontend used the wrong field name due to a change in field names when graduating from CRA beta to GA Updated frontend dependencies, most notably react 16->18 and updates to latest plaid frontend and backend versions (frontend uses plaid backend library for typescript type checking) dependency updates for all language backends Updated Docker to use more recent container versions
Updates the Node.js quickstart to support the new user creation flow: - Default to sending identity object with proper schema (name, emails, phone_numbers, addresses) - Auto-retry with consumer_report_user_identity on INVALID_FIELD error - Track both user_id and user_token from responses - Use user_token when available (from consumer_report_user_identity), otherwise user_id - Remove user.client_user_id when passing user_id/user_token to link token creation - Update CRA endpoints to use correct identifier (user_token or user_id) - Income endpoints always use user_token as required - Upgrade plaid library to v40.0.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated all backend implementations (Python, Node.js, Go, Java, Ruby) to support both old-style (user_token) and new-style (user_id) CRA user integrations. Each backend now tries the Identity field first, then falls back to ConsumerReportUserIdentity if that fails. All CRA endpoints (base_report, income_insights, partner_insights) handle both user_token and user_id parameters. Frontend updated to display both user_token and user_id when available. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add null checks for Java error body reading to prevent NullPointerException - Fix Java and Ruby to only retry on INVALID_FIELD errors, not all errors - Fix duplicate client_user_id generation: now reuses same ID on retry across all backends - Remove superfluous comments for cleaner, self-documenting code 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed all instances of itemID to itemId to follow Java camelCase convention consistently with other variables like userId, accessToken, etc. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The compiled go/server binary (22MB) should not be tracked in git. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Node.js: 40.0.0 → 41.0.0 - Python: 37.1.0 → 38.0.0 - Go: 40.1.0 → 41.0.0 (updated import path from v40 to v41) - Java: 38.1.0 → 39.0.0 - Ruby: 44.1.0 → 45.0.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This reverts commit 629693f.
- Add support for new user APIs (see https://plaid.com/docs/api/users/user-apis/) - Bump dependencies
frontend: - Update plaid to ^41.1.0 (from ^39.1.0) - Update plaid-threads to ^14.5.0 (from ^11.2.3) - Apply safe minor/patch updates to testing libraries, sass, immer node: - Update plaid to ^41.1.0 (from ^41.0.0) - Update express to ^4.22.1 - Update dotenv, nodemon, body-parser, cors - Apply safe minor/patch updates Testing: Installation and build tests passed Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Python: plaid_python 38.0.0 → 38.1.0 - Java: plaid-java 39.0.0 → 39.1.0 - Ruby: plaid 45.0.0 → 45.1.0 - Go: already at 41.0.0 (latest) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Python (python/requirements.txt): - Update plaid_python 38.0.0 -> 38.1.0 - Update werkzeug 3.1.4 -> 3.1.5 Ruby (ruby/Gemfile.lock): - Update plaid 45.0.0 -> 45.1.0 - Update puma 7.1.0 -> 7.2.0 - Update tilt 2.6.1 -> 2.7.0 - Update public_suffix 7.0.0 -> 7.0.2 Java (java/pom.xml): - Update plaid-java 39.0.0 -> 39.1.0 - Update jaxb-api 2.3.1 -> 2.4.0 - Update jaxb-impl 2.3.9 -> 2.4.0 Go (go/go.mod): - Update plaid-go/v41 41.0.0 -> 41.1.0 - Update sonic 1.14.2 -> 1.15.0 - Update quic-go 0.58.0 -> 0.59.0 - Update various golang.org/x/* packages Testing: All SDKs updated to latest versions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Python: 3.12-alpine → 3.12.12-alpine - Ruby: 3.3 → 3.3.10 - Go: 1.24 → 1.24.13 - Maven/JDK: 3.9-eclipse-temurin-21 → 3.9.12-eclipse-temurin-21 - Node: 20-alpine → 20.20.0-alpine All patch-level updates within same minor versions for stability. Testing: Python and Node containers build successfully Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Run npm update to update all dependencies within their semver ranges. This updates axios from 1.13.2 to 1.13.5, which includes security fixes for a Denial of Service vulnerability via __proto__ key in mergeConfig. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update dependencies - quickstart
Bumps [rollup](https://github.com/rollup/rollup) from 2.79.2 to 2.80.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.2...v2.80.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps rollup from 2.79.2 to 2.80.0.
Changelog
Sourced from rollup's changelog.
Commits
d17ae152.80.0d6dee5eValidate bundle stays within output dir (#6277)Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.