Skip to content

chore(deps): consolidate Dependabot PRs #61–#68 + sqlx 0.9 migration#69

Merged
pacphi merged 1 commit into
mainfrom
chore/consolidate-dependabot-2026-05-26
May 26, 2026
Merged

chore(deps): consolidate Dependabot PRs #61–#68 + sqlx 0.9 migration#69
pacphi merged 1 commit into
mainfrom
chore/consolidate-dependabot-2026-05-26

Conversation

@pacphi
Copy link
Copy Markdown
Owner

@pacphi pacphi commented May 26, 2026

Summary

Consolidates 8 open Dependabot PRs (#61#68) into a single branch with all quality gates passing.

Dependency Updates

Package Ecosystem Old New PR(s)
@hookform/resolvers npm (frontend) ^5.2.2 ^5.4.0 #68
@tailwindcss/vite npm (frontend) ^4.0.0 ^4.3.0 #65
react-hook-form npm (frontend) ^7.54.0 ^7.76.1 #63
react-router npm (frontend) ^7.14.2 ^7.15.1 #62
react-dom npm (frontend) 19.2.5 19.2.6 (lockfile) #67
sqlx cargo 0.8.6 0.9.0 #66
tower-http cargo 0.6.10 0.6.11 (Cargo.lock) #64
serde_json cargo 1.0.149 1.0.150 (Cargo.lock) #61

Security Alerts Resolved

None open at time of consolidation.

Breaking Changes Fixed

Package Change Files Fixed
sqlx 0.9 query_as/query now require SqlSafeStr; dynamic strings need AssertSqlSafe() crates/finima-db/src/repos/transaction_repo.rs, crates/finima-api/src/bin/normalize_directions.rs

Both call sites use whitelisted/constant SQL fragments (sort column from exhaustive match, direction filter from compile-time constant) so wrapping with AssertSqlSafe is safe.

Quality Gates

pnpm build pnpm typecheck pnpm lint pnpm test cargo build cargo clippy cargo fmt
✅ (0 warn) ✅ 9 tests ✅ (0 warn)

Closes

Closes #61, #62, #63, #64, #65, #66, #67, #68

@pacphi @claude
chore(deps): consolidate Dependabot PRs #61#68 + sqlx 0.9 migration
e4cc29a 
npm (frontend):
- @hookform/resolvers: ^5.2.2 → ^5.4.0 [#68]
- @tailwindcss/vite: ^4.0.0 → ^4.3.0 [#65]
- react-hook-form: ^7.54.0 → ^7.76.1 [#63]
- react-router: ^7.14.2 → ^7.15.1 [#62]
- react-dom: 19.2.5 → 19.2.6 (lockfile) [#67]

cargo:
- sqlx: 0.8.6 → 0.9.0 [#66] — wrap dynamic SQL with AssertSqlSafe()
- tower-http: 0.6.10 → 0.6.11 (Cargo.lock) [#64]
- serde_json: 1.0.149 → 1.0.150 (Cargo.lock) [#61]

Breaking-change fix: sqlx 0.9 requires SqlSafeStr for query_as/query.
Dynamic-but-safe SQL in transaction_repo.rs and normalize_directions.rs
wrapped with AssertSqlSafe (sort columns come from an exhaustive match,
direction filter is a compile-time constant).

Closes #61, #62, #63, #64, #65, #66, #67, #68

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@pacphi
Copy link
Copy Markdown
Owner Author

pacphi commented May 26, 2026

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

This was referenced May 26, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@pacphi pacphi merged commit 7e929d7 into main May 26, 2026
12 checks passed
@pacphi pacphi deleted the chore/consolidate-dependabot-2026-05-26 branch May 26, 2026 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pacphi