Skip to content

chore(deps-dev): bump turbo from 2.9.6 to 2.9.14#22

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/turbo-2.9.8
Closed

chore(deps-dev): bump turbo from 2.9.6 to 2.9.14#22
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/turbo-2.9.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Bumps turbo from 2.9.6 to 2.9.14.

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

Low:

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

... (truncated)

Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 4, 2026

Labels

The following labels could not be found: dependabot, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

Agent Evaluation Results

Overall Score: 98.0%
Pass Rate: 100.0%
Trajectories: 2

Generated by agent-eval-harness

@dependabot dependabot Bot changed the title chore(deps-dev): bump turbo from 2.9.6 to 2.9.8 chore(deps-dev): bump turbo from 2.9.6 to 2.9.14 May 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/turbo-2.9.8 branch from 5faf510 to a3cbcf9 Compare May 17, 2026 01:51
@reaatech reaatech force-pushed the dependabot/npm_and_yarn/turbo-2.9.8 branch 2 times, most recently from aeefe43 to e338352 Compare May 17, 2026 20:22
@reaatech
Copy link
Copy Markdown
Owner

reaatech commented May 17, 2026

⚠️ Dependabot fix attempts exhausted

Tried 2 opencode fix attempt(s); CI is still failing on: Docker Build, Type Check, All Checks Passed.

Leaving this PR open for human review — repobot will not close dependency-bump PRs on CI failure.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 19, 2026

A newer version of turbo exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@dependabot @reaatech
chore(deps-dev): bump turbo from 2.9.6 to 2.9.14
d714379 
Bumps [turbo](https://github.com/vercel/turborepo) from 2.9.6 to 2.9.14.
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.9.6...v2.9.14)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@reaatech reaatech force-pushed the dependabot/npm_and_yarn/turbo-2.9.8 branch from 4cd4088 to d714379 Compare May 20, 2026 20:47
@reaatech
Copy link
Copy Markdown
Owner

reaatech commented May 20, 2026

🔒 Closed — pre-existing transitive vulnerabilities, outside scope of this PR

turbo from 2.9.6 → 2.9.14: the only failing CI check(s) are All Checks Passed, Security Audit, which flag vulnerable transitive dependencies that this dep-bump cannot reach. No PR-level action (this bump or any rewrite of it) can fix the audit findings — they require either an upstream parent-package release or a root-level dependency update unrelated to this PR.

Closing to keep the dependabot queue actionable. Run pnpm audit locally to see the affected paths.

If you believe this PR's bump does actually introduce a fixable audit finding (rare), reopen it and add the label repobot:keep-open.

@reaatech reaatech added the repobot:audit-transitive-skip Closed by repobot — pre-existing transitive vulnerability outside PR scope label May 20, 2026
@reaatech reaatech closed this May 20, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/turbo-2.9.8 branch May 20, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

repobot:audit-transitive-skip Closed by repobot — pre-existing transitive vulnerability outside PR scope

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reaatech