deps: bump @trpc/server from 10.45.4 to 11.8.1 by dependabot[bot] · Pull Request #191 · colibri-hq/colibri

dependabot · 2026-01-18T21:41:01Z

Bumps @trpc/server from 10.45.4 to 11.8.1.

Release notes

Sourced from @trpc/server's releases.

v11.8.1

What's Changed

fix(server): pass maxDurationMs timeout signal to subscription handlers by @tt-a1i in trpc/trpc#7037

fix(tanstack-react-query): useSubscription prop tracking by @Julusian in trpc/trpc#7036

fix(server): fastify form-data type by @wszgrcy in trpc/trpc#6974

New Contributors

@bsdahl made their first contribution in trpc/trpc#6995

@tt-a1i made their first contribution in trpc/trpc#7037

@Julusian made their first contribution in trpc/trpc#7036

@wszgrcy made their first contribution in trpc/trpc#6974

Full Changelog: trpc/trpc@v11.8.0...v11.8.1

v11.8.0

What's Changed

feat(server): support streaming in API Gateway REST API by @anatolzak in trpc/trpc#7039

fixes GHSA-43p4-m455-4f4j

v11.7.2

What's Changed

fix(server): missing sse options when using mergeRouter by @timcole in trpc/trpc#7023

New Contributors

@KitsuneKode made their first contribution in trpc/trpc#6975

@timcole made their first contribution in trpc/trpc#7023

Full Changelog: trpc/trpc@v11.7.1...v11.7.2

v11.7.1

What's Changed

fix(tanstack-react-query): keyPrefix of undefined by @Nick-Lucas in trpc/trpc#6990

New Contributors

@theoludwig made their first contribution in trpc/trpc#6906

Full Changelog: trpc/trpc@v11.7.0...v11.7.1

v11.7.0

What's Changed

fix(client): do not emit "connecting" when initializing websocket subscription by @hmatthieu in trpc/trpc#6970

fix(server): Export octet types by @Nick-Lucas in trpc/trpc#6981

feat(tanstack-react-query): Add QueryKey and MutationKey Prefix option by @Nick-Lucas in trpc/trpc#6976

... (truncated)

Commits

0d08831 v11.8.1
b802056 fix(server): fastify form-data type (#6974)
1c9a6ec chore(deps): update dependency @oxc-project/runtime to v0.104.0 (#7051)
172b6aa fix(server): pass maxDurationMs timeout signal to subscription handlers (#7037)
6820949 chore: bump next (#7045)
d7adb37 chore(server): some internal refactors (#7044)
a247ce2 v11.8.0
78629d5 Fix bug (#7043)
9a17cef feat(server): support streaming in API Gateway REST API (#7039)
fa8d806 chore(deps): update dependency valibot to v1.2.0 [security] (#7026)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [@trpc/server](https://github.com/trpc/trpc/tree/HEAD/packages/server) from 10.45.4 to 11.8.1. - [Release notes](https://github.com/trpc/trpc/releases) - [Commits](https://github.com/trpc/trpc/commits/v11.8.1/packages/server) --- updated-dependencies: - dependency-name: "@trpc/server" dependency-version: 11.8.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-01-18T21:41:13Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/@trpc/server

11.8.1

🟢 4.8

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 10/13 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	⚠️ 0	53 existing vulnerabilities detected

Scanned Files

pnpm-lock.yaml

cloudflare-workers-and-pages · 2026-01-18T23:06:15Z

Deploying with Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	colibri-docs	`2cb2dda`	Commit Preview URL Branch Preview URL	Jan 18 2026, 11:10 PM

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 18, 2026

dependabot bot mentioned this pull request Jan 18, 2026

Bump @trpc/server from 10.45.2 to 11.7.0 #108

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps: bump @trpc/server from 10.45.4 to 11.8.1#191

deps: bump @trpc/server from 10.45.4 to 11.8.1#191
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/main/trpc/server-11.8.1

dependabot bot commented on behalf of github Jan 18, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Jan 18, 2026

Uh oh!

cloudflare-workers-and-pages bot commented Jan 18, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v11.8.1

What's Changed

New Contributors

v11.8.0

What's Changed

v11.7.2

What's Changed

New Contributors

v11.7.1

What's Changed

New Contributors

v11.7.0

What's Changed

Uh oh!

github-actions bot commented Jan 18, 2026

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

cloudflare-workers-and-pages bot commented Jan 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Deploying with Cloudflare Workers

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Jan 18, 2026 •

edited

Loading

cloudflare-workers-and-pages bot commented Jan 18, 2026 •

edited

Loading