Skip to content

build(deps): bump monaco-editor from 0.44.0 to 0.55.1 in /packages/otelbin #509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 2 commits into
base: main
Choose a base branch
from
Open

build(deps): bump monaco-editor from 0.44.0 to 0.55.1 in /packages/otelbin #509

dependabot wants to merge 2 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2025
edited
Loading

Bumps monaco-editor from 0.44.0 to 0.55.1.

Release notes

Sourced from monaco-editor's releases.

v0.55.1

Changes:

  • #5121: Fixes missing language exports
  • #5122: v0.55.1

This list of changes was auto generated.

v0.55.0

Changes:

  • #5120: Fixes npx playwright install --with-deps
  • #5118: Fixes microsoft/monaco-editor#5113
  • #5117: v0.55.0
  • #5116: Install playwright dependencies in monaco-editor-core job
  • #5105: Fixes website
  • #5104: fixes website & adds editor.api.d.ts
  • #5102: Fixes typedoc & updates pipelines to test website
  • #5100: Updates website dependencies
  • #5071: Bump vite from 5.4.20 to 5.4.21 in /samples/browser-esm-vite-react
  • #4961: Bump on-headers and compression in /samples
  • #5040: Bump @​babel/runtime from 7.18.9 to 7.28.4 in /website
  • #5095: Bump vite from 7.1.9 to 7.1.11 in /samples/browser-esm-vite
  • #5097: Cleans up build scripts
  • #5098: Dont build the editor when building the website
  • #5099: Run tests
  • #5094: Adds vite esm example
  • #5093: Adds playground support for esmUrl
  • #5092: Updates changelog
  • #5090: Adds localization section to readme
  • #5089: Adds missing NLS files
  • #5088: Dont use .js for typescript imports, as rollup adds them to the output
  • #5070: Bump vite from 7.1.5 to 7.1.11
  • #5069: Bump playwright and @​playwright/test
  • #5058: Add monaco-editor-core dependencies to monaco-editor after updating monaco-editor-core.
  • #5053: Bump loader-utils from 2.0.2 to 2.0.4 in /website
  • #5055: Bump postcss and css-loader in /website
  • #5054: Bump json5 from 2.2.1 to 2.2.3 in /website
  • #4973: Fix Kotlin number literals
  • #4991: Bump vite from 2.9.17 to 5.4.20 in /samples/browser-esm-vite-react
  • #5039: Bump webpack from 5.90.1 to 5.102.1 in /website
  • #5037: Bump ws in /website
  • #5010: [Bug] Multiple issues with how monaco-editor is published
  • #5051: Fixes #5010

... (truncated)

Changelog

Sourced from monaco-editor's changelog.

[0.55.1]

  • Fixes missing language exports (monaco.json/typescript/...) due to wrong "types" path - #5123

[0.55.0]

Breaking Changes

  • Moves nested namespaces (languages.css, languages.html, languages.json, languages.typescript) to top level namespaces (css, html, json, typescript) to simplify the build process and align with typescript recommendations.

New Features

  • Adds native LSP support (see new lsp namespace).

Bug Fixes

  • Updates dompurify to 3.2.7

[0.54.0]

  • Adds option editor.mouseMiddleClickAction
  • Various bug fixes

[0.53.0]

  • ⚠️ This release deprecates the AMD build and ships with significant changes of the AMD build. The AMD build will still be shipped for a while, but we don't offer support for it anymore. Please migrate to the ESM build.

New Features

  • Next Edit Suggestion support.
  • Scroll On Middle Click
  • Edit Context Support

Breaking Changes

  • Internal AMD modules are no longer accessible. Accessing internal AMD modules was never supported. While this is still possible in the ESM build, we don't encourage this usage pattern.
  • The browser-script-editor scenario for unbundled synchronous script import and editor creation no longer works. Instead, a the ESM build should be used with a bundler, such as vite or webpack.
  • Custom AMD workers don't work anymore out of the box.

[0.52.0]

  • Comment added inside of IModelContentChangedEvent

[0.51.0]

  • New fields IEditorOptions.placeholder and IEditorOptions.compactMode
  • New fields IGotoLocationOptions.multipleTests and IGotoLocationOptions.alternativeTestsCommand
  • New field IInlineEditOptions.backgroundColoring
  • New experimental field IEditorOptions.experimental.useTrueInlineView
  • New options CommentThreadRevealOptions for comments

Contributions to monaco-editor:

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for monaco-editor since your current version.


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 1, 2025
@vercel
Copy link

vercel bot commented Dec 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
otelbin Error Error Jan 9, 2026 4:31pm

@dependabot
build(deps): bump monaco-editor in /packages/otelbin
a266d2b 
Bumps [monaco-editor](https://github.com/microsoft/monaco-editor) from 0.44.0 to 0.55.1.
- [Release notes](https://github.com/microsoft/monaco-editor/releases)
- [Changelog](https://github.com/microsoft/monaco-editor/blob/main/CHANGELOG.md)
- [Commits](microsoft/monaco-editor@v0.44.0...v0.55.1)

---
updated-dependencies:
- dependency-name: monaco-editor
  dependency-version: 0.55.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot-npm_and_yarn-packages-otelbin-monaco-editor-0.55.1 branch from 9e695e8 to a266d2b Compare December 12, 2025 14:06
@socket-security
Copy link

socket-security bot commented Dec 12, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​typescript-eslint/​parser@​5.62.0 ⏵ 8.29.110010071 +198100
Addedesbuild@​0.25.2911007392100
Addedesbuild@​0.19.492997393100
Added@​types/​jest@​29.5.141001007781100
Added@​types/​aws-lambda@​8.10.1491001007888100
Added@​stylistic/​eslint-plugin@​2.13.01001007894100
Addedaws-lambda@​1.0.79810010080100
Updated@​typescript-eslint/​eslint-plugin@​5.62.0 ⏵ 8.29.199 +210080 +298100
Updatedconstructs@​10.3.0 ⏵ 10.4.210010080 +28780
Updated@​types/​node@​18.18.13 ⏵ 16.18.126100 +11008195100
Updated@​types/​node@​18.18.13 ⏵ 20.17.301001008195100
Addedjest-junit@​16.0.09910010082100
Added@​opentelemetry/​api@​1.8.010010010082100
Addedts-node@​10.9.29710010082100
Addedaws-cdk-lib@​2.189.189100899670
Updatedprojen@​0.77.1 ⏵ 0.91.2091 -210098 -198 +570
Added@​octokit/​rest@​20.0.2991008883100
Updatedeslint-plugin-import@​2.29.0 ⏵ 2.31.097 +110010084100
Added@​expo/​spawn-async@​1.7.21001008986100
Added@​opentelemetry/​resources@​1.30.1991008891100
Added@​opentelemetry/​instrumentation-http@​0.35.1991009688100
Added@​opentelemetry/​instrumentation-dns@​0.35.01001008894100
Added@​opentelemetry/​instrumentation-net@​0.35.01001008994100
Added@​opentelemetry/​sdk-trace-base@​1.30.11001001009180
Added@​opentelemetry/​instrumentation@​0.50.09910010090100
Addedtypescript@​5.8.31001009010090
Addedaxios@​1.12.09910010090100
Added@​opentelemetry/​exporter-metrics-otlp-proto@​0.50.0991009490100
Updatedeslint-import-resolver-typescript@​3.5.5 ⏵ 3.10.0100 +1100100 +190100
Added@​opentelemetry/​exporter-trace-otlp-proto@​0.50.09910010091100
Added@​opentelemetry/​resource-detector-aws@​1.12.09710010091100
Added@​opentelemetry/​sdk-metrics@​1.30.11001009991100
Added@​opentelemetry/​sdk-trace-node@​1.30.19910010091100
See 5 more rows in the dashboard

View full report

@socket-security
Copy link

socket-security bot commented Dec 12, 2025
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm buffer is 96.0% likely obfuscated

Confidence: 0.96

Location: Package overview

From: packages/otelbin-validation/package-lock.jsonnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 9, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joschi