Skip to content

chore(deps-dev): bump effect from 4.0.0-beta.94 to 4.0.0-beta.98#1675

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/effect-4.0.0-beta.98
Open

chore(deps-dev): bump effect from 4.0.0-beta.94 to 4.0.0-beta.98#1675
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/effect-4.0.0-beta.98

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps effect from 4.0.0-beta.94 to 4.0.0-beta.98.

Changelog

Sourced from effect's changelog.

4.0.0-beta.98

Patch Changes

  • #2587 989603b Thanks @​gcanti! - Expose SchemaError as a public module and re-export Schema.isSchemaError.

    This gives consumers a stable import path and guard for schema failures without depending on the internal schema implementation, while preserving the existing Schema.SchemaError surface.

  • #2592 214c458 Thanks @​gcanti! - Apply transformClient when building an individual HttpApi endpoint client, preserving the supplied client's error and service channels.

  • #2598 a037273 Thanks @​gcanti! - Preserve __proto__ group and endpoint identifiers in HTTP APIs, generated clients, and URL builders.

  • #2578 97fdaa9 Thanks @​tim-smart! - Fix Atom.kvs async mode to retain its AsyncResult value shape after writes.

  • #2612 b24d248 Thanks @​gptguy! - Fix replay of persisted DurableDeferred.raceAll results.

  • #2580 19c222c Thanks @​gcanti! - Fix HttpApi authorization decoding.

    Previously, HttpApiBuilder.securityDecode removed the expected scheme length and one following character from the Authorization header without verifying either value. A Bearer decoder could therefore pass credentials from a different scheme such as Basic, accept a malformed header without a separating space, or retain leading spaces when more than one separator was present.

    The decoder now validates the declared scheme before returning credentials, matches it case-insensitively as required by RFC 9110 section 11.1, and consumes one or more separating spaces. Missing, malformed, or mismatched headers produce the existing empty credential value so security middleware can reject them consistently.

    Basic authentication previously split the decoded user-pass value at every colon, causing otherwise valid passwords containing : to be discarded. It now uses only the first colon as the separator and preserves the rest of the password, following RFC 7617 section 2.

  • #2581 eec85dd Thanks @​gcanti! - Fix HttpApi client error decoding.

    Generated clients previously combined every error schema for a status into one union decoder. When schemas used different encodings, their declaration order could determine the decoded error instead of the response Content-Type; for example, a text decoder could accept a JSON response before the JSON decoder was tried.

    Error responses are now grouped and selected by normalized content type, matching buffered success responses. Normalization happens before grouping, so declarations that differ only by casing or parameters such as charset share one union decoder instead of making later schemas unreachable.

    No-content schemas are represented by a headerless alternative, allowing empty error responses without a Content-Type header to decode correctly. Unsupported content types preserve the existing combination of StatusCodeError and the response decoding failure.

  • #2605 0082f4f Thanks @​gcanti! - Fix Number.remainder for very small and large values formatted in scientific notation.

  • #2611 8849052 Thanks @​tim-smart! - Fix PersistedQueue to count schema decoding and malformed SQL payload failures as processing attempts.

  • #2500 c15e16a Thanks @​hsubra89! - Fix Redis-backed PersistedQueue reset and failed-item handling.

  • #2602 01d00a3 Thanks @​gcanti! - Fix a bug where decoding bracket paths from FormData or URLSearchParams could mutate inherited object prototypes.

  • #2588 8bd4589 Thanks @​gcanti! - Fix SchemaAST.isJson to reject class instances and other non-record objects.

  • #2605 0082f4f Thanks @​gcanti! - Fix JSON Schema allOf imports for tuple intersections and preserve primitive refinements when combining literal constraints.

  • #2604 6e08428 Thanks @​gcanti! - Fix Schema.toFormatter and Schema.toEquivalence indexing for tuples with multiple post-rest elements.

  • #2603 388dcf9 Thanks @​gcanti! - Fix union candidate selection and decoding order so that unions now:

    • consider matches from every sentinel key instead of dropping valid members after the first match;

... (truncated)

Commits
  • 3e4abbc Version Packages (beta) (#2577)
  • 0082f4f Fix JSON Schema tuple allOf intersections (#2605)
  • 72ac585 Add HttpApiError for status 422 (#2613)A
  • b24d248 Fix durable race result replay (#2612)
  • 8849052 Ensure PersistedQueue decoding failures are processing attempts (#2611)
  • c15e16a fix(PersistedQueue): Fix Redis-backed PersistedQueue script handling (#2500)
  • 87bea7e Handle large millis passed to sleep (#2583)
  • 2b7ce2b Fix SQL-backed persisted queues to refresh locks for actively acquired elemen...
  • 5b2a0bc ensure WithTransaction wraps entire rpc handler (#2607)
  • 6e08428 Fix Schema tuple post-rest indexing (#2604)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) from 4.0.0-beta.94 to 4.0.0-beta.98.
- [Release notes](https://github.com/Effect-TS/effect/releases)
- [Changelog](https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md)
- [Commits](https://github.com/Effect-TS/effect/commits/effect@4.0.0-beta.98/packages/effect)

---
updated-dependencies:
- dependency-name: effect
  dependency-version: 4.0.0-beta.98
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 15, 2026
@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
orpc Ready Ready Preview, Comment Jul 15, 2026 9:57am

@pkg-pr-new

pkg-pr-new Bot commented Jul 15, 2026

Copy link
Copy Markdown
More templates

@orpc/arktype

npm i https://pkg.pr.new/@orpc/arktype@1675

@orpc/bun

npm i https://pkg.pr.new/@orpc/bun@1675

@orpc/client

npm i https://pkg.pr.new/@orpc/client@1675

@orpc/cloudflare

npm i https://pkg.pr.new/@orpc/cloudflare@1675

@orpc/contract

npm i https://pkg.pr.new/@orpc/contract@1675

@orpc/experimental-effect

npm i https://pkg.pr.new/@orpc/experimental-effect@1675

@orpc/evlog

npm i https://pkg.pr.new/@orpc/evlog@1675

@orpc/json-schema

npm i https://pkg.pr.new/@orpc/json-schema@1675

@orpc/nest

npm i https://pkg.pr.new/@orpc/nest@1675

@orpc/next

npm i https://pkg.pr.new/@orpc/next@1675

@orpc/openapi

npm i https://pkg.pr.new/@orpc/openapi@1675

@orpc/opentelemetry

npm i https://pkg.pr.new/@orpc/opentelemetry@1675

@orpc/pino

npm i https://pkg.pr.new/@orpc/pino@1675

@orpc/publisher

npm i https://pkg.pr.new/@orpc/publisher@1675

@orpc/ratelimit

npm i https://pkg.pr.new/@orpc/ratelimit@1675

@orpc/server

npm i https://pkg.pr.new/@orpc/server@1675

@orpc/shared

npm i https://pkg.pr.new/@orpc/shared@1675

@orpc/tanstack-query

npm i https://pkg.pr.new/@orpc/tanstack-query@1675

@orpc/valibot

npm i https://pkg.pr.new/@orpc/valibot@1675

@orpc/zod

npm i https://pkg.pr.new/@orpc/zod@1675

commit: a893232

@codecov

codecov Bot commented Jul 15, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants