chore(deps): update dependency @trivago/prettier-plugin-sort-imports to v5 #927

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

coderabbitai · 2024-12-05T16:50:07Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

Visit our Status Page to check the current availability of CodeRabbit.
Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

socket-security · 2024-12-05T16:50:28Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		`pbkdf2@3.1.2` has a Critical CVE. CVE: GHSA-h7cp-r72f-jxh6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos (CRITICAL) Affected versions: >= 3.0.10 < 3.1.3 Patched version: 3.1.3 From: yarn.lock → `npm/pbkdf2@3.1.2` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/pbkdf2@3.1.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`pbkdf2@3.1.2` has a Critical CVE. CVE: GHSA-v62p-rq8g-8h59 pbkdf2 silently disregards Uint8Array input, returning static keys (CRITICAL) Affected versions: < 3.1.3 Patched version: 3.1.3 From: yarn.lock → `npm/pbkdf2@3.1.2` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/pbkdf2@3.1.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`underscore@1.9.1` has a Critical CVE. CVE: GHSA-cf4h-3jhx-xvhq Arbitrary Code Execution in underscore (CRITICAL) Affected versions: >= 1.3.2 < 1.12.1 Patched version: 1.12.1 From: yarn.lock → `npm/underscore@1.9.1` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/underscore@1.9.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`web3@0.20.2` has a Git dependency. Dependency: bignumber.js @git+https://github.com/frozeman/bignumber.js-nolookahead.git Location: Package overview From: yarn.lock → `npm/web3@0.20.2` ℹ Read more on: This package \| This alert \| What are git dependencies? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Publish the git dependency to npm or a private package repository and consume it from there. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/web3@0.20.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

vercel · 2024-12-09T12:09:31Z

Deployment failed with the following error:

Resource is limited - try again in 1 hour (more than 100, code: "api-deployments-free-per-day").

gitstream-cm · 2025-07-21T21:28:53Z

🚨 gitStream Monthly Automation Limit Reached 🚨

Your organization has exceeded the number of pull requests allowed for automation with gitStream.
Monthly PRs automated: 251/250

To continue automating your PR workflows and unlock additional features, please contact LinearB.

vercel · 2025-08-10T14:42:10Z

Deployment failed with the following error:

Resource is limited - try again in 6 hours (more than 100, code: "api-deployments-free-per-day").

socket-security · 2025-08-10T14:43:12Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	form-data@2.3.3
	pbkdf2@3.1.2
	underscore@1.9.1
	has@1.0.4
	isarray@2.0.5
	side-channel@1.0.6
	hasown@2.0.2
	gopd@1.0.1
	util.promisify@1.1.2
	jsonify@0.0.1
	globalthis@1.0.4
	has-tostringtag@1.0.2
	typedarray@0.0.6
	functions-have-names@1.2.3
	set-function-length@1.2.2
	path-parse@1.0.7
	is-negative-zero@2.0.3
	has-proto@1.0.3
	object-keys@1.1.1
	object-is@1.1.6
	minimalistic-assert@1.0.1
	object.getownpropertydescriptors@2.1.8
	unbox-primitive@1.0.2
	get-symbol-description@1.0.2
	typed-array-buffer@1.0.2
	is-date-object@1.0.5
	has-symbols@1.0.3
	safe-regex-test@1.0.3
	json-rpc-random-id@1.0.1
	is-bigint@1.0.4
	typed-array-length@1.0.6
	is-arguments@1.1.1
	internal-slot@1.0.7
	string.prototype.trim@1.2.9
See 397 more rows in the dashboard

View full report

…to v5

vercel bot had a problem deploying to Preview December 5, 2024 16:51 Failure

renovate bot force-pushed the renovate/trivago-prettier-plugin-sort-imports-5.x branch from b48473e to a46b76a Compare December 6, 2024 15:55

vercel bot had a problem deploying to Preview December 6, 2024 15:56 Failure

renovate bot force-pushed the renovate/trivago-prettier-plugin-sort-imports-5.x branch from a46b76a to 3cb9453 Compare December 9, 2024 12:09

renovate bot force-pushed the renovate/trivago-prettier-plugin-sort-imports-5.x branch from 3cb9453 to f315c43 Compare January 2, 2025 14:08

vercel bot had a problem deploying to Preview January 2, 2025 14:09 Failure

renovate bot force-pushed the renovate/trivago-prettier-plugin-sort-imports-5.x branch from f315c43 to 1931581 Compare January 28, 2025 12:15

vercel bot had a problem deploying to Preview January 28, 2025 12:16 Failure

renovate bot force-pushed the renovate/trivago-prettier-plugin-sort-imports-5.x branch from 1931581 to 9e5470b Compare August 10, 2025 14:42

renovate bot force-pushed the renovate/trivago-prettier-plugin-sort-imports-5.x branch from 9e5470b to e65ea10 Compare August 13, 2025 16:22

vercel bot had a problem deploying to Preview August 13, 2025 16:24 Failure

chore(deps): update dependency @trivago/prettier-plugin-sort-imports …

e96a835

…to v5

renovate bot force-pushed the renovate/trivago-prettier-plugin-sort-imports-5.x branch from e65ea10 to e96a835 Compare August 19, 2025 18:03

vercel bot had a problem deploying to Preview August 19, 2025 18:06 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): update dependency @trivago/prettier-plugin-sort-imports to v5 #927

chore(deps): update dependency @trivago/prettier-plugin-sort-imports to v5 #927

Uh oh!

renovate bot commented Dec 5, 2024 •

edited

Loading

Uh oh!

vercel bot commented Dec 5, 2024 •

edited

Loading

Uh oh!

codesandbox bot commented Dec 5, 2024

Uh oh!

changeset-bot bot commented Dec 5, 2024 •

edited

Loading

Uh oh!

coderabbitai bot commented Dec 5, 2024 •

edited

Loading

Review skipped

Chat

Support

CodeRabbit Commands (Invoked using PR/Issue comments)

Other keywords and placeholders

CodeRabbit Configuration File (`.coderabbit.yaml`)

Status, Documentation and Community

Uh oh!

socket-security bot commented Dec 5, 2024 •

edited

Loading

Uh oh!

vercel bot commented Dec 9, 2024

Uh oh!

gitstream-cm bot commented Jul 21, 2025

Uh oh!

vercel bot commented Aug 10, 2025

Uh oh!

socket-security bot commented Aug 10, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

chore(deps): update dependency @trivago/prettier-plugin-sort-imports to v5 #927

Are you sure you want to change the base?

chore(deps): update dependency @trivago/prettier-plugin-sort-imports to v5 #927

Uh oh!

Conversation

renovate bot commented Dec 5, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v5.2.2

v5.2.1

v5.2.0

v5.1.0

v5.0.1

v5.0.0

New features

Configuration

Uh oh!

vercel bot commented Dec 5, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codesandbox bot commented Dec 5, 2024

Review or Edit in CodeSandbox

Uh oh!

changeset-bot bot commented Dec 5, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ No Changeset found

Uh oh!

coderabbitai bot commented Dec 5, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Chat

Support

CodeRabbit Commands (Invoked using PR/Issue comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Status, Documentation and Community

Uh oh!

socket-security bot commented Dec 5, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

vercel bot commented Dec 9, 2024

Uh oh!

gitstream-cm bot commented Jul 21, 2025

Uh oh!

vercel bot commented Aug 10, 2025

Uh oh!

socket-security bot commented Aug 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

renovate bot commented Dec 5, 2024 •

edited

Loading

`v5.2.2`

`v5.2.1`

`v5.2.0`

`v5.1.0`

`v5.0.1`

`v5.0.0`

vercel bot commented Dec 5, 2024 •

edited

Loading

changeset-bot bot commented Dec 5, 2024 •

edited

Loading

coderabbitai bot commented Dec 5, 2024 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)

socket-security bot commented Dec 5, 2024 •

edited

Loading

socket-security bot commented Aug 10, 2025 •

edited

Loading