Skip to content

build(deps-dev): bump sinon from 17.0.2 to 22.0.0#684

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/sinon-22.0.0
Open

build(deps-dev): bump sinon from 17.0.2 to 22.0.0#684
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/sinon-22.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Copy link
Copy Markdown
Contributor

Bumps sinon from 17.0.2 to 22.0.0.

Changelog

Sourced from sinon's changelog.

22.0.0

  • ed911df5 Update Ruby gems (Carl-Erik Kopseng)
  • 75a1e5b8 Update to Node 26 (Carl-Erik Kopseng)
  • 197d6608 Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)
  • c5ddf80b Update fake-timers@15.4: includes new Temporal API (Carl-Erik Kopseng)
  • f4ab02f6 Update updatable packages (Carl-Erik Kopseng)
  • 0536afc8 Quality: Global mutable call id can grow unbounded across long-lived processes (#2691) (tuanaiseo)
    • refactor: global mutable call id can grow unbounded across l

    callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

    Affected files: proxy-invoke.js

    Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com

    • Wrap around for all values that are too high

    Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

  • f4f7d93b Perform additional cleanup when calling callThrough() (#2670) (Cyrille)
  • 6199e9e4 improve GitHubworkflows by introducing zizmor for monitoring (#2686) (Till!)
    • fix(workflows): fetch-depth is for actions/checkout
    • chore(workflows): update
    • pin all actions to precise commits
    • avoid credential leakage from actions/checkout
    • group action updates going forward
    • add zimor config to ignore "secrets outside env"
    • add job to keep validating workflows
  • f7476b59 Use path.normalize() for path normalization (Carl-Erik Kopseng)
  • 2c975393 fix: make build and node test scripts cross-platform (laplace young)
  • a7692917 fix: isolate walk state from Object prototype (laplace young)
  • 66df977a Fix sinon.restore() cascade-restoring sub-sandboxes (#2704) (Charlie Leitheiser)

    The ESM port of createApi (#2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

... (truncated)

Commits
  • 52555af 22.0.0
  • ed911df Update Ruby gems
  • 75a1e5b Update to Node 26
  • 197d660 Update documentation on faking timers to reflect the current state of fake-ti...
  • c5ddf80 Update fake-timers@15.4: includes new Temporal API
  • f4ab02f Update updatable packages
  • 0536afc Quality: Global mutable call id can grow unbounded across long-lived processe...
  • f4f7d93 Perform additional cleanup when calling callThrough() (#2670)
  • 6199e9e improve GitHubworkflows by introducing zizmor for monitoring (#2686)
  • 1519009 Merge #2703: isolate walk state from Object prototype
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sinon-22.0.0 branch from 6762f07 to 2dc72ee Compare May 28, 2026 10:47

@DeepDiver1975 DeepDiver1975 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do not merge as-is — failing CI and a conflict.

  • JS Unit / Javascript Unit fails on this PR (job); the same check is green on other open PRs, so the sinon ^17 → ^22 major bump breaks the specs.
  • sinon 22 spans five majors of breaking changes; the old adapters karma-jasmine-sinon ^1.0.4 / jasmine-sinon ^0.4.0 are likely incompatible with sinon 22 and need bumping/replacing too.
  • PR is also CONFLICTING/DIRTY — needs a rebase on the current base branch.

Rebase, adapt specs/adapters to sinon 22, then re-run CI.

🤖 Generated with Claude Code

@dj4oC dj4oC left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Security: No security-relevant change — sinon is a test-only devDependency.
  • Stability: Major version bump (sinon 17→22, spans 5 majors). CI is red: JS Unit / Javascript Unit fails on this PR while green on other open PRs, confirming the bump breaks specs. The pinned karma-jasmine-sinon/jasmine-sinon adapters likely need bumping too.
  • Performance: N/A
  • Test coverage: N/A (test-infra bump, not product code)
  • TODOs found: 0
  • Dependency touched: yes — sinon (devDependency, npm)
  • CI status: red — JS Unit failing

Verdict

Do not merge as-is — needs spec/adapter fixes for the sinon 22 API before this major bump can land.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

@DeepDiver1975

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [sinon](https://github.com/sinonjs/sinon) from 17.0.2 to 22.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/CHANGES.md)
- [Commits](sinonjs/sinon@v17.0.2...v22.0.0)

---
updated-dependencies:
- dependency-name: sinon
  dependency-version: 22.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sinon-22.0.0 branch from 2dc72ee to 0834891 Compare July 13, 2026 11:01
@dependabot dependabot Bot requested a review from a team as a code owner July 13, 2026 11:01
@DeepDiver1975

Copy link
Copy Markdown
Member

Holding: CI is failing (not a rebase conflict). Failing check(s): JS Unit / Javascript Unit. A rebase won't fix this — needs a human/upstream fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants