chore: package upgrades by KevinVandy · Pull Request #6278 · TanStack/table

KevinVandy · 2026-05-20T21:40:53Z

🎯 Changes

✅ Checklist

I have followed the steps in the Contributing guide.
I have tested this code locally with pnpm test:pr.

Summary by CodeRabbit

Chores
- Bumped pnpm package manager version across project manifests.
- Updated dev tooling and type packages (Node types, @types/react, vue-tsc, vitest, ESLint plugin).
- Updated example dependencies (Svelte, date-fns, Angular CDK, UI libs, and TanStack query/virtual packages).
- Routine maintenance to keep examples and tooling compatible with recent releases.

coderabbitai · 2026-05-20T21:41:12Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 54478d3d-8419-4277-ac0b-0eb21cb99ebd

📥 Commits

Reviewing files that changed from the base of the PR and between 1e53e72 and eac42a6.

📒 Files selected for processing (1)

examples/svelte/virtualized-infinite-scrolling/package.json

📝 Walkthrough

Walkthrough

Bumps many example and package dependency/version pins (pnpm packageManager, framework runtimes, TanStack libs, type defs) and updates workspace trustPolicy exclusions.

Changes

Dependency version bumps across all examples and packages

Layer / File(s)	Summary
Root package manager and devtools updates `package.json`, `pnpm-workspace.yaml`	Updates `packageManager` to `pnpm@11.1.3`, bumps `@types/node` and `vitest`, and adds `trustPolicyExclude` to workspace config.
Angular examples and deps `examples/angular/*/package.json`	Bumps Angular example `packageManager` entries to `pnpm@11.1.3`; updates `@angular/cdk` and `@types/node` in specific Angular examples.
React examples and deps `examples/react//package.json`, `packages/react-table/package.json`	Bumps `@types/react` across React examples and core packages; updates example-specific deps (`@tanstack/react-*`, `date-fns`, `postcss`, etc.).
Svelte examples and package `examples/svelte/*/package.json`, `packages/svelte-table/package.json`	Bumps `svelte` devDependency to `^5.55.9` and related `@tanstack/svelte-*` example deps.
Vue examples and deps `examples/vue/*/package.json`	Bumps dev tooling (`@types/node`, `vue-tsc`) and updates `@tanstack/vue-*` where present.
Lit, Preact, Solid, Vanilla examples `examples/lit/`, `examples/preact/`, `examples/solid/`, `examples/vanilla/`	Patch bumps for `@tanstack/*` libs and minor dev dependency updates.
All other example metadata updates `examples///package.json`	Various minor dependency/devDependency patch bumps across examples (type defs, virtual libs, query libs).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

TanStack/table#6272: Related workspace pnpm trustPolicy changes.

Suggested reviewers

schiller-manuel

🐰 Dependencies hop and sway,

Versions nudged, then on their way,
pnpm, svelte, React types too—
A rabbit cheers the repo through. 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: package upgrades' accurately summarizes the primary change across the entire changeset: systematic updates to multiple package dependencies throughout the project.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch package-upgrades

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

nx-cloud · 2026-05-20T21:41:18Z

View your CI Pipeline Execution ↗ for commit eac42a6

Command	Status	Duration	Result
`nx affected --targets=test:eslint,test:sherif,t...`	✅ Succeeded	53s	View ↗
`nx run-many --targets=build --exclude=examples/**`	✅ Succeeded	<1s	View ↗

☁️ Nx Cloud last updated this comment at 2026-05-21 20:54:39 UTC

socket-security · 2026-05-20T21:43:59Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@tanstack/router-vite-plugin@1.167.7
	@tanstack/svelte-virtual@3.13.25
	@tanstack/react-virtual@3.13.25
	@tanstack/vue-virtual@3.13.25
	@tanstack/solid-virtual@3.13.25
	@tanstack/svelte-query@6.1.30
	@tanstack/solid-router@1.170.5
	@tanstack/preact-query@5.100.11
	@angular/cdk@21.2.12
	@types/react@19.2.15
	@tanstack/react-router@1.170.5
	@types/node@25.9.1
	postcss@8.5.15
	@tanstack/lit-virtual@3.13.26
	@tanstack/solid-query@5.100.11
	svelte@5.55.9
	@tanstack/react-query@5.100.11
	date-fns@4.2.1
	@base-ui/react@1.5.0
	vue-tsc@3.2.9 ⏵ 3.3.1
	@eslint-react/eslint-plugin@5.8.3
	@tanstack/vue-query@5.100.11

View full report

socket-security · 2026-05-20T21:44:01Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Publisher changed: npm `content-type` is now published by blakeembrey Author: blakeembrey From: pnpm-lock.yaml → `npm/express@5.2.1` → `npm/content-type@2.0.0` ℹ Read more on: This package \| This alert \| What is unstable ownership? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/content-type@2.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `svelte` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: examples/svelte/basic-app-table/package.json → `npm/svelte@5.55.9` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/svelte@5.55.9`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm `type-is` is now published by blakeembrey Author: blakeembrey From: pnpm-lock.yaml → `npm/express@5.2.1` → `npm/type-is@2.1.0` ℹ Read more on: This package \| This alert \| What is unstable ownership? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/type-is@2.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm `eslint-plugin-react-jsx` Location: Package overview From: pnpm-lock.yaml → `npm/@eslint-react/eslint-plugin@5.8.3` → `npm/eslint-plugin-react-jsx@5.8.3` ℹ Read more on: This package \| This alert \| What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/eslint-plugin-react-jsx@5.8.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

nx-cloud

Important

At least one additional CI pipeline execution has run since the conclusion below was written and it may no longer be applicable.

Nx Cloud is proposing a fix for your failed CI:

We fix the table:test:sherif failure by restoring alphabetical order of devDependencies in examples/svelte/virtualized-infinite-scrolling/package.json. The package upgrade PR accidentally placed @tanstack/svelte-virtual before @tanstack/svelte-table, which violates the workspace's sherif unordered-dependencies rule. Swapping the two entries back into alphabetical order (table before virtual) resolves the failure while preserving all updated version numbers.

Warning

❌ We could not verify this fix.
The suggested diff is too large to display here, but you can view it on Nx Cloud ↗

Or Apply changes locally with:

npx nx-cloud apply-locally Grjw-TPw8

Apply fix locally with your editor ↗ View interactive diff ↗

_{🎓 Learn more about Self-Healing CI on nx.dev}

pkg-pr-new · 2026-05-21T20:41:59Z

More templates

@tanstack/angular-table

npm i https://pkg.pr.new/TanStack/table/@tanstack/angular-table@6278

@tanstack/lit-table

npm i https://pkg.pr.new/TanStack/table/@tanstack/lit-table@6278

@tanstack/match-sorter-utils

npm i https://pkg.pr.new/TanStack/table/@tanstack/match-sorter-utils@6278

@tanstack/preact-table

npm i https://pkg.pr.new/TanStack/table/@tanstack/preact-table@6278

@tanstack/preact-table-devtools

npm i https://pkg.pr.new/TanStack/table/@tanstack/preact-table-devtools@6278

@tanstack/react-table

npm i https://pkg.pr.new/TanStack/table/@tanstack/react-table@6278

@tanstack/react-table-devtools

npm i https://pkg.pr.new/TanStack/table/@tanstack/react-table-devtools@6278

@tanstack/solid-table

npm i https://pkg.pr.new/TanStack/table/@tanstack/solid-table@6278

@tanstack/solid-table-devtools

npm i https://pkg.pr.new/TanStack/table/@tanstack/solid-table-devtools@6278

@tanstack/svelte-table

npm i https://pkg.pr.new/TanStack/table/@tanstack/svelte-table@6278

@tanstack/table-core

npm i https://pkg.pr.new/TanStack/table/@tanstack/table-core@6278

@tanstack/table-devtools

npm i https://pkg.pr.new/TanStack/table/@tanstack/table-devtools@6278

@tanstack/vue-table

npm i https://pkg.pr.new/TanStack/table/@tanstack/vue-table@6278

@tanstack/vue-table-devtools

npm i https://pkg.pr.new/TanStack/table/@tanstack/vue-table-devtools@6278

commit: eac42a6

chore: package upgrades

72f48ce

KevinVandy added 2 commits May 21, 2026 15:17

Merge branch 'alpha' into package-upgrades

15aa372

regen lock file and add trustPolicyExclude

1e53e72

nx-cloud Bot reviewed May 21, 2026

View reviewed changes

fix order

eac42a6

KevinVandy merged commit 3570290 into alpha May 21, 2026
9 of 10 checks passed

KevinVandy deleted the package-upgrades branch May 21, 2026 20:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: package upgrades#6278

chore: package upgrades#6278
KevinVandy merged 4 commits into
alphafrom
package-upgrades

KevinVandy commented May 20, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

coderabbitai Bot commented May 20, 2026 •

edited

Loading

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Suggested reviewers

Uh oh!

nx-cloud Bot commented May 20, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 20, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 20, 2026 •

edited

Loading

Uh oh!

nx-cloud Bot left a comment •

edited

Loading

Uh oh!

pkg-pr-new Bot commented May 21, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

KevinVandy commented May 20, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎯 Changes

✅ Checklist

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Suggested reviewers

Uh oh!

nx-cloud Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nx-cloud Bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Nx Cloud is proposing a fix for your failed CI:

Uh oh!

pkg-pr-new Bot commented May 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

KevinVandy commented May 20, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 20, 2026 •

edited

Loading

nx-cloud Bot commented May 20, 2026 •

edited

Loading

socket-security Bot commented May 20, 2026 •

edited

Loading

socket-security Bot commented May 20, 2026 •

edited

Loading

nx-cloud Bot left a comment •

edited

Loading

pkg-pr-new Bot commented May 21, 2026 •

edited

Loading