Skip to content

Bump pako and @types/pako#381

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-e55b6ca5c5
Open

Bump pako and @types/pako#381
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-e55b6ca5c5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps pako and @types/pako. These dependencies needed to be updated together.
Updates pako from 1.0.11 to 2.1.0

Changelog

Sourced from pako's changelog.

[2.1.0] - 2022-11-07

Changed

  • Sync with zlib 1.2.12.

Fixed

  • Updated comments in tree.js for Babel compatibility, #262.

[2.0.4] - 2021-07-29

Fixed

  • Use TextEncoder and TextDecoder if available, #228.
  • Use pre-generated fixtures instead of node.js zlib.

[2.0.3] - 2021-01-09

Fixed

  • Add all files explicit to package exports (since behaviour changed after adding .export field)

[2.0.2] - 2020-11-19

Fixed

  • Fix esm build named exports.

[2.0.1] - 2020-11-17

Changed

  • Changed esm build .js => .mjs to fix node.js import.
  • Added module entry in package.json for some bundlers.

[2.0.0] - 2020-11-17

Changed

  • Removed binary strings and Array support.
  • Removed fallbacks for TypedArray methods (.set(), .subarray()).
  • Rewritten top-level wrappers.
  • Removed support of Inflate & Deflate instance create without new.
  • Inflate.push() no longer needs second param (end is auto-detected).
  • Increased default inflate chunk size to 64K.
  • Moved exported constants to .constants.
  • Switched to es6. Legacy es5 builds available in /dist.
  • Added esm build.
  • Structure of /dist folder changed.
  • Upgraded build tools to modern ones.
Commits
  • 3c06216 2.1.0 released
  • b61f524 dist rebuild
  • 23c773e Update comments in tree.js for Babel compatibility
  • 174a1d1 Ensure backward compatibility for headers.extra
  • 77f1c17 Don't bother computing check value after successful inflateSync().
  • a194382 Fix a bug that can crash deflate on some input when using Z_FIXED.
  • 8a1cdad Fix deflateEnd() to not report an error at start of raw deflate.
  • 4dd6658 Fix bug when window full in deflate_stored().
  • b579434 Limit hash table inserts after switch from stored deflate.
  • 2326b42 Permit a deflateParams() parameter change as soon as possible.
  • Additional commits viewable in compare view

Updates @types/pako from 1.0.7 to 2.0.4

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 6, 2026
kevinelliott
kevinelliott reviewed Apr 25, 2026
View reviewed changes

@kevinelliott kevinelliott left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verdict: Hold (Blocker)

This bumps pako from ^1.0.11 -> ^2.1.0 (and @types/pako 1.x -> 2.x). This is a major version bump and is intentionally pinned to 1.x in this repo because pako 2.x has CJS/Jest interop issues (ESM-only entry points, breaking changes around Inflate/Deflate API, dropped binary-string/Array support). This library publishes both CJS and ESM bundles via tsup, so we need the 1.x line.

CI status: All build matrix jobs (20.x / 22.x / 24.x / latest) are failing on this PR, consistent with the pako 2.x compatibility concern.

Recommendation: Close this PR and tell Dependabot to ignore the pako major:

  • @dependabot ignore this major version

If/when we want to migrate to pako 2.x, it should be a deliberate, separate PR that updates the import sites and Jest config to handle the ESM build, not an automated dep bump.

@makrsmark

makrsmark commented Jun 7, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-e55b6ca5c5 branch from d29c394 to c38cad7 Compare June 7, 2026 11:51
@makrsmark

makrsmark commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

@dependabot
Bump pako and @types/pako
6677e93 
Bumps [pako](https://github.com/nodeca/pako) and [@types/pako](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/pako). These dependencies needed to be updated together.

Updates `pako` from 1.0.11 to 2.1.0
- [Changelog](https://github.com/nodeca/pako/blob/master/CHANGELOG.md)
- [Commits](nodeca/pako@1.0.11...2.1.0)

Updates `@types/pako` from 1.0.7 to 2.0.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/pako)

---
updated-dependencies:
- dependency-name: "@types/pako"
  dependency-version: 2.0.4
  dependency-type: direct:development
  update-type: version-update:semver-major
- dependency-name: pako
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-e55b6ca5c5 branch from c38cad7 to 6677e93 Compare June 8, 2026 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevinelliott kevinelliott kevinelliott left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@makrsmark @kevinelliott