Skip to content

fix(deps): update lucide monorepo (major) #911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
+377 −140
Open

fix(deps): update lucide monorepo (major) #911

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dashboard/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"clsx": "^2.1.1",
"cmdk": "^1.1.1",
"date-fns": "^4.1.0",
"lucide-react": "^0.577.0",
"lucide-react": "^1.0.0",

@doubleword-code doubleword-code Bot May 13, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Consider being more explicit about the minimum version.

Why it matters: Using ^1.0.0 allows pnpm to auto-update to any 1.x version. While the lockfile pins 1.14.0 for reproducible builds, being explicit about the minimum tested version helps future maintainers understand what version was actually tested.

Since 1.0.0 was an accidental release, specifying ^1.0.0 might give the impression that 1.0.0 was intentionally targeted.

Suggested fix: Consider updating to "^1.14.0" or at minimum "^1.0.1" (to skip the accidental 1.0.0 release) to be explicit about the minimum version with known compatibility.

@doubleword-code doubleword-code Bot May 13, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The lucide-react update to v1 is safe. According to the official migration guide, the only breaking change in v1 is the removal of brand icons (GitHub, Facebook, Twitter, etc.), and none of those icons are used in this codebase. The icon API and props remain unchanged.

Why it matters: Major version bumps can introduce breaking changes. In this case, the migration is straightforward because:

  1. No brand icons are imported (verified via grep)
  2. The React component API is identical between v0.x and v1.x
  3. Peer dependencies support React 19 which is already in use

Suggested fix: No change needed to this line. However, ensure the full test suite passes after the update.

@doubleword-code doubleword-code Bot May 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The lucide-react upgrade from 0.577.0 to ^1.0.0 (resolves to 1.14.0) is safe for this codebase.

Why it matters: Lucide v1 removed several brand icons (Github, Gitlab, Facebook, etc.) as documented in the migration guide. I verified via grep that none of these removed icons are imported anywhere in the codebase. Additionally, v1 now sets aria-hidden="true" by default, which is an accessibility improvement.

Suggested fix: No action required, but consider pinning to a specific version (e.g., 1.14.0) instead of using a caret range for more predictable builds.

@doubleword-code doubleword-code Bot May 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The lucide-icons maintainers noted that v1.0.0 was "published unintentionally" and recommended using v1.0.1+ instead (see release notes).

Why it matters: Using an unintentionally published version may indicate potential instability or issues that were fixed in subsequent patch releases.

Suggested fix: Consider updating to "lucide-react": "^1.0.1" or the latest stable version to follow maintainer guidance.

@doubleword-code doubleword-code Bot May 19, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Major version upgrade from 0.577.0 to 1.x. According to Lucide's v1 migration guide, the main breaking changes are:

  1. Brand icons removed (GitHub, Twitter, Facebook, Figma, etc.) - I verified the codebase doesn't use any of these icons
  2. aria-hidden="true" by default - Actually improves accessibility for decorative icons
  3. UMD build removed - Not relevant since this project uses Vite/ESM

The lockfile resolves to 1.16.0, which is correct (v1.0.0 was accidentally published; v1.0.1+ should be used per the release notes).

Suggested verification: Run the frontend dev server and verify all icons render correctly, especially in modals, dropdowns, and tables where icons are heavily used.

@doubleword-code doubleword-code Bot May 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Major version upgrade from v0.577.0 to v1.x.

Why it matters: Lucide v1 removed several brand icons (Github, Figma, Slack, LinkedIn, etc.) and now sets aria-hidden="true" by default. Fortunately, this codebase doesn't use any of the removed icons, so the upgrade is safe from a breaking change perspective. The aria-hidden change is actually an accessibility improvement.

Suggested fix: No action needed, but verify all icons render correctly after merge.

@doubleword-code doubleword-code Bot May 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider pinning to a more specific version or verifying compatibility with lucide-react v1 breaking changes.

Why it matters: The lucide-react v1 release includes breaking changes:

  • aria-hidden is now set by default on icons (generally positive for accessibility)
  • Brand icons were removed (grep confirms none are used in this codebase)
  • UMD build removed (only affects browser CDN usage)

Since this uses ^1.0.0, it will resolve to 1.16.0 which is after the fixed v1.0.1 release, so the unintentional v1.0.0 issues are avoided.

Suggested fix: No action required if testing confirms all icons render correctly. Consider adding a note in changelog about the aria-hidden behavior change if accessibility testing reveals any issues.

@doubleword-code doubleword-code Bot May 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider using a more specific version like ^1.16.0 instead of ^1.0.0. The v1.0.0 release was published unintentionally according to the maintainers, and while your ^1.0.0 specifier resolves to 1.16.0 (the current latest), being explicit about the minimum tested version provides better clarity and avoids any confusion about the accidental v1.0.0 tag.

Why it matters: While functionally equivalent today, being explicit about the actual minimum version you've tested against is a good practice for dependency management.

Suggested fix: Change to "lucide-react": "^1.16.0" or whatever the current latest stable version is at merge time.

@doubleword-code doubleword-code Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider using a more precise version specifier like "^1.16.0" or "~1.16.0" instead of "^1.0.0".

Why it matters: Using ^1.0.0 allows any 1.x version to be installed, which could introduce unexpected changes or new icons being added/modified in future minor versions. While lucide-react has been stable, pinning to the current resolved version (1.16.0 as shown in the lockfile) provides more deterministic builds.

Suggested fix: Update to "lucide-react": "^1.16.0" to lock to the current minor version while still receiving patch updates.

@doubleword-code doubleword-code Bot May 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Major version upgrade from ^0.577.0 to ^1.0.0 (pnpm resolved to 1.16.0).

Why it matters: Lucide v1 includes breaking changes such as removed brand icons and renamed icons (FingerprintFingerprintPattern, text-selectsquare-dashed-text). However, I've verified that none of the affected icons are used in this codebase, so the upgrade should be safe.

The v1 release also includes improvements like aria-hidden="true" set by default (better accessibility) and various visual refinements to icons.

Suggested fix: No action required, but consider pinning to a specific minor version (e.g., ^1.16.0) if you want more control over when icon visual changes are introduced.

@doubleword-code doubleword-code Bot May 26, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The lucide-react v1 upgrade looks safe.

Why it matters: I verified that none of the 14 removed brand icons (Chromium, Codepen, Codesandbox, Dribbble, Facebook, Figma, Framer, Github, Gitlab, Instagram, LinkedIn, Pocket, RailSymbol, Slack) are used anywhere in the codebase. The main breaking change affecting this project is that aria-hidden is now set by default on all icons, which is actually an accessibility improvement and shouldn't cause any visual or functional regressions.

Suggested fix: No code changes needed. Consider testing the dashboard visually to confirm all icons render correctly, especially if any custom styling was applied to icon containers.

@doubleword-code doubleword-code Bot May 26, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: The lucide-react update from v0.577.0 to v1.x is clean — verified that none of the removed brand icons (Facebook, GitHub, Slack, etc.) are used in the codebase.

Note that per the Lucide v1 migration guide, the following brand icons were removed: Chromium, Codepen, Codesandbox, Dribbble, Facebook, Figma, Framer, Github, Gitlab, Instagram, LinkedIn, Pocket, RailSymbol, Slack.

Grep confirmed none of these are imported. The text references to "Slack" and "github" in tests are just string data (webhook URLs, usernames), not icon imports.

One behavioral change to be aware of: aria-hidden="true" is now set by default on all icons, which improves accessibility but may affect any custom accessibility implementations.

@doubleword-code doubleword-code Bot Jun 1, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Major version bump from 0.577.0 to 1.0.0.

Why it matters: Lucide v1.0.0 removed all brand icons (Github, Facebook, Twitter, etc.) as a breaking change. Fortunately, searching the codebase shows no brand icons are currently imported, so this won't break existing functionality.

Suggested fix: Consider pinning to a more specific version like "^1.17.0" or verifying which specific icons your app uses against the v1.x icon set. Also consider adding a note about this upgrade path for future maintenance.

@doubleword-code doubleword-code Bot Jun 1, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The lucide-react v1 upgrade is safe for this codebase.

Why it matters: Lucide v1 removed all brand icons (GitHub, Facebook, Instagram, LinkedIn, Dribbble, Figma, Framer, Slack, Pocket, Codepen, Codesandbox, Chromium, RailSymbol) due to trademark concerns. However, I've verified the codebase only uses generic icons like Check, X, Users, AlertTriangle, etc. — none of the removed brand icons are present.

The other v1 changes (aria-hidden="true" by default, removed UMD builds) don't impact this React-based application.

Suggested fix: No action needed — this upgrade is compatible. Just ensure the pnpm overrides issue (separate comment) is resolved first.

@doubleword-code doubleword-code Bot Jun 1, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking: Version specifier ^1.0.0 allows installation of the broken v1.0.0 release.

Why it matters: According to the official Lucide release notes, v1.0.0 "was published unintentionally" and the maintainers explicitly state "We've corrected this in v1.0.1, which should be used instead." While the lockfile correctly pins 1.17.0, anyone doing a fresh install without the lockfile (or with --no-lockfile) could receive the broken 1.0.0 release.

Suggested fix: Change the version specifier to "^1.0.1" at minimum, or preferably "^1.17.0" to match what's already in the lockfile:

"lucide-react": "^1.17.0",

@doubleword-code doubleword-code Bot Jun 1, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The lucide-react upgrade from v0.577.0 to v1.x appears safe based on the release notes. All currently used icons in the codebase (CheckIcon, X, ChevronDown, etc.) remain available in v1.17.0 with the same API. The peer dependency range includes React 19 which you're using.

Why it matters: Major version upgrades can sometimes introduce breaking changes. However, lucide-react v1.x maintains backward compatibility with the icon component API and exports.

@doubleword-code doubleword-code Bot Jun 2, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider updating to ^1.0.1 instead of ^1.0.0.

Why it matters: According to the official release notes, version 1.0.0 "was published unintentionally" and the maintainers recommend using v1.0.1 instead. While 1.0.1 is primarily a corrective release, using the intended stable version is better practice.

Suggested fix: Change the version specifier to "^1.0.1" and run pnpm install to update the lockfile.

@doubleword-code doubleword-code Bot Jun 2, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The lucide-react upgrade to v1 appears safe. Per the migration guide (https://lucide.dev/guide/react/migration), v1 removes brand icons, but I verified the codebase doesn't import any of the removed icons (GitHub, Facebook, Instagram, LinkedIn, Twitter, Dribbble, Figma, Framer, Codepen, Codesandbox, Chromium, Pocket, RailSymbol, Slack).

Why it matters: The PR title says "update dependency lucide-react to v1" but the lockfile changes include much more than just this dependency update. The scope creep in the lockfile is the real concern here.

Suggested fix: No change needed to this line itself, but ensure the lockfile regeneration preserves the pnpm overrides.

@doubleword-code doubleword-code Bot Jun 4, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking: This version tag should be ^1.0.1 (or higher) instead of ^1.0.0.

Why it matters: According to the official Lucide release notes, v1.0.0 was "published unintentionally" and the maintainers explicitly state that v1.0.1 "should be used instead". While v1.0.0 may function correctly, pinning to an unintentionally-published version could miss critical fixes that were included in v1.0.1.

Source: Lucide v1.0.0 Release Notes: "Warning: This release was published unintentionally. We've corrected this in v1.0.1, which should be used instead."

Suggested fix: Change the version constraint to "lucide-react": "^1.0.1" or simply "lucide-react": "^1" to track the latest v1.x releases.

@doubleword-code doubleword-code Bot Jun 5, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Major version upgrade from v0.577.0 to v1.x is acceptable.

Why it matters: According to the Lucide v1 migration guide, the only breaking change in v1.0 is the removal of brand icons (Github, Facebook, Figma, Framer, Instagram, LinkedIn, Pocket, Slack, Dribbble, Codepen, Codesandbox, Chromium, Gitlab). A grep search confirms none of these icons are imported in this codebase.

Suggested fix: No fix needed, but verify all icon imports still work by running the frontend dev server and checking for any console warnings about missing icons.

@doubleword-code doubleword-code Bot Jun 11, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider updating to ^1.0.1 instead of ^1.0.0.

Why it matters: According to the v1.0.0 release notes, version 1.0.0 was "published unintentionally" and the maintainers recommend using v1.0.1 instead. While v1.0.0 functions correctly, using the intended first stable release is better practice.

Suggested fix: Change to "lucide-react": "^1.0.1" and regenerate the lockfile.

@doubleword-code doubleword-code Bot Jun 12, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider using a more specific version like ^1.17.0 to make the intent clearer.

Why it matters: While ^1.0.0 is semantically correct and will get all v1.x updates, specifying ^1.17.0 (the current latest) makes it explicit that you've tested against the current version and intend to stay on the v1.x track. It also avoids confusion since v1.0.0 was published unintentionally.

Suggested fix: Update to:

"lucide-react": "^1.17.0",

Or keep as-is if you prefer the looser constraint - functionally equivalent since pnpm locked it to 1.17.0.

@doubleword-code doubleword-code Bot Jun 12, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider using ^1.0.1 or higher instead of ^1.0.0.

Why it matters: According to the official release notes, v1.0.0 was "published unintentionally" and v1.0.1 was released as the corrected version. While npm's semver resolution with ^1.0.0 will pull in 1.17.0 (the latest 1.x), being explicit about avoiding the accidental release is cleaner.

Suggested fix: Change to "lucide-react": "^1.0.1" or simply keep as-is since the caret range already resolves to a safe version (current pnpm-lock shows 1.17.0). This is minor housekeeping rather than a functional issue.

@doubleword-code doubleword-code Bot Jun 15, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: The version specifier ^1.0.0 references a release that was published unintentionally according to the Lucide release notes.

Why it matters: The maintainers explicitly state "This release was published unintentionally. We've corrected this in v1.0.1, which should be used instead." While the lockfile resolves to 1.18.0 (which is fine), the specifier should ideally point to a valid minimum version.

Suggested fix: Update to "lucide-react": "^1.0.1" to reference the correct minimum version, or use the latest stable version.

@doubleword-code doubleword-code Bot Jun 15, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider using ^1.0.1 instead of ^1.0.0.

Why it matters: According to the v1.0.0 release notes, version 1.0.0 was "published unintentionally" and the maintainers corrected this in v1.0.1. While v1.0.0 works, using the intentional release is better practice.

Suggested fix: Change specifier to "^1.0.1" or simply "^1.18.0" (the current latest resolved version shown in the lockfile) to skip the accidental release.

@doubleword-code doubleword-code Bot Jun 16, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Major version upgrade from 0.577.0 to 1.x.

Why it matters: Lucide v1 removed all brand icons (Github, Facebook, Instagram, LinkedIn, etc.) as documented in their migration guide. However, I've verified the codebase doesn't use any of these removed icons.

Suggested fix: No action needed for icon compatibility. Just ensure visual regression testing passes since some icons may have subtle design changes between versions.

@doubleword-code doubleword-code Bot Jun 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: The lucide-react 1.0.0 release was published unintentionally according to the maintainers, who recommend using v1.0.1+ instead.

Why it matters: Since the semver range is ^1.0.0, pnpm resolves this to 1.21.0 (as shown in the lockfile), so this is not a practical issue. The latest 1.x version includes all the fixes from 1.0.1+.

Suggested fix: No action required — the resolution to 1.21.0 is correct. Consider updating the comment in your headnote that 1.0.0 was accidentally published, but the caret range handles this correctly.

@doubleword-code doubleword-code Bot Jun 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking: Consider using ^1.0.1 instead of ^1.0.0.

Why it matters: According to the v1.0.0 release notes, version 1.0.0 was "published unintentionally" and v1.0.1 should be used instead. While ^1.0.0 does resolve to 1.21.0 (which includes all fixes), being explicit about ^1.0.1 makes the intent clearer and avoids any confusion about the accidentally-published v1.0.0.

Suggested fix: Change to "lucide-react": "^1.0.1" for clarity, or keep as-is since the resolved version (1.21.0) is correct.

"next-themes": "^0.4.6",
"openai": "^6.0.0",
"react": "^19.1.1",
Expand Down
Loading
Loading