chore(deps): update dependency immer to v10.1.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
immer	10.1.1 -> 10.1.3

---

Release Notes

immerjs/immer (immer)

v10.1.3

Compare Source

Bug Fixes

• Mark exports as pure, for better tree-shakability (#​1124) (85faaa2)

v10.1.2

Compare Source

Bug Fixes

• non-enumerable (immutable) methods on Map/Set (#​1069) (aa24400)
• Update package.json exports for react-native (#​1159) (b2fcc66)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4cba9ac

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 4cba9ac

Command	Status	Duration	Result
nx run-many -t build	✅ Succeeded	<1s	View ↗
nx affected -t build typecheck lint test e2e-ci	✅ Succeeded	1m 2s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-10-21 22:31:50 UTC

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.75%. Comparing base (6b110df) to head (4cba9ac).

❌ Your project status has failed because the head coverage (18.75%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #403   +/-   ##
=======================================
  Coverage   18.75%   18.75%           
=======================================
  Files         138      138           
  Lines       27368    27368           
  Branches      951      951           
=======================================
  Hits         5132     5132           
  Misses      22236    22236           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed a213407 to https://ForgeRock.github.io/ping-javascript-sdk/pr-403/a2134073b9ade045482b9eb13ca9472bf0ed5442 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🆕 New Packages

🆕 @forgerock/device-client - 9.2 KB (new)
🆕 @forgerock/oidc-client - 23.0 KB (new)
🆕 @forgerock/protect - 150.1 KB (new)
🆕 @forgerock/sdk-utilities - 7.5 KB (new)
🆕 @forgerock/journey-client - 0.0 KB (new)
🆕 @forgerock/journey-client - 82.0 KB (new)
🆕 @forgerock/sdk-types - 8.0 KB (new)
🆕 @forgerock/storage - 1.4 KB (new)
🆕 @forgerock/sdk-logger - 1.6 KB (new)
🆕 @forgerock/iframe-manager - 2.4 KB (new)
🆕 @forgerock/sdk-request-middleware - 4.4 KB (new)
🆕 @forgerock/sdk-oidc - 2.5 KB (new)
🆕 @forgerock/davinci-client - 34.5 KB (new)

---

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

Nx Cloud has identified a possible root cause for your failed CI:

The analysis reveals this is a flaky test issue unrelated to the dependency update:

Why this is classified as 'flaky_task':

The PR only updates immer from v10.1.1 to v10.1.3 (a patch version bump) and related transitive dependencies in the lockfile. The immer library is used by @reduxjs/toolkit for immutable state management in the davinci-client package. A patch-level update to this dependency would not affect:

• The rendering logic in /home/workflows/workspace/e2e/davinci-app/main.ts that displays error messages
• The DaVinci API's response status (error vs continue)
• The PingOne Risk evaluation service's behavior
• The DOM manipulation or Playwright's ability to locate elements

Root cause of the test failure:

The tests expect the DaVinci backend to detect bot behavior and return status === 'error', which would trigger the renderError() function to display the blocking message. However, the application is receiving status === 'continue' instead, so the error rendering path is never executed.

This indicates the failure is due to:

1. Backend service behavior (PingOne Risk not flagging the test as a bot)
2. Test environment state (geolocation, user agent, or protect SDK data not triggering risk detection)
3. External service availability or configuration issues

The protect.test.ts uses a 'fakeprofile' for the Protect SDK collector, which may not reliably trigger the risk evaluation service to return an error status. This type of integration test dependency on external service behavior is a classic symptom of test flakiness.

No code changes are warranted because:

• The dependency update is unrelated to the test failure mechanism
• The test failure is environmental, not code-based
• Fixing would require investigation into the DaVinci flow configuration or PingOne Risk service behavior, not application code changes

A code change would likely not resolve this issue, so no action was taken.

View in Nx Cloud ↗

_{🎓 To learn more about Self Healing CI, please visit nx.dev}

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@403

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@403

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@403

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@403

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@403

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@403

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@403

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@403

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@403

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@403

commit: 4cba9ac