Skip to content

Bump @pdc/sdk from 0.35.1 to 0.40.1#271

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pdc/sdk-0.40.1
Open

Bump @pdc/sdk from 0.35.1 to 0.40.1#271
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pdc/sdk-0.40.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps @pdc/sdk from 0.35.1 to 0.40.1.

Changelog

Sourced from @​pdc/sdk's changelog.

Changelog for @​pdc/service

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

0.40.0 2026-06-26

Added

  • Bulk uploads accept an optional pdc_changemaker_id column. When a row supplies a value in that column, the proposal is attached to that exact existing changemaker instead of matching/creating one by organization_tax_id + organization_name. An invalid or unknown id fails the task with a logged error.
  • Added a terminologySet entity that lets funders define custom display labels for opportunities, proposals, and application forms, managed via the /terminologySets endpoints.
  • Added a terminologySet permission scope, inherited from the owning funder, that governs who can view and edit terminology sets.
  • Opportunities can now reference a terminology set owned by the same funder.
  • Funders can now designate a default terminology set.

0.39.0 2026-06-24

Changed

  • Listing opportunities and bulk upload tasks no longer slows down as the number of permission grants grows.
  • Listing application forms and application form fields no longer slows down as the number of permission grants grows.
  • Listing sources no longer slows down as the number of permission grants grows.
  • Listing proposals and changemaker-proposal relationships no longer slows down as the number of permission grants grows.
  • Listing changemaker field values no longer slows down as the number of permission grants grows.
  • Listing permission grants no longer slows down as the number of permission grants grows.

Fixed

  • Funder collaborative endpoints now return 403 (or 404) instead of 401 when an authenticated user lacks permission.
  • POST /opportunities now returns 403 (or 404) instead of 401 when an authenticated user lacks permission on the associated funder.
  • POST /proposals now returns 403 (or 404) instead of 422 when an authenticated user lacks permission on (or cannot view) the associated opportunity.
  • POST /changemakerFieldValueBatches now returns 403 (or 404) instead of 422 when an authenticated user lacks permission to reference (or cannot view) the specified source.
  • POST /changemakerFieldValues now returns 403 when an authenticated user lacks permission to create field values for the specified changemaker, and 404 (instead of 409) when the changemaker, base field, or batch does not exist.
  • POST /changemakerProposals now returns 403 (instead of 422) when an authenticated user lacks permission on the funder associated with the proposal, and 404 (instead of 422) when the associated proposal cannot be viewed or does not exist.
  • POST /sources now returns 403 (instead of 422) when an authenticated user lacks permission to create a source for the specified funder, data provider, or changemaker, and 404 when that organization does not exist.
  • POST /proposalVersions now returns 403 (instead of 422) when an authenticated user lacks permission to edit the proposal or reference the source, and 404 (instead of 409) when the proposal, source, application form, or application form field cannot be viewed or does not exist. A 409 is now returned only when the application form or field is not associated with the proposal.
  • POST /tasks/bulkUploads now returns 403 (instead of 422) when an authenticated user lacks permission to create proposals for the application form's opportunity or to reference the source, and 404 (instead of 422) when the application form, opportunity, or source cannot be viewed or does not exist.
  • POST /permissionGrants now returns 403 (instead of 401) when an authenticated user lacks permission to manage permission grants on the specified context entity, and 404 when that context entity cannot be viewed or does not exist.
  • PUT /permissionGrants/:permissionGrantId now returns 403 (instead of 401) when an authenticated user lacks permission to manage permission grants on the specified context entity, and 404 when that context entity cannot be viewed or does not exist.
  • POST /applicationForms now returns 403 (instead of 401) when an authenticated user lacks permission on the associated opportunity, and 404 (instead of 422) when that opportunity cannot be viewed or does not exist.
  • PATCH /applicationFormFields/:applicationFormFieldId now returns 403 (instead of 401) when an authenticated user lacks edit permission on the field's application form.

0.38.0 2026-06-12

Fixed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@pdc/sdk](https://github.com/PhilanthropyDataCommons/service) from 0.35.1 to 0.40.1.
- [Changelog](https://github.com/PhilanthropyDataCommons/service/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PhilanthropyDataCommons/service/commits)

---
updated-dependencies:
- dependency-name: "@pdc/sdk"
  dependency-version: 0.40.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants