🇺🇦
5 min read

DepLog.dev weekly dependency digest: Apr 13, 2026 to Apr 19, 2026

Weekly digest for Apr 13, 2026 to Apr 19, 2026. We tracked 25 package updates, linked the notable packages and sorted the list by risk.

weekly digestdependency updatesrisk scorerelease monitoring

Week overview

This weekly dependency digest covers Apr 13, 2026 to Apr 19, 2026 and tracks 25 package updates across npm (8), cargo (5), pypi (4), composer (3), maven (3), rubygems (1).

Open rand (cargo) first. R50 means a risk score of 50 out of 100, so it is a fast way to sort upgrades from low review effort to urgent review.

High risk updates

Start the review queue with rand (cargo) R50, react-router (npm) R32, and laravel/framework (composer) R32. These packages are the best candidates for a human changelog read before you move them into an upgrade PR.

DepLog combines release type, version delta and changelog signals into one score. Use the score to sort the queue, then open the linked package page for the actual release details.

  • rand (cargo) sits at R50/100. Latest stable release: 0.8.6. Review the package page before moving it into an upgrade PR.
  • react-router (npm) sits at R32/100. Latest stable release: 7.14.2. Review the package page before moving it into an upgrade PR.
  • laravel/framework (composer) sits at R32/100. Latest stable release: 13.6.0. Review the package page before moving it into an upgrade PR.
  • spatie/laravel-data (composer) sits at R24/100. Latest stable release: 4.22.0. Review the package page before moving it into an upgrade PR.
  • ruff (pypi) sits at R24/100. Latest stable release: 0.15.12. Review the package page before moving it into an upgrade PR.

Fresh releases this week

The most recent releases we saw were @tanstack/react-query (npm), github.com/jackc/pgx/v5 (go), and astro (npm). This section is the fastest way to understand what shipped most recently across your monitored ecosystems.

  • @tanstack/react-query (npm) published 5.100.5 on 2026-04-19. Use the package page to scan changelog highlights and version delta.
  • github.com/jackc/pgx/v5 (go) published 5.9.2 on 2026-04-19. Use the package page to scan changelog highlights and version delta.
  • astro (npm) published 6.1.9 on 2026-04-18. Use the package page to scan changelog highlights and version delta.
  • phpunit/phpunit (composer) published 13.1.7 on 2026-04-18. Use the package page to scan changelog highlights and version delta.
  • eslint (npm) published 10.2.1 on 2026-04-17. Use the package page to scan changelog highlights and version delta.

What to check next

Use this digest as a shortlist, not as the final approval step.

The package page should be your next click because it holds the changelog summary, score and package-manager specific context.

  • Open every package above R20 before you batch upgrades.
  • Group upgrades by manager when several packages moved in the same ecosystem.
  • Check whether the latest version changed only by patch, minor or major release type.
  • Copy the linked package names into your release notes or upgrade ticket so the context stays attached.
  • If the week was quiet, keep monitor filters in place and review again after the next release window.

Related links

Frequently asked questions

What does this weekly digest include?
It covers package activity from 2026-04-13 to 2026-04-19, explains how to read risk codes and links each notable package to its package page.
What does the R code next to a package mean?
It is a risk score on a 0 to 100 scale that helps you prioritize review. Higher scores usually combine bigger version jumps, riskier release types or stronger changelog signals.
Why are package managers shown next to the package name?
The manager label tells you which ecosystem shipped the update, for example cargo, npm, and composer. That matters when similar names exist across registries.
Why are some packages not listed here?
This digest is a shortlist of notable updates. Open your monitors or linked package pages for the full package set.