chore(deps): update all non-major dependencies#131
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
d4f2b3d to
e79445c
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
cf384d4 to
86bdce9
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
8 times, most recently
from
331a8a4 to
dd4044d
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
09311c8 to
eda48e5
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
6994775 to
b55b2df
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
2022686 to
d93001d
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
d93001d to
4009ee9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.30.0→2.31.01.15.26→1.15.4019.2.14→19.2.158.58.2→8.60.08.58.2→8.60.010.2.0→10.4.15.5.5→5.5.617.5.0→17.6.030.3.0→30.4.230.2.0→30.4.030.3.0→30.4.110.33.0→10.34.13.8.2→3.8.319.2.5→19.2.619.2.5→19.2.619.2.5→19.2.629.4.9→29.4.118.58.2→8.60.0Release Notes
changesets/changesets (@changesets/cli)
v2.31.0Compare Source
Minor Changes
#1889
96ca062Thanks @mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.#1873
42943b7Thanks @mixelburg! - Respond to--helpon all subcommands. Previously,--helpwas only handled when it was the sole argument; passing it alongside a subcommand (e.g.changeset version --help) would silently execute the command instead. Now--helpalways exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.Patch Changes
d2121dcThanks @Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.#1888
036fdd4Thanks @mixelburg! - Fix severalchangeset versionissues with workspace protocol dependencies. Valid explicitworkspace:ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.#1903
5c4731fThanks @Andarist! - Gracefully handle stalenpm infodata leading to duplicate publish attempts.#1867
f61e716Thanks @Andarist! - Improved detection forpublishedstate of prerelease-only packages withoutlatestdist-tag on GitHub Packages registry.Updated dependencies [
036fdd4,036fdd4,036fdd4]:swc-project/swc (@swc/core)
v1.15.40Compare Source
Bug Fixes
(es/minifier) Preserve args for destructured callbacks (#11830) (21873b0)
(es/minifier) Avoid generating mangled property names that collide with existing properties (#11839) (9b4fab5)
(es/minifier) Respect ecma for iife temp vars (#11873) (e481934)
(es/minifier) Preserve default parameter object props (#11884) (71ff84f)
(es/parser) Reject object-rest assignment to array/object literal (#11875) (7b57d1f)
(es/parser) Reject object rest assignment to literals (#11881) (4ec2eaf)
(es/react) Exclude self-recursive hooks from refresh dependency array (#11838) (9101c71)
(ts/fast-dts) Strip definite assertions in dts (#11858) (2ab1b8a)
(ts/fast-strip) Reject unsafe assertion erasure in binary expressions (#11828) (aa5b539)
(typescript) Strip parameter binding defaults in dts (#11857) (800bc17)
Documentation
Update agent guidance (#11842) (bf2d015)
Add security policy (#11876) (6c43c2d)
Clarify security scope for npm packages (#11877) (4662db8)
Clarify untrusted input security model (#11882) (5463777)
Features
(es/minifier) Fine grained effect analysis of class (#11814) (c9058ad)
(swc_cli) Implement all features for
swc_cli(#11797) (9300ede)Miscellaneous Tasks
(es/minifier) Fix typo in debug log (#11866) (3de0254)
(html) Add webcontainer fallback for
@swc/html(#11860) (7692eed)Performance
(ecma) Reduce transformer compat overhead (#11856) (d03cb71)
(es/codegen) Speed up JsWriter position and srcmap tracking (#11867) (dbceade)
(es/codegen) Remove JsWriter last_srcmap cache (#11869) (3bc1c2b)
(es/minifier) Reduce minifier profiling hotspots (#11853) (28c1091)
Optimize es parser comment finalization (#11852) (2959ddf)
Testing
Ci
Update corepack in publish docker jobs (#11885) (9a7d954)
Pass publish docker env explicitly (#11888) (c5f7547)
Lock issues closed by merged prs (#11887) (6bd74e5)
Provide aarch64 musl linker in publish job (#11889) (20234fd)
Fix publish musl linker and windows tests (#11890) (a798a23)
Make minifier test path explicit (#11891) (e7cba97)
Security
Save CI caches only on main (#11848) (7582529)
Update rkyv and Rust dependencies (#11851) (20d92eb)
Harden PR workflow permissions (#11849) (e199564)
v1.15.33Compare Source
Bug Fixes
(ci) Update rand lockfile entries (#11827) (7988966)
(es/minifier) Fold unary bool nullish coalescing (#11826) (e39ae3d)
(es/minifier) Preserve for-init sequence order (#11837) (16a56d0)
(es/parser) Parse empty Flow exact object type (#11836) (3d18a26)
Features
v1.15.32Compare Source
Bug Fixes
(es/flow) Fix Flow type-only modules in script transforms (#11817) (be38316)
(es/flow) Avoid restoring module context when flow syntax is enabled (#11819) (3ed7243)
(es/minifier) Preserve frozen spread registry keys (#11825) (347181c)
(es/parser) Align Flow generic arrow JSX disambiguation (#11821) (28a7fad)
Features
jsc.preserveSymlinkstoswc::Options(#11813) (fe38342)v1.15.30Compare Source
Bug Fixes
(deploy) Fix musl binding test workflow (#11804) (c30a522)
(deploy) Build package ts before Linux GNU binding tests (#11806) (a3d3ef3)
(es/jsx) Preserve quoted JSX attribute newlines (#11796) (9fe56c8)
(es/minifier) Support full ES version parsing in minify (#11800) (af1f08f)
(es/module) Add opt-in symlink-preserving resolver (#11801) (6028240)
(es/parser) Allow return type annotation on Flow constructors (#11790) (d66b29c)
(es/parser) Support Flow anonymous keyof indexers (#11792) (452c4e5)
(es/parser) Add Flow strip RN and RNW regression corpus (#11799) (23a9109)
Documentation
Features
typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
v8.60.0Compare Source
This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.4Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.3Compare Source
This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.2Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.1Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.0Compare Source
🚀 Features
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v8.60.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.4Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.3Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.2Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
eslint/eslint (eslint)
v10.4.1Compare Source
v10.4.0Compare Source
v10.3.0Compare Source
v10.2.1Compare Source
prettier/eslint-plugin-prettier (eslint-plugin-prettier)
v5.5.6Compare Source
Patch Changes
b5c96a3Thanks @JounQin! - chore: bump all (dev)Dependenciessindresorhus/globals (globals)
v17.6.0Compare Source
jestjs/jest (jest)
v30.4.2Compare Source
Fixes
[jest-runtime]Fix named imports from CJS modules whosemodule.exportsis a function with own-property exports (#16150)v30.4.1Compare Source
Features
[jest-config, jest-core, jest-runner, jest-schemas, jest-types]Allow custom runner configuration options via tuple format['runner-path', {options}](#16141)Fixes
[jest-runtime]Align CJS-from-ESM default export with Node:module.exportsis always the ESM default,__esModuleunwrapping is no longer applied (#16143)v30.4.0Compare Source
Features
[babel-jest]Support collecting coverage from.mts,.cts(and other) files (#15994)[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]Add--collect-testsflag to discover and list tests without executing them (#16006)[jest-config, jest-runner, jest-worker]AddworkerGracefulExitTimeoutconfig option to control how long workers are given to exit before being force-killed (#15984)[jest-config]Add support forjest.config.mtsas a valid configuration file (#16005)[jest-config, jest-core, jest-reporters, jest-runner]verboseandsilentcan now be set per-project; the project-level value overrides the global value for that project's tests (#16133)[@jest/fake-timers]AcceptTemporal.Durationinjest.advanceTimersByTime()andjest.advanceTimersByTimeAsync()(#16128)[@jest/fake-timers]AcceptTemporal.InstantandTemporal.ZonedDateTimeinjest.setSystemTime()anduseFakeTimers({now})(#16128)[@jest/fake-timers]Support fakingTemporal.Now.*(#16131)[jest-mock]AddclearMocksOnScope(scope)onModuleMockerfor clearing every mock function exposed on a scope object (#16088)[jest-resolve]AddcanResolveSync()onResolverso callers can detect when a user-configured resolver only exports anasynchook (#16064)[jest-runtime]Use synchronousevaluate()for ES modules without top-levelawaiton Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)[jest-runtime]Supportrequire()of ES modules on Node v24.9+ (#16074)[jest-runtime]Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)[@jest/transform]AddcanTransformSync(filename)onScriptTransformerso callers can pick the sync vs async transform path (#16062)[jest-util]AddisErrorhelper (#16076)[pretty-format]Support React 19 (#16123)Fixes
[expect-utils]FixtoStrictEqualfailing onstructuredCloneresults due to cross-realm constructor mismatch (#15959)[@jest/expect-utils]PreventtoMatchObject/subset matching from throwing when encountering exotic iterables (#15952)[fake-timers]ConvertDateto milliseconds before passing to@sinonjs/fake-timers(#16029)[jest]ExportGlobalConfigandProjectConfigTypeScript types (#16132)[jest-circus]Prevent crash whenasyncErroris undefined for non-Error throws (#16003)[jest-circus, jest-jasmine2]IncludeError.causein JSONfailureMessagesoutput (#15967)[jest-config]Fix preset path resolution on Windows when the preset uses subpathexports(#15961)[jest-config]AllowcollectCoverageandcoverageProviderin project config without a validation warning (#16132)[jest-config]Project config validator now emits "is not supported in an individual project configuration" instead of "probably a typing mistake" for known global-only options (#16132)[jest-environment-node]Fix--localstorage-filewarning on Node 25+ (#16086)[jest-reporters]Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (#16137)[jest-reporters, jest-runner, jest-runtime, jest-transform]Fix coverage report not showing correct code coverage when usingprojectsconfig option (#16140)[jest-runtime]Resolveexpectand@jest/expectfrom the internal module registry so test-file imports share the sameJestAssertionErroras the globalexpect(#16130)[jest-runtime]Improve CJS-from-ESM interop:__esModule/Babel default unwrap, broader named-export coverage, and shared CJS singleton across importers (#16050)[jest-runtime]Load.jsfiles with ESM syntax but no"type":"module"marker as native ESM (#16050)[jest-runtime]Extend the.js-with-ESM-syntax fallback torequire()on Node v24.9+ - falls back torequire(esm)when the CJS parser rejects ESM syntax (#16078)[jest-runtime]Fix deadlocks and double-evaluation in concurrent ESM and wasm imports (#16050)[jest-runtime]Fix error whenrequire()is called after the Jest environment has been torn down (#15951)[jest-runtime]Fix missing error whenimport()is called after the Jest environment has been torn down (#16080)[jest-runtime]Fix virtualunstable_mockModuleregistrations not respected in ESM (#16081)[jest-runtime]ApplymoduleNameMapperwhen resolving modules withrequire.resolve()and thepathsoption (#16135)Chore & Maintenance
[@jest/fake-timers]Upgrade@sinonjs/fake-timers(#16139)[jest-runtime]Use synchronouslinkRequests/instantiatefor ESM linking on Node v24.9+ (#16063)pnpm/pnpm (pnpm)
v10.34.1: pnpm 10.34.1Compare Source
Patch Changes
pnpm-lock.yamlentries whose remote tarballresolution:block is missing theintegrityfield. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that stripsintegrity:) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under--frozen-lockfile. pnpm now fails closed at lockfile-read time withERR_PNPM_MISSING_TARBALL_INTEGRITY. Git-hosted tarballs (gitHosted: trueor a URL on codeload.github.com / bitbucket.org / gitlab.com) andfile:tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes.Platinum Sponsors
Gold Sponsors
v10.34.0Compare Source
v10.33.4: pnpm 10.33.4Compare Source
Patch Changes
Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.
A new
gitHosted: truefield is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.Fix a regression where
pnpm --recursive --filter '!<pkg>' run/exec/test/addwould include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative--filterarguments are provided, matching the documented behavior. To include the root, pass--include-workspace-root#11341.Platinum Sponsors
Gold Sponsors
v10.33.3Compare Source
[
v10.33.2Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.