fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@aptre/common	^0.18.3 → ^0.32.0					devDependencies	minor
@aptre/protobuf-es-lite	0.4.8 → 1.0.2					resolutions	major
@aptre/protobuf-es-lite	^0.4.8 → ^1.0.0					dependencies	major
actions/cache	v4 → v5					action	major
actions/checkout	v4.2.1 → v6.0.2					action	major
actions/dependency-review-action	v4.3.4 → v4.9.0					action	minor
actions/setup-go	v5.0.2 → v6.4.0					action	major
actions/setup-node	v4.0.4 → v6.4.0					action	major
github.com/aperturerobotics/common	v0.20.3 → v0.32.8					require	minor
github.com/aperturerobotics/controllerbus	v0.49.0 → v0.53.1					require	minor
github.com/aperturerobotics/protobuf-go-lite	v0.8.0 → v0.13.0					require	minor
github.com/sirupsen/logrus	v1.9.3 → v1.9.4					require	patch
github/codeql-action	v3.26.12 → v4.35.2					action	major
go (source)	1.23.3 → 1.26.2					toolchain	minor
prettier (source)	3.3.3 → 3.8.3					devDependencies	minor
starpc	^0.35.0 → ^0.49.0					dependencies	minor
typescript (source)	^5.4.5 → ^6.0.0					devDependencies	major

---

Release Notes

aperturerobotics/common (@​aptre/common)

v0.32.6

Compare Source

Full Changelog: aperturerobotics/common@v0.32.5...v0.32.6

v0.32.5

Compare Source

Full Changelog: aperturerobotics/common@v0.32.4...v0.32.5

v0.32.4

Compare Source

Full Changelog: aperturerobotics/common@v0.32.3...v0.32.4

v0.32.3

Compare Source

Full Changelog: aperturerobotics/common@v0.32.2...v0.32.3

v0.32.2

Compare Source

Full Changelog: aperturerobotics/common@v0.32.1...v0.32.2

v0.32.1

Compare Source

Full Changelog: aperturerobotics/common@v0.32.0...v0.32.1

v0.32.0

Compare Source

Full Changelog: aperturerobotics/common@v0.31.1...v0.32.0

v0.31.1

Compare Source

Full Changelog: aperturerobotics/common@v0.31.0...v0.31.1

v0.31.0

Compare Source

What's Changed

• fix(deps): update all dependencies by @​renovate[bot] in #​46

Full Changelog: aperturerobotics/common@v0.30.7...v0.31.0

v0.30.7

Compare Source

Full Changelog: aperturerobotics/common@v0.30.6...v0.30.7

v0.30.6

Compare Source

Full Changelog: aperturerobotics/common@v0.30.5...v0.30.6

v0.30.5

Compare Source

Full Changelog: aperturerobotics/common@v0.30.4...v0.30.5

v0.30.4

Compare Source

Full Changelog: aperturerobotics/common@v0.30.3...v0.30.4

v0.30.3

Compare Source

Full Changelog: aperturerobotics/common@v0.30.2...v0.30.3

v0.30.2

Compare Source

Full Changelog: aperturerobotics/common@v0.30.1...v0.30.2

v0.30.1

Compare Source

Full Changelog: aperturerobotics/common@v0.30.0...v0.30.1

v0.30.0

Compare Source

Full Changelog: aperturerobotics/common@v0.29.0...v0.30.0

v0.29.0

Compare Source

Full Changelog: aperturerobotics/common@v0.28.0...v0.29.0

v0.28.0

Compare Source

Full Changelog: aperturerobotics/common@v0.27.1...v0.28.0

v0.27.1

Compare Source

Full Changelog: aperturerobotics/common@v0.27.0...v0.27.1

v0.27.0

Compare Source

Full Changelog: aperturerobotics/common@v0.26.11...v0.27.0

v0.26.11

Compare Source

Full Changelog: aperturerobotics/common@v0.26.10...v0.26.11

v0.26.10

Compare Source

Full Changelog: aperturerobotics/common@v0.26.9...v0.26.10

v0.26.9

Compare Source

Full Changelog: aperturerobotics/common@v0.26.8...v0.26.9

v0.26.8

Compare Source

Full Changelog: aperturerobotics/common@v0.26.7...v0.26.8

v0.26.7

Compare Source

Full Changelog: aperturerobotics/common@v0.26.6...v0.26.7

v0.26.6

Compare Source

Full Changelog: aperturerobotics/common@v0.26.5...v0.26.6

v0.26.5

Compare Source

Full Changelog: aperturerobotics/common@v0.26.4...v0.26.5

v0.26.4

Compare Source

Full Changelog: aperturerobotics/common@v0.26.3...v0.26.4

v0.26.3

Compare Source

What's Changed

• fix(deps): update all dependencies by @​renovate[bot] in #​44

Full Changelog: aperturerobotics/common@v0.26.2...v0.26.3

v0.26.2

Compare Source

Full Changelog: aperturerobotics/common@v0.26.1...v0.26.2

v0.24.0

Compare Source

v0.23.0

Compare Source

v0.22.14

Compare Source

v0.22.13

Compare Source

v0.22.12

Compare Source

v0.22.11

Compare Source

v0.22.10

Compare Source

v0.22.9

Compare Source

v0.22.8

Compare Source

v0.22.7

Compare Source

v0.22.6

Compare Source

v0.22.5

Compare Source

v0.22.4

Compare Source

v0.22.3

Compare Source

v0.22.2

Compare Source

v0.22.1

Compare Source

v0.22.0

Compare Source

v0.21.2

Compare Source

v0.21.1

Compare Source

v0.21.0

Compare Source

v0.20.3

Compare Source

v0.20.2

Compare Source

v0.20.1

Compare Source

v0.20.0

Compare Source

v0.19.1

Compare Source

aperturerobotics/protobuf-es-lite (@​aptre/protobuf-es-lite)

v1.0.2

Compare Source

What's Changed

• chore(deps): update all dependencies by @​renovate[bot] in #​16

Full Changelog: aperturerobotics/protobuf-es-lite@v1.0.1...v1.0.2

v1.0.1

Compare Source

What's Changed

• chore(deps): update all dependencies to v6 by @​renovate[bot] in #​15

Full Changelog: aperturerobotics/protobuf-es-lite@v0.5.3...v1.0.1

v0.5.3

Compare Source

What's Changed

• chore(deps): update all dependencies by @​renovate[bot] in #​9
• Update Node.js to 25.x in GitHub Actions workflows and DeepWiki badge by @​Copilot in #​11
• [WIP] Update Node.js version in CodeQL analysis workflow by @​Copilot in #​12
• chore(deps): update all dependencies by @​renovate[bot] in #​10
• chore(deps): update dependency vitest to v4.0.7 by @​renovate[bot] in #​13
• chore(deps): update all dependencies by @​renovate[bot] in #​14

New Contributors

• @​Copilot made their first contribution in #​11

Full Changelog: aperturerobotics/protobuf-es-lite@v0.5.2...v0.5.3

v0.5.2

Compare Source

v0.5.1

Compare Source

v0.5.0

Compare Source

v0.4.9

Compare Source

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

Compare Source

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

v5

Compare Source

v4.3.0

Compare Source

What's Changed

• Add note on runner versions by @​GhadimiR in #​1642
• Prepare v4.3.0 release by @​Link- in #​1655

New Contributors

• @​GhadimiR made their first contribution in #​1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

Compare Source

What's Changed

• Update README.md by @​nebuk89 in #​1620
• Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @​Link- in #​1634
• Prepare release 4.2.4 by @​Link- in #​1636

New Contributors

• @​nebuk89 made their first contribution in #​1620

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

Compare Source

What's Changed

• Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in #​1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

• @​salmanmkc made their first contribution in #​1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.2 by @​robherley in #​1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• docs: GitHub is spelled incorrectly in caching-strategies.md by @​janco-absa in #​1526
• docs: Make the "always save prime numbers" example more clear by @​Tobbe in #​1525
• Update force deletion docs due a recent deprecation by @​sebbalex in #​1500
• Bump @​actions/cache to v4.0.1 by @​robherley in #​1554

New Contributors

• @​janco-absa made their first contribution in #​1526
• @​Tobbe made their first contribution in #​1525
• @​sebbalex made their first contribution in #​1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

v4.2.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

• @​actions/core: 1.11.1
• @​actions/io: 1.1.3
• @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v4.1.2...v4.2.0

v4.1.2

Compare Source

What's Changed

• Add Bun example by @​idleberg in #​1456
• Revise isGhes logic by @​jww3 in #​1474
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in #​1475
• Add dependabot.yml to enable automatic dependency upgrades by @​Link- in #​1476
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1478
• Bump actions/stale from 3 to 9 by @​dependabot in #​1479
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1483
• Bump actions/setup-node from 3 to 4 by @​dependabot in #​1481
• Prepare 4.1.2 release by @​Link- in #​1477

New Contributors

• @​idleberg made their first contribution in #​1456
• @​jww3 made their first contribution in #​1474
• @​Link- made their first contribution in #​1476

Full Changelog: actions/cache@v4.1.1...v4.1.2

v4.1.1

Compare Source

What's Changed

• Restore original behavior of cache-hit output by @​joshmgross in #​1467

Full Changelog: actions/cache@v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed

• Fix cache-hit output when cache missed by @​fchimpan in #​1404
• Deprecate save-always input by @​joshmgross in #​1452

New Contributors

• @​ottlinger made their first contribution in #​1437
• @​Olegt0rr made their first contribution in #​1377
• @​fchimpan made their first contribution in #​1404
• @​x612skm made their first contribution in #​1434
• @​todgru made their first contribution in #​1311
• @​Jcambass made their first contribution in #​1463
• @​mackey0225 made their first contribution in #​1462
• @​quatquatt made their first contribution in #​1445

Full Changelog: actions/cache@v4.0.2...v4.1.0

v4.0.2

Compare Source

What's Changed

• Fix fail-on-cache-miss not working by @​cdce8p in #​1327

Full Changelog: actions/cache@v4.0.1...v4.0.2

v4.0.1

Compare Source

What's Changed

• Update README.md by @​yacaovsnc in #​1304
• Update examples by @​yacaovsnc in #​1305
• Update actions/cache publish flow by @​bethanyj28 in #​1340
• Update @​actions/cache by @​bethanyj28 in #​1341

New Contributors

• @​yacaovsnc made their first contribution in #​1304

Full Changelog: actions/cache@v4...v4.0.1

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

actions/dependency-review-action (actions/dependency-review-action)

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

• There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
• Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
• There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

• Compare normalized purls to account for encoding quirks by @​juxtin in #​1056
• Make purl comparisons case insensitive by @​juxtin in #​1057
• Feat: Add Patched Version to Vulnerabilities summary by @​felickz in #​1045
• fix: only get scorecard levels if user wants to see the OpenSSF scorecard by @​jantiebot in #​1060
• Bump actions/stale from 10.1.0 to 10.2.0 by @​dependabot[bot] in #​1058
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in #​1021
• Updates for release 4.9.0 by @​ahpook in #​1064

New Contributors

• @​jantiebot made their first contribution in #​1060

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in #​1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in #​995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in #​1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in #​1005
• Upgrade glob to address a vulnerability by @​brrygrdn in #​1024
• Bump js-yaml by @​dependabot[bot] in #​1020
• Addressing vulnerabilities by @​Ahmed3lmallah in #​1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in #​1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in #​1053
• Properly truncate long summaries and catch errors by @​juxtin in #​1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in #​931
• Changes for Release 4.8.3 by @​ahpook in #​1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Compare Source

Minor fixes:

• Fix PURL parsing for scoped packages (#​1008 from @​danielhardej)
• Fix for large summaries (#​1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#​1009 from @​danielhardej)

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

• (bug) Fix spamming link test in deprecation warning (again) by @​ahpook in #​1000
• Bump version for 4.8.1 release by @​ahpook in #​1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

• Make Ruby Code Scannable by @​ljones140 in #​978
• Batch some contributions for release by @​brrygrdn in #​986
  • Make license lists collapsable by [@​jasperkamer

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
golang.org/x/exp	v0.0.0-20241217172543-b2144cdd0a67 -> v0.0.0-20250408133849-7e4ce0ab07d0
golang.org/x/sys	v0.28.0 -> v0.37.0

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​aptre/​common@​0.18.8 ⏵ 0.32.6	+2		+1	+7
	npm/​starpc@​0.35.0 ⏵ 0.49.6	+2		+1	+1
	npm/​@​aptre/​protobuf-es-lite@​0.4.8 ⏵ 1.0.2			+1	+9
	npm/​typescript@​5.6.3 ⏵ 6.0.3	+1		+1
	npm/​prettier@​3.3.3 ⏵ 3.8.3	+1		+1	-1
	golang/​github.com/​aperturerobotics/​util@​v1.27.1 ⏵ v1.34.3	-1
	golang/​github.com/​sirupsen/​logrus@​v1.9.3 ⏵ v1.9.5-0.20260309202648-9f0600962f75	+1
	golang/​github.com/​aperturerobotics/​common@​v0.20.3 ⏵ v0.32.8	-1
	golang/​github.com/​aperturerobotics/​controllerbus@​v0.49.0 ⏵ v0.53.1	+1
	golang/​github.com/​aperturerobotics/​protobuf-go-lite@​v0.8.0 ⏵ v0.13.0
	golang/​github.com/​aperturerobotics/​json-iterator-lite@​v1.0.1-0.20240713111131-be6bf89c3008 ⏵ v1.0.1-0.20260223122953-12a7c334f634	+1

View full report

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
golang.org/x/sys	v0.28.0 -> v0.43.0

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report