chore(deps): update all non-major dependencies#390
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughBump tooling and dependency pins: GitHub Actions tool pins updated (pnpm/action-setup → v6.0.8; zizmor-action pinned to a newer commit), root ChangesDependency and Tool Version Updates
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related issues
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Comment |
🚀 Changeset Version PreviewNo changeset entries found. Merging this PR will not cause a version bump for any packages. |
|
| Command | Status | Duration | Result |
|---|---|---|---|
nx affected --targets=test:sherif,test:docs,tes... |
❌ Failed | 23s | View ↗ |
nx run-many --target=build |
✅ Succeeded | 8s | View ↗ |
☁️ Nx Cloud last updated this comment at 2026-06-18 13:10:56 UTC
commit: |
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
9 times, most recently
from
1ef6627 to
e141ecb
Compare
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
10 times, most recently
from
1bc8a9a to
59e76cc
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
ef3c2ca to
8130abf
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
9 times, most recently
from
4461c35 to
43677bb
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
35e2fa4 to
9dd0f94
Compare
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
d124629 to
6de1134
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
6de1134 to
8f58744
Compare
This PR contains the following updates:
^0.18.2→^0.18.3^5.100.10→^5.101.0^19.2.14→^19.2.17^6.0.1→^6.0.2^6.0.6→^6.0.7v6.0.2→v6.0.3v1.8.0→v1.9.0^10.3.0→^10.5.022.7.1→22.7.511.1.1→11.8.0>=11.0.0→>=11.8.0v6.0.7→v6.0.9^3.8.3→^3.8.4^0.3.20→^0.3.21^19.2.6→^19.2.7^19.2.6→^19.2.7^7.8.0→^7.8.4^0.2.16→^0.2.17^0.22.0→^0.22.3^5.6.0→^5.7.0^8.59.3→^8.61.1^8.0.12→^8.0.16^4.1.6→^4.1.9^3.5.34→^3.5.38^10.4.0→^10.4.1v0.5.3→v0.5.6Release Notes
arethetypeswrong/arethetypeswrong.github.io (@arethetypeswrong/core)
v0.18.3Patch Changes
14e61d5: Update @types/node, use @typescript/native-preview for local build/check25031aa: - Fix "Cannot read properties of undefined (reading 'filename')" caused by fflate 0.8.3 (#258)TanStack/query (@tanstack/query-core)
v5.101.0Compare Source
v5.100.14Compare Source
v5.100.13Compare Source
Patch Changes
NoInfer<T>re-export and rely on TypeScript's built-inNoInfer(TS ≥ 5.4) soNoInfer<X[K]>stays assignable toX[K]in generic contexts (fixes #9937) (#10593)v5.100.12Compare Source
v5.100.11vitejs/vite-plugin-react (@vitejs/plugin-react)
v6.0.2Compare Source
Allow all options in reactCompilerPreset (#1189)
This is a type only change. Only
compilationModeandtargetoptions were available forreactCompilerPreset.vitejs/vite-plugin-vue (@vitejs/plugin-vue)
v6.0.7Features
@rolldown/pluginutilsversion (#776) (941b651)Bug Fixes
actions/checkout (actions/checkout)
v6.0.3Compare Source
changesets/action (changesets/action)
v1.9.0Compare Source
Minor Changes
#636
b072bccThanks @bluwy! - Add a new@changesets/action/pr-commentsub-action to comment on PRs#625
8795eeeThanks @bluwy! - Add a new@changesets/action/pr-statussub-action to generate the changeset status comment for PRs as an alternative to the Changesets Bot.Patch Changes
#535
34f64f6Thanks @Andarist! - Fixed an issue with GitHub releases not being created for successfully published packages when some packages failed to be published to the registry.#632
1d54b9eThanks @bluwy! - Simplify internal implementation to get changelog entries for a package version#629
e0c90aaThanks @bluwy! - Fix custom version and publish command argument parsing#645
f9585d9Thanks @Andarist! - Improved force-push handling when usingcommitMode: "github-api"so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.eslint/eslint (eslint)
v10.5.0Compare Source
Features
5ca8c52feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)b565783feat: report no-with violations at the with keyword (#20971) (Pixel998)2ce032ffeat: report max-lines-per-function violations at function head (#20966) (Pixel998)732cb3efeat: report max-nested-callbacks violations at function head (#20967) (Pixel998)f9c138afeat: report max-depth violations on keywords (#20943) (Pixel998)bdb496cfeat: correct max-depth handling for else-if chains (#20944) (Pixel998)c296873feat: update error loc inmax-statementsto function header (#20907) (Taejin Kim)Documentation
8ae1b5bdocs: Update README (GitHub Actions Bot)ca7eb90docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)f99b47adocs: Update README (GitHub Actions Bot)acf03d4docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)Chores
b18bf58chore: update ecosystem plugins (#20959) (ESLint Bot)c2d1444refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)243b8c5chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)217b2a9test: add unit tests for ParserService (#20949) (Taejin Kim)72003e7test: add location information to error messages inmax-statements(#20945) (lumir)7797c26refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)67c46fachore: update ecosystem plugins (#20938) (ESLint Bot)95d8c7achore: update dependency @eslint/json to v2 (#20934) (renovate[bot])cf9e496chore: update @arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)fb6d396test: run type tests with TypeScript 7 (#20868) (sethamus)v10.4.1Compare Source
Bug Fixes
e557467fix: update@eslint/plugin-kitversion to 0.7.2 (#20930) (Francesco Trotta)d4ce898fix: propagate failures from delegated commands (#20917) (Minh Vu)f4f3507fix: prefer-arrow-callback invalid autofix with newline afterasync(#20916) (kuldeep kumar)c5bc78bfix: false positive for reference infinallyblock (#20655) (Tanuj Kanti)27538c0fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)Documentation
61b0adddocs: remove deprecated rule from related rules ofmax-params(#20921) (Tanuj Kanti)305d5b9docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)49b0202docs: fixdisplay: noneof ad (#20901) (Tanuj Kanti)9067f94docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)c91b041docs: Update README (GitHub Actions Bot)e349265docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)Chores
b0e466btest: adddataproperty to invalid tests cases for rules (#20924) (Tanuj Kanti)f78838btest: add CodePath type coverage (#20904) (Pixel998)1daa4bdchore: updateeslint-plugin-eslint-commentstest data to latest commit (#20922) (Francesco Trotta)002942cci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)64bca24chore: update ecosystem plugins (#20912) (ESLint Bot)6d7c832chore: ignore fflate updates in renovate (#20908) (Pixel998)b2c8638ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])a9b8d7fchore: increase maxBuffer for ecosystem tests (#20881) (sethamus)b702eadchore: update ecosystem update PR settings (#20884) (Pixel998)507f60echore: update ecosystem plugins (#20882) (ESLint Bot)92f5c5btest: add unit test for message-count (#20878) (kuldeep kumar)df32108chore: add @eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)327f91dchore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)f0dc4bdchore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)0f4bd25ci: run Discord alert for ecosystem test failures (#20873) (Copilot)v10.4.0Compare Source
Features
1a45ec5feat: check sequence expressions infor-direction(#20701) (kuldeep kumar)450040bfeat: addincludeIgnoreFile()toeslint/config(#20735) (Kirk Waiblinger)Bug Fixes
544c0c3fix: escape code path DOT labels in debug output (#20866) (Pixel998)6799431fix: update dependency @eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])f078feffix: handle non-array deprecated rule replacements (#20825) (xbinaryx)Documentation
7e52a71docs: add mention of@eslint-react/eslint-plugin(#20869) (Pavel)db3468bdocs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)9084664docs: Update README (GitHub Actions Bot)9cc7387docs: Update README (GitHub Actions Bot)3d7b548docs: Update README (GitHub Actions Bot)191ec3cdocs: Update README (GitHub Actions Bot)Chores
6616856chore: upgrade knip to v6 (#20875) (Pixel998)d13b084ci: ensure auto-created PRs run CI (#20860) (lumir)e71c7afci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])d84393dtest: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)24db8cbtest: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)2ef0549chore: update ecosystem plugins (#20857) (github-actions[bot])a429791ci: removeeslint-webpack-plugintypes integration test (#20668) (Milos Djermanovic)9e37386chore: replacerecastwith range approach in code-sample-minimizer (#20682) (Copilot)0dd1f9ftest: disable warning forvm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER(#20845) (Francesco Trotta)9da3c7brefactor: remove deprecatedmeta.languageand migratemeta.dialects(#20716) (Pixel998)2099ed1refactor: addmeta.defaultOptionsto more rules, enable linting (#20800) (xbinaryx)f1dfbc9chore: update ecosystem plugins (#20836) (github-actions[bot])c759413ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])5b817d6test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)1c13ae3test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)nrwl/nx (nx)
v22.7.5Compare Source
22.7.5 (2026-05-27)
🩹 Fixes
❤️ Thank You
v22.7.4Compare Source
22.7.4 (2026-05-25)
🩹 Fixes
❤️ Thank You
v22.7.3Compare Source
22.7.3 (2026-05-22)
🚀 Features
🩹 Fixes
projects: 'self'independsOnentries (#35686)$escaping in file paths on windows (#35692)❤️ Thank You
v22.7.2Compare Source
22.7.2 (2026-05-14)
🚀 Features
🩹 Fixes
nx mcpto run outside of an Nx workspace (#35655)❤️ Thank You
pnpm/pnpm (pnpm)
v11.8.0Compare Source
Minor Changes
c112b61: Added a--dry-runoption topnpm install. It runs a full dependency resolution and reports what an install would change, but writes nothing to disk (no lockfile, nonode_modules) and always exits with code 0. This mirrors the preview semantics ofnpm install --dry-run#7340.179ebc4:pnpm run --no-bailnow exits with a non-zero exit code when any of the executed scripts fail, while still running every matched script to completion. This makes the exit-code behavior of--no-bailconsistent between recursive and non-recursive runs (recursive runs already failed at the end). Previously, a non-recursivepnpm run --no-bailalways exited with code 0, even when a script failed #8013.0474a9c: Added support for generating Node.js package maps atnode_modules/.package-map.jsonduring isolated and hoisted installs. Added thenode-experimental-package-mapsetting to inject the generated map into pnpm-managed Node.js script environments, and thenode-package-map-typesetting to choose betweenstandardandloosepackage maps.dcededc:pnpm sbomnow marks components reachable only throughdevDependencieswith CycloneDXscope: "excluded"and thecdx:npm:package:developmentproperty. Theexcludedscope documents "component usage for test and other non-runtime purposes", which matches the semantics of a devDependency; the property is the CycloneDX npm-taxonomy marker emitted by@cyclonedx/cyclonedx-npm, so both modern (scope) and existing (property) consumers are covered. Components reachable at runtime (including installedoptionalDependencies) omitscopeand default torequired.1495cb0: Added per-package SBOM generation with--outand--splitflags. Use--out out/%s.cdx.jsonto write one SBOM per workspace package to individual files, or--splitfor NDJSON output to stdout. When--filterselects a single package, the SBOM root component now uses that package's metadata. Workspace inter-dependencies (workspace:protocol) and their transitive dependencies are included. Author, repository, and license fall back to the root manifest when the package doesn't define them.293921a: feat(view): support searching project manifest upward when package name is omittedWhen running
pnpm viewwithout a package name, the command now searchesupward for the nearest project manifest (
package.json,package.yaml, orpackage.json5) and uses itsnamefield.If the manifest exists but lacks a
namefield, an error is thrown.This change also replaces the
find-updependency withempathicforimproved performance and consistency across workspace tools.
Patch Changes
29ab905: Fixedpnpm updateoverriding the version range policy of a named catalog whose name parses as a version (e.g.catalog:express4-21). Thecatalog:reference carries no pinning of its own, so the prefix from the catalog entry (such as~) is now preserved instead of being widened to^#10321.bee4bf4: Security: validate config dependency names and versions from the env lockfile (pnpm-lock.yaml) before using them to build filesystem paths. A committed lockfile with a traversal-shapedconfigDependenciesname (such as../../PWNED) or version (such as../../../PWNED) could previously causepnpm installto create symlinks or write package files outsidenode_modules/.pnpm-configand the store. Names must now be valid npm package names and versions must be exact semver versions; the same validation is applied to optional subdependencies of config dependencies, and to the legacy workspace-manifest format before any lockfile is written. See GHSA-qrv3-253h-g69c.96bdd57: Fixlink:workspace protocol switching tofile:afterpnpm rmis run from inside a workspace package whose target workspace dependency has its own dependencies, wheninjectWorkspacePackages: trueis set. Follow-up to #10575, which fixed the same symptom for workspace packages without dependencies.302a2f7: No longer warn about using bothpackageManageranddevEngines.packageManagerwhen the two fields pin the same package manager at the same version with the same integrity hash (e.g. bothpnpm@11.5.1+sha512.…). Previously the hash was stripped from the legacypackageManagerfield but not fromdevEngines.packageManager, so even identical specifications looked like a mismatch #12028.The warning still fires on any genuine divergence, and several cases now state the specific reason instead of a single generic message: a different package manager, a different version, or contradictory integrity hashes for the same version.
3f0fb21: Fixed the progress line showing leftover characters from external processes that write to the terminal between progress updates (e.g. an SSH passphrase prompt would leave a fragment likeadded 0sa':). The interactive reporter now redraws each frame in place, erasing to the end of the display before reprinting, so any such remnants are cleared #12350.564619f: Fixedpnpm approve-buildsreporting "no packages awaiting approval" when a build-script dependency whose approval was revoked (e.g. aftergit stashdrops theallowBuildsfrompnpm-workspace.yaml) is re-added. The revoked packages are now correctly recorded in.modules.yamlsoapprove-buildscan find them. [#12221](https://redConfiguration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.