chore(deps): update all non-major dependencies#455
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
362853f to
83fed88
Compare
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
668462e to
30a0294
Compare
f6f12a9 to
1a39875
Compare
ec675fd to
49e304c
Compare
49e304c to
d0ff452
Compare
d0ff452 to
9e26df7
Compare
This PR contains the following updates:
^1.15.2→^1.16.024.12.4→24.13.2^4.1.7→^4.1.9v1.14.0→v1.15.0^10.4.1→^10.6.0^6.14.2→^6.24.011.5.0→11.10.0^7.8.1→^7.8.5^4.1.7→^4.1.9^3.3.3→^3.3.6Release Notes
nuxt/eslint (@nuxt/eslint-config)
v1.16.0Compare Source
🚀 Features
View changes on GitHub
vitest-dev/vitest (@vitest/coverage-v8)
v4.1.9Compare Source
🐞 Bug Fixes
importOriginalwith optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #10546 (a5180)View changes on GitHub
v4.1.8Compare Source
🐞 Bug Fixes
cdpAPI whenallowWrite/allowExec: false[backport to v4] - by @hi-ogawa and Codex in #10450 (e4067)View changes on GitHub
MatteoGabriele/agentscan-action (MatteoGabriele/agentscan-action)
v1.15.0Compare Source
Full Changelog: MatteoGabriele/agentscan-action@v1.14.0...v1.15.0
eslint/eslint (eslint)
v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)v10.5.0Compare Source
Features
5ca8c52feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)b565783feat: report no-with violations at the with keyword (#20971) (Pixel998)2ce032ffeat: report max-lines-per-function violations at function head (#20966) (Pixel998)732cb3efeat: report max-nested-callbacks violations at function head (#20967) (Pixel998)f9c138afeat: report max-depth violations on keywords (#20943) (Pixel998)bdb496cfeat: correct max-depth handling for else-if chains (#20944) (Pixel998)c296873feat: update error loc inmax-statementsto function header (#20907) (Taejin Kim)Documentation
8ae1b5bdocs: Update README (GitHub Actions Bot)ca7eb90docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)f99b47adocs: Update README (GitHub Actions Bot)acf03d4docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)Chores
b18bf58chore: update ecosystem plugins (#20959) (ESLint Bot)c2d1444refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)243b8c5chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)217b2a9test: add unit tests for ParserService (#20949) (Taejin Kim)72003e7test: add location information to error messages inmax-statements(#20945) (lumir)7797c26refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)67c46fachore: update ecosystem plugins (#20938) (ESLint Bot)95d8c7achore: update dependency @eslint/json to v2 (#20934) (renovate[bot])cf9e496chore: update @arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)fb6d396test: run type tests with TypeScript 7 (#20868) (sethamus)webpro-nl/knip (knip)
v6.24.0: Release 6.24.0Compare Source
32bc844) - thanks @trueberryless!82a8d09) - thanks @trueberryless!d9ef038)aea7923)pnpm run lintto CI workflow (ec9aa1c)111f2e0) - thanks @trueberryless!dc2a640) - thanks @trueberryless!ffce88c) - thanks @trueberryless!6f090f9) - thanks @cyphercodes!7901abd)0d739be)5525759) - thanks @trueberryless!3c9d4ad)acba6b8) - thanks @johnjenkins!cf997b2) - thanks @morgan-coded!260f192)bb0eeb6)v6.23.0: Release 6.23.0Compare Source
f85d96f) - thanks @trueberryless!62e9753) - thanks @ghostdevv!94e2863) - thanks @trueberryless!8a6050e)849b5ac)v6.22.0: Release 6.22.0Compare Source
1dffe36) - thanks @patrik-csak!5095ae1) - thanks @gwagjiug!7759a98)11fe8bd) - thanks @serhalp!a5302b2) - thanks @serhalp!3e1b821) - thanks @trueberryless!76c92e2)v6.21.0: Release 6.21.0Compare Source
8754c43)3c8deac) - thanks @gwagjiug!9b8af2b)f89db41)f32c6ea)v6.20.0: Release 6.20.0Compare Source
6f08c68)2bc2f24)v6.19.0: Release 6.19.0Compare Source
3fee8bf) - thanks @fubits1!e30cfe7)71e71a7)v6.18.0: Release 6.18.0Compare Source
7dda4ec)3b71565)64865f8)ec93e20) - thanks @remcohaszing!203c31e)392835a)62d802b)d2caedd) - thanks @gwagjiug!9083c16) - thanks @WooWan!v6.17.2: Release 6.17.2Compare Source
63dbd65)vitest --coverageflag (#1800) (dc11d9f) - thanks @WooWan!8ce1ec8) - thanks @WooWan!27a1cae)630e152)v6.17.1: Release 6.17.1Compare Source
b13d0ca)29f3e46)7b2f345)820c233)v6.17.0: Release 6.17.0Compare Source
e3d93b9) - thanks @sh962214-hub!e6cc533) - thanks @jthrilly!15a329a)fa8eb6d)98aa962)67a0be8)aeabff7)12f266e)bdffeec)3334193)be34178)55e3f3b)67483f0)9bb0512)1c2f398)4ebce9c)8c028e5)v6.16.1: Release 6.16.1Compare Source
370ef4c)v6.16.0: Release 6.16.0Compare Source
fadf13a)fc3598c)2d9ce84)fcd444b)4b898a9)workspaceRootconfig option to enable use in a VSCode workspace that does not have package.json at the workspace root (#1667) (7c1ebef) - thanks @anmilleriii!b360c5c)c12153c)ba15e41)62dcda5)348d2c9)77fd7ed)d908099)ec4c779)ba6865d)94632cd)230bd73)f1f4c1b)f1adc7f)e4720ca)d14eb05)d7cbe12)152d730)8a37f8c)105fba3)f4fcf4e)v6.15.0: Release 6.15.0Compare Source
2413408)7e13451)dfc4011)dependencieskey with notes (closes #1764) (e3e66ce)0177c74) - thanks @jakeleventhal!5e201cd) - thanks @jakeleventhal!30c2283) - thanks @sebacardello!51f4edd) - thanks @lucas-spin!b8abcfd)d575c69)4c82aa8)4b6a573)b2cad06)df1a960)d49b626)5514394)010d570)b5afb9f)eb4b178)a3747d6)822ab39)361bd48)e190a9f)e3e5bc9)f9c5995)c4c06a9)60df0b0)0f9d044)pnpm/pnpm (pnpm)
v11.10.0Compare Source
Minor Changes
e2e3c81: Added theissuescommand as an alias ofbugs, sopnpm issuesopens the package's bug tracker URL in the browser.8491f8e: Added theprefixcommand which prints the current package prefix directory (or global prefix directory if-g/--globalis used).3425e80: Added an_authsetting for configuring registry authentication as a single structured (URL-keyed) value. It can be set in the global pnpm config (config.yaml) or, for CI, via thepnpm_config__authenvironment variable. The env form sidesteps the GitHub Actions / bash / zsh limitation that broke the existingpnpm_config_//host/:_authToken=…form (env var names containing/,:, or.are silently dropped). Closes #12314.The value is keyed by registry URL so each secret is explicitly bound to the host that may receive it. Registry URL keys must use
httporhttpsand must not include credentials, query strings, or fragments:The equivalent in the global
config.yaml:Within each registry URL,
@means registry-wide/default credentials and package scopes like@orgbind credentials to that scope on the same host. The only supported credential field isauthToken(maps to_authToken/ bearer auth); the deprecatedbasicAuth/username+passwordforms are intentionally not accepted here.Each entry also infers a trusted registry route:
@routes the default registry (andpnpm add <pkg>resolves there), and@orgroutes that scope. Because the credential and destination host arrive in one trusted value, repo-controlledpnpm-workspace.yamlor project.npmrccannot redirect the token to a different host._authis honored only from the env var and the global config — it is ignored in a projectpnpm-workspace.yaml/.npmrc, so repo-controlled config can never supply registry auth. Precedence: CLI flags (--registry,--@​scope:registry) >pnpm_config__auth> globalconfig.yaml_auth>pnpm-workspace.yaml.Both
pnpm_config__auth(lowercase, documented form) andPNPM_CONFIG__AUTH(all-caps, the shell convention some CI runners apply) are honored. If both are set, lowercase wins unless it is empty, in which case uppercase is used. The env var wins over the globalconfig.yaml_authon a conflicting key.tokenHelperis not supported in_auth. Parsing is strict: a malformed value (bad JSON, wrong shape, invalid registry URL or scope, an unsupported credential field) fails fast with an error rather than being silently dropped.Pacquet parity note: the pacquet (Rust) port supports the same single credential field as the TS CLI:
authToken.a33eeec:pnpm self-updateandpackageManagerversion-switching can now install and link pnpm v12 (the Rust port), published with equal content under both thepnpmand@pnpm/exenames on thenext-12dist-tag. Its native binaries ship as@pnpm/exe.<platform>-<arch>packages, which pnpm's built-in installer links directly — no Node.js launcher, so the command pays no Node startup cost. v12 is initialized exactly like@pnpm/exe, including per-platform global-virtual-store hashing. From v12 onward the install converges on the unscopedpnpmpackage (the Rust exe) — even when updating from the SEA@pnpm/exebuild.1dd12bd: When resolving through a pnpr install-accelerator server, pnpm no longer forwards its own upstream registry credentials in the resolve request. Only theAuthorizationheader identifying the caller to pnpr is sent. The pnpr server now selects upstream credentials from its own route policy (operator-configured upstream credential aliases), so private dependencies resolve through a pnpr-managed alias the caller is authorized to use, rather than by sending the client's registry tokens to the server.1e81761: Expose web authenticationauthUrlanddoneUrlin JSON error output when OTP is required in a non-interactive terminal #12724.Patch Changes
2f389d6: Added the Node.js release team's new signing key (Stewart X Addison,655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD) to the embedded Node.js release keys, so runtimes whoseSHASUMS256.txtis signed by the new releaser verify successfully.acbdb94: Fixed shell tab completion not suggesting workspaces after the-Falias for--filteroption.dcabb78: Fixedpnpm up -r <pkg>bumping unrelated packages that have open semver ranges. Previously, any update mutation nullified the lockfile-derivedpreferredVersionsglobally, so packages with^x.y.zranges could re-resolve to newer compatible versions even though the user only asked to update a specific package. The install layer now always seedspreferredVersionsfrom the lockfile, and caller-supplied preferred versions (such as the vulnerability penalties ofpnpm audit --fix) layer on top of the seed instead of replacing it. The targeted package still bumps: the per-resolveupdateRequestedflag makes the resolver ignore the target's own lockfile pins.Closes #10662.
d539172: Fixed pnpm pack and pnpm publish failing when prepack generates files that are included in the package and postpack cleans them up.be6505a: Hardened global package management:node.exeflavor of a bin, so a stalenode.exeno longer survivesConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.