fix(deps): update all non-major dependencies#74
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
Conversation
|
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
96ea497 to
2900712
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
0119370 to
2db3f70
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
2db3f70 to
b3a4d95
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
94d0228 to
cc1198e
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
cc1198e to
a64990f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^2.28.1→^2.30.0^8.53.0→^8.57.1^0.21.0→^0.25.1^18.2.33→^18.3.28^18.2.14→^18.3.7^4.1.0→^4.7.0v4.2.2→v4.3.1^1.11.0→^1.12.0^8.53.0→^8.57.1^8.53.0→^8.57.1^14.0.2→^14.2.35^9.1.0→^9.1.2^2.29.0→^2.32.0^27.6.0→^27.9.0^5.0.1→^5.5.5^7.33.2→^7.37.5^4.6.0→^4.6.2^0.3.9→^0.5.4^13.23.0→^13.24.0^15.1.0→^15.5.220.9.0→20.20.2>=20.9.0→>=20.20.218→18.20.8^3.5.2→^3.8.1^8.3.0→^8.5.0^8.3.0→^8.5.0^18.2.0→^18.3.1^18.2.0→^18.3.1^18.2.0→^18.3.1^1.10.16→^1.13.4^5.2.2→^5.9.3^4.5.0→^4.5.14Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
Thinkmill/manypkg (@manypkg/cli)
v0.25.1Compare Source
Patch Changes
5854938Thanks @jasekiw! - Keep detected line endings flavor ofpackage.jsonfiles on Windows when updating those filesv0.25.0Compare Source
Minor Changes
2c06ac0Thanks @cjkihl! - Add Bun supportPatch Changes
2c06ac0]:v0.24.0Compare Source
Minor Changes
#248
456ca21Thanks @bluwy! - Change the default value of thedefaultBranchconfig from"master"to"main"#242
1763058Thanks @spanishpear! - This package is now published as a pure ESM package.#245
a00f5f7Thanks @Andarist! - Drop support for Bolt#244
f29df03Thanks @Andarist! - Add"engines"field for explicit node version support. The supported node versions are>=20.0.0.Patch Changes
3cf8c4e,1763058,a00f5f7,f29df03]:v0.23.0Compare Source
Minor Changes
1a5ea55Thanks @VanTanev! - Change theROOT_HAS_DEV_DEPENDENCIESrule toROOT_HAS_PROD_DEPENDENCIES. Monorepo root should usedevDependenciesinstead ofdependenciesfor better support of production-only installs, useful in eg Docker builds.v0.22.0Compare Source
Minor Changes
#231
aeb50f5Thanks @VanTanev! - Upgradedpackage-json,semverandsembeardependencies.#226
2fafd9aThanks @VanTanev! - Replacechalkwithpicocolors#228
1cbdcb9Thanks @VanTanev! - Remove thefind-updependency.#231
aeb50f5Thanks @VanTanev! - Node.js version requirement raised to>= 18.0.0#224
3c3198aThanks @VanTanev! - Replacespawndamnitwithtinyexecfor fewer dependencies#229
4a835edThanks @VanTanev! - Updatevalidate-npm-package-nameto5.0.1to remove one transitive dependency.#225
d0f4d92Thanks @VanTanev! - Replacefs-extrawith nativenode:fs/promisesactions/checkout (actions/checkout)
v4.3.1Compare Source
What's Changed
Full Changelog: actions/checkout@v4...v4.3.1
v4.3.0Compare Source
What's Changed
New Contributors
Full Changelog: actions/checkout@v4...v4.3.0
veritem/eslint-plugin-vitest (eslint-plugin-vitest)
v0.5.4Compare Source
Features
v0.5.3Compare Source
Bug Fixes
v0.5.2Compare Source
Features
v0.5.1Compare Source
Bug Fixes
v0.5.0Compare Source
This version only supports new eslint flat config!
If you run into issues, consider downgrading and opening an issue. Remember to include a minimum repro example to help me fix issues quickly!
Full Changelog: vitest-dev/eslint-plugin-vitest@v0.5.0...v0.5.0
v0.4.1Compare Source
Full Changelog: vitest-dev/eslint-plugin-vitest@v0.4.1...v0.4.1
Changes
max-expectrule in favor ofmax-expectsv0.4.0Compare Source
Bug Fixes
Full Changelog: vitest-dev/eslint-plugin-vitest@v0.4.0...v0.4.0
nodejs/node (node)
v20.20.2: 2026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
Commits
cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831f333d0be5f] - deps: V8: overridedepot_toolsversion (Richard Lau) #623442acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #62285af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#83400ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#8210123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#84000830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839v20.20.1: 2026-03-05, Version 20.20.1 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
91a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741Commits
6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #5085391a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #61790f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #6066288b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #618305c053264f1] - deps: V8: backport6a0a25a(Vivian Wang) #616874a398699d0] - deps: update googletest to5a9c3f9(Node.js GitHub Bot) #617314fa43adf15] - deps: update googletest to56efe39(Node.js GitHub Bot) #616051a855d490c] - deps: update googletest to8508785(Node.js GitHub Bot) #61417d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #60523e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #619280707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #6182746043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #611356be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #6127110881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #611381594a78c85] - deps: update googletest to065127f(Node.js GitHub Bot) #610557fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #6089809259532ef] - deps: update googletest to1b96fa1(Node.js GitHub Bot) #60739aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #60646cc849fde27] - deps: update googletest to279f847(Node.js GitHub Bot) #60219a99ba553a2] - deps: update googletest to50b8600(Node.js GitHub Bot) #599556349a79f5f] - deps: update googletest to7e17b15(Node.js GitHub Bot) #591318ba759f1a0] - deps: update googletest to35b75a2(Node.js GitHub Bot) #58710927d906850] - deps: update googletest toe9092b1(Node.js GitHub Bot) #58565bf8919f5c2] - deps: update googletest to0bdccf4(Node.js GitHub Bot) #57380ae6231dac0] - deps: update googletest toe235eb3(Node.js GitHub Bot) #568730561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #61732f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #6054315bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #6191204d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #619122ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #61510622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #608422cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #6064365e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #605502dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #614532c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #59354a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #59344ffd0ada45f] - doc: fix typo intest/common/README.md(Yoo) #59180b4d9d006e7] - doc: fix broken sentence inURL.parse(Superchupu) #5916445e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #59123e9fd10b5d6] - doc: fixfetchsubsections inglobals.md(Antoine du Hamel) #589333715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #58753098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #58599545bf434e1] - doc: fix typo of filehttp.md,outgoingMessage.setTimeoutsection (yusheng chen) #58188b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #614508fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #6137131d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #581785ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #614025c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #61639183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #55623dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #619484106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #60995de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #60565368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #61629e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #591585630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #584781e5363bb63] - test: marktest-http2-debugas flaky on LinuxONE (Richard Lau) #58494662998787a] - test: settest-fs-cpas flaky (Stefan Stojanovic) #567990807127339] - test: marktest-esm-loader-hooks-inspect-waitflaky (Richard Lau) #568036320cd0721] - test: skip strace test with shared openssl (Richard Lau) #6198783b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #587526cf9b5786e] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #61672cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #616636dc2a99a0d] - tools: validate release commit diff as part oflint-release-proposal(Antoine du Hamel) #614405014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #582556c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #619031abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #6175964beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #6099797fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#79214fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#8021febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#77351f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#75985f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313Commits
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547fba0025b9c] - build: usewindows-2025runner (Michaël Zasso) #596733456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #599566277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #595711788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #601125d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #597919f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689d0edb01d25] - deps: update googletest toeb2d85e(Node.js GitHub Bot) #59335576242ff39] - deps: V8: cherry-picka0d0d4f(Ho Cheung) #60716a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133acec79989e] - deps: V8: cherry-pick6b1b9bc(zhoumingtao) #59283e65b930aa7] - deps: V8: backport2e4c5cf(Michaël Zasso) #606541b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #60114a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #599322426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #59806e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #59562e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #595798a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #590808c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #594704f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #58876082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du HaConfiguration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.