chore(deps): update all minor dependency bump#314
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
Conversation
renovate
bot
force-pushed
the
renovate/all-minor
branch
9 times, most recently
from
df1aa99 to
31332ea
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
4 times, most recently
from
945f585 to
078dc6e
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
3 times, most recently
from
2c1886f to
a2a9217
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
3 times, most recently
from
ba94b57 to
22e8027
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
4 times, most recently
from
95520a2 to
6665818
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
3 times, most recently
from
4df26a5 to
753b78e
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
3 times, most recently
from
87e0bb1 to
9be68c9
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
from
9be68c9 to
5dad9af
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
3 times, most recently
from
ab9f35c to
ffd8d81
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
4 times, most recently
from
260c516 to
ee8a27d
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
5 times, most recently
from
c5ba6b4 to
17896e8
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
4 times, most recently
from
10e7826 to
ca13648
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
3 times, most recently
from
35703c1 to
0a153f6
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
2 times, most recently
from
e1c2542 to
2ac5c2f
Compare
renovate
bot
force-pushed
the
renovate/all-minor
branch
from
2ac5c2f to
d06ac5e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.61.0→1.68.01.34.0→1.38.01.90.0→1.100.09.37.0→9.39.217.0.0→17.3.024.11.1→24.13.110.18.3→10.29.33.6.2→3.8.18.3.0→8.4.0Release Notes
FRSOURCE/toolkit (@frsource/eslint-config)
v1.68.0Compare Source
Bug Fixes
69519bc, closes #229v1.67.0Compare Source
Bug Fixes
69519bc, closes #229v1.66.0Compare Source
v1.65.0Compare Source
Bug Fixes
v1.64.0Compare Source
v1.63.0Compare Source
v1.62.0Compare Source
Bug Fixes
FRSOURCE/toolkit (@frsource/prettier-config)
v1.38.0Compare Source
v1.37.0Compare Source
v1.36.0Compare Source
v1.35.0Compare Source
Bug Fixes
FRSOURCE/toolkit (@frsource/semantic-release-config)
v1.100.0Compare Source
v1.99.0Compare Source
v1.98.0Compare Source
v1.97.0Compare Source
v1.96.0Compare Source
v1.95.0Compare Source
v1.94.0Compare Source
v1.93.0Compare Source
v1.92.0Compare Source
v1.91.0Compare Source
Bug Fixes
eslint/eslint (eslint)
v9.39.2Compare Source
v9.39.1Compare Source
v9.39.0Compare Source
v9.38.0Compare Source
Features
ce40f74feat: updatecomplexityrule to only highlight function header (#20048) (Atul Nair)e37e590feat: correctno-loss-of-precisionfalse positives withenotation (#20187) (Francesco Trotta)Bug Fixes
50c3dfdfix: improve type support for isolated dependencies in pnpm (#20201) (Francesco Trotta)a1f06a3fix: correct SourceCode typings (#20114) (Pixel998)Documentation
462675adocs: improve web accessibility by hiding non-semantic character (#20205) (루밀LuMir)c070e65docs: correct formatting inno-irregular-whitespacerule documentation (#20203) (루밀LuMir)b39e71adocs: Update README (GitHub Actions Bot)cd39983docs: movecustom-formatterstype descriptions tonodejs-api(#20190) (Percy Ma)Chores
d17c795chore: upgrade @eslint/js@9.38.0 (#20221) (Milos Djermanovic)25d0e33chore: package.json update for @eslint/js release (Jenkins)c82b5efrefactor: Use types from @eslint/core (#20168) (Nicholas C. Zakas)ff31609ci: add Node.js 25 toci.yml(#20220) (루밀LuMir)004577eci: bump github/codeql-action from 3 to 4 (#20211) (dependabot[bot])eac71fbtest: remove use ofnodejsScopeoption of eslint-scope from tests (#20206) (Milos Djermanovic)4168a18chore: fix typo in legacy-eslint.js (#20202) (Sweta Tanwar)205dbd2chore: fix typos (#20200) (ntnyq)dbb200echore: use team member's username when name is not available in data (#20194) (Milos Djermanovic)8962089chore: mark deprecated rules as available until v11.0.0 (#20184) (Pixel998)sindresorhus/globals (globals)
v17.3.0Compare Source
295fba9v17.2.0Compare Source
jasmine: AddthrowUnlessandthrowUnlessAsyncglobals (#335)97f23a7v17.1.0Compare Source
webpackandrspackglobals (#333)65cae73nodejs/node (node)
v24.13.1Compare Source
v24.13.0: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #609973e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #612834ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#79789adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#7487302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#77320075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#75920591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v24.12.0: 2025-12-10, Version 24.12.0 'Krypton' (LTS), @targosCompare Source
Notable Changes
1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #599828987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #6060092c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #5879792ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #5971105d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #59807Commits
e4a23a35ac] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #60603b6114ae5c9] - benchmark: add per-suite setup option (Joyee Cheung) #60574ac8e90af7c] - buffer: speed up concat via TypedArray#set (Gürgün Dayıoğlu) #60399acbc8ca13e] - build: upgrade Python linter ruff, add rules ASYNC,PERF (Christian Clauss) #59984f97a609a07] - console: optimize single-string logging (Gürgün Dayıoğlu) #604226cd9bdc580] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #606620fafe24d9b] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #6053854421e0419] - debugger: fix event listener leak in the run command (Joyee Cheung) #60464c361a628b4] - deps: V8: cherry-pick72b0e27(pthier) #60732c70f4588dd] - deps: V8: cherry-pick6bb32bd(Erik Corry) #60732881fe784c5] - deps: V8: cherry-pick0dd2318(Erik Corry) #60732457c33efcc] - deps: V8: cherry-pickdf20105(Erik Corry) #607320bf45a829c] - deps: V8: backporte5dbbba(Darshan Sen) #605244993bdc476] - deps: V8: cherry-pick5ba9200(Juan José Arboleda) #606201e9abe0078] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #608423f704ed08f] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #6064304e360fdb1] - deps: V8: cherry-pick06bf293,146962dande0fb10b(Michaël Zasso) #60713fcbd8dbbde] - deps: patch V8 to 13.6.233.17 (Michaël Zasso) #6071228e9433f39] - deps: V8: cherry-pick8735658(Joyee Cheung) #600693cac85b243] - deps: V8: backport2e4c5cf(Michaël Zasso) #606541daece1970] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #606095f55a9c9ea] - deps: nghttp2: revert7784fa9(Antoine du Hamel) #597901d9e7c1f4d] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #597903140415068] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #60542d911f9f1b8] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #60541daaaf04a32] - deps: V8: cherry-pick2abc613(Richard Lau) #60177b4f63ee5f8] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #60650effcf7a8ab] - doc: fix link in--env-file=filesection (N. Bighetti) #605637011736703] - doc: fix linter issues (Antoine du Hamel) #606365cc79d8945] - doc: add missing history entry forsqlite.md(Antoine du Hamel) #60607bbc649057c] - doc: correct values/references for buffer.kMaxLength (René) #60305ea7ecb517b] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #6001758bff04cc2] - doc: highlight module loading difference between import and require (Ajay A) #59815bbcbff9b4d] - doc: add CJS code snippets insqlite.md(Allon Murienik) #60395f8af33d5a7] - doc: fix typo inprocess.unrefdocumentation (우혁) #59698df105dc351] - doc: add some entries toglossary.md(Mohataseem Khan) #592774955cb2b5b] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #582056283bb5cc9] - doc: fix pseudo code in modules.md (chirsz) #57677d5059ea537] - doc: add missing variable in code snippet (Koushil Mankali) #55478900de373ae] - doc: add missing word insingle-executable-applications.md(Konstantin Tsabolov) #538645735044c8b] - doc: fix typo in http.md (Michael Solomon) #593542dee6df831] - doc: update devcontainer.json and add documentation (Joyee Cheung) #604728f2d98d7d2] - doc: add haramj as triager (Haram Jeong) #60348bbd7fdfff4] - doc: clarify require(esm) description (dynst) #6052033ad11a764] - doc: instantiate resolver object (Donghoon Nam) #6047681a61274f3] - doc: correct module loading descriptions (Joyee Cheung) #6034677911185fe] - doc: clarify --use-system-ca support status (Joyee Cheung) #60340185f6e95d9] - doc,crypto: link keygen to supported types (Filip Skokan) #60585772d6c6608] - doc,src,lib: clarify experimental status of Web Storage support (Antoine du Hamel) #60708ad98e11ac2] - esm: use sync loading/resolving on non-loader-hook thread (Joyee Cheung) #603801a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #597785703ce68bc] - http: replace startsWith with strict equality (btea) #593942b696ffad8] - http2: add diagnostics channels for client stream request body (Darshan Sen) #60480dbdf4cb5a5] - inspector: inspect HTTP response body (Chengzhong Wu) #605729dc9a7d33d] - inspector: support inspecting HTTP/2 request and response bodies (Darshan Sen) #6048389fa2befe4] - inspector: fix crash when receiving non json message (Shima Ryuhei) #60388ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #5998233baaf42c8] - lib: replace global SharedArrayBuffer constructor with bound method (Renegade334) #60497b047586a08] - meta: bump actions/download-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #6053264192176d7] - meta: bump actions/upload-artifact from 4.6.2 to 5.0.0 (dependabot[bot]) #60531af6d4a6b9b] - meta: bump github/codeql-action from 3.30.5 to 4.31.2 (dependabot[bot]) #60533c17276fd24] - meta: bump actions/setup-node from 5.0.0 to 6.0.0 (dependabot[bot]) #605296e8b52a7dc] - meta: bump actions/stale from 10.0.0 to 10.1.0 (dependabot[bot]) #60528a12658595b] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #603668987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #6060036da413663] - module: fix directory option in the enableCompileCache() API (Joyee Cheung) #5993192c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953545162b0d4] - node-api: use local files for instanceof test (Vladimir Morozov) #60190526c011d89] - perf_hooks: fix stack overflow error (Antoine du Hamel) #600841de0476939] - perf_hooks: move non-standard performance properties to perf_hooks (Chengzhong Wu) #6037007ec1239ef] - repl: fix pasting after moving the cursor to the left (Ruben Bridgewater) #60470b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217273c9661fd] - sqlite,doc: fix StatementSync section (Edy Silva) #60474d92ec21a4c] - src: use CP_UTF8 for wide file names on win32 (Fedor Indutny) #60575baef0468ed] - src: move Node-API version detection to where it is used (Anna Henningsen) #60512e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #58797566add0b19] - src: avoid C strings in more C++ exception throws (Anna Henningsen) #605929b796347c1] - src: add internal binding for constructing SharedArrayBuffers (Renegade334) #604973b01cbb411] - src: movenapi_addon_register_functonode_api_types.h(Anna Henningsen) #6051202fb7f4ecb] - src: remove unconditional NAPI_EXPERIMENTAL in node.h (Chengzhong Wu) #60345bd09ae24e4] - src: clean up generic counter implementation (Anna Henningsen) #60447cd6bf51dbd] - src: add enum handle for ToStringHelper + formatting (Burkov Egor) #5682992ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #59711ac3dbe48f7] - stream: don't try to read more if reading (Robert Nagy) #60454790288a93b] - test: ensure assertions are reachable intest/internet(Antoine du Hamel) #605130a85132989] - test: fix status when compiled without inspector (Antoine du Hamel) #602892f57673172] - test: deflake test-perf-hooks-timerify-histogram-sync (Joyee Cheung) #6063909726269de] - test: apply a delay towatch-mode-kill-signaltests (Joyee Cheung) #6061045537b9562] - test: async iife in repl (Tony Gorez) #448784ca81f101d] - test: parallelize sea tests when there's enough disk space (Joyee Cheung) #60604ea71e96191] - test: only show overridden env in child process failures (Joyee Cheung) #6055606b2e348c7] - test: ensure assertions are reached on more tests (Antoine du Hamel) #60498de9c8cb670] - test: ensure assertions are reachable intest/es-module(Antoine du Hamel) #6050175bc40fced] - test: ensure assertions are reached on more tests (Antoine du Hamel) #604851a6084cfd3] - test: ensure assertions are reached on more tests (Antoine du Hamel) #605002c651c90cf] - test: split test-perf-hooks-timerify (Joyee Cheung) #605686e8b5f7345] - test: add more logs to test-esm-loader-hooks-inspect-wait (Joyee Cheung) #604669dea7ffa30] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #605650b3c3b710a] - test: split test-esm-wasm.js (Joyee Cheung) #60491a15b795b34] - test: correct conditional secure heap flags test (Shelley Vohr) #6038538b77b3a44] - test: fix flaky test-watch-mode-kill-signal-* (Joyee Cheung) #60443e8d7598057] - test: capture stack trace in debugger timeout errors (Joyee Cheung) #60457674befeb81] - test: ensure assertions are reachable intest/sequential(Antoine du Hamel) #60412952c08a735] - test: ensure assertions are reachable in more folders (Antoine du Hamel) #60411bbca57584b] - test: split test-runner-watch-mode (Joyee Cheung) #60391e78e0cf6e7] - test: move test-runner-watch-mode helper into common (Joyee Cheung) #6039184576ef021] - test: ensure assertions are reachable intest/addons(Antoine du Hamel) #601421659078c11] - test: ignore EPIPE errors in https proxy invalid URL test (Joyee Cheung) #6026979ffee80ec] - test: ensure assertions are reachable intest/client-proxy(Antoine du Hamel) #60175e5a812243a] - test: ensure assertions are reachable intest/async-hooks(Antoine du Hamel) #60150e924fd72e3] - test,crypto: handle a few more BoringSSL tests (Shelley Vohr) #59030a55ac11611] - test,crypto: update x448 and ed448 expectation when on boringssl (Shelley Vohr) #6038755d5e9ec73] - tls: fix leak on invalid protocol method (Shelley Vohr) #604275763c96e7c] - tools: replace invalid expression in dependabot config (Riddhi) #60649b6e21b47d7] - tools: skip unaffected GHA jobs for changes intest/internet(Antoine du Hamel) #60517999664c76d] - tools: do not use short hashes for deps versioning to avoid collision (Antoine du Hamel) #60407ada856d0fb] - tools: only add test reporter args when node:test is used (Joyee Cheung) #605511812c56bb3] - tools: fix update-icu script (Michaël Zasso) #60521747040438a] - tools: fix linter for semver-major release proposals (Antoine du Hamel) #60481f170551e40] - tools: fix failing release-proposal linter for LTS transitions (Antoine du Hamel) #604652db4ea0ce4] - tools: remove undici from daily wpt.fyi job (Filip Skokan) #604442a85aa4e7b] - tools: add lint rule to ensure assertions are reached (Antoine du Hamel) #6012548299ef5fb] - tools,doc: update JavaScript primitive types to match MDN Web Docs (JustApple) #605817ec04cf936] - util: fix stylize of special properties in inspect (Ge Gao) #6047905d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #59807884fe884a1] - vm: hint module identifier in instantiate errors (Chengzhong Wu) #60199a2caf19f70] - watch: fix interaction with multiple env files (Marco Ippolito) #60605pnpm/pnpm (pnpm)
v10.29.3Compare Source
v10.29.2Compare Source
v10.29.1: pnpm 10.29.1Compare Source
Minor Changes
pnpm dlx/pnpxcommand now supports thecatalog:protocol. Example:pnpm dlx shx@catalog:.auditLevelin thepnpm-workspace.yamlfile #10540.workspace:protocol without version specifier. It is now treated asworkspace:*and resolves to the concrete version during publish #10436.Patch Changes
Fixed
pnpm list --jsonreturning incorrect paths when using global virtual store #10187.Fix
pnpm store pathandpnpm store statususing workspace root for path resolution whenstoreDiris relative #10290.Fixed
pnpm run -rfailing with "No projects matched the filters" when an emptypnpm-workspace.yamlexists #10497.Fixed a bug where
catalogMode: strictwould write the literal string"catalog:"topnpm-workspace.yamlinstead of the resolved version specifier when re-adding an existing catalog dependency #10176.Fixed the documentation URL shown in
pnpm completion --helpto point to the correct page at https://pnpm.io/completion #10281.Skip local
file:protocol dependencies duringpnpm fetch. This fixes an issue wherepnpm fetchwould fail in Docker builds when local directory dependencies were not available #10460.Fixed
pnpm audit --jsonto respect the--audit-levelsetting for both exit code and output filtering #10540.update tar to version 7.5.7 to fix security issue
Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842
Fix
pnpm audit --fixreplacing reference overrides (e.g.$foo) with concrete versions #10325.Fix
shamefullyHoistset viaupdateConfigin.pnpmfile.cjsnot being converted topublicHoistPattern#10271.pnpm helpshould correctly report if the currently running pnpm CLI is bundled with Node.js #10561.Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for
node_modules/.bin, causing binaries to not be found when running commands like `pConfiguration
📅 Schedule: Branch creation - "before 5am on Monday" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.