chore(deps): update all non-major dependencies#223
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update all non-major dependencies#223renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
|
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
208bb6b to
8bf4be6
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
9ff672b to
489bccd
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
90d3649 to
6c793e4
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
f89dffe to
d332ccc
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
cff50d7 to
fde37c2
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
d796bf6 to
fe22061
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
107f636 to
556a5b2
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
58b53f4 to
de0107d
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
1396c8d to
d0ff348
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
d3d66de to
d36cbb3
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
7 times, most recently
from
b02f714 to
31a70f7
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
31a70f7 to
31fb894
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.3.0→5.5.15.3.0→5.5.10.5.2→0.7.02.29.8→2.31.020.19.30→20.19.408.53.1→8.59.28.53.1→8.59.29.6.0→9.8.09.39.2→9.39.430.2.0→30.4.222.22.0→22.22.211.8.0→11.14.13.8.1→3.8.329.4.6→29.4.9Release Notes
apollographql/apollo-server (@apollo/server)
v5.5.1Compare Source
Patch Changes
3f46c51Thanks @mhassan1! - Replace dependencyuuidwith calls tocrypto.randomUUID.v5.5.0Compare Source
Minor Changes
#8191⚠️ SECURITY
ada1200Thanks @glasser! -@apollo/server/standalone:Apollo Server now rejects GraphQL
GETrequests which contain aContent-Typeheader other thanapplication/json(with optional parameters such as; charset=utf-8). Any other value is now rejected with a 415 status code.(GraphQL
GETrequests without aContent-Typeheader are still allowed, though they do still need to contain a non-emptyX-Apollo-Operation-NameorApollo-Require-Preflightheader to be processed if the default CSRF prevention feature is enabled.)This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.
If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.
This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty
Content-Typeheaders withGETrequests with types other thanapplication/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.See advisory GHSA-9q82-xgwf-vj6h for more details.
v5.4.0Compare Source
Minor Changes
d25a5bdThanks @phryneas! -@apollo/server/standalone:The default configuration of
startStandaloneServerwas vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE).
Any other character set will be rejected with a
415 Unsupported Media Typeerror.Note that the more recent JSON RFC, RFC 8259, is more strict and will only allow UTF-8.
Since this is a minor release, we have chosen to remain compatible with the more permissive RFC 7159 for now.
In a future major release, we may tighten this restriction further to only allow UTF-8.
If you were not using
startStandaloneServer, you were not affected by this vulnerability.Generally, please note that we provide
startStandaloneServeras a convenience tool for quickly getting started with Apollo Server.For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.
apollographql/apollo-server (@apollo/server-integration-testsuite)
v5.5.1Compare Source
Patch Changes
3f46c51]:v5.5.0Compare Source
Minor Changes
#8191⚠️ SECURITY
ada1200-@apollo/server/standalone:Apollo Server now rejects GraphQL
GETrequests which contain aContent-Typeheader other thanapplication/json(with optional parameters such as; charset=utf-8). Any other value is now rejected with a 415 status code.(GraphQL
GETrequests without aContent-Typeheader are still allowed, though they do still need to contain a non-emptyX-Apollo-Operation-NameorApollo-Require-Preflightheader to be processed if the default CSRF prevention feature is enabled.)This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.
If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.
This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty
Content-Typeheaders withGETrequests with types other thanapplication/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.See advisory GHSA-9q82-xgwf-vj6h for more details.
Patch Changes
ada1200]:v5.4.0Compare Source
Patch Changes
d25a5bd]:changesets/changesets (@changesets/changelog-github)
v0.7.0Compare Source
Minor Changes
94578cfThanks @Kauhsa! - AddeddisableThanksoptionv0.6.0Compare Source
Minor Changes
fd0bc2eThanks @mixelburg! - Linkify issue references in changelog entries.Patch Changes
#1810
27fd8f4Thanks @hirasso! - Replace deprecatedString.prototype.trimRightwithString.prototype.trimEndUpdated dependencies [
d4b8ad8,e462d89]:typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
v8.59.2Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.1Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.0Compare Source
🚀 Features
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.58.2Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.58.1Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.58.0Compare Source
🚀 Features
🩹 Fixes
no-unnecessary-type-arguments(#12163)❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.57.2Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.57.1Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.57.0Compare Source
🚀 Features
🩹 Fixes
TypeOrValueSpecifierto prefer-promise-reject-errors (#12094)cookedwill benull(#11355)❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.56.1Compare Source
This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.56.0Compare Source
🚀 Features
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.55.0Compare Source
🚀 Features
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.54.0Compare Source
🚀 Features
🩹 Fixes
def.name(#11982)❤️ Thank You
You can read about our versioning strategy and releases on our website.
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v8.59.2Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.58.2Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.58.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.58.0Compare Source
🚀 Features
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.57.2Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.57.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.57.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.56.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.56.0Compare Source
🚀 Features
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.55.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.54.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
You can read about our versioning strategy and releases on our website.
streetsidesoftware/cspell (cspell)
v9.8.0Compare Source
Features
feat: make flatpack diff friendly (#8680)
feat: make flatpack diff friendly (#8680)
v9.7.0Compare Source
Features
feat: Substitution Part 4 - enable substitutions during document check (#8630)
feat: Substitution Part 4 - enable substitutions during document check (#8630)
v9.6.4Compare Source
Fixes
fix: add --no-dictionary option to lint command (#8514)
fix: add --no-dictionary option to lint command (#8514)
v9.6.3Compare Source
Fixes
fix: Add `engines` setting (#8491)
fix: Add
enginessetting (#8491)v9.6.2Compare Source
Fixes
fix: Conditionally compress and build bTrie (#8437)
fix: Conditionally compress and build bTrie (#8437)
v9.6.1Compare Source
Fixes
fix: Move performance monitoring into its own package (#8431)
fix: Move performance monitoring into its own package (#8431)
eslint/eslint (eslint)
v9.39.4Compare Source
Bug Fixes
f18f6c8fix: update dependency minimatch to ^3.1.5 (#20564) (Milos Djermanovic)a3c868ffix: update dependency @eslint/eslintrc to ^3.3.4 (#20554) (Milos Djermanovic)234d005fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles)b1b37eefix: updateajvto6.14.0to address security vulnerabilities (#20538) (루밀LuMir)Documentation
4675152docs: add deprecation notice partial (#20520) (Milos Djermanovic)Chores
b8b4eb1chore: update dependencies for ESLint v9.39.4 (#20596) (Francesco Trotta)71b2f6bchore: package.json update for @eslint/js release (Jenkins)1d16c2fci: pin Node.js 25.6.1 (#20563) (Milos Djermanovic)v9.39.3Compare Source
Bug Fixes
791bf8dfix: restore TypeScript 4.0 compatibility in types (#20504) (sethamus)Chores
8594a43chore: upgrade @eslint/js@9.39.3 (#20529) (Milos Djermanovic)9ceef92chore: package.json update for @eslint/js release (Jenkins)af498c6chore: ignore/docs/v9.xin link checker (#20453) (Milos Djermanovic)jestjs/jest (jest)
v30.4.2Compare Source
Fixes
[jest-runtime]Fix named imports from CJS modules whosemodule.exportsis a function with own-property exports (#16150)v30.4.1Compare Source
Features
[jest-config, jest-core, jest-runner, jest-schemas, jest-types]Allow custom runner configuration options via tuple format['runner-path', {options}](#16141)Fixes
[jest-runtime]Align CJS-from-ESM default export with Node:module.exportsis always the ESM default,__esModuleunwrapping is no longer applied (#16143)v30.4.0Compare Source
Features
[babel-jest]Support collecting coverage from.mts,.cts(and other) files (#15994)[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]Add--collect-testsflag to discover and list tests without executing them (#16006)[jest-config, jest-runner, jest-worker]AddworkerGracefulExitTimeoutconfig option to control how long workers are given to exit before being force-killed (#15984)[jest-config]Add support forjest.config.mtsas a valid configuration file (#16005)[jest-config, jest-core, jest-reporters, jest-runner]verboseandsilentcan now be set per-project; the project-level value overrides the global value for that project's tests (#16133)[@jest/fake-timers]AcceptTemporal.Durationinjest.advanceTimersByTime()andjest.advanceTimersByTimeAsync()(#16128)[@jest/fake-timers]AcceptTemporal.InstantandTemporal.ZonedDateTimeinjest.setSystemTime()anduseFakeTimers({now})(#16128)[@jest/fake-timers]Support fakingTemporal.Now.*(#16131)[jest-mock]AddclearMocksOnScope(scope)onModuleMockerfor clearing every mock function exposed on a scope object (#16088)[jest-resolve]AddcanResolveSync()onResolverso callers can detect when a user-configured resolver only exports anasynchook (#16064)[jest-runtime]Use synchronousevaluate()for ES modules without top-levelawaiton Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)[jest-runtime]Supportrequire()of ES modules on Node v24.9+ (#16074)[jest-runtime]Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)[@jest/transform]AddcanTransformSync(filename)onScriptTransformerso callers can pick the sync vs async transform path (#16062)[jest-util]AddisErrorhelper (#16076)[pretty-format]Support React 19 (#16123)Fixes
[expect-utils]FixtoStrictEqualfailing onstructuredCloneresults due to cross-realm constructor mismatch (#15959)[@jest/expect-utils]PreventtoMatchObject/subset matching from throwing when encountering exotic iterables (#15952)[fake-timers]ConvertDateto milliseconds before passing to@sinonjs/fake-timers(#16029)[jest]ExportGlobalConfigandProjectConfigTypeScript types (#16132)[jest-circus]Prevent crash whenasyncErroris undefined for non-Error throws (#16003)[jest-circus, jest-jasmine2]IncludeError.causein JSONfailureMessagesoutput (#15967)[jest-config]Fix preset path resolution on Windows when the preset uses subpathexports(#15961)[jest-config]AllowcollectCoverageandcoverageProviderin project config without a validation warning ([#16132](https://redirect.github.com/jestjs/jeConfiguration
📅 Schedule: (in timezone America/Los_Angeles)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.