chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@types/node (source)	25.3.2 → 25.5.0
eslint (source)	9.39.3 → 9.39.4
fs-extra	11.3.3 → 11.3.4

---

Release Notes

eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#​20564) (Milos Djermanovic)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#​20554) (Milos Djermanovic)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#​20549) (Andrej Beles)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#​20538) (루밀LuMir)

Documentation

• 4675152 docs: add deprecation notice partial (#​20520) (Milos Djermanovic)

Chores

• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#​20596) (Francesco Trotta)
• 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
• 1d16c2f ci: pin Node.js 25.6.1 (#​20563) (Milos Djermanovic)

jprichardson/node-fs-extra (fs-extra)

v11.3.4

Compare Source

• Fix bug where calling ensureSymlink/ensureSymlinkSync with a relative srcPath would fail if the symlink already existed (#​1038, #​1064)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.64%. Comparing base (9f04541) to head (840e028).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #157   +/-   ##
=======================================
  Coverage   89.64%   89.64%           
=======================================
  Files           3        3           
  Lines         251      251           
=======================================
  Hits          225      225           
  Misses         26       26           

Flag	Coverage Δ
unittests	89.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.45s
✅ COPYPASTE	jscpd	yes		no	no	1.88s
✅ JAVASCRIPT	eslint	11		0	0	2.19s
✅ JSON	jsonlint	7		0	0	0.12s
✅ JSON	npm-package-json-lint	yes		no	no	0.52s
⚠️ JSON	prettier	7		1	0	0.46s
✅ JSON	v8r	7		0	0	11.59s
⚠️ MARKDOWN	markdownlint	6		17	0	0.88s
⚠️ MARKDOWN	markdown-table-formatter	6		1	0	0.29s
✅ REPOSITORY	checkov	yes		no	no	20.35s
✅ REPOSITORY	gitleaks	yes		no	no	0.62s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		2	no	38.87s
✅ REPOSITORY	secretlint	yes		no	no	1.05s
✅ REPOSITORY	syft	yes		no	no	2.0s
❌ REPOSITORY	trivy	yes		1	no	13.1s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.61s
✅ REPOSITORY	trufflehog	yes		no	no	4.12s
✅ SPELL	cspell	40		0	0	3.83s
⚠️ SPELL	lychee	23		3	0	1.05s
✅ TYPESCRIPT	eslint	1		0	0	1.57s
⚠️ TYPESCRIPT	prettier	1		1	0	0.48s
⚠️ TYPESCRIPT	ts-standard	1		1	0	0.48s
⚠️ YAML	prettier	8		1	3	0.52s
✅ YAML	v8r	8		0	0	6.61s
✅ YAML	yamllint	8		0	0	0.47s

Detailed Issues

❌ REPOSITORY / grype - 2 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME  INSTALLED  FIXED IN  TYPE  VULNERABILITY        SEVERITY  EPSS          RISK   
tar   7.5.9      7.5.10    npm   GHSA-qffp-2rhf-9h96  High      < 0.1% (4th)  < 0.1  
tar   7.5.9      7.5.11    npm   GHSA-9ppj-qmqm-q256  High      < 0.1% (0th)  < 0.1
[0038] ERROR discovered vulnerabilities at or above the severity threshold

❌ REPOSITORY / trivy - 1 error

------------------------------------------->] 100.00% 69.97 MiB p/s ETA 0s87.36 MiB / 87.36 MiB [-------------------------------------------------] 100.00% 15.13 MiB p/s 6.0s2026-03-12T17:41:16Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-03-12T17:41:16Z	INFO	[vuln] Vulnerability scanning is enabled
2026-03-12T17:41:16Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-03-12T17:41:16Z	INFO	[checks-client] Need to update the checks bundle
2026-03-12T17:41:16Z	INFO	[checks-client] Downloading the checks bundle...
235.65 KiB / 235.65 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2026-03-12T17:41:21Z	INFO	[npm] To collect the license information of packages, "npm install" needs to be performed beforehand	dir="node_modules"
2026-03-12T17:41:21Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2026-03-12T17:41:21Z	INFO	Number of language-specific files	num=1
2026-03-12T17:41:21Z	INFO	[npm] Detecting vulnerabilities...
2026-03-12T17:41:21Z	INFO	Detected config files	num=0

Report Summary

┌───────────────────┬──────┬─────────────────┬───────────────────┐
│      Target       │ Type │ Vulnerabilities │ Misconfigurations │
├───────────────────┼──────┼─────────────────┼───────────────────┤
│ package-lock.json │ npm  │        2        │         -         │
└───────────────────┴──────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


package-lock.json (npm)
=======================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                        Title                         │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────┤
│ tar     │ CVE-2026-29786 │ HIGH     │ fixed  │ 7.5.9             │ 7.5.10        │ node-tar: hardlink path traversal via drive-relative │
│         │                │          │        │                   │               │ linkpath                                             │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-29786           │
│         ├────────────────┤          │        │                   ├───────────────┼──────────────────────────────────────────────────────┤
│         │ CVE-2026-31802 │          │        │                   │ 7.5.11        │ tar: tar: File overwrite via drive-relative symlink  │
│         │                │          │        │                   │               │ traversal                                            │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-31802           │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────┘

📣 Notices:
  - Version 0.69.3 of Trivy is now available, current version is 0.69.1

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 4000 characters out of 7045)

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/test.yml:78:11: input "file" is not defined in action "codecov/codecov-action@v5". available inputs are "base_sha", "binary", "codecov_yml_path", "commit_parent", "directory", "disable_file_fixes", "disable_safe_directory", "disable_search", "disable_telem", "dry_run", "env_vars", "exclude", "fail_ci_if_error", "files", "flags", "force", "gcov_args", "gcov_executable", "gcov_ignore", "gcov_include", "git_service", "handle_no_reports_found", "job_code", "name", "network_filter", "network_prefix", "os", "override_branch", "override_build", "override_build_url", "override_commit", "override_pr", "plugins", "recurse_submodules", "report_code", "report_type", "root_dir", "run_command", "skip_validation", "slug", "swift_project", "token", "url", "use_legacy_upload_endpoint", "use_oidc", "use_pypi", "verbose", "version", "working-directory" [action]
   |
78 |           file: coverage.lcov
   |           ^~~~~

⚠️ SPELL / lychee - 3 errors

[ERROR] https://www.contributor-covenant.org/ | Network error: error sending request for url (https://www.contributor-covenant.org/) Maybe a certificate error?
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
[403] https://npmjs.org/package/java-caller | Network error: Forbidden
📝 Summary
---------------------
🔍 Total...........64
✅ Successful......15
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded........46
❓ Unknown..........0
🚫 Errors...........3

Errors in CODE_OF_CONDUCT.md
[ERROR] https://www.contributor-covenant.org/ | Network error: error sending request for url (https://www.contributor-covenant.org/) Maybe a certificate error?

Errors in README.md
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
[403] https://npmjs.org/package/java-caller | Network error: Forbidden

⚠️ MARKDOWN / markdown-table-formatter - 1 error

1 files contain markdown tables to format:
- README.md

⚠️ MARKDOWN / markdownlint - 17 errors

CODE_OF_CONDUCT.md:58:44 error MD034/no-bare-urls Bare URL used [Context: "nicolas.vuillamy@gmail.com"]
CODE_OF_CONDUCT.md:71:14 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
CODE_OF_CONDUCT.md:76:1 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:47 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:1 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:68:361 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:70:123 error MD060/table-column-style Table column style [Table pipe has extra space to the left for style "compact"]
README.md:74:315 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:75:310 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:76:208 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:77:233 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]

⚠️ JSON / prettier - 1 error

Checking formatting...
[warn] .cspell.json
[warn] .vscode/launch.json
[warn] examples/cli_app/lib/java-caller-config.json
[warn] examples/cli_app/package.json
[warn] examples/module_app/package.json
[warn] renovate.json
[warn] Code style issues found in 6 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / prettier - 1 error

Checking formatting...
[warn] lib/index.d.ts
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/deploy.yml
[warn] .github/workflows/test.yml
[warn] Code style issues found in 2 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / ts-standard - 1 error

Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,COPYPASTE_JSCPD,JAVASCRIPT_ES,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,TYPESCRIPT_ES,TYPESCRIPT_STANDARD,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository