Update npm minor/patch

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@bytecodealliance/preview2-shim	0.17.8 → 0.17.9
@changesets/cli (source)	2.30.0 → 2.31.0
@types/node (source)	24.12.2 → 24.12.3
jest (source)	30.3.0 → 30.4.2
pnpm (source)	10.33.2 → 10.33.4
prettier (source)	3.8.2 → 3.8.3
solc	0.8.34 → 0.8.35

---

Release Notes

changesets/changesets (@​changesets/cli)

v2.31.0

Compare Source

Minor Changes

• #​1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

• #​1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

• d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

• #​1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

• #​1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

• #​1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

• Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

  • @​changesets/assemble-release-plan@​6.0.10
  • @​changesets/get-dependents-graph@​2.1.4
  • @​changesets/apply-release-plan@​7.1.1
  • @​changesets/get-release-plan@​4.0.16
  • @​changesets/config@​3.1.4

jestjs/jest (jest)

v30.4.2

Compare Source

Fixes

• [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#​16150)

v30.4.1

Compare Source

Features

• [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#​16141)

Fixes

• [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#​16143)

v30.4.0

Compare Source

Features

• [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#​15994)
• [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#​16006)
• [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#​15984)
• [jest-config] Add support for jest.config.mts as a valid configuration file (#​16005)
• [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#​16133)
• [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#​16128)
• [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#​16128)
• [@jest/fake-timers] Support faking Temporal.Now.* (#​16131)
• [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#​16088)
• [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#​16064)
• [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#​16062)
• [jest-runtime] Support require() of ES modules on Node v24.9+ (#​16074)
• [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#​16127)
• [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#​16062)
• [jest-util] Add isError helper (#​16076)
• [pretty-format] Support React 19 (#​16123)

Fixes

• [expect-utils] Fix toStrictEqual failing on structuredClone results due to cross-realm constructor mismatch (#​15959)
• [@jest/expect-utils] Prevent toMatchObject/subset matching from throwing when encountering exotic iterables (#​15952)
• [fake-timers] Convert Date to milliseconds before passing to @sinonjs/fake-timers (#​16029)
• [jest] Export GlobalConfig and ProjectConfig TypeScript types (#​16132)
• [jest-circus] Prevent crash when asyncError is undefined for non-Error throws (#​16003)
• [jest-circus, jest-jasmine2] Include Error.cause in JSON failureMessages output (#​15967)
• [jest-config] Fix preset path resolution on Windows when the preset uses subpath exports (#​15961)
• [jest-config] Allow collectCoverage and coverageProvider in project config without a validation warning (#​16132)
• [jest-config] Project config validator now emits "is not supported in an individual project configuration" instead of "probably a typing mistake" for known global-only options (#​16132)
• [jest-environment-node] Fix --localstorage-file warning on Node 25+ (#​16086)
• [jest-reporters] Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (#​16137)
• [jest-reporters, jest-runner, jest-runtime, jest-transform] Fix coverage report not showing correct code coverage when using projects config option (#​16140)
• [jest-runtime] Resolve expect and @jest/expect from the internal module registry so test-file imports share the same JestAssertionError as the global expect (#​16130)
• [jest-runtime] Improve CJS-from-ESM interop: __esModule/Babel default unwrap, broader named-export coverage, and shared CJS singleton across importers (#​16050)
• [jest-runtime] Load .js files with ESM syntax but no "type":"module" marker as native ESM (#​16050)
• [jest-runtime] Extend the .js-with-ESM-syntax fallback to require() on Node v24.9+ - falls back to require(esm) when the CJS parser rejects ESM syntax (#​16078)
• [jest-runtime] Fix deadlocks and double-evaluation in concurrent ESM and wasm imports (#​16050)
• [jest-runtime] Fix error when require() is called after the Jest environment has been torn down (#​15951)
• [jest-runtime] Fix missing error when import() is called after the Jest environment has been torn down (#​16080)
• [jest-runtime] Fix virtual unstable_mockModule registrations not respected in ESM (#​16081)
• [jest-runtime] Apply moduleNameMapper when resolving modules with require.resolve() and the paths option (#​16135)

Chore & Maintenance

• [@jest/fake-timers] Upgrade @sinonjs/fake-timers (#​16139)
• [jest-runtime] Use synchronous linkRequests / instantiate for ESM linking on Node v24.9+ (#​16063)

pnpm/pnpm (pnpm)

v10.33.4: pnpm 10.33.4

Compare Source

Patch Changes

• Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

  A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.

• Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #​11341.

Platinum Sponsors

Gold Sponsors

v10.33.3

Compare Source

prettier/prettier (prettier)

v3.8.3

Compare Source

ethereum/solc-js (solc)

v0.8.35

Compare Source

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • "before 9am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 5 workspace projects
 ERROR  Invalid Version: ^0.17.8

pnpm: Invalid Version: ^0.17.8
    at new _SemVer (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:6217:17)
    at compare (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:6628:65)
    at Object.eq (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:6712:31)
    at installSome (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:164030:223)
    at _install (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:163972:21)
    at async mutateModules (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:163829:23)
    at async recursive (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:165231:100)
    at async recursiveInstallThenUpdateWorkspaceState (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:165742:31)
    at async installDeps (/opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:165549:11)
    at async /opt/containerbase/tools/pnpm/10.33.4/24.15.0/node_modules/pnpm/dist/pnpm.cjs:202454:23

[changeset-bot]

⚠️ No Changeset found

Latest commit: 79358f0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​jest@​30.4.2
	npm/​@​types/​node@​24.12.3
	npm/​@​bytecodealliance/​preview2-shim@​0.17.9
	npm/​prettier@​3.8.3
	npm/​solc@​0.8.35
	npm/​@​changesets/​cli@​2.31.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm @bytecodealliance/preview2-shim License: Apache-2.0 WITH LLVM-exception - The applicable license policy does not permit this license (5) (npm metadata) License: Apache-2.0 WITH LLVM-exception - The applicable license policy does not permit this license (5) (package/package.json) License: Apache-2.0 WITH LLVM-exception - The applicable license policy does not permit this license (5) (package/LICENSE) From: crates/solidity/outputs/npm/package/package.json → npm/@bytecodealliance/preview2-shim@0.17.9 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@bytecodealliance/preview2-shim@0.17.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report