fix(deps): update all non-major dependencies#781
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
commit: |
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
14 times, most recently
from
d96837b to
020e0b1
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
020e0b1 to
8480c13
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
12 times, most recently
from
101e8d3 to
2b25429
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
13 times, most recently
from
2acc773 to
54a8fa2
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
3404a72 to
71b20c6
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
71b20c6 to
aa6b2bf
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^7.29.0→^7.29.7^7.28.6→^7.29.7^7.28.6→^7.29.7^7.28.6→^7.29.7^7.29.0→^7.29.7^0.4.0→^0.4.1^1.15.33→^1.15.41^24.12.4→^24.13.27.0.0-dev.20260514.1→7.0.0-dev.20260610.1^10.3.0→^10.4.1^4.4.4→^4.4.5^18.0.1→^18.1.0^4.1.1→^4.2.0^17.0.5→^17.0.7^2.1.1→^2.1.2^0.49.0→^0.54.010.33.4→10.34.2^4.60.4→^4.61.1^1.99.0→^1.100.0^0.22.0→^0.22.2^4.22.0→^4.22.4^8.59.3→^8.61.0^0.3.0→^0.3.1^4.1.6→^4.1.8^3.5.34→^3.5.35^5.0.7→^5.1.0v0.5.3→v0.5.6Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
babel/babel (@babel/core)
v7.29.7Compare Source
v7.29.7 (2026-05-25)
Re-release all packages with npm provenance attestations
v7.29.6Compare Source
v7.29.6 (2026-05-25)
🐛 Bug Fix
babel-generatorbabel-corebabel-core,babel-generatorCommitters: 3
rollup/plugins (@rollup/plugin-swc)
v0.4.12026-05-29
Bugfixes
swc-project/swc (@swc/core)
v1.15.41Compare Source
Bug Fixes
(bindings/node) Preserve source context for AST transforms (#11920) (b6dfa74)
(es/codegen) Emit
export as namespacecorrectly (#11923) (4e1f832)(es/codegen) Emit
export as namespaceminified correctly (#11924) (7157499)(es/compat) Rewrite this in destructuring defaults (#11909) (68af779)
(es/decorators) Delay 2022 decorator initializers after private fields (#11847) (3f1a4f5)
(es/decorators) Handle import types in decorator metadata (#11916) (f411429)
(es/fixer) Preserve new tagged template callee parens (#11922) (242a03a)
(es/minifier) Handle unknown member props (#11927) (e59ba68)
(es/parser) Handle Flow async generic arrows (#11926) (b9b8993)
(es/renamer) Avoid duplicate mangled names across eval scope boundaries (#11913) (4a1af84)
(plugin) Avoid importing __free from env (#11908) (4584296)
(swc) Preserve plugin error context (#11904) (4e2e9fc)
(swc_common) Fix sourcemap panic for multibyte mapping positions (#11918) (40c1601)
Documentation
Performance
Lazily compute source file hashes (#11879) (a3cfbd7)
Optimize Atom equality (#11902) (c6f8cb0)
Revert
(es/decorators) Revert decorator initializer ordering (#11901) (a3f23b1)
(swc_common) Revert sourcemap multibyte mapping clamp (#11919) (08b4200)
v1.15.40Compare Source
Bug Fixes
(es/minifier) Preserve args for destructured callbacks (#11830) (21873b0)
(es/minifier) Avoid generating mangled property names that collide with existing properties (#11839) (9b4fab5)
(es/minifier) Respect ecma for iife temp vars (#11873) (e481934)
(es/minifier) Preserve default parameter object props (#11884) (71ff84f)
(es/parser) Reject object-rest assignment to array/object literal (#11875) (7b57d1f)
(es/parser) Reject object rest assignment to literals (#11881) (4ec2eaf)
(es/react) Exclude self-recursive hooks from refresh dependency array (#11838) (9101c71)
(ts/fast-dts) Strip definite assertions in dts (#11858) (2ab1b8a)
(ts/fast-strip) Reject unsafe assertion erasure in binary expressions (#11828) (aa5b539)
(typescript) Strip parameter binding defaults in dts (#11857) (800bc17)
Documentation
Update agent guidance (#11842) (bf2d015)
Add security policy (#11876) (6c43c2d)
Clarify security scope for npm packages (#11877) (4662db8)
Clarify untrusted input security model (#11882) (5463777)
Features
(es/minifier) Fine grained effect analysis of class (#11814) (c9058ad)
(swc_cli) Implement all features for
swc_cli(#11797) (9300ede)Miscellaneous Tasks
(es/minifier) Fix typo in debug log (#11866) (3de0254)
(html) Add webcontainer fallback for
@swc/html(#11860) (7692eed)Performance
(ecma) Reduce transformer compat overhead (#11856) (d03cb71)
(es/codegen) Speed up JsWriter position and srcmap tracking (#11867) (dbceade)
(es/codegen) Remove JsWriter last_srcmap cache (#11869) (3bc1c2b)
(es/minifier) Reduce minifier profiling hotspots (#11853) (28c1091)
Optimize es parser comment finalization (#11852) (2959ddf)
Testing
Ci
Update corepack in publish docker jobs (#11885) (9a7d954)
Pass publish docker env explicitly (#11888) (c5f7547)
Lock issues closed by merged prs (#11887) (6bd74e5)
Provide aarch64 musl linker in publish job (#11889) (20234fd)
Fix publish musl linker and windows tests (#11890) (a798a23)
Make minifier test path explicit (#11891) (e7cba97)
Security
Save CI caches only on main (#11848) (7582529)
Update rkyv and Rust dependencies (#11851) (20d92eb)
Harden PR workflow permissions (#11849) (e199564)
microsoft/typescript-go (@typescript/native-preview)
v7.0.0-dev.20260610.1Compare Source
v7.0.0-dev.20260609.1Compare Source
v7.0.0-dev.20260608.1Compare Source
v7.0.0-dev.20260607.1Compare Source
v7.0.0-dev.20260606.1Compare Source
v7.0.0-dev.20260605.1Compare Source
v7.0.0-dev.20260604.1Compare Source
v7.0.0-dev.20260603.1Compare Source
v7.0.0-dev.20260602.1Compare Source
v7.0.0-dev.20260601.1Compare Source
v7.0.0-dev.20260527.2Compare Source
v7.0.0-dev.20260527.1Compare Source
v7.0.0-dev.20260526.1Compare Source
v7.0.0-dev.20260525.1Compare Source
v7.0.0-dev.20260524.1Compare Source
v7.0.0-dev.20260523.1Compare Source
v7.0.0-dev.20260522.1Compare Source
v7.0.0-dev.20260521.1Compare Source
v7.0.0-dev.20260519.1Compare Source
v7.0.0-dev.20260518.1Compare Source
v7.0.0-dev.20260517.1Compare Source
v7.0.0-dev.20260516.1Compare Source
v7.0.0-dev.20260515.1Compare Source
eslint/eslint (eslint)
v10.4.1Compare Source
Bug Fixes
e557467fix: update@eslint/plugin-kitversion to 0.7.2 (#20930) (Francesco Trotta)d4ce898fix: propagate failures from delegated commands (#20917) (Minh Vu)f4f3507fix: prefer-arrow-callback invalid autofix with newline afterasync(#20916) (kuldeep kumar)c5bc78bfix: false positive for reference infinallyblock (#20655) (Tanuj Kanti)27538c0fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)Documentation
61b0adddocs: remove deprecated rule from related rules ofmax-params(#20921) (Tanuj Kanti)305d5b9docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)49b0202docs: fixdisplay: noneof ad (#20901) (Tanuj Kanti)9067f94docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)c91b041docs: Update README (GitHub Actions Bot)e349265docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)Chores
b0e466btest: adddataproperty to invalid tests cases for rules (#20924) (Tanuj Kanti)f78838btest: add CodePath type coverage (#20904) (Pixel998)1daa4bdchore: updateeslint-plugin-eslint-commentstest data to latest commit (#20922) (Francesco Trotta)002942cci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)64bca24chore: update ecosystem plugins (#20912) (ESLint Bot)6d7c832chore: ignore fflate updates in renovate (#20908) (Pixel998)b2c8638ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])a9b8d7fchore: increase maxBuffer for ecosystem tests (#20881) (sethamus)b702eadchore: update ecosystem update PR settings (#20884) (Pixel998)507f60echore: update ecosystem plugins (#20882) (ESLint Bot)92f5c5btest: add unit test for message-count (#20878) (kuldeep kumar)df32108chore: add @eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)327f91dchore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)f0dc4bdchore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)0f4bd25ci: run Discord alert for ecosystem test failures (#20873) (Copilot)v10.4.0Compare Source
import-js/eslint-import-resolver-typescript (eslint-import-resolver-typescript)
v4.4.5Compare Source
Patch Changes
32c61abThanks @leey0818! - fix: check tsconfig matching before using resolvereslint-community/eslint-plugin-n (eslint-plugin-n)
v18.1.0Compare Source
🌟 Features
devEngines.runtimefrom package.json (#530) (9ef3c32)🩹 Fixes
📚 Documentation
nodeca/js-yaml (js-yaml)
v4.2.0Compare Source
Added
docs/safety.mdwith notes about processing untrusted YAML.maxDepth(100) loader option. Not a problem, but gives a betterexception instead of RangeError on stack overflow.
maxMergeSeqLength(20) loader option. Not a problem aftermergefix,but an additional restriction for safety.
dist/builds.Changed
dist/files are no longer kept in the repository.Fixed
Security
elements (makes sense for malformed files > 10K).
lint-staged/lint-staged (lint-staged)
v17.0.7Compare Source
Patch Changes
e692e58- Update dependencytinyexec@^1.2.4.v17.0.6Compare Source
Patch Changes
#1803
bdf2770- Run all tests with Deno, in addition to Node.js and Bun.#1796
7508272- Fix performance regression of lint-staged v17 by going back to usinggit addto stage task modifications. This was changed togit update-index --againin v17 for less manual work, but unfortunately theupdate-indexcommand gets slower in very large Git repos.#1797
7b2505a- This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.#1802
321b0a9- Downgrade dependencytinyexec@1.2.2to avoid issues in version 1.2.3.sxzz/obug (obug)
v2.1.2Compare Source
No significant changes
View changes on GitHub
oxc-project/oxc (oxfmt)
v0.54.0Compare Source
📚 Documentation
dadafe3oxlint, oxfmt: Mention migrate skills in npm READMEs (#22965) (Boshen)f88961aoxfmt: Annotate each config option with supported languages (#22953) (leaysgur)v0.53.0Compare Source
v0.52.0Compare Source
🚀 Features
16b8058oxfmt: Supportvite-plus/resolveConfigfor vite.config.ts (#22454) (leaysgur)v0.51.0Compare Source
v0.50.0Compare Source
🐛 Bug Fixes
43b9978formatter/sort_imports: Treat subpath imports as internal (#22440) (leaysgur)pnpm/pnpm (pnpm)
v10.34.2Compare Source
v10.34.1: pnpm 10.34.1Compare Source
Patch Changes
pnpm-lock.yamlentries whose remote tarballresolution:block is missing theintegrityfield. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that stripsintegrity:) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under--frozen-lockfile. pnpm now fails closed at lockfile-read time withERR_PNPM_MISSING_TARBALL_INTEGRITY. Git-hosted tarballs (gitHosted: trueor a URL on codeload.github.com / bitbucket.org / gitlab.com) andfile:tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes.Platinum Sponsors
Gold Sponsors
v10.34.0: pnpm 10.34Compare Source
Minor Changes
Treat tarball-integrity mismatches against the lockfile as a hard failure by default. Previously,
pnpm install(non-frozen) would logERR_PNPM_TARBALL_INTEGRITY, silently re-resolve from the registry, and overwrite the locked integrity — which meant a compromised registry, proxy, or republished version could substitute attacker-controlled content on a clean machine even though the project shipped a committed lockfile.pnpm installnow exits with `ERR_PNPM_TARBALL_INTEGRIConfiguration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.