Skip to content
This repository was archived by the owner on Jul 2, 2026. It is now read-only.

chore(deps): update binary tool pins#24

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/binary-tool-pins
Open

chore(deps): update binary tool pins#24
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/binary-tool-pins

Conversation

@renovate

@renovate renovate Bot commented May 30, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Update Change
PHP-CS-Fixer/PHP-CS-Fixer patch 3.95.23.95.10
facebook/ktfmt minor 0.630.64
oxc-project/oxc minor 1.70.01.71.0
palantir/palantir-java-format minor 2.91.02.94.0
pmd/pmd minor 7.24.07.25.0
posit-dev/air minor 0.9.00.10.0

Release Notes

PHP-CS-Fixer/PHP-CS-Fixer (PHP-CS-Fixer/PHP-CS-Fixer)

v3.95.10

Compare Source

  • fix: TokensAnalyzer - handle T_PUBLIC_SET, T_PROTECTED_SET, T_PRIVATE_SET (#​9696)

v3.95.9

Compare Source

  • chore: apply class_keyword (#​9689)
  • refactor: change Fixers execution order to always-deterministic (#​9690)

v3.95.8

Compare Source

  • fix: SingleClassElementPerStatementFixer - do not drop modifiers when splitting final constants/properties (#​9687)

v3.95.7

Compare Source

  • fix: ClassReferenceNameCasingFixer - do not change case of typed class constant names (#​9686)

v3.95.6

Compare Source

  • chore: Docker - ignore root-user warning for pip (#​9682)
  • chore: fix typo in comment about fixer configuration (#​9675)
  • chore: narrow Preg::match/Preg::matchAll subject string type when match is truthy (#​9668)
  • deps: bump alpine from 3.23 to 3.24 in the all group (#​9679)
  • deps: bump codecov/codecov-action from 6 to 7 in /.github/workflows in the all group across 1 directory (#​9681)
  • deps: bump shipmonk/dead-code-detector from 1.1.3 to 1.2.0 in /dev-tools in the shipmonk group across 1 directory (#​9661)
  • deps: update dev-deps (#​9683)
  • deps: upgrade deep-deps for dev-tools (#​9677)
  • fix: PhpUnitAttributesFixer - correctly handle @requires PHPUnit with space-separated version constraint (#​9684)
  • UX: Cache - explicit deprecation for usage of non-handled objects in rules configuration, as they silently fail now; add support for JsonSerializable config values (#​9678)

v3.95.5

Compare Source

  • chore: Cleanup assert() and add more precise Preg::matchAll() return type (#​9667)
  • chore: cleanup GroupImportFixer (#​9671)
  • chore: improve TypeExpression (#​9665)
  • chore: please markdown-lint (#​9659)
  • chore: use more assert calls (#​9666)
  • deps: Allow installation of sebastian/diff:^9.0 (#​9663)
  • deps: bump crate-ci/typos from 1.47.0 to 1.47.2 in /.github/workflows in the all group across 1 directory (#​9662)
  • docs/refactor: clarify bracket types naming (#​5915)
  • fix: Add support for phpunit/phpunit:^13.2 in PhpUnitTestCaseStaticMethodCallsFixer (#​9664)
  • fix: Use AgentDetector to detect presence of AI agent only when @auto format has been selected (#​9658)
  • fix: PhpdocAddMissingParamAnnotationFixer - skip attribute tokens when extracting parameter type (#​9634)
  • fix: StaticPrivateMethodFixer - fix for private constructor and abstract static method (#​9598)
  • refactor: simplified_if_return - applyFix to use slices for token insertion (#​9670)

v3.95.4

Compare Source

  • chore: improve ArrayIndentationFixer (#​9643)
  • chore: improve ClassDefinitionFixer (#​9645)
  • chore: improve ControlCaseStructuresAnalyzer (#​9644)
  • chore: improve NoAliasFunctionsFixer (#​9647)
  • chore: improve NoSuperfluousPhpdocTagsFixer (#​9646)
  • chore: improve PhpUnitTestCaseStaticMethodCallsFixer (#​9649)
  • chore: improve Token (#​9650)
  • chore: improve WorkerException (#​9648)
  • chore: minor updates around PHPStan (#​9651)
  • deps: bump crate-ci/typos from 1.46.2 to 1.47.0 in /.github/workflows in the all group across 1 directory (#​9639)
  • deps: bump PHPStan to 2.2.1 (#​9635)
  • deps: minor upgrades of dev-tools (#​9653)
  • fix: Address credential exposure concern related to using ergebnis/agent-detector for detecting the presence of an AI agent (#​9656)
  • test: improve data providers return types (#​9642)

v3.95.3

Compare Source

  • fix: MultilinePromotedPropertiesFixer - fix for new in initializers (#​9619)
  • fix: PhpdocLineSpanFixer - run after NoSuperfluousPhpdocTagsFixer (#​9615)
  • CI: add generic phpstan/phpstan-deprecation-rules, so usage of old deprecated constants is detected (#​9636)
  • CI: replace PHP 8.6snapshot with nightly in matrix (#​9628)
  • deps: bump crate-ci/typos from 1.46.0 to 1.46.1 in /.github/workflows in the all group across 1 directory (#​9624)
  • deps: bump crate-ci/typos from 1.46.1 to 1.46.2 in /.github/workflows in the all group across 1 directory (#​9631)
  • deps: bump ergebnis/composer-normalize from 2.51.0 to 2.52.0 in /dev-tools (#​9627)
  • deps: bump the phpstan group in /dev-tools with 2 updates (#​9626)
  • deps: upgrade misc deps (#​9621)
  • refactor: AttributeBlockNoSpacesFixer - no need for loop when we already know bracket indices (#​9446)
facebook/ktfmt (facebook/ktfmt)

v0.64

Compare Source

Changed
  • Reduced overall number of allocations to improve formatting performance (~6-7%) (#​620)
  • Reuse results of Parser.parse (#​622)
  • Fix trailing lambda with chained call indentation (#​626)
Fixed
  • Support name-based destructuring declarations. (#​629)
oxc-project/oxc (oxc-project/oxc)

v1.71.0: oxlint v1.71.0 & oxfmt v0.56.0

Compare Source

Table of Contents
Oxlint v1.71.0
🚀 Features
  • ff65285 linter: no-restricted-globals add missing upstream options (#​23663) (Sysix)
  • 7b8bd89 linter/typescript: Implement suggestion for no-unnecessary-type-constraint rule (#​23646) (Mikhail Baev)
  • 0dc2405 linter: Add schema for eslint/no-restricted-properties (#​23619) (Sysix)
  • b638d0e linter: Add schema for node/callback-return (#​23615) (Sysix)
  • eb8bedc linter: Add schema for import/extensions (#​23557) (WaterWhisperer)
  • 46f3625 linter: Implement node/no-sync rule (#​23589) (fujitani sora)
  • b01739a linter: Add schema for unicorn/numeric-separators-style (#​23554) (Mikhail Baev)
  • 68afd2a linter/node: Implement no-mixed-requires rule (#​23539) (fujitani sora)
  • 59d8893 linter: unicorn/numeric-separators-style support missing options (#​23524) (Sysix)
  • a421215 linter: Add schema for eslint/prefer-destructuring (#​23410) (WaterWhisperer)
  • 84438be linter/jsdoc: Added missing options to require-param-description (#​23416) (kapobajza)
  • c145b72 linter/jsdoc/require-param-type: Implement fixer (#​23513) (camc314)
  • 51910df linter/jsdoc: Add missing options to require-param-type rule (#​23418) (kapobajza)
  • e90925f linter/unicorn: Implement prefer-number-coercion rule (#​23497) (Shekhu☺️)
  • dd1c866 linter/vue: Implement no-async-in-computed-properties rule (#​23493) (bab)
  • b02444e linter: Add schema for react/jsx-no-script-url (#​23475) (WaterWhisperer)
  • 53509a8 minifier: Treeshake pure typed arrays and Set/Map array literals (#​23469) (Dunqing)
  • a8dce46 linter/unicorn: Implement max-nested-calls rule (#​23461) (arieleli01212)
🐛 Bug Fixes
  • b1948a1 linter/radix: Avoid panic on parseInt with a spread radix argument (#​23623) (Jerry Zhao)
  • f28ccfd linter/prefer-query-selector: Use a compound selector for multiple classes (#​23628) (Jerry Zhao)
  • 13f2970 linter/prefer-numeric-literals: Avoid panic on parseInt with a spread radix argument (#​23624) (Jerry Zhao)
  • 57612b3 linter: Report invalid capitalized-comments ignore patterns (#​23608) (camc314)
  • 800ee2a linter/consistent-vitest-vi: Preserve import aliases when rewriting the import (#​23568) (Yunfei He)
  • f78b5e1 linter/consistent-indexed-object-style: Don't leak a stray comma into the value type (#​23566) (Yunfei He)
  • 6b104e8 linter/radix: Detect a trailing comma only after the argument (#​23569) (Yunfei He)
  • 2de20cb linter/unicorn/prefer-at: Correct two-argument slice().pop() index (#​23565) (Yunfei He)
  • de778ec linter: unicorn/numeric-separators-style preserve dot for floats without decial part (#​23553) (Sysix)
  • 651027c linter/curly: Remove only the block's own braces (#​23580) (Yunfei He)
  • 687e835 linter/array-type: Parenthesize a conditional-type element (#​23579) (Yunfei He)
  • 9c80dff linter/unicorn/no-unnecessary-await: Don't paste operators into invalid syntax (#​23556) (Yunfei He)
  • 46e1463 linter/no-compare-neg-zero: Delete the - of a parenthesized -0 (#​23578) (Yunfei He)
  • d172a97 linter/unicorn/prefer-math-trunk: Skip fixer for LHS with side effects (#​23548) (camc314)
  • 1c3a9bd linter/unicorn/prefer-negative-index: Don't report Array#with (#​23518) (Yunfei He)
  • c17db5d linter/unicorn/prefer-spread: Don't report .slice() on non-array receivers (#​23520) (Yunfei He)
  • 9cd0c2f linter/unicorn/prefer-date-now: Keep BigInt wrapper when fixing BigInt(new Date()) (#​23523) (Yunfei He)
  • 16bb890 linter/unicorn/prefer-array-flat: Skip non-array flatMap receivers (#​23527) (Yunfei He)
  • 3e6f90f linter/unicorn/no-zero-fractions: Insert a space after any preceding keyword (#​23529) (Yunfei He)
  • 79a7d69 linter/eslint/no-useless-assignment: Handle exceptional control-flow paths (#​23544) (camc314)
  • e8e2741 linter/unicorn/prefer-math-min-max: Preserve operand source text in the fix (#​23533) (Yunfei He)
  • f592154 linter/react/display-name: Ignore lowercase jsx helpers (#​23510) (camc314)
  • df7612f linter/jsx-a11y/no-noninteractive-element-to-interactive-role: Allow custom roles config (#​23507) (camc314)
  • 924b931 linter/unicorn/prefer-at: Handle checking all indexes correctly (#​23504) (camc314)
  • ca9686b linter/unicorn/prefer-at: Report zero indexes (#​23503) (camc314)
  • e96a4e3 linter/unicorn/explicit-length-check: Ignore optional chains (#​23487) (camc314)
  • a303c23 linter/jsx-a11y: Align anchor-is-valid config with upstream (#​23446) (camc314)
  • f27a6d1 linter: False positives with non *.setTimeout call in no-confusing-set-timeout (#​23444) (camc314)
⚡ Performance
  • 8e0dd65 linter: Emit RuleEnum dispatch match once instead of per timing branch (#​23499) (Boshen)
  • d5c7d99 linter/expect-expect: Avoid recompiling matches on every traversal (#​23593) (camc314)
  • f191520 linter/no-useless-spread: Avoid collecting Vec before iterating (#​23546) (camc314)
  • 79340d1 linter: Stream React lifecycle ancestors (#​23545) (camc314)
  • 1923169 linter/eslint/max-classes: Gate rule by rule config threshold (#​23509) (camc314)
  • 3f60de3 linter: Use bucketed dispatch for all files (#​23452) (camc314)
  • 3699971 linter/typescript/no-unnecessary-parameter-property-assignment: Avoid temporary vec allocations (#​23492) (camc314)
  • 4ef0ceb linter/eslint/no-useless-switch-case: Avoid temporary vec allocations (#​23489) (camc314)
  • 2e09dd3 linter: Avoid JSX fragment child collections (#​23486) (camc314)
  • f30a64c linter/oxc/branches-sharing-code: Borrow shared branch suggestion text (#​23484) (camc314)
  • 097a317 linter/eslint/no-control-regex: Retain control regex candidates in place (#​23482) (camc314)
  • b3a093d linter: Reuse rule dispatch buckets (#​23450) (camc314)
  • 9f1a985 oxlint: Start Tokio only for LSP (#​23447) (camc314)
📚 Documentation
  • 9e219de linter/plugins: Update usage instruction (#​23495) (Tony)
  • b50bf4d linter: Remove manually written options doc for eslint/arrow-body-style (#​23490) (Mikhail Baev)
Oxfmt v0.56.0
🐛 Bug Fixes
  • f21ed2c formatter_json: Normalize CRLF for suppressed text (#​23702) (leaysgur)
  • 7cd1737 formatter: Normalize CRLF for suppressed text (#​23701) (leaysgur)
  • a36e444 formatter: Member chain panic when tail is merged with comment in dev build (#​23698) (leaysgur)
  • 600d306 formatter: Preserve parens with default export and type cast (#​23697) (leaysgur)
  • 61290f2 formatter: Single-member intersection/union type with comment formatting (#​21915) (Leonabcd123)
  • 5a1b0b4 formatter: Parenthesize a type assertion used as the base of ** (#​23633) (Jerry Zhao)
  • 91827e2 formatter: Use Ordering::reverse() with order: desc for idempotency (#​23543) (leaysgur)
  • 8fa7394 formatter_json: Handle wrapped error span (#​23472) (leaysgur)
  • 37a34a1 oxfmt/lsp: Avoid newlines line ending changes (#​23463) (Sysix)
⚡ Performance
  • 80f1697 formatter: Avoid arena copy for already-lowercase bigint literals (#​23534) (Yunfei He)
  • 1a40b71 formatter: Avoid arena copy for borrowed numeric-literal text (#​23512) (Yunfei He)
  • 12e4451 formatter: Avoid arena copy for borrowed string-literal text (#​23465) (Yunfei He)
palantir/palantir-java-format (palantir/palantir-java-format)

v2.94.0

Compare Source

🐛 Fixes
  • Fix Spotless targetExclude patterns being overridden (#​1690)

Full Changelog: 2.93.0...2.94.0

v2.93.0

Compare Source

No documented user-facing changes

Full Changelog: 2.92.0...2.93.0

v2.92.0

Compare Source

🐛 Fixes
  • Only run the formatter on trusted projects (#​1681)

Full Changelog: 2.91.0...2.92.0

pmd/pmd (pmd/pmd)

v7.25.0: PMD 7.25.0 (29-May-2026)

Compare Source

29-May-2026 - 7.25.0

The PMD team is pleased to announce PMD 7.25.0.

This is a minor release.

Table Of Contents
🚀️ New and noteworthy
Updated ANTLR library to 4.13.2

We have updated the ANTLR library (parser generator) from 4.9.3 to the latest version 4.13.2,
in order to be able to use the latest version of Apex parser library.

This is an incompatible update: In case you use custom language modules based on ANTLR, you
need to make sure to regenerate all of your lexers and parsers with the new ANTLR version.

For the ANTLR based language modules, that PMD ships (kotlin and swift and various CPD modules),
this is already done.

🌟️ New and Changed Rules
New Rules
  • The new Java rule JUnitJupiterTestNoPrivateModifier find JUnit test classes and
    methods that are private. Test classes, test methods, and lifecycle methods are not required to be public,
    but they must not be private. Otherwise, they won’t be found by the test framework.
  • The new Java rule UnnecessaryBlock reports blocks that are unnecessary as
    they don't introduce a new scope. This rule helps simplify code structure by identifying and flagging
    redundant blocks that can make code harder to read and may be misleading.
  • The new Java rule VariableDeclarationUsageDistance flags local variables that are declared
    far from their usage, which can make code harder to read. The rule has a property maxDistance that allows to
    configure the maximum allowed distance between declaration and usage.
  • The new Java rule AssertStatementInTest detects usages of assert statement in tests.
    These should be replaced by framework assertion methods such as assertEquals.
    Such methods provide better error messages and make test behave correctly when running without -ea.
Changed Rules
Renamed rules and properties
  • One rule and one property have been renamed to reflect the fact that they work for both JUnit 5 and 6:

The old names still work but are deprecated.

🐛️ Fixed Issues
  • core
    • #​4972: [core] Update ANTLR to 4.13.2
    • #​6308: [core] CPD Markdown format: Add syntax highlighting
  • doc
    • #​6708: [doc] Update minimal Java version for building PMD in documentation
  • java
    • #​1102: [java] Improve consistency of utility class detection across rules
    • #​5721: [java] StackOverflowError in 7.17.0 with nested wildcard generics
    • #​5746: [java] Separate test sources and resources
    • #​6688: [java] LocalVariableCouldBeFinalRule API changed
    • #​6704: [java] Rename rules and properties with JUnit5 in the name
  • java-bestpractices
    • #​3212: [java] Enhance UseStandardCharsets to flag some constructors of IO-related classes
    • #​3777: [java] New rule: AssertStatementInTest
    • #​5477: [java] JUnit5TestShouldBePackagePrivate is not applied when @​Test method is only present in parent class
    • #​6606: [java] UnusedPrivateField: False positive on JUnit Jupiter @​FieldSource
    • #​6681: [java] UnitTestShouldIncludeAssert: False positive with JUnitSoftAssertions Rule (JUnit 4)
    • #​6710: [java] UseStandardCharsets: False negative when using lowercase standard charset names
    • #​6719: [java] UseStandardCharsets: False negative with Java 22+ and UTF-32 charsets
  • java-codestyle
    • #​2801: [java] OnlyOneReturn should have a property to allow early exits (guard clauses)
    • #​4350: [java] ClassNamingConventions: testClassPattern not applied to class that inherits all its @​Test methods
    • #​6427: [java] UnnecessaryCast: False positive for long cast before bit-shift operations on int/byte
    • #​6602: [java] LocalVariableCouldBeFinal: False negative when multiple variables are declared at once
    • #​6622: [java] New rule: UnnecessaryBlock
    • #​6640: [java] New rule: VariableDeclarationUsageDistance
  • java-design
    • #​559: [java] UseUtilityClass: False negative for constant only classes
  • java-errorprone
    • #​3288: [java] New Rule: JUnit5TestNoPrivateModifier
    • #​4288: [java] Document that CallSuperFirst/CallSuperLast are Android specific
    • #​6163: [java] ConstructorCallsOverridableMethod: False positive when method is from enclosing class
    • #​6517: [java] UselessPureMethodCall: False negative for methods on IntStream/LongStream/DoubleStream
    • #​6652: [java] AvoidInstanceofChecksInCatchClause: false negative when pattern-matching instanceof
    • #​6712: [java] UnnecessaryBooleanAssertion: Use InvocationMatcher to find assertions
  • java-multithreading
    • #​6520: [java] DoNotUseThreads: False positive on legitimate java.lang.Thread.onSpinWait() call
    • #​6636: [java] OverridingThreadRun: Fix false negatives with other methods and anonymous classes
  • kotlin
    • #​6608: [kotlin] Lexer or parse errors are reported to stderr only without file context
    • #​6648: [kotlin] Multi-dollar interpolation parse error in annotations
    • #​6659: [kotlin] Parser hangs on complex files due to unbounded ATN prediction loop
    • #​6669: [kotlin] Add AST improvements, KotlinAstUtil
🚨️ API Changes
Deprecations
Experimental API
✨️ Merged pull requests

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented May 30, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined
Post-upgrade command 'uv run python scripts/fetch_checksums.py --force' has not been added to the allowed list in allowedCommands

@renovate renovate Bot force-pushed the renovate/binary-tool-pins branch 12 times, most recently from aa6a207 to 217299e Compare June 8, 2026 20:04
@renovate renovate Bot force-pushed the renovate/binary-tool-pins branch 10 times, most recently from d379a59 to e2f878e Compare June 16, 2026 11:53
@renovate renovate Bot force-pushed the renovate/binary-tool-pins branch 6 times, most recently from d39284d to 95ae272 Compare June 22, 2026 17:43
@renovate renovate Bot force-pushed the renovate/binary-tool-pins branch from 95ae272 to 90368b1 Compare June 23, 2026 15:14
@renovate renovate Bot force-pushed the renovate/binary-tool-pins branch from 90368b1 to 8a60828 Compare June 24, 2026 04:32
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants