chore(deps): update all-minor-updates #6
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: lucasoskorep/mta-sign#6
Reference in New Issue
Block a user
Delete Branch "renovate/minor"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
25.1.0→25.3.519.2.10→19.2.145.1.2→5.1.410.4.24→10.4.271.13.4→1.13.610.0.0→10.0.328.0.0→28.1.025.5.0→25.8.010.28.2→10.31.08.5.6→8.5.8Release Notes
vitejs/vite-plugin-react (@vitejs/plugin-react)
v5.1.4Compare Source
Fix
canSkipBabelnot accounting forbabel.overrides(#1098)When configuring
babel.overrideswithout top-level plugins or presets, Babel was incorrectly skipped. ThecanSkipBabelfunction now checks foroverrides.lengthto ensure override configurations are processed.v5.1.3Compare Source
postcss/autoprefixer (autoprefixer)
v10.4.27Compare Source
package.json.v10.4.26Compare Source
v10.4.25Compare Source
axios/axios (axios)
v1.13.6Compare Source
This release focuses on platform compatibility, error handling improvements, and code quality maintenance.
⚠️ Important Changes
🚀 New Features
🐛 Bug Fixes
Environment Compatibility:
Error Handling:
🔧 Maintenance & Chores
🌟 New Contributors
We are thrilled to welcome our new contributors! Thank you for helping improve the project:
Full Changelog: v1.13.5...v1.13.6
v1.13.5Compare Source
Release 1.13.5
Highlights
__proto__key inmergeConfig. (PR #7369)AxiosErrorcould be missing thestatusfield on and after v1.13.3. (PR #7368)Changes
Security
__proto__key inmergeConfig. (PR #7369)Fixes
statusis present inAxiosErroron and after v1.13.3. (PR #7368)Features / Improvements
isAbsoluteURL. (PR #7326)Documentation
Bufferconstructor usage and README formatting. (PR #7371)CI / Maintenance
karma-sourcemap-loaderfrom 0.3.8 to 0.4.0. (PR #7360)New Contributors
Full Changelog: https://github.com/axios/axios/compare/v1.13.4...v1.13.5
eslint/eslint (eslint)
v10.0.3Compare Source
Bug Fixes
e511b58fix: update eslint (#20595) (renovate[bot])f4c9cf9fix: include variable name inno-useless-assignmentmessage (#20581) (sethamus)ee9ff31fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)Documentation
9fc31b0docs: Update README (GitHub Actions Bot)4efaa36docs: add info box foreslint-plugin-eslint-comments(#20570) (DesselBane)23b2759docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)80259a9docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)9b9b4badocs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)e7d72a7docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)Chores
ef8fb92chore: package.json update for eslint-config-eslint release (Jenkins)e8f2104chore: updates for v9.39.4 release (Jenkins)5cd1604refactor: simplify isCombiningCharacter helper (#20524) (Huáng Jùnliàng)70ff1d0chore: eslint-config-eslint require Node^20.19.0 || ^22.13.0 || >=24(#20586) (Milos Djermanovic)e32df71chore: update eslint-plugin-eslint-comments, remove legacy-peer-deps (#20576) (Milos Djermanovic)53ca6eechore: disableeslint-comments/no-unused-disablerule (#20578) (Milos Djermanovic)e121895ci: pin Node.js 25.6.1 (#20559) (Milos Djermanovic)efc5aefchore: updatetsconfig.jsonineslint-config-eslint(#20551) (Francesco Trotta)v10.0.2Compare Source
Bug Fixes
2b72361fix: updateajvto6.14.0to address security vulnerabilities (#20537) (루밀LuMir)Documentation
13eeedbdocs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)98cbf6bdocs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)61a2405docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)Chores
951223bchore: update dependency @eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])6aa1afechore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)v10.0.1Compare Source
Bug Fixes
c87d5bdfix: update eslint (#20531) (renovate[bot])d841001fix: updateminimatchto10.2.1to address security vulnerabilities (#20519) (루밀LuMir)04c2147fix: update error message for unused suppressions (#20496) (fnx)38b089cfix: update dependency @eslint/config-array to ^0.23.1 (#20484) (renovate[bot])Documentation
5b3dbcedocs: add AI acknowledgement section to templates (#20431) (루밀LuMir)6f23076docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)b69cfb3docs: Update README (GitHub Actions Bot)Chores
e5c281fchore: updates for v9.39.3 release (Jenkins)8c3832achore: update @typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)8330d23test: add tests for config-api (#20493) (Milos Djermanovic)37d6e91chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)da7cd0erefactor: cleanup error message templates (#20479) (Francesco Trotta)84fb885chore: package.json update for @eslint/js release (Jenkins)1f66734chore: addeslinttopeerDependenciesof@eslint/js(#20467) (Milos Djermanovic)jsdom/jsdom (jsdom)
v28.1.0Compare Source
blob.text(),blob.arrayBuffer(), andblob.bytes()methods.getComputedStyle()to account for CSS specificity when multiple rules apply. (asamuzaK)XMLHttpRequestperformance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.node.getRootNode(),node.isConnected, andevent.dispatchEvent()by caching the root node of document-connected trees.getComputedStyle()to correctly handle!importantpriority. (asamuzaK)document.getElementById()to return the first element in tree order when multiple elements share the same ID.<svg>elements to no longer incorrectly proxy event handlers to theWindow.FileReaderevent timing andfileReader.resultstate to more closely follow the spec.XMLHttpRequestencountered dispatch errors.fetch()has been used before importing jsdom, by working around undici v6/v7 incompatibilities.nodejs/node (node)
v25.8.0: 2026-03-03, Version 25.8.0 (Current), @richardlauCompare Source
Notable Changes
e55eddea2a] - build, doc: use new api doc tooling (flakey5) #573434c181e2277] - (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin) #6129846ee1eddd7] - (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS) #618699ddd1a9c27] - (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS) #618690d97ec4044] - (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan) #61394Commits
940b58c8c1] - buffer: optimize buffer.concat performance (Mert Can Altin) #617210589b0e5a1] - build: fix GN for new merve dep (Shelley Vohr) #61984f3d3968dcd] - Revert "build: add temporal test on GHA windows" (Antoine du Hamel) #61810e55eddea2a] - build, doc: use new api doc tooling (flakey5) #57343b7715292f8] - child_process: add tracing channel for spawn (Marco) #61836a32a598748] - crypto: fix missing nullptr check on RSA_new() (ndossche) #61888dc384f95b3] - crypto: fix handling of null BUF_MEM* in ToV8Value() (Nora Dossche) #618853337b095db] - crypto: fix potential null pointer dereference when BIO_meth_new() fails (Nora Dossche) #6178851ded81139] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #620358aa2fde931] - deps: update minimatch to 10.2.4 (Node.js GitHub Bot) #6201657dc092eaf] - deps: upgrade npm to 11.11.0 (npm team) #61994705bbd60a9] - deps: update simdjson to 4.3.1 (Node.js GitHub Bot) #619304d411d72e5] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #61928f53a32ab84] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #619259b483fbb27] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #618304e54c103cb] - doc: separate in-types and out-types in SQLite conversion docs (René) #62034ca78ebbeaa] - doc: fix small logic error in DETECT_MODULE_SYNTAX (René) #62025e6b131f3fe] - doc: fix module.stripTypeScriptTypes indentation (René) #619927508540e19] - doc: update DEP0040 (punycode) to application type deprecation (Mike McCready) #6191633a364cb62] - doc: explicitly mention Slack handle (Rafael Gonzaga) #6198646a61922bd] - doc: support toolchain Visual Studio 2022 & 2026 + Windows 11 SDK (Mike McCready) #61864dc12a257aa] - doc: rename invalidfunctionparameter (René) #61942dafdc0a5b8] - http: validate headers in writeEarlyHints (Richard Clarke) #618973c94b56fa6] - inspector: unwrap internal/debugger/inspect imports (René) #619748a24c17648] - lib: improve argument handling in Blob constructor (Ms2ger) #6198021d4baf256] - meta: bump github/codeql-action from 4.32.0 to 4.32.4 (dependabot[bot]) #6191159a726a8e3] - meta: bump step-security/harden-runner from 2.14.1 to 2.14.2 (dependabot[bot]) #619090072b7f991] - meta: bump actions/stale from 10.1.1 to 10.2.0 (dependabot[bot]) #61908999bf22f47] - repl: keep reference count forprocess.on('newListener')(Anna Henningsen) #618954c181e2277] - (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin) #61298aee2a18257] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #6194846ee1eddd7] - (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS) #618699ddd1a9c27] - (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS) #61869ea2df2a16f] - stream: fix pipeTo to defer writes per WHATWG spec (Matteo Collina) #61800aa0c7b09e0] - test: remove unnecessaryprocess.exitcalls from test files (Antoine du Hamel) #62020ad96a6578f] - test: skiptest-urlon--shared-adabuilds (Antoine du Hamel) #620197c72a31e4b] - test: skip strace test with shared openssl (Richard Lau) #61987604456c163] - test: avoid flaky debugger restart waits (Yuya Inoue) #617734890d6bd43] - test_runner: run afterEach on runtime skip (Igor Shevelenkov) #61525fce2930110] - test_runner: expose expectFailure message (sangwook) #615630d97ec4044] - (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan) #61394243e6b2009] - test_runner: replace native methods with primordials (Ayoub Mabrouk) #61219bf1ed7e647] - tls: forward keepAlive, keepAliveInitialDelay, noDelay to socket (Sergey Zelenov) #620040f15079d94] - tools: remove custom logic for skippingtest-strace-openat-openssl(Antoine du Hamel) #6203854a055a59d] - tools: bump minimatch from 3.1.2 to 3.1.3 in/tools/clang-format(dependabot[bot]) #61977a28744cb62] - tools: fix permissions for merve update script (Richard Lau) #6202331e7936354] - tools: revert tools GHA workflow to ubuntu-latest (Richard Lau) #620240a96a16e1f] - tools: bump minimatch from 3.1.2 to 3.1.3 in /tools/eslint (dependabot[bot]) #61976f279233412] - tools: roll back to x86 runner onscorecard.yml(Antoine du Hamel) #61944192c0382f4] - util: add fast path to stripVTControlCharacters (Hiroki Osame) #61833pnpm/pnpm (pnpm)
v10.31.0: pnpm 10.31Compare Source
Minor Changes
pnpm-workspace.yaml, comments, string formatting, and whitespace will be preserved.Patch Changes
Added
-Fas a short alias for the--filteroption in the help output.Handle undefined pkgSnapshot in
pnpm why -r#10700.Fix headless install not being used when a project has an injected self-referencing
file:dependency that resolves tolink:in the lockfile.Fixed a race condition when multiple worker threads import the same package to the global virtual store concurrently. The rename operation now tolerates
ENOTEMPTY/EEXISTerrors if another thread already completed the import.When
lockfile-include-tarball-urlis set tofalse, tarball URLs are now always excluded from the lockfile. Previously, tarball URLs could still appear for packages hosted under non-standard URLs, making the behavior flaky and inconsistent #6667.Fixed
optimisticRepeatInstallskipping install whenoverrides,packageExtensions,ignoredOptionalDependencies,patchedDependencies, orpeersSuffixMaxLengthchanged.Fixed
pnpm patch-commitfailing with "unable to access '/.config/git/attributes': Permission denied" error in environments where HOME is unset or non-standard (Docker containers, CI systems).The issue occurred because pnpm was setting
HOMEand the Windows user profile env var to empty strings to suppress user git configuration when runninggit diff. This caused git to resolve the home directory (~) as root (/), leading to permission errors when attempting to access/.config/git/attributes.Now uses
GIT_CONFIG_GLOBAL: os.devNullinstead, which is git's proper mechanism for bypassing user-level configuration without corrupting the home directory path resolution.Fixes #6537
Fix
pnpm why -r --parseablemissing dependents when multiple workspace packages share the same dependency #8100.Fix
link-workspace-packages=trueincorrectly linking workspace packages when the requested version doesn't match the workspace package's version. Previously, on fresh installs the version constraint is overridden to*in the fallback resolution paths, causing any workspace package with a matching name to be linked regardless of version #10173.Fixed
pnpm update --interactivetable breaking with long version strings (e.g., prerelease versions like7.0.0-dev.20251209.1) by dynamically calculating column widths instead of using hardcoded values #10316.Explicitly tell
npmthe path to the globalrcconfig file.The parameter set by the
--allow-buildflag is written toallowBuilds.Fix a bug in which specifying
filteronpnpm-workspace.yamlwould cause pnpm to not detect any projects.Print help message on running pnpm dlx without arguments and exit.
Platinum Sponsors
Gold Sponsors
v10.30.3: pnpm 10.30.3Compare Source
Patch Changes
packageManagerfield failing when pnpm is installed as a standalone executable in environments without a system Node.js #10687.Platinum Sponsors
Gold Sponsors
v10.30.2: pnpm 10.30.2Compare Source
Patch Changes
Platinum Sponsors
Gold Sponsors
v10.30.1: pnpm 10.30.1Compare Source
Patch Changes
/-/npm/v1/security/audits/quickendpoint as the primary audit endpoint, falling back to/-/npm/v1/security/auditswhen it fails #10649.Platinum Sponsors
Gold Sponsors
v10.30.0: pnpm 10.30Compare Source
Minor Changes
pnpm whynow shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.Patch Changes
pnpm whydependency pruning to prefer correctness over memory consumption. Reverted PR: #7122.pnpm whyandpnpm listperformance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #10596.Platinum Sponsors
Gold Sponsors
v10.29.3: pnpm 10.29.3Compare Source
Patch Changes
pnpm list(andpnpm why) on large dependency graphs by replacing the recursive tree builder with a two-phase approach: a BFS dependency graph followed by cached tree materialization. Duplicate subtrees are now deduplicated in the output, shown as "deduped (N deps hidden)" #10586.allowBuildsnot working when set via.pnpmfile.cjs#10516.enableGlobalVirtualStoreoption is set, thepnpm deploycommand would incorrectly create symlinks to the global virtual store. To keep the deploy directory self-contained,pnpm deploynow ignores this setting and always creates a localized virtual store within the deploy directory.minimumReleaseAgeExcludenot being respected bypnpm dlx#10338.Platinum Sponsors
Gold Sponsors
v10.29.2: pnpm 10.29.2Compare Source
Patch Changes
Reverted fix: Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #10497.
Platinum Sponsors
Gold Sponsors
v10.29.1: pnpm 10.29.1Compare Source
Minor Changes
pnpm dlx/pnpxcommand now supports thecatalog:protocol. Example:pnpm dlx shx@catalog:.auditLevelin thepnpm-workspace.yamlfile #10540.workspace:protocol without version specifier. It is now treated asworkspace:*and resolves to the concrete version during publish #10436.Patch Changes
Fixed
pnpm list --jsonreturning incorrect paths when using global virtual store #10187.Fix
pnpm store pathandpnpm store statususing workspace root for path resolution whenstoreDiris relative #10290.Fixed
pnpm run -rfailing with "No projects matched the filters" when an emptypnpm-workspace.yamlexists #10497.Fixed a bug where
catalogMode: strictwould write the literal string"catalog:"topnpm-workspace.yamlinstead of the resolved version specifier when re-adding an existing catalog dependency #10176.Fixed the documentation URL shown in
pnpm completion --helpto point to the correct page at https://pnpm.io/completion #10281.Skip local
file:protocol dependencies duringpnpm fetch. This fixes an issue wherepnpm fetchwould fail in Docker builds when local directory dependencies were not available #10460.Fixed
pnpm audit --jsonto respect the--audit-levelsetting for both exit code and output filtering #10540.update tar to version 7.5.7 to fix security issue
Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842
Fix
pnpm audit --fixreplacing reference overrides (e.g.$foo) with concrete versions #10325.Fix
shamefullyHoistset viaupdateConfigin.pnpmfile.cjsnot being converted topublicHoistPattern#10271.pnpm helpshould correctly report if the currently running pnpm CLI is bundled with Node.js #10561.Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for
node_modules/.bin, causing binaries to not be found when running commands likepnpm exec#10457.Platinum Sponsors
Gold Sponsors
postcss/postcss (postcss)
v8.5.8Compare Source
Processor#version.v8.5.7Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.
79f327834bto0ce6b26e7dchore(deps): update dependency @types/node to v25.2.0to chore(deps): update all-minor-updates0ce6b26e7dto6ff92a04576ff92a0457to613427893d613427893dto6296a1a59e6296a1a59eto1f7c2781811f7c278181to5f39a2fa6a5f39a2fa6ato3ae438e1853ae438e185to73ebc51e8e73ebc51e8etoe7efff6efbe7efff6efbto109251a7f3109251a7f3to673c9e3fea673c9e3featof0958df853f0958df853toda5a5b7f0eda5a5b7f0etoe7f7deacc0e7f7deacc0to0061e1548d0061e1548dto878c8a3c26878c8a3c26to8f458315448f45831544toaf8bf791f8af8bf791f8to1e315a107d1e315a107dto73b6b359a173b6b359a1to3535ce72e83535ce72e8to9add1bd5979add1bd597tof9f27e96c8f9f27e96c8to8505f5f0ae8505f5f0aeto02a7858c2f02a7858c2fto196992ad50196992ad50to6063f0e0736063f0e073to2c370741fb2c370741fbtofac847c9c5View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.