Skip to content

chore(deps): update all non-major dependencies#481

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#481
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence Type Update
@antfu/ni ^30.1.0^30.2.0 age confidence devDependencies minor
@types/node (source) ^25.9.3^25.9.5 age confidence devDependencies patch
eslint (source) ^10.5.0^10.6.0 age confidence devDependencies minor
eslint-plugin-n ^18.1.0^18.2.1 age confidence devDependencies minor
lint-staged ^17.0.7^17.0.8 age confidence devDependencies patch
node 24.15.024.18.0 age confidence uses-with minor
oxfmt (source) ^0.55.0^0.58.0 age confidence devDependencies minor
pnpm (source) 10.34.310.34.4 age confidence packageManager patch
semver ^7.8.4^7.8.5 age confidence devDependencies patch
typescript-eslint (source) ^8.61.1^8.63.0 age confidence devDependencies minor
zizmorcore/zizmor-action v0.5.6v0.5.7 age confidence action patch

Release Notes

antfu-collective/ni (@​antfu/ni)

v30.2.0

Compare Source

   🚀 Features
    View changes on GitHub
eslint/eslint (eslint)

v10.6.0

Compare Source

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#​20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#​20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#​20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#​21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#​21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#​21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#​21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#​21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#​21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#​21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#​20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#​20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#​20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#​20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#​20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#​20983) (lumir)

Chores

eslint-community/eslint-plugin-n (eslint-plugin-n)

v18.2.1

Compare Source

🩹 Fixes

v18.2.0

Compare Source

🌟 Features
lint-staged/lint-staged (lint-staged)

v17.0.8

Compare Source

Patch Changes
  • #​1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #​1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

actions/node-versions (node)

v24.18.0: 24.18.0

Compare Source

Node.js 24.18.0

v24.17.0: 24.17.0

Compare Source

Node.js 24.17.0

v24.16.0: 24.16.0

Compare Source

Node.js 24.16.0

oxc-project/oxc (oxfmt)

v0.58.0

Compare Source

v0.57.0

Compare Source

v0.56.0

Compare Source

pnpm/pnpm (pnpm)

v10.34.4: pnpm 10.34.4

Compare Source

Patch Changes
  • 352ae48: Security: validate config dependency names and versions before using them to build filesystem paths. A pnpm-workspace.yaml with a traversal-shaped configDependencies name (such as ../../PWNED) or version (such as ../../../PWNED) could previously cause pnpm install to create symlinks or write package files outside node_modules/.pnpm-config and the store. Names must now be valid npm package names and versions must be exact semver versions. See GHSA-qrv3-253h-g69c.

  • 352ae48: Reject path-traversal and reserved dependency aliases (such as ../../../escape, .bin, .pnpm, or node_modules) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted node_modules directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout.

    The nodeLinker: hoisted graph builder now validates each alias at the directory sink (safeJoinModulesDir), matching the validation pnpm already performs when resolving aliases from manifests. See GHSA-fr4h-3cph-29xv.

  • 352ae48: Prevent pnpm patch-remove from removing files outside the configured patches directory.

  • 217fbe0: Hardened the warning printed when a project .npmrc uses environment variables in registry/auth settings: the suggested pnpm config set command is now only included for keys made up of shell-inert characters. Because the key comes from a repository-controlled .npmrc and a shell expands $(...), backticks, and $VAR even inside double quotes, a crafted key could otherwise have turned the suggested copy-paste command into command execution.

Platinum Sponsors
Bit
Gold Sponsors
Sanity Discord Vite
SerpApi CodeRabbit Stackblitz
Workleap Nx
npm/node-semver (semver)

v7.8.5

Compare Source

Bug Fixes
typescript-eslint/typescript-eslint (typescript-eslint)

v8.63.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

Compare Source

🚀 Features
  • remove redundant package.json "files" (#​12444)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

zizmorcore/zizmor-action (zizmorcore/zizmor-action)

v0.5.7

Compare Source

1.26.1 is now available via the action
1.26.1 is now the default version of zizmor used by the action


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 1d2637c to 83f3fea Compare June 26, 2026 23:11
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 9bd55c5 to 704748b Compare July 2, 2026 02:31
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from b0b13a9 to a54fc5a Compare July 7, 2026 02:13
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from a54fc5a to 9fa4590 Compare July 8, 2026 10:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants