chore(deps): update dependency dependency-cruiser to v17

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
dependency-cruiser	16.10.4 → 17.3.8

---

Release Notes

sverweij/dependency-cruiser (dependency-cruiser)

v17.3.8

Compare Source

🐛 fixes

• 273581d fix(extract/transpile): retains svelte(5+) dependencies used exclusively outside <script> sections (#​1046) - thanks @​Dan503 for raising the issue and verifying the fix!

👷 maintenance

• f86b5fa build(npm): updates external dependencies
• 48bcdda doc(cli.md): correct a typo

v17.3.7

Compare Source

🐛 fixes

• a0955cd fix(analyze): also analyzes dependents when --reaches or --focus are the only reason to do so - thanks @​drewcpage for raising the issue that led to this fix!

👷 maintenance

• 1289ed6 build(npm): updates external dependencies
• d993ebd refactor(config-utl): de-anonymize the one remaining anonymous function export
• 817b870 refactor: renames code in the analysis step to 'analyze'

🧹 chores

• 67d16af chore: adds an override to prevent a transitive dependency from emitting annoying messages while our tests are running
• 4af0055 chore(npm): updates external devDependencies
• e166a58 chore(ci): moves workflow permissions to individual jobs
• c6e7a85 chore(codeql): excludes generated validation code from scrutiny

v17.3.6

Compare Source

🐛 fixes

• cd6fe3a fix(report/dot): makes the dot 'flat' reporter respect collapse patterns

🧑‍🏭 refactoring

• d58c78a/ e884b1e/ 58c01d1/ refactor: replace memoize with internal Maps (#​1040)
• 464388c refactor(cache): uses more appropriate Set for remembering which cache contexts were initialized
• a4a7a80 refactor(report/teamcity): passes the flowId instead of memoizing it

📖 documentation

• 9ca0ab0 doc: various updates to type annotations
• f3648f6 doc(cli): refreshes the documentation of the configuration scaffolding template
• 1b12e61 doc(cli): documents the 'ndjson' logging/ progress format
• cd52da9 doc(cli): updates progress performance-log sample
• 54becb3 doc(report/teamcity): uses same filename pattern for typedefs as used elsewhere in the src tree

👷 maintenance

• 64d42f9 chore(npm): updates external devDependencies
• a3a41f1 chore: tweaks dependency-cruiser configuration
• f924f5c chore(LICENSE): 2026
• 0a82fc3 chore(main): logs the 'report from cache' step as part of the 'report' step
• 6098114 chore(ci): uses content based cache strategy as it's faster for our self-scan
• f9b8565 chore(ci): updates known violations
• 120cc75 chore(progress): adds runId and user & system totals to the ndjson listener output

v17.3.5

Compare Source

👷 maintenance

• 2c72a14 perf(enrich/orphan): optimizes the data structure it exercises upon (#​1037)
• c80252e perf(enrich/derive/metrics): only create indexed graph once (#​1036)
• 1dab573 perf(enrich/derive): uses better datastructure for deriving dependents (#​1035)
• 11a608a refactor(enrich/derive/circular): moves creation of indexed module graph into deriveCycles (#​1034)

🧹 chores

• 6ddfe15 chore(progress): cleans up steps & performance log (#​1038)
• b8358fc doc(cache): adds missing type annotation
• 3d20f90 chore(npm): updates external devDependencies

v17.3.4

Compare Source

🐛 fixes

• 2415f0c fix(extract): ensures we work again when typescript isn't installed (#​1033)

👷 maintenance

• d75e4d3 fix: small consistency & performance improvements
• 66b25b6 chore(depsDev): bump actions/cache from 4 to 5 in the all-the-things group (#​1032)

v17.3.3

Compare Source

🚀 refactorings to make dependency-cruiser run a little more efficient

• 749e6ca/ 8589066 perf(main|schema|tools): pre-compiles json schemas at build time - removes ajv as a runtime dependency (#​1029)
  relevant for everyone; the validation step now takes 10x less time and we could drop ajv as a runtime dependency, which makes for a faster install as well as a reduction in dependency management.
• be41175/ 9ea6405 perf(derive/reachable): simplifies & cleans up the algorithm (#​1030/ #​1031)
  I have the feeling I'm not done there yet, but this already makes the algo run 1.3 - 1.5x faster, so if something with reachables in your rule set you might notice an improvement.
• 9ea6405 (#​1031) also caches regex compilations throughout dependency-cruiser making the validation 1.5x - 2.5x faster (it already didn't take that much time, but every 10ms counts).
• c558d42 perf(extract/typescript): adds various performance optimizations (#​1026)
  relevant if you use dependency-cruiser on typescript sources; should make running it a bit faster
• 2bab7b4 refactor(extract|graph-utl): replaces fixed arrays with sets (#​1027)
• 3dbdc5c refactor(extract|graph-utl): replaces two leftover forEach'es with for .. of loops
  Both theoretically more efficient on processor & memory - couldn't measure improvements on my 'practice' repos, though. The resulting code is more readable though, so kept it in nonetheless.

👷 maintenance

• 6293a6d build(npm): updates external dependencies
• d7f0824 refactor(main/options): uses more correct .test a.o.t. .match for checking collapse pattern
• 7fa5523 refactor(report/anon): simplifies wordlist sanitization function
• da7de5d chore(rule-set): adds logging statements to sub steps of the rule set validation

🧹 chores

• e875b88 chore: uses tabs in stead of spaces in distributed npm package
• 1a9f2f9 chore: fixes some lint issues
• 34ca1a1 chore(ci): run on node 20 & 25 instead of on node 20 & 24
• edc4a7d chore(npm): updates external devDependencies
• cf87e05 doc: revises comments

v17.3.2

Compare Source

🏭 refactoring

• 5f296fd perf(enrich/derive/reachable): shallow copies modules in stead of cloning them
• 12e9955 refactor(enrich/derive/reachable): replaces reduce with easier-to-understand for loop
• 55538ec refactor(derive): consolidates dependents derivation modules
• 7896965 perf(graph-utl): skips unnecessary function call for module lookups
• 5422cc6 perf(extract): refactors initial file gathering to be slightly more efficient
• 6394a4c perf(utl): improves performance of filesystem walker

📖 documentation

• 2270240 doc(cache/content strategy): corrects type annotation of the diff function

🧹 chores

• 205913a chore(npm): updates external devDependencies
• 4ff8dd9 chore(devDependencies): replaces npm-run-all by npm-run-all2
• 4d3f36c ci(deps): bump actions/checkout from 5 to 6 in the all-the-things group (#​1025)
• 03683e2 chore: regenerates package-lock

v17.3.1

Compare Source

👷 maintenance

• 7ae2476/ bb4c6e9 perf: algorithm updates (#​1022)
• 211faaf/ 6b0cf13 build(npm): updates external dependencies

v17.2.0

Compare Source

✨ features

• d316b17 feat: adds 'ancestor' matcher (#​961)

🐛 fixes

• 01ddcc1 perf(graph-utl): improves the algorithm to detect cycles (#​1019)
• 9f51aca perf(utl): improves performance of uniqBy and uniqWith functions from O(n^2) to O(n)
• 2049cfb fix: call ITranspilerWrapper.isAvailable() correctly in svelte pre process (#​1020) - thanks to @​sushichan044 for spotting the issue and creating a PR for it!

👷 maintenance

• d167549 chore: updates test coverage to the current (higher) one
• f6c7ef5/ e11d48d build(npm): updates external dependencies
• 7925f4d ci(deps): bump actions/setup-node from 5 to 6 in the all-the-things group (#​1018)
  (#​1017)

v17.1.0

Compare Source

✨ Features

• edc9239 feat: add bun module support (#​1014)
  (bun modules were already supported; this PR, however, makes it a lot easier to work with them)
• c64d161 feat: add suffix option for clickable links (#​1016)

Thanks to @​1000i100 for both these features!

🧹 Maintenance

• 0343751 ci(deps): bump github/codeql-action from 3 to 4 in the all-the-things group (#​1015)
• c9592b0 doc(manifest): adds Millicent Billette to the list of contributors
• 685d524 doc: removes references to codeclimate

v17.0.2

Compare Source

🐛 fixes

• c0ee08d fix(resolve-options): passes the correct resolve options to the tsconfig paths plugin (#​1011)

🧹 chores

• caf4e4e chore(ci): merges 'prerelease' and 'release' workflows into one
• 8abb49e/ 09ceb49/ ee746bd build: updates external dependencies
• f6d7c47/ chore(ci): include major updates in github actions dependabot config

This is also the first 'regular' release published with npmjs oidc trusted publishing - which a.o. means you'll see on dependency-cruiser on npmjs' list page with GitHub Actions as publisher, along with an oidc logo, in stead of my handle:

v17.0.1

Compare Source

🐛 fixes

• 2f31ab0 fix(types): enable IDE autocompletion for OutputType candidates (#​1005) (thanks @​sushichan044 for the pull request!)
• 4dbfa19 chore(types): removes now unused lint warning + associated comment

📖 documentation

• 7f3e5fc doc(cli): adds more references to the options, corrects typos

👷 maintenance

• d339300 refactor(report): replaces teamcity-service-messages with local functions (#​1008)
• 990d139 chore(npm): updates external devDependencies

v17.0.0

Compare Source

🚨 breaking

• a20a11c chore!: drops support for node 18, 21 and 23 BREAKING (#​1004)

... so still supported are node ^20(.12), ^22 and >=24 and this will remain so at least as long as node.js supports hem.

We try to prevent breaking changes - and have been able to for ~a year and 7 months. However, dropping node versions is inevitable as dependencies we use did this as well, and we want to keep up to date for obvious reasons. We also believe that most of dependency-cruiser's users have migrated away from node 18 (21, 23) a long time ago, given the release dates of their successors (april 2023, 2024 and 2025 respectively) - so the impact should be minimal.

Reference: https://nodejs.org/en/about/previous-releases

🧑‍🏭 maintenance

• 684e123 refactor!: replaces picocolors with native node:util/styleText (#​1002)

♻️ life cycle management

• a2cfc91/ 3f258c1 build(npm): updates external dependencies

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.