Update non-major dependencies #6
Conversation
|
The recent changes focus on updating dependencies, including GitHub Actions and various Node.js packages, which contribute to improved security and performance. The Node.js version used for the workflows has been bumped, ensuring better compatibility and features for the ongoing development. These updates aim to maintain the quality and reliability of the codebase during development and deployment processes. Walkthrough
Model: gpt-4o | Prompt Tokens: 4044 | Completion Tokens: 184 |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Check out this supportive analysis of your code, enhanced with AI guidance. It includes predictions that aren't absolute, so embrace what benefits you most. Ultimately, your choices drive the process—AI it's here to aid your development.
Model: gpt-4o | Prompt Tokens: 5451 | Completion Tokens: 563
| runs-on: [ubuntu-latest] | ||
| steps: | ||
| - uses: actions/github-script@v7 | ||
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 |
There was a problem hiding this comment.
Using specific commit hashes for actions provides more certainty over the version being used, avoiding unexpected changes due to updates. It's a good practice to update to the latest tagged version regularly which offers stability improvements and new features. Consider using the latest available tag if no specific functionality requires sticking to a particular commit hash.
| - name: Checkout source branch | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| ref: ${{ env.SOURCE_BRANCH }} | ||
| path: source-folder |
There was a problem hiding this comment.
Specifying a commit hash for actions checkout and setup-node ensures a specific version is used, reducing unexpected changes but requires regular updates. Consider reviewing and updating the hash periodically to leverage improvements and enhancements in actions. Moreover, ensure these updates are verified against your workflow requirements.
| - name: Checkout source branch | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - name: Setup Node | ||
| uses: actions/setup-node@v4 | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | ||
| with: | ||
| node-version: 18 | ||
| cache: npm |
There was a problem hiding this comment.
Similar to the build workflow, specifying commit hashes for actions can ensure consistency. However, regular updates to the specified hashes should be done to benefit from bug fixes and improvements. Test thoroughly after each update to ensure compatibility with existing workflows.
| "parse-diff": "0.11.1", | ||
| "zod": "3.25.74", | ||
| "zod": "3.25.75", | ||
| "zod-to-json-schema": "3.24.6" | ||
| }, | ||
| "devDependencies": { |
There was a problem hiding this comment.
Dependency updates appear to be minor versions, indicating backward-compatible changes. Ensure that any breaking changes are accounted for in your codebase. Regularly test your code against updated dependencies to catch any potential issues introduced by these updates.
| @@ -1 +1 @@ | |||
| 22.16.0 | |||
| 22.17.0 | |||
There was a problem hiding this comment.
Node.js version bump from 22.16.0 to 22.17.0 should be verified against existing code to ensure compatibility. Minor version updates might include performance improvements or bug fixes. Always check the Node.js release notes for any potentially impactful changes.
| "parse-diff": "0.11.1", | ||
| "zod": "3.25.67" | ||
| "zod": "3.25.75" | ||
| }, | ||
| "devDependencies": { | ||
| "@eslint/js": "9.29.0", | ||
| "@types/node": "22.15.32", | ||
| "@eslint/js": "9.30.1", | ||
| "@types/node": "22.16.0", | ||
| "@typescript-eslint/eslint-plugin": "7.18.0", | ||
| "@typescript-eslint/parser": "7.18.0", | ||
| "@vercel/ncc": "0.38.3", |
There was a problem hiding this comment.
Updating dependencies to their latest versions is a good practice to ensure you have the latest features and security updates. Test your application thoroughly after dependency updates to identify any incompatibilities or changes that might affect your application behavior.
renovate
bot
force-pushed
the
renovate/non-major-dependencies
branch
from
ca400c0 to
e930af5
Compare
|
This change primarily focuses on upgrading dependencies and updating GitHub workflow actions to use more specific commit hashes, aiming to improve stability and security. Key npm dependencies were updated to newer versions, improving compatibility and possibly fixing known issues. The update to explicit action commit hashes increases the reliability of the CI/CD process by preventing unintended changes due to updates in action versions. Walkthrough
Model: gpt-4o | Prompt Tokens: 4291 | Completion Tokens: 168 | Diff Range: ca400c0...e930af5 |
There was a problem hiding this comment.
I've provided a supportive analysis of your code with AI assistance. Remember, AI offers predictions, not absolute truths, so choose what suits your needs best. It's your expertise that takes the lead, while AI offers guidance in the background.
Model: gpt-4o | Prompt Tokens: 2122 | Completion Tokens: 423 | Diff Range: ca400c0...e930af5
| steps: | ||
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 | ||
| - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | ||
| with: | ||
| script: | | ||
| github.rest.git.deleteRef({ |
There was a problem hiding this comment.
There is a minor update in the version specification of the GitHub Action. The comment next to the action version should correspond to the actual tag you're using. Ensure the version numbers are always aligned. Consider automation to manage these updates.
| if: ${{ !startsWith(github.head_ref || github.ref_name, 'release/') }} | ||
| steps: | ||
| - name: Checkout source branch | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| ref: ${{ env.SOURCE_BRANCH }} | ||
| path: source-folder |
There was a problem hiding this comment.
When modifying version numbers for actions, ensure comments accurately reflect these versions to avoid confusion. This helps maintain consistency and transparency in the workflow configuration.
| - name: Setup Node (PR Summary) | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | ||
| with: | ||
| node-version-file: source-folder/pr-summary/.node-version | ||
| cache: npm |
There was a problem hiding this comment.
It appears npm prune --omit=dev is used. If this command is run automatically after the setup, consider running it explicitly as a separate step to ensure clarity and manageability in your workflow.
| path: [pr-summary, pr-review] | ||
| steps: | ||
| - name: Checkout source branch | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - name: Setup Node | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | ||
| with: | ||
| node-version: 18 |
There was a problem hiding this comment.
The paths pr-summary and pr-review should be relative to the repository's root, make sure they are correct as they affect the checkout operation. Validating paths ensures your workflow steps target the correct directories.
| path: [pr-summary, pr-review] | ||
| steps: | ||
| - name: Checkout source branch | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - name: Setup Node | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | ||
| with: | ||
| node-version: 18 | ||
| cache: npm |
There was a problem hiding this comment.
Just like other occurrences, make sure comments and versions remain aligned to simplify version tracking. Consistency in documentation helps in maintaining the workflow over time.
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
9.29.0->9.30.122.15.32->22.16.0v4->v4.2.2v7->v7.0.1v4->v4.4.05.5.0->5.5.13.0.3->3.0.422.16.0->22.17.03.6.0->3.6.23.25.67->3.25.753.25.74->3.25.75Release Notes
eslint/eslint (@eslint/js)
v9.30.1Compare Source
v9.30.0Compare Source
actions/checkout (actions/checkout)
v4.2.2Compare Source
url-helper.tsnow leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941isGhesby @jww3 in https://github.com/actions/checkout/pull/1946v4.2.1Compare Source
v4.2.0Compare Source
v4.1.7Compare Source
v4.1.6Compare Source
v4.1.5Compare Source
user.emailto be41898282+github-actions[bot]@​users.noreply.github.comby @cory-miller in https://github.com/actions/checkout/pull/1707v4.1.4Compare Source
extensions.worktreeConfigwhen disablingsparse-checkoutby @jww3 in https://github.com/actions/checkout/pull/1692v4.1.3Compare Source
sparse-checkoutby @jww3 in https://github.com/actions/checkout/pull/1656actions/checkoutversion inupdate-main-version.ymlby @jww3 in https://github.com/actions/checkout/pull/1650v4.1.2Compare Source
sparse-checkoutoption is not present @dscho in https://github.com/actions/checkout/pull/1598v4.1.1Compare Source
v4.1.0Compare Source
actions/github-script (actions/github-script)
v7.0.1Compare Source
What's Changed
baseUrlto undefined when input is not provided by @joshmgross in https://github.com/actions/github-script/pull/439Full Changelog: actions/github-script@v7.0.0...v7.0.1
actions/setup-node (actions/setup-node)
v4.4.0Compare Source
What's Changed
Bug fixes:
Enhancement:
Dependency update:
New Contributors
Full Changelog: actions/setup-node@v4...v4.4.0
v4.3.0Compare Source
What's Changed
Dependency updates
New Contributors
Full Changelog: actions/setup-node@v4...v4.3.0
v4.2.0Compare Source
What's Changed
@actions/cacheto^4.0.0by @priyagupta108 in https://github.com/actions/setup-node/pull/1191New Contributors
Full Changelog: actions/setup-node@v4...v4.2.0
v4.1.0Compare Source
What's Changed
isGheslogic by @jww3 in https://github.com/actions/setup-node/pull/1148This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
Note: This change may break previous cache keys as they will no longer be compatible with the new format.
New Contributors
Full Changelog: actions/setup-node@v4...v4.1.0
v4.0.4Compare Source
What's Changed
Documentation changes:
New Contributors
Full Changelog: actions/setup-node@v4...v4.0.4
v4.0.3Compare Source
What's Changed
Bug fixes:
Documentation changes:
Dependency updates:
New Contributors
Full Changelog: actions/setup-node@v4...v4.0.3
v4.0.2Compare Source
What's Changed
volta.extendsby @ThisIsManta in https://github.com/actions/setup-node/pull/921New Contributors
Full Changelog: actions/setup-node@v4.0.1...v4.0.2
v4.0.1Compare Source
What's Changed
package.jsontonode-version-filelist of examples. by @TWiStErRob in https://github.com/actions/setup-node/pull/879New Contributors
Full Changelog: actions/setup-node@v4...v4.0.1
prettier/eslint-plugin-prettier (eslint-plugin-prettier)
v5.5.1Compare Source
Patch Changes
bfd1e95Thanks @JounQin! - fix: useprettierRcOptionsdirectly for prettier 3.6+SonarSource/SonarJS (eslint-plugin-sonarjs)
v3.0.4Compare Source
nodejs/node (node)
v22.17.0: 2025-06-24, Version 22.17.0 'Jod' (LTS), @aduh95Compare Source
Notable Changes
Instantiating
node:httpclasses withoutnewConstructing classes like
IncomingMessageorServerResponsewithout thenewkeyword is now discouraged. This clarifies API expectations and aligns with standard
JavaScript behavior. It may warn or error in future versions.
Contributed by Yagiz Nizipli in #58518.
options.shell = ""innode:child_processUsing an empty string for
shellpreviously had undefined behavior. This changeencourages explicit choices (e.g.,
shell: trueor a shell path) and avoidsrelying on implementation quirks.
Contributed by Antoine du Hamel and Renegade334 #58564.
HTTP/2 priority signaling
The HTTP/2 prioritization API (e.g.,
stream.priority) is now deprecated due topoor real-world support. Applications should avoid using priority hints and expect future removal.
Contributed by Matteo Collina and Antoine du Hamel #58313.
✅ Features graduated to stable
assert.partialDeepStrictEqual()This method compares only a subset of properties in deep object comparisons,
useful for flexible test assertions. Its stabilization means it's now safe for
general use and won't change unexpectedly in future releases.
Contributed by Ruben Bridgewater in #57370.
Miscellaneous
dirent.parentPathfilehandle.readableWebStream()fs.glob()fs.openAsBlob()node:readline/promisesport.hasRef()readable.compose()readable.iterator()readable.readableAbortedreadable.readableDidReadDuplex.fromWeb()Duplex.toWeb()Readable.fromWeb()Readable.isDisturbed()Readable.toWeb()stream.isErrored()stream.isReadable()URL.createObjectURL()URL.revokeObjectURL()v8.setHeapSnapshotNearHeapLimit()Writable.fromWeb()Writable.toWeb()writable.writableAbortedERR_INPUT_TYPE_NOT_ALLOWEDERR_UNKNOWN_FILE_EXTENSIONERR_UNKNOWN_MODULE_FORMATERR_USE_AFTER_CLOSEContributed by James M Snell in
#57513 and
#58541.
Semver-minor features
🔧
fs.FileHandle.readableWebStreamgetsautoCloseoptionThis gives developers explicit control over whether the file descriptor should
be closed when the stream ends. Helps avoid subtle resource leaks.
Contributed by James M Snell in #58548.
🔧
fs.Dirnow supports explicit resource managementThis improves ergonomics around async iteration of directories. Developers can
now manually control when a directory is closed using
.close()or withSymbol.asyncDispose.Contributed by Antoine du Hamel in #58206.
📊
http2gains diagnostics channel:http2.server.stream.finishAdds observability support for when a stream finishes. Useful for logging,
monitoring, and debugging HTTP/2 behavior without patching internals.
Contributed by Darshan Sen in #58560.
🔐 Permissions: implicit allow-fs-read to entrypoint
Node.js permissions model now allows read access to the entry file by default.
It makes running permission-restricted apps smoother while preserving security.
Contributed by Rafael Gonzaga in #58579.
🎨
util.styleText()adds'none'styleThis lets developers remove styling cleanly without hacks. Useful for overriding
inherited terminal styles when composing styled strings.
Contributed by James M Snell in #58437.
🧑💻 Community updates
0105c13556] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584993b857735ef] - doc: add JonasBa to collaborators (Jonas Badalic) #58355fdf7612735] - doc: add puskin to collaborators (Giovanni Bucci) #58308Commits
ffe7e1ace0] - (SEMVER-MINOR) assert: mark partialDeepStrictEqual() as stable (Ruben Bridgewater) #57370269931f289] - async_hooks: ensure AsyncLocalStore instances work isolated (Gerhard Stöbich) #581499e0746a4ff] - benchmark: fix broken fs.cpSync benchmark (Dario Piotrowicz) #58472dee8cb5bcb] - benchmark: add more options to cp-sync (Sonny) #58278e840fd5b85] - benchmark: fix typo in method name for error-stack (Miguel Marcondes Filho) #58128b9a16e97e0] - buffer: give names toBuffer.prototype.*Write()functions (Livia Medeiros) #58258d56a5e40af] - buffer: use constexpr where possible (Yagiz Nizipli) #58141215587feca] - build: add support for OpenHarmony operating system (hqzing) #583509bcef6821c] - build: fix uvwasi pkgname (Antoine du Hamel) #582707c3883c2ae] - build: search for libnode.so in multiple places (Jan Staněk) #582133f954accb3] - build: fix pointer compression builds (Joyee Cheung) #5817104c8f59f84] - build: use FILE_OFFSET_BITS=64 esp. on 32-bit arch (RafaelGSS) #580908c2cf3a372] - build: use //third_party/simdutf by default in GN (Shelley Vohr) #58115cff8006792] - child_process: give names toChildProcessfunctions (Livia Medeiros) #583706816d779b6] - child_process: give names to promisifiedexec()andexecFile()(LiviaMedeiros) #579165572cecca4] - crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL (Shelley Vohr) #58387d6aa02889c] - deps: use proper C standard when building libuv (Yaksh Bariya) #58587375a6413d5] - deps: update simdjson to 3.12.3 (Node.js GitHub Bot) #57682e0cd138e52] - deps: update googletest toe9092b1(Node.js GitHub Bot) #5856531e592631f] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566386c24260b] - deps: update sqlite to 3.50.0 (Node.js GitHub Bot) #58272f84998d40b] - deps: update OpenSSL gen container to Ubuntu 22.04 (Michaël Zasso) #58432d49fd29859] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144e397980a1a] - deps: update libuv to 1.51.0 (Node.js GitHub Bot) #58124a28c33645c] - dns: fix dns query cache implementation (Ethan Arrowood) #584046939b0c624] - doc: fix the order ofprocess.mdsections (Allon Murienik) #584031ca253c363] - doc: add support link for panva (Filip Skokan) #585918319edbcf6] - doc: update metadata for _transformState deprecation (James M Snell) #58530697d258136] - doc: deprecate passing an empty string tooptions.shell(Antoine du Hamel) #58564132fc804e8] - doc: correct formatting of example definitions for--test-shard(Jacob Smith) #585717d0df646f6] - doc: clarify DEP0194 scope (Antoine du Hamel) #585041e6d7da0ce] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #583135a917bc1d0] - doc: explain child_process code and signal null values everywhere (Darshan Sen) #584790105c13556] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584992bdc87cd64] - doc: updategit node releaseexample (Antoine du Hamel) #5847528f9b43186] - doc: add missing options.info for ZstdOptions (Jimmy Leung) #58360e19496dfc1] - doc: add missing options.info for BrotliOptions (Jimmy Leung) #583597f905863db] - doc: clarify x509.checkIssued only checks metadata (Filip Skokan) #584575cc97df637] - doc: add links to parent class fornode:zlibclasses (Antoine du Hamel) #5843336e0d5539b] - doc: remove remaining uses of@@​wellknownsyntax (René) #584132f36f8e863] - doc: clarify behavior of --watch-path and --watch flags (Juan Ignacio Benito) #581363b857735ef] - doc: add JonasBa to collaborators (Jonas Badalic) #583559d5e969bb6] - doc: add latest security release steward (Rafael Gonzaga) #58339b22bb03167] - doc: fix CryptoKey.algorithm type and other interfaces in webcrypto.md (Filip Skokan) #58294670f31060b] - doc: mark the callback argument of crypto.generatePrime as mandatory (Allon Murienik) #5829939d9a61239] - doc: remove comma delimiter mention on permissions doc (Rafael Gonzaga) #58297573b0b7bfe] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291a5a686a3ae] - doc: update commit-queue documentation (Dario Piotrowicz) #58275fdf7612735] - doc: add puskin to collaborators (Giovanni Bucci) #58308be492a1708] - doc: update stability status for diagnostics_channel to experimental (Idan Goshen) #582617d00fc2206] - doc: clarify napi_get_value_string_* for bufsize 0 (Tobias Nießen) #58158c8500a2c4a] - doc: fix typo of filehttp.md,outgoingMessage.setTimeoutsection (yusheng chen) #5818834a9b856c3] - doc: update return types for eventNames method in EventEmitter (Yukihiro Hasegawa) #58083faedee59d2] - doc: fix typo in benchmark script path (Miguel Marcondes Filho) #58129570d8d3f10] - doc: clarify future Corepack removal in v25+ (Trivikram Kamat) #57825a71b9fc2ff] - doc: mark multiple APIs stable (James M Snell) #5751373a97d47f3] - doc,lib: update source map links to ECMA426 (Chengzhong Wu) #585978b41429499] - doc,src,test: fix typos (Noritaka Kobayashi) #584770cea14ec7f] - errors: show url of unsupported attributes in the error message (Aditi) #58303b9586bf898] - (SEMVER-MINOR) fs: add autoClose option to FileHandle readableWebStream (James M Snell) #5854872a1b061f3] - fs: unexpose internal constants (Chengzhong Wu) #583275c36510dec] - fs: add support forURLforfs.glob'scwdoption (Antoine du Hamel) #581823642b0d944] - fs: improve cpSync no-filter copyDir performance (Dario Piotrowicz) #5846124865bc7e8] - fs: improvecpSyncdest overriding performance (Dario Piotrowicz) #581601b3847694d] - (SEMVER-MINOR) fs: add toDirsupport for explicit resource management (Antoine du Hamel) #58206cff62e3265] - fs: ensuredir.read()does not throw synchronously (Antoine du Hamel) #58228cb39e4ca1f] - fs: glob is stable, so should not emit experimental warnings (Théo LUDWIG) #58236597bfefbe1] - http: deprecate instantiating classes without new (Yagiz Nizipli) #585185298da0102] - http: remove unused functions and add todos (Yagiz Nizipli) #58143cff440e0fa] - http,https: give names to anonymous or misnamed functions (Livia Medeiros) #5818043bf1f619a] - http2: add raw header array support to h2Session.request() (Tim Perry) #57917e8a0f5b063] - http2: add lenient flag for RFC-9113 (Carlos Fuentes) #5811649cb90d4a5] - (SEMVER-MINOR) http2: add diagnostics channel 'http2.server.stream.finish' (Darshan Sen) #585606a56c68728] - http2: add diagnostics channel 'http2.server.stream.error' (Darshan Sen) #5851259806b41d3] - http2: add diagnostics channel 'http2.server.stream.start' (Darshan Sen) #58449d3d662ae47] - http2: remove no longer userful options.selectPadding (Jimmy Leung) #58373dec6c9af8c] - http2: add diagnostics channel 'http2.server.stream.created' (Darshan Sen) #583909e98899986] - http2: add diagnostics channel 'http2.client.stream.close' (Darshan Sen) #5832986610389d8] - http2: add diagnostics channel 'http2.client.stream.finish' (Darshan Sen) #583172d3071671e] - http2: add diagnostics channel 'http2.client.stream.error' (Darshan Sen) #583066c3e426d6f] - http2: add diagnostics channel 'http2.client.stream.start' (Darshan Sen) #58292b99d131a61] - http2: add diagnostics channel 'http2.client.stream.created' (Darshan Sen) #58246b0644330f5] - http2: give name to promisifiedconnect()(LiviaMedeiros) #579164092d3611a] - inspector: add mimeType and charset support to Network.Response (Shima Ryuhei) #58192d7d8599f7c] - inspector: add protocol method Network.dataReceived (Chengzhong Wu) #58001aabafbc28f] - inspector: support for worker inspection in chrome devtools (Shima Ryuhei) #5675920d978de9a] - lib: make ERM functions into wrappers returning undefined (Livia Medeiros) #5840013567eac5f] - (SEMVER-MINOR) lib: graduate error codes that have been around for years (James M Snell) #58541342b5a0d7a] - lib: remove no-mixed-operators eslint rule (Ruben Bridgewater) #58375af7baef75a] - lib: fix sourcemaps with ts module mocking (Marco Ippolito) #581938f73f42d4e] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #585525dfedbeb86] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #5855153c50f66f5] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #58109a1a7024831] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #58550a379988ef6] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #58108f6a46c87f2] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #5845698b6aa0dcd] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #581125202b262e3] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #58110d97616ac6e] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #58106f4065074cf] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #58356e6d1224e54] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #5811126da160ab2] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #581074cc4195493] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #5806772fac71b92] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) [#56491](https://rediConfiguration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.