chore(deps): update dependency npm-check-updates to v19

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
npm-check-updates	^17.1.18 → ^19.0.0

---

Release Notes

raineorshine/npm-check-updates (npm-check-updates)

v19.3.1

Compare Source

What's Changed

• fix(catalog): use the right yarn config name by @​MKruschke in #​1586

Full Changelog: raineorshine/npm-check-updates@v19.3.0...v19.3.1

v19.3.0

Compare Source

What's Changed

• feat: support yarn catalogs by @​MKruschke in #​1582

Full Changelog: raineorshine/npm-check-updates@v19.2.1...v19.3.0

v19.2.1

Compare Source

Full Changelog: raineorshine/npm-check-updates@v19.2.0...v19.2.1

v19.2.0

Compare Source

What's Changed

• Add --format dep
• Add interactive mode keyboard controls to docs by @​jsoref in #​1577
• Spelling by @​jsoref in #​1578

New Contributors

• @​jsoref made their first contribution in #​1577

Full Changelog: raineorshine/npm-check-updates@v19.1.2...v19.2.0

v19.1.2

Compare Source

What's Changed

• fix: support singular 'catalog' field in pnpm-workspace.yaml by @​afonsojramos in #​1572

New Contributors

• @​afonsojramos made their first contribution in #​1572

Full Changelog: raineorshine/npm-check-updates@v19.1.1...v19.1.2

v19.1.1

Compare Source

What's Changed

• fix(cooldown): handle CooldownFunction in config file by @​SebastianSedzik in #​1565

Full Changelog: raineorshine/npm-check-updates@v19.1.0...v19.1.1

v19.1.0

Compare Source

What's Changed

• feat(cooldown): support for cooldown predicate function by @​SebastianSedzik in #​1563

Full Changelog: raineorshine/npm-check-updates@v19.0.0...v19.1.0

v19.0.0

Compare Source

Breaking

• node >= 20 required
• --workspaces (plural) short option -ws changed to -w
  • Better compatibility with commander v13
  • Short option should always be a single character for consistency
  • Replaces the short option for --workspace (singular)
  • --workspace (singular) no longer has a short option.

v18.3.1

Compare Source

v18.3.0

Compare Source

v18.2.1

Compare Source

v18.2.0

Compare Source

Thanks to community members for raising awareness and to @​SebastianSedzik for the implementation.

See: #​1547

Feature: --cooldown

Usage:

ncu --cooldown [n]
ncu -c [n]

The cooldown option helps protect against supply chain attacks by requiring package versions to be published at least the given number of days before considering them for upgrade.

Note that previous stable versions will not be suggested. The package will be completely ignored if its latest published version is within the cooldown period. This is due to a limitation of the npm registry, which does not provide a way to query previous stable versions.

Example:

Let's examine how cooldown works with a package that has these versions available:

1.0.0          Released 7 days ago    (initial version)
1.1.0          Released 6 days ago    (minor update)
1.1.1          Released 5 days ago    (patch update)
1.2.0          Released 5 days ago    (minor update)
2.0.0-beta.1   Released 5 days ago    (beta release)
1.2.1          Released 4 days ago    (patch update)
1.3.0          Released 4 days ago    (minor update) [latest]
2.0.0-beta.2   Released 3 days ago    (beta release)
2.0.0-beta.3   Released 2 days ago    (beta release) [beta]

With default target (latest):

$ ncu --cooldown 5

No update will be suggested because:

• Latest version (1.3.0) is only 4 days old.
• Cooldown requires versions to be at least 5 days old
• Use --cooldown 4 or lower to allow this update

With @beta/@tag target:

$ ncu --cooldown 3 --target @​beta

No update will be suggested because:

• Current beta (2.0.0-beta.3) is only 2 days old
• Cooldown requires versions to be at least 3 days old
• Use --cooldown 2 or lower to allow this update

With other targets:

$ ncu --cooldown 5 --target greatest|newest|minor|patch|semver

Each target will select the best version that is at least 5 days old:

greatest → 1.2.0        (highest version number outside cooldown)
newest   → 2.0.0-beta.1 (most recently published version outside cooldown)
minor    → 1.2.0        (highest minor version outside cooldown)
patch    → 1.1.1        (highest patch version outside cooldown)

Note for latest/tag targets:

⚠️ For packages that update frequently (e.g. daily releases), using a long cooldown period (7+ days) with the default --target latest or --target @​tag may prevent all updates since new versions will be published before older ones meet the cooldown requirement. Please consider this when setting your cooldown period.

v18.1.1

Compare Source

v18.1.0

Compare Source

v18.0.3

Compare Source

v18.0.2

Compare Source

v18.0.1

Compare Source

v18.0.0

Compare Source

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

• yarn dlx ncu -g --packageManager yarn → yarn dlx ncu -g
• pnpm dlx ncu --global --packageManager pnpm → pnpm dlx ncu -g
• bunx ncu -g--packageManager pnpm → bunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

• ncu -g → ncu -g--packageManager npm

Thanks to @​LuisFerLCC for the improvement (#​1514).

raineorshine/npm-check-updates@v17.1.18...v18.0.0

---

Configuration

📅 Schedule: Branch creation - "before 12pm on Sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.