build: update all non-major dependencies

[angular-robot]

This PR contains the following updates:

Package	Type	Update	Change
@microsoft/api-extractor (source)	dependencies	patch	7.52.1 -> 7.52.2
@types/node (source)	dependencies	patch	22.13.13 -> 22.13.14
aspect_rules_js	http_archive	patch	v2.3.2 -> v2.3.3
esbuild	dependencies	patch	0.25.1 -> 0.25.2
firebase-tools	devDependencies	patch	14.0.0 -> 14.0.1
nock	devDependencies	patch	14.0.1 -> 14.0.2
renovate (source)	dependencies	minor	39.213.1 -> 39.226.0
yaml (source)	devDependencies	patch	2.7.0 -> 2.7.1
yaml (source)	dependencies	patch	2.7.0 -> 2.7.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

microsoft/rushstack (@​microsoft/api-extractor)

v7.52.2

Compare Source

Tue, 25 Mar 2025 15:11:15 GMT

Version update only

aspect-build/rules_js (aspect_rules_js)

v2.3.3

Compare Source

Many companies are successfully building with rules_js.
If you're getting value from the project, please let us know!
Just comment on our Adoption Discussion.

Using Bzlmod with Bazel 6:

Add to your MODULE.bazel file:

bazel_dep(name = "aspect_rules_js", version = "2.3.3")

####### Node.js version #########

### By default you get the node version from DEFAULT_NODE_VERSION in @​rules_nodejs//nodejs:repositories.bzl
### Optionally you can pin a different node version:
bazel_dep(name = "rules_nodejs", version = "6.3.0")
node = use_extension("@​rules_nodejs//nodejs:extensions.bzl", "node", dev_dependency = True)
node.toolchain(node_version = "16.14.2")

#################################

npm = use_extension("@​aspect_rules_js//npm:extensions.bzl", "npm", dev_dependency = True)

npm.npm_translate_lock(
    name = "npm",
    pnpm_lock = "//:pnpm-lock.yaml",
    verify_node_modules_ignored = "//:.bazelignore",
)

use_repo(npm, "npm")

pnpm = use_extension("@​aspect_rules_js//npm:extensions.bzl", "pnpm")

### Allows developers to use the matching pnpm version, for example:
### bazel run -- @​pnpm --dir /home/runner/work/rules_js/rules_js install
use_repo(pnpm, "pnpm")

Using WORKSPACE

Paste this snippet into your WORKSPACE file:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "aspect_rules_js",
    sha256 = "05576ae674015b112b7c40c165735386eb9917affe8013e310d5602a093f2382",
    strip_prefix = "rules_js-2.3.3",
    url = "https://github.com/aspect-build/rules_js/releases/download/v2.3.3/rules_js-v2.3.3.tar.gz",
)

load("@​aspect_rules_js//js:repositories.bzl", "rules_js_dependencies")

rules_js_dependencies()

load("@​aspect_rules_js//js:toolchains.bzl", "DEFAULT_NODE_VERSION", "rules_js_register_toolchains")

rules_js_register_toolchains(node_version = DEFAULT_NODE_VERSION)

load("@​aspect_rules_js//npm:repositories.bzl", "npm_translate_lock")

npm_translate_lock(
    name = "npm",
    npmrc = "//:.npmrc",
    pnpm_lock = "//:pnpm-lock.yaml",
    verify_node_modules_ignored = "//:.bazelignore",
)

load("@​npm//:repositories.bzl", "npm_repositories")

npm_repositories()

What's Changed

• Changes by create-pull-request action by @​github-actions in https://github.com/aspect-build/rules_js/pull/2113
• fix: quotes within js_image_layer regexes by @​jbedard in https://github.com/aspect-build/rules_js/pull/2145
• fix: js_image_layer files matching no layer by @​jbedard in https://github.com/aspect-build/rules_js/pull/2143

Full Changelog: aspect-build/rules_js@v2.3.2...v2.3.3

evanw/esbuild (esbuild)

v0.25.2

Compare Source

• Support flags in regular expressions for the API (#​4121)

  The JavaScript plugin API for esbuild takes JavaScript regular expression objects for the filter option. Internally these are translated into Go regular expressions. However, this translation previously ignored the flags property of the regular expression. With this release, esbuild will now translate JavaScript regular expression flags into Go regular expression flags. Specifically the JavaScript regular expression /\.[jt]sx?$/i is turned into the Go regular expression `(?i)\.[jt]sx?$` internally inside of esbuild's API. This should make it possible to use JavaScript regular expressions with the i flag. Note that JavaScript and Go don't support all of the same regular expression features, so this mapping is only approximate.

• Fix node-specific annotations for string literal export names (#​4100)

  When node instantiates a CommonJS module, it scans the AST to look for names to expose via ESM named exports. This is a heuristic that looks for certain patterns such as exports.NAME = ... or module.exports = { ... }. This behavior is used by esbuild to "annotate" CommonJS code that was converted from ESM with the original ESM export names. For example, when converting the file export let foo, bar from ESM to CommonJS, esbuild appends this to the end of the file:

  // Annotate the CommonJS export names for ESM import in node:
  0 && (module.exports = {
    bar,
    foo
  });

  However, this feature previously didn't work correctly for export names that are not valid identifiers, which can be constructed using string literal export names. The generated code contained a syntax error. That problem is fixed in this release:

  // Original code
  let foo
  export { foo as "foo!" }
  
  // Old output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
    "foo!"
  });
  
  // New output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
    "foo!": null
  });

• Basic support for index source maps (#​3439, #​4109)

  The source map specification has an optional mode called index source maps that makes it easier for tools to create an aggregate JavaScript file by concatenating many smaller JavaScript files with source maps, and then generate an aggregate source map by simply providing the original source maps along with some offset information. My understanding is that this is rarely used in practice. I'm only aware of two uses of it in the wild: ClojureScript and Turbopack.

  This release provides basic support for indexed source maps. However, the implementation has not been tested on a real app (just on very simple test input). If you are using index source maps in a real app, please try this out and report back if anything isn't working for you.

  Note that this is also not a complete implementation. For example, index source maps technically allows nesting source maps to an arbitrary depth, while esbuild's implementation in this release only supports a single level of nesting. It's unclear whether supporting more than one level of nesting is important or not given the lack of available test cases.

  This feature was contributed by @​clyfish.

firebase/firebase-tools (firebase-tools)

v14.0.1

Compare Source

• Fixed a bug where the Admin SDK would not automatically connect to the Data Connect emulator when run in the Functions emulator. (#​8379)
• Fix Cloud Functions deployment failure when service account is null. (#​8381)

nock/nock (nock)

v14.0.2

Compare Source

Bug Fixes

• back: request body unusable in update mode (#​2851) (eff7318)

renovatebot/renovate (renovate)

v39.226.0

Compare Source

Features

• deps: update ghcr.io/renovatebot/base-image docker tag to v9.52.0 (main) (#​35112) (8b94396)

v39.225.0

Compare Source

Features

• Fetch currentVersionTimestamp via datasource postprocess (#​35082) (9fe58e3)

v39.224.0

Compare Source

Features

• allow manager to set registryStrategy for a package (#​35080) (fb3f86f)

Bug Fixes

• pnpm install flags on non-workspace project (#​34720) (8ce2d49)

Documentation

• config options: capitalize abbreviation (#​35101) (19c1ea9)

Miscellaneous Chores

• deps: update dependency @​types/node to v22.13.13 (main) (#​35102) (6b1d77d)

v39.223.0

Compare Source

Features

• gitea: find prs from other authors (#​35065) (02a6dea)

v39.222.4

Compare Source

Bug Fixes

• host-rules: respect hostRules.enabled=false even when noAuth=true (#​35048) (7d46cf7)

Documentation

• add some information about docs site publishing (#​35049) (24a9559)

Miscellaneous Chores

• deps: update dependency @​types/diff to v7.0.2 (main) (#​35096) (1c5e42b)
• deps: update dependency @​types/node to v22.13.12 (main) (#​35095) (93920d0)
• deps: update dependency type-fest to v4.38.0 (main) (#​35098) (59f7ccd)

Code Refactoring

• move customEnvVariables to util folder (#​35097) (e0e53b9)

v39.222.3

Compare Source

Bug Fixes

• deps: update ghcr.io/renovatebot/base-image docker tag to v9.51.6 (main) (#​35092) (43d19cc)

v39.222.2

Compare Source

Bug Fixes

• deps: update ghcr.io/containerbase/sidecar docker tag to v13.8.9 (main) (#​35090) (0cc4b50)

Documentation

• update references to renovate/renovate (main) (#​35084) (b9bb0ee)

Miscellaneous Chores

• deps: lock file maintenance (main) (#​35085) (3d6d77f)
• deps: update containerbase/internal-tools action to v3.10.14 (main) (#​35086) (dc33bfa)
• deps: update dependency renovatebot/github-action to v41.0.18 (main) (#​35088) (e31458f)
• deps: update ghcr.io/containerbase/devcontainer docker tag to v13.8.9 (main) (#​35089) (019dc5b)

v39.222.1

Compare Source

Bug Fixes

• deps: update ghcr.io/renovatebot/base-image docker tag to v9.51.5 (main) (#​35083) (182acb6)

v39.222.0

Compare Source

Features

• maven: Unify fetching utilities (#​32999) (77fa0a0)

v39.221.0

Compare Source

Features

• maven: Increase cache TTL for successful postprocess checks (#​35069) (55cb6f7)

v39.220.7

Compare Source

Bug Fixes

• deps: update dependency mkdocs-material to v9.6.10 (main) (#​35075) (e83e428)

v39.220.6

Compare Source

Bug Fixes

• Explicitly disable memCache when caching is switched on/off (#​35060) (db8dda2)

v39.220.5

Compare Source

Bug Fixes

• kustomize: Fix artifact inflate option (#​35071) (730988c)

v39.220.4

Compare Source

Bug Fixes

• gerrit: memCache being used all the time (#​35056) (f2fffbf)

Documentation

• add a note how to fix minimum release age with GAR's maven (#​35025) (4ac9378)

v39.220.3

Compare Source

Bug Fixes

• flux: always detect deps in values of HelmRelease (#​35055) (d28c7e1)

Miscellaneous Chores

• deps: update dependency @​eslint/js to v9.23.0 (main) (#​35062) (17fc968)
• deps: update dependency eslint to v9.23.0 (main) (#​35063) (f65d2fb)

v39.220.2

Compare Source

Build System

• deps: update dependency @​renovatebot/osv-offline to v1.6.3 (main) (#​35058) (be598a7)

v39.220.1

Compare Source

Bug Fixes

• github-action: fix actions schema (#​35054) (89700e8)

v39.220.0

Compare Source

Features

• bitbucket-server: implement pr cache (#​34945) (a21a22f)

v39.219.3

Compare Source

Bug Fixes

• deps: update ghcr.io/renovatebot/base-image docker tag to v9.51.4 (main) (#​35051) (8c53e7d)

Miscellaneous Chores

• deps: update dependency @​types/node to v22.13.11 (main) (#​35050) (95a490c)

v39.219.2

Compare Source

Build System

• deps: update dependency @​baszalmstra/rattler to v0.2.1 (main) (#​35033) (847c9c6)

v39.219.1

Compare Source

Bug Fixes

• log disabled updates count (#​35024) (17d35fd)

v39.219.0

Compare Source

Features

• Add mjs options to prettier (#​33949) (de1ff6e)

Miscellaneous Chores

• deps: update dependency typescript-eslint to v8.27.0 (main) (#​35027) (fc22553)

v39.218.1

Compare Source

Bug Fixes

• nuget: Optimize NuGet dependency resolution (#​35018) (4b9bc1d)

v39.218.0

Compare Source

Features

• manager/kustomize: Support inflating helm charts (#​34277) (cc08c6e)

Documentation

• manager: mention other CI variables (#​35016) (242ef8d)

Miscellaneous Chores

• deps: update dependency pnpm to v10.6.5 (main) (#​35021) (c6620ea)

v39.217.0

Compare Source

Features

• mix: implement lockFileMaintenance (#​33326) (094da2f)

Miscellaneous Chores

• deps: update dependency eslint-import-resolver-typescript to v4.2.2 (main) (#​35014) (89d8193)

v39.216.1

Compare Source

Build System

• deps: update dependency nanoid to v3.3.11 (main) (#​35013) (a66d6b5)

v39.216.0

Compare Source

Features

• scalafmt: parse version when enclosed in quotes (#​35001) (e63820b)

v39.215.2

Compare Source

Miscellaneous Chores

• deps: update dependency vite to v6.2.3 [security] (main) (#​35007) (fd6b422)

Build System

• deps: update dependency @​opentelemetry/instrumentation-bunyan to v0.46.0 (main) (#​35008) (209f0a5)

v39.215.1

Compare Source

Bug Fixes

• CVSS4.0 vector parse exception - vulnerability severity fallback (#​35003) (2180cd3)

v39.215.0

Compare Source

Features

• devcontainer: extract known feature versions (#​34999) (8229c57)

Miscellaneous Chores

• deps: update dependency eslint-import-resolver-typescript to v4.2.1 (main) (#​35002) (bb08603)
• remove an unused dev library @​types/unist (#​34997) (ea15076)

v39.214.0

Compare Source

Features

• github-actions: extract versioned actions from composite actions (#​34993) (ed7d148)

Bug Fixes

• libyear: reduce log noise (#​34996) (ba2fc05)

v39.213.6

Compare Source

Bug Fixes

• exclude ghcr.io/devcontainers/features/node from node (#​34991) (3b8826d)

v39.213.5

Compare Source

Bug Fixes

• deps: update ghcr.io/renovatebot/base-image docker tag to v9.51.3 (main) (#​34989) (a3bec10)

Miscellaneous Chores

• deps: update dependency eslint-import-resolver-typescript to v4.2.0 (main) (#​34987) (926042b)

Code Refactoring

• use isHttpUrl where possible (#​34982) (c43be22)

v39.213.4

Compare Source

Miscellaneous Chores

• deps: update dependency @​types/global-agent to v3 (main) (#​34983) (108d6ec)
• deps: update dependency @​vitest/eslint-plugin to v1.1.38 (main) (#​34986) (afa50b0)
• deps: update dependency eslint-import-resolver-typescript to v4 (main) (#​34984) (d1c48f5)

Build System

• deps: update dependency better-sqlite3 to v11.9.1 (main) (#​34985) (a153718)

v39.213.3

Compare Source

Build System

• deps: update opentelemetry-js monorepo to v2 (main) (major) (#​34981) (74cc313)

v39.213.2

Compare Source

Bug Fixes

• deps: update ghcr.io/renovatebot/base-image docker tag to v9.51.2 (main) (#​34975) (dbf6df9)

Miscellaneous Chores

• deps: update dependency pnpm to v10.6.4 (main) (#​34973) (d625eb5)
• deps: update github/codeql-action action to v3.28.13 (main) (#​34974) (33d3be4)

eemeli/yaml (yaml)

v2.7.1

Compare Source

• Do not allow seq with single-line collection value on same line with map key (#​603)
• Improve warning & avoid TypeError on bad YAML 1.1 nodes (#​610)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[angular-robot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: bazel/pnpm-lock.yaml

integration/tests/package_mappings       |  WARN  The field "resolutions" was found in /tmp/renovate/repos/github/angular/dev-infra/bazel/integration/tests/package_mappings/package.json. This will not take effect. You should configure "resolutions" at the root of the workspace instead.
Scope: all 15 projects
undefined
/tmp/renovate/repos/github/angular/dev-infra/bazel/integration/tests/package_mappings:
 ERR_PNPM_INVALID_SELECTOR  Cannot parse the "**/fake_pkg" selector

[josephperrott]

LGTM

[josephperrott]

This PR was merged into the repository by commit a9c1c54.

The changes were merged into the following branches: main

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}