Dependency Dashboard #304
Description
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.
Repository Problems
These problems occurred while renovating this repository. View logs.
⚠️ WARN: Invalid schedule: "0 9-21 * * 6" has cron syntax, but doesn't have * as minutes
Deprecations / Replacements
Warning
These dependencies are either deprecated or have replacements available:
| Datasource | Package | Replacement PR? |
|---|---|---|
| npm | standard-version |  |
Abandoned Dependencies
Note
Packages are marked as abandoned when they exceed the abandonmentThreshold since their last release. Unlike deprecated packages with official notices, abandonment is detected by release inactivity.
These dependencies have not received updates for an extended period and may be unmaintained:
View abandoned dependencies (5)
| Datasource | Package | Last Updated |
|---|---|---|
| npm | @stoplight/spectral-formats | 2024-11-13 |
| npm | @stoplight/spectral-parsers | 2024-11-13 |
| npm | adm-zip | 2024-08-30 |
| npm | path | 2015-09-13 |
| npm | standard-version | 2022-05-15 |
Rate-Limited
The following updates are currently rate-limited. To force their creation now, click on a checkbox below.
- build(deps): replace dependency standard-version with commit-and-tag-version 9.5.0
- build(deps): update dev dependencies (
@types/adm-zip,@types/node,jest) - build(deps): update dependency jsonpath-plus to v10.4.0
- build(deps): update github actions (
actions/setup-node,diggsweden/reusable-ci,node) - build(deps): update node.js to <=24.14.0
- 🔐 Create all rate-limited PRs at once 🔐
Open
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
- build(deps): update dependency fast-xml-parser to v5.5.7 [security]
- build(deps): update dependency @stoplight/spectral-core to v1.21.0
- build(deps): update actions/checkout action to v6
- build(deps): lock file maintenance
- Click on this checkbox to rebase all open PRs at once
Vulnerabilities
Important
6/6 CVEs have Renovate fixes.
npm
package.json
fast-xml-parser
- GHSA-37qj-frw5-hhjh (fixed in >= 5.3.4)
- GHSA-8gc5-j5rx-235r (fixed in >= 5.5.6)
- GHSA-fj3w-jwp8-x2g3 (fixed in >= 5.3.8)
- GHSA-jmr7-xgp7-cmfj (fixed in >= 5.3.6)
- GHSA-jp2q-39xq-3w4g (fixed in >= 5.5.7)
- GHSA-m7jm-9gc2-mpf2 (fixed in >= 5.3.5)
Detected Dependencies
github-actions (5)
.github/workflows/openssf-scorecard.yml (1)
diggsweden/reusable-ci v2.6.0@e1e1387d5b0399bb5edb00e40485746772344176→ [Updates:v2.6.1].github/workflows/pullrequest-workflow.yml (1)
diggsweden/reusable-ci v2.6.0@e1e1387d5b0399bb5edb00e40485746772344176→ [Updates:v2.6.1].github/workflows/release-dev-workflow.yml (1)
diggsweden/reusable-ci v2.6.0@e1e1387d5b0399bb5edb00e40485746772344176→ [Updates:v2.6.1].github/workflows/release-workflow.yml (1)
diggsweden/reusable-ci v2.6.0@e1e1387d5b0399bb5edb00e40485746772344176→ [Updates:v2.6.1].github/workflows/test.yml (3)
actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd→ [Updates:v6.0.2]actions/setup-node v6.2.0@6044e13b5dc448c55e2357c09f80417699197238→ [Updates:v6.3.0]node 24.13.0→ [Updates:24.14.0]
npm (1)
package.json (28)
@apidevtools/swagger-parser ^12.1.0@stoplight/spectral-core ^1.20.0→ [Updates:^1.20.0]@stoplight/spectral-functions ^1.7.2@stoplight/spectral-parsers ^1.0.5@stoplight/spectral-ruleset-bundler ^1.6.3@stoplight/spectral-rulesets ^1.22.0@types/express ^5.0.0adm-zip ^0.5.16body-parser ^2.0.0chalk ^5.3.0express ^5.0.0express-openapi-validator ^5.3.7fast-xml-parser ^5.0.0→ [Updates:^5.0.0]js-yaml ^4.1.0path ^0.12.7yargs ^18.0.0@stoplight/spectral-formats 1.8.2@types/adm-zip 0.5.7→ [Updates:0.5.8]@types/express 5.0.6@types/jest 30.0.0@types/node 24.11.0→ [Updates:24.12.0]jest 30.2.0→ [Updates:30.3.0]standard-version 9.5.0→ [Updates:9.5.0]ts-jest 29.4.6ts-node 10.9.2typescript 5.9.3node <=24.13.0→ [Updates:<=24.14.0]jsonpath-plus 10.3.0→ [Updates:10.4.0]
- Check this box to trigger a request for Renovate to run again on this repository