chore(deps): update all non-major dependencies #424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

ardatan merged 1 commit into master from renovate/all-minor-patch

Oct 6, 2025

Contributor

renovate bot commented Aug 15, 2025 •

edited

Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package	Change	Age	Confidence
@changesets/cli (source)	`2.29.5` -> `2.29.7`
@ianvs/prettier-plugin-sort-imports	`4.6.2` -> `4.7.0`
@types/node (source)	`22.17.1` -> `22.18.8`
@typescript-eslint/parser (source)	`8.39.1` -> `8.46.0`
cross-env	`10.0.0` -> `10.1.0`
eslint (source)	`9.33.0` -> `9.37.0`
fs-extra	`11.3.1` -> `11.3.2`
jest-resolve (source)	`30.0.5` -> `30.2.0`
p-limit	`7.0.0` -> `7.1.1`
pnpm (source)	`10.14.0` -> `10.18.1`
typescript (source)	`5.9.2` -> `5.9.3`
zod (source)	`4.0.17` -> `4.1.12`

Release Notes

changesets/changesets (@changesets/cli)

`v2.29.7`

Patch Changes

Updated dependencies [957f24e]:
- @changesets/apply-release-plan@7.0.13

`v2.29.6`

Patch Changes

#1712 a3563b0 Thanks @benmccann! - Switch to maintained fork of external-editor

ianvs/prettier-plugin-sort-imports (@ianvs/prettier-plugin-sort-imports)

`v4.7.0`

What's Changed

This project began as a fork because I wanted a plugin that would not move side-effect imports around and mess with my CSS cascade. So its first and most distinguishing feature is that side-effect imports do not move, and other imports are not sorted across them.

This works fine in most cases, but some people have side-effect imports that they know can be sorted safely. For those, there is now an "escape hatch" option named importOrderSafeSideEffects. It is an array of glob pattern strings (similar to importOrder) which, when they match against a side-effect import, allow that import to be sorted as if it were a standard import.

Suggestions for safe use:

Use ^ at the start of your pattern and $ at the end, to avoid accidentally matching part of an import name. For example, "^server-only$", to avoid matching against import "not-server-only".
Use extreme caution if matching against relative files or CSS files. If you decide to sort CSS imports and a file ever imports more than one CSS file, your cascade may change.
You can still use // prettier-ignore to stop sorting a particular import that would otherwise be sorted.

Feedback on this feature is welcome.

Features

Add importOrderSafeSideEffects option by @IanVS in IanVS#240

Internal

Clean up options & remove explicit function types by @IanVS in IanVS#239

Full Changelog: IanVS/prettier-plugin-sort-imports@v4.6.3...v4.7.0

`v4.6.3`

What's Changed

Revert "fix: conditionally register ember and oxc parsers when depend… by @IanVS in IanVS#237

Full Changelog: IanVS/prettier-plugin-sort-imports@4.6.2...v4.6.3

typescript-eslint/typescript-eslint (@typescript-eslint/parser)

`v8.46.0`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

`v8.45.0`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

`v8.44.1`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

`v8.44.0`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

`v8.43.0`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

`v8.42.0`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

`v8.41.0`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

`v8.40.0`

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

kentcdodds/cross-env (cross-env)

`v10.1.0`

Features

add support for default value syntax (152ae6a)

For example:

"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",

If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

eslint/eslint (eslint)

`v9.37.0`

`v9.36.0`

`v9.35.0`

`v9.34.0`

jprichardson/node-fs-extra (fs-extra)

`v11.3.2`

Fix spurrious UnhandledPromiseRejectionWarning that could occur when calling .copy() in some cases (#1056, #1058)

jestjs/jest (jest-resolve)

`v30.2.0`

Chore & Maintenance

[*] Update example repo for testing React Native projects (#15832)
[*] Update jest-watch-typeahead to v3 (#15830)

`v30.1.3`

Fixes

Fix unstable_mockModule with node: prefixed core modules.

`v30.1.0`

sindresorhus/p-limit (p-limit)

`v7.1.1`

Fix limitFunction type ccb80b2

`v7.1.0`

Add index parameter to map() method 2aeffd4

pnpm/pnpm (pnpm)

`v10.18.1`

Patch Changes

Don't print a warning, when --lockfile-only is used #8320.
pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #5700.
When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

`v10.18.0`

Minor Changes

Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

Related PR: #10025.

Patch Changes

Retry filesystem operations on EAGAIN errors #9959.
Outdated command respects minimumReleaseAge configuration #10030.
Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
Don't fail with a meaningless error when scriptShell is set to false #8748.
pnpm dlx should not fail when minimumReleaseAge is set #10037.

`v10.17.1`

Patch Changes

When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #9974.
Fix state.json creation path when executing pnpm patch in a workspace project #9733.
When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #9987.

`v10.17.0`

Minor Changes

The minimumReleaseAgeExclude setting now supports patterns. For instance:
```
minimumReleaseAge: 1440
minimumReleaseAgeExclude:
  - "@&#8203;eslint/*"
```
Related PR: #9984.

Patch Changes

Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #9978.
When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #9979.

`v10.16.1`

Patch Changes

The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #9963.
Forcibly disable ANSI color codes when generating patch diff #9914.

`v10.16.0`

Minor Changes

There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:
```
minimumReleaseAgeExclude:
  - webpack
```
Related issue: #9921.
Added support for finders #9946.

In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:
```
pnpm why minimist
```
prints the chain of dependencies to any installed instance of minimist:
```
verdaccio 5.20.1
├─┬ handlebars 4.7.7
│ └── minimist 1.2.8
└─┬ mv 2.1.1
  └─┬ mkdirp 0.5.6
    └── minimist 1.2.8
```
What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:
```
module.exports = {
  finders: {
    react17: (ctx) => {
      return ctx.readManifest().peerDependencies?.react === "^17.0.0";
    },
  },
};
```
Now we can use this finder function by running:
```
pnpm why --find-by=react17
```
pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.
```
@&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
└── graphql-tag 2.12.6
```
It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:
```
module.exports = {
  finders: {
    react17: (ctx) => {
      const manifest = ctx.readManifest();
      if (manifest.peerDependencies?.react === "^17.0.0") {
        return `license: ${manifest.license}`;
      }
      return false;
    },
  },
};
```
Every matched package will also print out the license from its package.json:
```
@&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
│   license: MIT
└── graphql-tag 2.12.6
    license: MIT
```

Patch Changes

Fix deprecation warning printed when executing pnpm with Node.js 24 #9529.
Throw an error if nodeVersion is not set to an exact semver version #9934.
pnpm publish should be able to publish a .tar.gz file #9927.
Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #9626.

`v10.15.1`

Patch Changes

Fix .pnp.cjs crash when importing subpath #9904.
When resolving peer dependencies, pnpm looks whether the peer dependency is present in the root workspace project's dependencies. This change makes it so that the peer dependency is correctly resolved even from aliased npm-hosted dependencies or other types of dependencies #9913.

`v10.15.0`

Minor Changes

Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #9793.
Automatically load pnpmfiles from config dependencies that are named @*/pnpm-plugin-* #9780.
pnpm config get now prints an INI string for an object value #9797.
pnpm config get now accepts property paths (e.g. pnpm config get catalog.react, pnpm config get .catalog.react, pnpm config get 'packageExtensions["@babel/parser"].peerDependencies["@babel/types"]'), and pnpm config set now accepts dot-leading or subscripted keys (e.g. pnpm config set .ignoreScripts true).
pnpm config get --json now prints a JSON serialization of config value, and pnpm config set --json now parses the input value as JSON.

Patch Changes

Semi-breaking. When automatically installing missing peer dependencies, prefer versions that are already present in the direct dependencies of the root workspace package #9835.
When executing the pnpm create command, must verify whether the node version is supported even if a cache already exists #9775.
When making requests for the non-abbreviated packument, add */* to the Accept header to avoid getting a 406 error on AWS CodeArtifact #9862.
The standalone exe version of pnpm works with glibc 2.26 again #9734.
Fix a regression in which pnpm dlx pkg --help doesn't pass --help to pkg #9823.

microsoft/TypeScript (typescript)

`v5.9.3`

colinhacks/zod (zod)

`v4.1.12`

`v4.1.11`

`v4.1.10`

`v4.1.9`

`v4.1.8`

Commits:

36c4ee3 Switch back to weakmap
a1726d5 4.1.8

`v4.1.7`

Commits:

0cca351 Fix variable name inconsistency in coercion documentation (#5188)
aa78c27 Add copy/edit buttons
76452d4 Update button txt
937f73c Fix tsconfig issue in bench
976b436 v4.1.6 (#5222)
4309c61 Fix cidrv6 validation - cidrv6 should reject invalid strings with multiple slashes (#5196)
ef95a73 feat(locales): Add Lithuanian (lt) locale (#5210)
3803f3f docs: update wrong contents in codeblocks in api.mdx (#5209)
8a47d5c docs: update coerce example in api.mdx (#5207)
e87db13 feat(locales): Add Georgian (ka) locale (#5203)
c54b123 docs: adds @traversable/zod and @traversable/zod-test to v4 ecosystem (#5194)
c27a294 Fix two tiny grammatical errors in the docs. (#5193)
23a2d66 docs: fix broken links in async refinements and transforms references (#5190)
845a230 fix(locales): Add type name translations to Spanish locale (#5187)
27f13d6 Improve regex precision and eliminate duplicates in regexes.ts (#5181)
a8a52b3 fix(v4): fix Khmer and Ukrainian locales (#5177)
887e37c Update slugs
e1f1948 fix(v4): ensure array defaults are shallow-cloned (#5173)
9f65038 docs(ecosystem): add DRZL; fix Prisma Zod Generator placement (#5215)
aa6f0f0 More fixes (#5223)
aab3356 4.1.7

`v4.1.6`

`v4.1.5`

Commits:

530415f Update docs
b7b081d Update z.function() type to support array input (#5170)
780cf57 4.1.5

`v4.1.4`

`v4.1.3`

Commits:

98ff675 Drop stringToBoolean
a410616 Fix typo
0cf4589 fix(v4): toJSONSchema - add missing oneOf inside items in tuple conversion (#5146)
8bf0c16 fix(v4): toJSONSchema tuple path handling for draft-7 with metadata IDs (#5152)
5c5fa90 fix(v4): toJSONSchema - wrong record output when targeting openapi-3.0 (#5141)
87b97cc docs(codecs): update example to use payloadSchema (#5150)
309f358 fix(v4): toJSONSchema - output numbers with exclusive range correctly when targeting openapi-3.0 (#5139)
1e71ca9 docs: fix refine fn to encode works properly (#5148)
a85ec3c fix(docs): correct example to use LooseDog instead of Dog (#5136)
3e98274 4.1.3

`v4.1.2`

Commits:

e45e61b Improve codec docs
25a4c37 fix(v4): toJSONSchema - wrong record tuple output when targeting openapi-3.0 (#5145)
0fa4f46 Use method form in codecs.mdx
940383d Update JSON codec and docs
3009fa8 4.1.2

`v4.1.1`

`v4.1.0`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the dependencies label

Contributor

github-actions bot commented Aug 15, 2025 •

edited

Loading

🚀 Snapshot Release (`alpha`)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
`bob-the-bundler`	`8.0.0-alpha-20251006173504-2799c7c05640187b1934cc813b43b7ef4d8135c9`	npm ↗︎ unpkg ↗︎

renovate bot force-pushed the renovate/all-minor-patch branch from fa493dd to 9067fd0 Compare

August 16, 2025 13:46

renovate bot changed the title ~~chore(deps): update dependency @types/node to v22.17.2~~ chore(deps): update all non-major dependencies

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 9d6a2b3 to a3ed077 Compare

August 19, 2025 19:31

renovate bot changed the title ~~chore(deps): update all non-major dependencies~~ fix(deps): update all non-major dependencies

renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from f9255c4 to ed34cf8 Compare

August 28, 2025 13:00

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from bb2f9de to bd2741a Compare

September 7, 2025 00:08

renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from d9c95ae to fc6ec4f Compare

September 13, 2025 19:44

renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 03e6871 to 029e4a2 Compare

September 20, 2025 17:48

renovate bot force-pushed the renovate/all-minor-patch branch from 029e4a2 to 027d037 Compare

September 22, 2025 18:49

renovate bot changed the title ~~fix(deps): update all non-major dependencies~~ chore(deps): update all non-major dependencies

renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 6bcb97c to 1bfa9e4 Compare

October 3, 2025 21:30

renovate bot force-pushed the renovate/all-minor-patch branch from 1bfa9e4 to 5724f94 Compare

October 6, 2025 15:03


          chore(deps): update all non-major dependencies

2799c7c

renovate bot force-pushed the renovate/all-minor-patch branch from 5724f94 to 2799c7c Compare

October 6, 2025 17:34

ardatan merged commit 2e786df into master

5 checks passed

ardatan deleted the renovate/all-minor-patch branch

October 6, 2025 21:11

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels