chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@commitlint/cli (source)	^19.7.1 → ^19.8.1			devDependencies	minor
@commitlint/config-conventional (source)	^19.7.1 → ^19.8.1			devDependencies	minor
@napi-rs/canvas	0.1.67 → 0.1.92			devDependencies	patch
@sapphire/eslint-config (source)	^5.0.5 → ^5.0.6			devDependencies	patch
@sapphire/ts-config (source)	5.0.1 → 5.0.3			devDependencies	patch
eslint-config-prettier	^9.1.0 → ^9.1.2			devDependencies	patch
eslint-plugin-prettier	^5.2.3 → ^5.5.5			devDependencies	minor
lint-staged	^15.4.3 → ^15.5.2			devDependencies	minor
node (source)	22.14.0 → 22.22.0			volta	minor
prettier (source)	^3.5.2 → ^3.8.1			devDependencies	minor
terser (source)	^5.39.0 → ^5.46.0			devDependencies	minor
tsup (source)	^8.4.0 → ^8.5.1			devDependencies	minor
yarn (source)	4.7.0 → 4.12.0			packageManager	minor

---

Release Notes

conventional-changelog/commitlint (@​commitlint/cli)

v19.8.1

Compare Source

Bug Fixes

• update dependency tinyexec to v1 (#​4332) (e49449f)

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/cli

19.6.1 (2024-12-15)

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.8.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/config-conventional

Brooooooklyn/canvas (@​napi-rs/canvas)

v0.1.92

Compare Source

Bug Fixes

• putImageData bypassed deferred rendering PageRecorder (#​1206) (ae938a3)

Features

• add node-canvas compatibility layer (@napi-rs/canvas/node-canvas) (#​1203) (2ab43b6)

v0.1.91

Compare Source

Bug Fixes

• clip with nested transforms intersects in device space (#​1202) (7e87f9e)
• plug native memory leaks in SVG canvas, bitmap shader, and stream allocations (#​1201) (60a34e8)

v0.1.90

Compare Source

Bug Fixes

• add Drop impl for SkPictureRecorder to prevent memory leak (#​1199) (dd4f96c)
• copy font data in GlobalFonts.register to prevent buffer invalidation (#​1194) (fa5b40a)
• prevent memory leaks in encode_stream callback and SkPixmap (#​1200) (c21e2ea)

Features

• support http url in image src (#​1197) (8c65ffe)

v0.1.89

Compare Source

Bug Fixes

• napi feature (#​1191) (eb260b2)

Features

• implement deferred rendering with incremental layer caching (#​1193) (4643bfe)

v0.1.88

Compare Source

Bug Fixes

• should throw TypeError if drawImage param mismatched (#​1190) (386ac90)

v0.1.87

Compare Source

Bug Fixes

• image: make Buffer load synchronous and add decode() method (#​1186) (d418593)
• make Image class HTML spec compliant for jsdom integration (#​1184) (a6d3993)

Features

• add ctx.lang property for language-specific text rendering (#​1187) (5dfbfb6)
• add textRendering property for text rendering hints (#​1189) (6707c48)
• ignore Letter Spacing in Cursive Scripts (#​1185) (2fa4b40)

v0.1.86

Compare Source

Bug Fixes

• RTL text fillText(maxWidth) x positioning calculation error (#​1179) (4db0dac)

Features

• chrome m144 (#​1182) (dfb65a3)

v0.1.85

Compare Source

Bug Fixes

• initial black color string should be [#​000000](https://redirect.github.com/Brooooooklyn/canvas/issues/000000) rather than [#​000](https://redirect.github.com/Brooooooklyn/canvas/issues/000) (#​1174) (c45020a)

Features

• add fontVariantCaps (#​1161) (d21c146)
• basic support for direction (#​1175) (5c04020)
• support Lottie API (#​1177) (ca1f5f5)
• support windows arm64 (#​1176) (e17c4e5)

v0.1.84

Compare Source

Features

• add fontStretch and fontKerning support (#​1160) (8da5eea)
• add GIF encoding support (#​1159) (0cf2fcc)

v0.1.83

Compare Source

Features

• add variable font support (#​1148) (28fdfb2)
• chrome m143 (#​1153) (f49f4dc)

v0.1.82

Compare Source

Features

• add PDF annotation APIs for interactive links and navigation (#​1140) (52cd89f)
• add Uint16Array and Float32Array support to ImageData constructor (#​1144) (b6fc7d8)
• PDFDocument support (#​1137) (4ca7479)

v0.1.81

Compare Source

Features

• upgrade to chrome/142 (#​1136) (bcee494)

v0.1.80

Compare Source

Bug Fixes

• external memory usage adjustment mismatch (#​1123) (e0b76b9)
• shadow is not applied with transform correctly (#​1124) (05d10b1)

v0.1.79

Compare Source

Bug Fixes

• DOMMatrix.invertSelf() to return self for non-invertible matrices per DOM spec (#​1113) (d280e8a)
• prevent segfault when creating patterns from canvases (#​1118) (3d50fca), closes #​1107 #​1107 #​1106

v0.1.78

Compare Source

Bug Fixes

• canvas pattern live reference issue causing incorrect rendering (#​1107) (255b16e)

Features

• chrome m140 (#​1110) (ec4152c)

v0.1.77

Compare Source

Bug Fixes

• return early if setLineDash param is invalid (#​1097) (6c9e9f7)

v0.1.76

Compare Source

v0.1.75

Compare Source

Bug Fixes

• data URL handling for non-image MIME types (resolves #​1088) (#​1089) (22d45df)

Features

• implement toBlob and convertToBlob (a7f259f)

v0.1.74

Compare Source

Bug Fixes

• hsl color parsing (#​1084) (40f47b8)
• Ref was deprecated in NAPI-RS (#​1085) (e21858a)

Features

• upgrade to NAPI-RS 3.0.0-beta.11 (#​1081) (a299185)

v0.1.73

Compare Source

Bug Fixes

• wrong data pointer to ImageData in Electron env (#​1076) (c347654)

v0.1.72

Compare Source

Bug Fixes

• putImageData doesn't work on Electron environment (#​1075) (cc15b02)
• use this library with webpack (#​1074) (7b411bf)

v0.1.71

Compare Source

Bug Fixes

• memory leak in createPattern (#​1067) (2e9f718)
• shadow clipping beyond canvas bounds (#​1068) (deeeea7)
• wrong shadow alpha calculation (#​1064) (e853757)

Features

• chrome m137 (#​1049) (da30726)
• chrome m138 (#​1070) (2938333)
• upgrade cssparser (#​1063) (9c497a3)
• upgrade to NAPI-RS beta (#​1052) (91a20a0)

v0.1.70

Compare Source

Bug Fixes

• resize svg from file path render an empty image (#​1046) (2f03306)

Features

• expose SkCornerPathEffect as round() fn on Path2D (#​1040) (68c9f2c)

v0.1.69

Compare Source

Bug Fixes

• accept non-string param as text (#​1030) (c04cfd7)
• memory leak when creating bitmap from svg (#​1023) (1bd4caa)

Features

• chrome m136 (#​1033) (e71612b)

v0.1.68

Compare Source

Bug Fixes

• Bitmap::from_image_data width and height (#​1012) (dc9cdd1)
• BlendMode::Plus should be mapped to "plus" globalCompositeOperation (#​1016) (bd61a90)
• create pattern from Canvas (#​1013) (d1137a5)
• decode avif Image with libavif (#​1005) (d369c55)
• don't panic if current ts is not able to invert when transform (#​1002) (27e1cc8)
• draw canvas on canvas clip (#​1003) (e609b20)
• make sure registered font Buffer is valid (#​1014) (529e96c)
• memory leak in some blend mode (#​1015) (319f5b2)

sapphiredev/utilities (@​sapphire/eslint-config)

v5.0.6

Compare Source

🐛 Bug Fixes

• eslint-config: Update dependencies (349a1d1)
• deps: Update all non-major dependencies (2237f1c) (#​881 by @​renovate[bot])
• deps: Update all non-major dependencies (4bc5591) (#​879 by @​renovate[bot])
• deps: Update all non-major dependencies (1b923ad) (#​873 by @​renovate[bot])
• deps: Update all non-major dependencies (bc2f01c) (#​869 by @​renovate[bot])
• deps: Update dependency eslint-config-prettier to v10 (5d7bdbb) (#​860 by @​renovate[bot])
• deps: Update all non-major dependencies (ab1708e) (#​858 by @​renovate[bot])
• deps: Update all non-major dependencies (083376a) (#​763 by @​renovate[bot])

📝 Documentation

• Fix changelog urls (a3da0ab) (#​759 by @​favna)

sapphiredev/utilities (@​sapphire/ts-config)

v5.0.3

Compare Source

Changelog

All notable changes to this project will be documented in this file.

v5.0.2

Compare Source

🏠 Refactor

• Relocate tsconfig files to the package root for rolldown compatibility (b7f8a51)

🐛 Bug Fixes

• deps: Update all non-major dependencies (636a5ee) (#​897 by @​renovate[bot])
• deps: Update all non-major dependencies (4bc5591) (#​879 by @​renovate[bot])
• deps: Update all non-major dependencies (bc2f01c) (#​869 by @​renovate[bot])

📝 Documentation

• readme: Fix readme table of contents (c60e8bd)

prettier/eslint-config-prettier (eslint-config-prettier)

v9.1.2

Compare Source

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

v5.5.5

Compare Source

Patch Changes

• #​772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #​776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

v5.5.4

Compare Source

Patch Changes

• #​755 723f7a8 Thanks @​kbrilla! - fix: add 'oxc', 'oxc-ts' and 'hermes' parsers to parserBlocklist

• #​751 cf52b30 Thanks @​andreww2012! - fix: disallow extra properties in rule options

v5.5.3

Compare Source

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.2...v5.5.3

v5.5.2

Compare Source

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.1...v5.5.2

v5.5.1

Compare Source

Patch Changes

• #​748 bfd1e95 Thanks @​JounQin! - fix: use prettierRcOptions directly for prettier 3.6+

v5.5.0

Compare Source

Minor Changes

• #​743 92f2c9c Thanks @​dotcarmen! - feat: support non-js languages like css for @eslint/css and json for @eslint/json

v5.4.1

Compare Source

Patch Changes

• #​740 c21521f Thanks @​JounQin! - fix(deps): bump synckit to v0.11.7 to fix potential TypeError: Cannot read properties of undefined (reading 'message') error

v5.4.0

Compare Source

Minor Changes

• #​736 59a0cae Thanks @​yashtech00! - refactor: migrate worker.js to worker.mjs

v5.3.1

Compare Source

Patch Changes

• #​734 dcf2c80 Thanks @​JounQin! - ci: enable NPM_CONFIG_PROVENANCE env

v5.3.0

Compare Source

Minor Changes

• #​674 6fe0c90 Thanks @​irsooti! - feat(types): prefer Config over FlatConfig when they're equal

v5.2.6

Compare Source

Patch Changes

• #​723 1451176 Thanks @​renovate! - fix(deps): bump synckit to v0.11.0

v5.2.5

Compare Source

Patch Changes

• #​721 4f5513d Thanks @​JounQin! - fix: clarify correct eslint-config-prettier peer range

v5.2.4

Compare Source

Patch Changes

• #​715 b8cfe56 Thanks @​JounQin! - chore: hourcekeeping, bump all (dev) deps

lint-staged/lint-staged (lint-staged)

v15.5.2

Compare Source

Patch Changes

• #​1544 5561321 Thanks @​YimingIsCOLD! - Correctly handle colon (:) characters in staged filenames.

v15.5.1

Compare Source

Patch Changes

• #​1533 5d53534 Thanks @​iiroj! - Improve listing of staged files so that lint-staged doesn't crash when encountering an uninitialized submodule. This should result in less errors like:

  ✖ Failed to get staged files!
  

v15.5.0

Compare Source

Minor Changes

• #​1526 630af5f Thanks @​iiroj! - Lint-staged no longer resets to the original state when preventing an empty git commit. This happens when your configured tasks reset all the staged changes, typically when trying to commit formatting changes which conflict with your linter setup like ESLint or Prettier.

Example with Prettier

By default Prettier prefers double quotes.

Previously

1. Stage file.js with only double quotes " changed to '
2. Run git commit -am "I don't like double quotes"
3. Lint-staged runs prettier --write file.js, converting all the ' back to "
4. Because there are now no changes, lint-staged fails, cancels the commit, and resets back to the original state
5. Commit was not done, original state is restored and single quotes ' are staged

Now

1. Stage file.js with only double-quotes " changed to '
2. Run git commit -am "I don't like double quotes"
3. Lint-staged runs prettier --write file.js, converting all the ' back to "
4. Because there are now no changes, lint-staged fails and cancels the commit
5. Commit was not done, and there are no staged changes

nodejs/node (node)

v22.22.0: 2026-01-13, Version 22.22.0 'Jod' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-59465) add TLSSocket default error handler
• (CVE-2025-55132) disable futimes when permission model is enabled
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers

Commits

• [6badf4e6f4] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [37509c3ff0] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#791
• [eb8e41f8db] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [ebbf942a83] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
• [6b4849583a] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [ddadc31f09] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [d4d9f3915f] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [25d6799df6] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

v22.21.1: 2025-10-28, Version 22.21.1 'Jod' (LTS), @​aduh95

Compare Source

Commits

• [af33e8e668] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #​59872
• [6764ce8756] - benchmark: update count to n in permission startup (Bruno Rodrigues) #​59872
• [4e8d99f0dc] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59872
• [af0a8ba7f8] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #​59708
• [78efd1be4a] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59708
• [df72dc96e9] - console,util: improve array inspection performance (Ruben Bridgewater) #​60037
• [ef67d09f50] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #​59958
• [23468fd76b] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #​59924
• [56abc4ac76] - lib: optimize priority queue (Gürgün Dayıoğlu) #​60039
• [ea5cfd98c5] - lib: implement passive listener behavior per spec (BCD1me) #​59995
• [c2dd6eed2f] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [81a3055710] - process: fix default env for process.execve (Richard Lau) #​60029
• [fe492c7ace] - process: fix hrtime fast call signatures (Renegade334) #​59600
• [76b4cab8fc] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #​60053
• [21970970c7] - src: remove AnalyzeTemporaryDtors option from .clang-tidy (iknoom) #​60008
• [609c063e81] - src: remove unused variables from report (Moonki Choi) #​60047
• [987841a773] - src: avoid unnecessary string allocations in SPrintF impl (Anna Henningsen) #​60052
• [6e386c0632] - src: make ToLower/ToUpper input args more flexible (Anna Henningsen) #​60052
• [c3be1226c7] - src: allow std::string_view arguments to SPrintF() and friends (Anna Henningsen) #​60058
• [764d35647d] - src: remove unnecessary std::string error messages (Anna Henningsen) #​60057
• [1289ef89ec] - src: remove unnecessary shadowed functions on Utf8Value & BufferValue (Anna Henningsen) #​60056
• [d1fb8a538d] - src: avoid unnecessary string -> char* -> string round trips (Anna Henningsen) #​60055
• [54b439fb5a] - src: fill options_args, options_env after vectors are finalized (iknoom) #​59945
• [c7c597e2ca] - src: use RAII for uv_process_options_t (iknoom) #​59945
• [b928ea9716] - test: ensure that the message event is fired (Luigi Pinca) #​59952
• [e4b95a5158] - test: replace diagnostics_channel stackframe in output snapshots (Chengzhong Wu) #​60024
• [4206406694] - test: mark test-web-locks skip on IBM i (SRAVANI GUNDEPALLI) #​59996
• [26394cd5bf] - test: expand tls-check-server-identity coverage (Diango Gavidia) #​60002
• [b58df47995] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [af3a59dba8] - test: verify tracing channel doesn't swallow unhandledRejection (Gerhard Stöbich) #​59974
• [cee362242b] - timers: fix binding fast call signatures (Renegade334) #​59600
• [40fea57fdd] - tools: add message on auto-fixing js lint issues in gh workflow (Dario Piotrowicz) #​59128
• [aac90d351b] - tools: verify signatures when updating nghttp* (Antoine du Hamel) #​60113
• [9fae03c7d9] - tools: use dependabot cooldown and move tools/doc (Rafael Gonzaga) #​59978
• [81548abdf6] - wasi: fix WasiFunction fast call signature (Renegade334) #​59600

v22.21.0: 2025-10-20, Version 22.21.0 'Jod' (LTS), @​aduh95

[Compa

---

Configuration

📅 Schedule: Branch creation - "before 12pm on Sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.