Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

These dependencies are either deprecated or have replacements available:

Datasource	Name	Replacement PR?
npm	@lerna/collect-updates
npm	@lerna/package
npm	@lerna/package-graph
npm	@lerna/run-topologically
npm	@types/diff
nuget	Microsoft.DotNet.Analyzers.Compatibility

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update dependency @xmldom/xmldom to v0.8.11
• chore(deps): update dependency code-suggester to v4.3.4
• chore(deps): update dependency js-yaml to v4.1.1
• chore(deps): update dependency microsoft.netframework.referenceassemblies to 1.0.3
• chore(deps): update dependency nock to v13.5.6
• chore(deps): update dependency semver to v7.6.3
• chore(deps): update dependency tslib to v2.6.3
• chore(deps): update dependency yaml to v2.4.5
• chore(deps): update node.js to v18.20.8
• chore(deps): update dependency ajv to v8.17.1
• chore(deps): update dependency chai to v4.5.0
• chore(deps): update dependency gts to v5.3.1
• chore(deps): update dependency semver to v7.7.3 (semver, @types/semver)
• chore(deps): update dependency tslib to v2.8.1
• chore(deps): update dependency typescript to v5.9.3
• chore(deps): update dependency yaml to v2.8.2
• chore(deps): update pnpm to v9.15.9
• chore(deps): update actions/checkout action to v6
• chore(deps): update actions/setup-node action to v6
• chore(deps): update dependency @types/chai to v5
• chore(deps): update dependency c8 to v10
• chore(deps): update dependency chai to v6
• chore(deps): update dependency cross-env to v10
• chore(deps): update dependency google.cloud.iam.v1 to v3
• chore(deps): update dependency google.longrunning to v3
• chore(deps): update dependency gts to v7
• chore(deps): update dependency mocha to v11
• chore(deps): update dependency nock to v14
• chore(deps): update dependency sinon to v21 (sinon, @types/sinon)
• chore(deps): update node.js to v24 (node, @types/node)
• chore(deps): update pnpm to v10
• fix(deps): update dependency @google-automations/git-file-utils to v3
• fix(deps): update dependency code-suggester to v5
• fix(deps): update dependency conventional-changelog-conventionalcommits to v9
• fix(deps): update dependency conventional-changelog-writer to v8
• fix(deps): update dependency conventional-commits-filter to v5
• fix(deps): update dependency diff to v8 (diff, @types/diff)
• fix(deps): update dependency node-html-parser to v7
• fix(deps): update dependency type-fest to v5
• fix(deps): update dependency yargs to v18
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency @google-automations/git-file-utils to v1.2.6
• chore(deps): update dependency @types/node to v18.19.130
• chore(deps): update dependency @types/node-fetch to v2.6.13
• chore(deps): update dependency @types/yargs to v17.0.35
• chore(deps): update dependency configureawaitchecker.analyzer to 5.0.0.1
• chore(deps): update octokit monorepo (patch) (@octokit/graphql, @octokit/request, @octokit/request-error, @octokit/rest)
• chore(deps): update dependency @types/mocha to v10
• chore(deps): update dependency ajv-formats to v3
• fix(deps): update dependency unist-util-visit-parents to v6
• fix(deps): update octokit monorepo (major) (@octokit/core, @octokit/graphql, @octokit/plugin-retry, @octokit/plugin-throttling, @octokit/request, @octokit/request-error, @octokit/rest, @octokit/types)
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• fix(deps): update dependency xpath to ^0.0.34
• chore(deps): update dependency sinon to v16.1.3
• fix(deps): update dependency chalk to v5
• fix(deps): update dependency detect-indent to v7
• fix(deps): update dependency figures to v6
• fix(deps): update dependency http-proxy-agent to v7
• fix(deps): update dependency https-proxy-agent to v7
• fix(deps): update dependency node-fetch to v3
• fix(deps): update dependency unist-util-visit to v5

Vulnerabilities

5/5 CVEs have possible Renovate fixes.
See osvVulnerabilityAlerts to allow Renovate to supply fixes.

npm

package.json

@octokit/request

• GHSA-rmvr-2pp2-xj38 (fixed in >= 8.4.1)

@octokit/request-error

• GHSA-xx4v-prfh-6cgc (fixed in >= 5.1.1)

js-yaml

• GHSA-mh29-5h37-fv8m (fixed in >= 4.1.1)

pnpm

• GHSA-vm32-9rqf-rh3r (fixed in >= 9.15.0)
• GHSA-8cc4-rfj6-fhg4 (fixed in >= 10.0.0)

Detected Dependencies

asdf (1)

.tool-versions (1)

• node 18.20.2

github-actions (2)

.github/workflows/ci.yaml (3)

• actions/checkout v4
• actions/setup-node v3
• actions/setup-node v3

.github/workflows/release.yaml (5)

• actions/checkout v4
• actions/setup-node v3
• actions/setup-node v3
• node 20
• node 20

nodenv (1)

.node-version (1)

• node 18.20.2

npm (1)

package.json (71)

• @conventional-commits/parser ^0.4.1
• @google-automations/git-file-utils ^1.2.5
• @iarna/toml ^3.0.0
• @lerna/collect-updates ^6.4.1
• @lerna/package ^6.4.1
• @lerna/package-graph ^6.4.1
• @lerna/run-topologically ^6.4.1
• @octokit/core ^4.0.0
• @octokit/graphql ^5.0.0
• @octokit/plugin-retry 5.0.5
• @octokit/plugin-throttling 6.1.0
• @octokit/request ^6.0.0
• @octokit/request-error ^3.0.0
• @octokit/rest ^19.0.0
• @types/npm-package-arg ^6.1.0
• @xmldom/xmldom ^0.8.4
• chalk ^4.0.0
• code-suggester ^4.2.0
• conventional-changelog-conventionalcommits ^6.0.0
• conventional-changelog-writer ^6.0.0
• conventional-commits-filter ^3.0.0
• detect-indent ^6.1.0
• diff ^5.0.0
• figures ^3.0.0
• http-proxy-agent ^5.0.0
• https-proxy-agent ^5.0.1
• js-yaml ^4.0.0
• jsonpath ^1.1.1
• node-fetch ^2.7.0
• node-html-parser ^6.0.0
• parse-github-repo-url ^1.4.1
• semver ^7.0.0
• type-fest ^3.0.0
• typescript ^5.2.2
• unist-util-visit ^2.0.3
• unist-util-visit-parents ^3.1.1
• xpath ^0.0.32
• yaml ^2.2.2
• yargs ^17.0.0
• @octokit/types ^9.0.0
• @types/chai ^4.3.6
• @types/diff ^5.0.2
• @types/iarna__toml ^2.0.1
• @types/js-yaml ^4.0.0
• @types/jsonpath ^0.2.0
• @types/lerna__collect-updates ^5.1.0
• @types/lerna__package ^5.1.0
• @types/lerna__package-graph ^5.1.0
• @types/lerna__run-topologically ^5.1.0
• @types/mocha ^9.0.0
• @types/node 18.19.44
• @types/node-fetch ^2.6.4
• @types/semver ^7.0.0
• @types/sinon ^10.0.17
• @types/xmldom ^0.1.31
• @types/yargs ^17.0.0
• ajv ^8.11.0
• ajv-formats ^2.1.1
• c8 ^8.0.0
• chai ^4.3.10
• cross-env ^7.0.0
• gts ^5.0.1
• mocha ^9.2.2
• nock ^13.0.0
• sinon 16.0.0
• snap-shot-it ^7.0.0
• ts-node ^10.9.1
• tslib ^2.6.2
• node >=18.0.0
• pnpm >=9
• pnpm 9.11.0

nuget (3)

test/updaters/fixtures/dotnet/SecurityCenter.V1.csproj (7)

• Microsoft.NETFramework.ReferenceAssemblies 1.0.2
• Microsoft.DotNet.Analyzers.Compatibility 0.2.12-alpha
• Grpc.Core [2.41.0, 3.0.0)
• Google.LongRunning [2.3.0, 3.0.0)
• Google.Cloud.Iam.V1 [2.3.0, 3.0.0)
• Google.Api.Gax.Grpc.GrpcCore [3.6.0, 4.0.0)
• ConfigureAwaitChecker.Analyzer 5.0.0

test/updaters/fixtures/Foo.csproj (6)

• Microsoft.NETFramework.ReferenceAssemblies 1.0.2
• Microsoft.DotNet.Analyzers.Compatibility 0.2.12-alpha
• Grpc.Core [2.38.1, 3.0.0)
• Google.LongRunning [2.3.0, 3.0.0)
• Google.Api.Gax.Grpc.GrpcCore [3.5.0, 4.0.0)
• ConfigureAwaitChecker.Analyzer 5.0.0

test/updaters/fixtures/Prerelease.csproj (6)

• Microsoft.NETFramework.ReferenceAssemblies 1.0.2
• Microsoft.DotNet.Analyzers.Compatibility 0.2.12-alpha
• Grpc.Core [2.38.1, 3.0.0)
• Google.LongRunning [2.3.0, 3.0.0)
• Google.Api.Gax.Grpc.GrpcCore [3.5.0, 4.0.0)
• ConfigureAwaitChecker.Analyzer 5.0.0

---

• Check this box to trigger a request for Renovate to run again on this repository