Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@types/node (source)	25.5.0 → 25.9.1
fs-extra	11.3.4 → 11.3.5
prettier (source)	3.8.1 → 3.8.3
semver	7.7.4 → 7.8.0

---

Release Notes

jprichardson/node-fs-extra (fs-extra)

v11.3.5

Compare Source

• Fix ensureLink*/ensureSymlink* identical file detection on Windows (#​1068)
• Fix error handling in timestamp preservation code (#​1065, #​1069)
• Fix potential file descriptor leak on error in synchronous timestamp preservation code (#​1066)

prettier/prettier (prettier)

v3.8.3

Compare Source

v3.8.2

Compare Source

npm/node-semver (semver)

v7.8.0

Compare Source

Features

• 0d0a0a2 #​855 Add truncate function (#​855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #​859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #​853 fix typos in documentation (#​853) (@​ankitkumar572005)
• 37776c3 #​846 fix BNF grammar to distinguish prerelease from build identifiers (#​846) (@​abhu85, @​claude)

Chores

• 9542e09 #​860 template-oss-apply (@​owlstronaut)
• 937bc2c #​860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #​852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#​852) (@​dependabot[bot], @​npm-cli-bot)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​node@​25.5.0 ⏵ 25.9.1				+1
	semver@​7.7.4 ⏵ 7.8.0	+1		+1
	fs-extra@​11.3.4 ⏵ 11.3.5	+1
	prettier@​3.8.1 ⏵ 3.8.3			+1

View full report

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.64%. Comparing base (b38d1ad) to head (6d1569b).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #161   +/-   ##
=======================================
  Coverage   89.64%   89.64%           
=======================================
  Files           3        3           
  Lines         251      251           
=======================================
  Hits          225      225           
  Misses         26       26           

Flag	Coverage Δ
unittests	89.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.11s
❌ ACTION	zizmor	4		1	0	0.2s
❌ COPYPASTE	jscpd	yes		4	no	1.67s
✅ JSON	jsonlint	7		0	0	0.1s
✅ JSON	npm-package-json-lint	yes		no	no	0.46s
⚠️ JSON	prettier	7		1	0	0.42s
✅ JSON	v8r	7		0	0	14.42s
⚠️ MARKDOWN	markdownlint	6		17	0	0.96s
⚠️ MARKDOWN	markdown-table-formatter	6		1	0	0.29s
✅ REPOSITORY	checkov	yes		no	no	21.84s
✅ REPOSITORY	gitleaks	yes		no	no	0.63s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	48.86s
❌ REPOSITORY	osv-scanner	yes		4	no	1.06s
✅ REPOSITORY	secretlint	yes		no	no	1.04s
✅ REPOSITORY	syft	yes		no	no	2.06s
✅ REPOSITORY	trivy	yes		no	no	11.82s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.5s
✅ REPOSITORY	trufflehog	yes		no	no	4.61s
✅ SPELL	cspell	29		0	0	3.92s
⚠️ SPELL	lychee	23		3	0	4.33s
⚠️ TYPESCRIPT	prettier	1		1	0	0.49s
⚠️ TYPESCRIPT	ts-standard	1		1	0	0.49s
⚠️ YAML	prettier	8		1	3	0.48s
✅ YAML	v8r	8		0	0	7.44s
✅ YAML	yamllint	8		0	0	0.58s

Detailed Issues

❌ COPYPASTE / jscpd - 4 errors

Clone found (javascript):
 - test/java-caller.test.js [104:42 - 113:69] (9 lines, 80 tokens)
   test/java-caller.test.js [21:40 - 30:53]

Clone found (javascript):
 - test/java-caller.test.js [116:40 - 125:79] (9 lines, 80 tokens)
   test/java-caller.test.js [21:40 - 30:53]

Clone found (javascript):
 - test/java-caller.test.js [143:118 - 151:68] (8 lines, 74 tokens)
   test/java-caller.test.js [130:103 - 138:83]

Clone found (javascript):
 - test/java-caller.test.js [153:60 - 162:84] (9 lines, 80 tokens)
   test/java-caller.test.js [21:40 - 30:53]

┌────────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format     │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ java       │ 1              │ 36          │ 350          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ javascript │ 11             │ 1088        │ 9981         │ 4            │ 35 (3.22%)       │ 314 (3.15%)       │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ typescript │ 1              │ 222         │ 671          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ markdown   │ 1              │ 27          │ 173          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total:     │ 14             │ 1373        │ 11175        │ 4            │ 35 (2.55%)       │ 314 (2.81%)       │
└────────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 4 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (2.55%) over threshold (0%)
Error: ERROR: jscpd found too many duplicates (2.55%) over threshold (0%)
    at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:615:13)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:18
    at Array.forEach (<anonymous>)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:108:22
    at async /node-deps/node_modules/jscpd/dist/bin/jscpd.js:9:5

❌ REPOSITORY / osv-scanner - 4 errors

Scanning dir .
Starting filesystem walk for root: /
Scanned package-lock.json file and found 276 packages
End status: 47 dirs visited, 133 inodes visited, 1 Extract calls, 8.38427ms elapsed, 8.3844ms wall time

Total 3 packages affected by 4 known vulnerabilities (0 Critical, 1 High, 2 Medium, 1 Low, 0 Unknown) from 1 ecosystem.
4 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+----------------------------+---------+---------------+-------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                    | VERSION | FIXED VERSION | SOURCE            |
+-------------------------------------+------+-----------+----------------------------+---------+---------------+-------------------+
| https://osv.dev/GHSA-jxxr-4gwj-5jf2 | 6.5  | npm       | brace-expansion (dev)      | 5.0.5   | 5.0.6         | package-lock.json |
| https://osv.dev/GHSA-73rr-hh4g-fpgx | 2.7  | npm       | diff (dev)                 | 7.0.0   | 8.0.3         | package-lock.json |
| https://osv.dev/GHSA-5c6j-r48x-rmvq | 8.1  | npm       | serialize-javascript (dev) | 6.0.2   | 7.0.3         | package-lock.json |
| https://osv.dev/GHSA-qj8w-gfj5-8c6v | 5.9  | npm       | serialize-javascript (dev) | 6.0.2   | 7.0.5         | package-lock.json |
+-------------------------------------+------+-----------+----------------------------+---------+---------------+-------------------+

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/deploy.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/test.yml:78:11: input "file" is not defined in action "codecov/codecov-action@v6". available inputs are "base_sha", "binary", "codecov_yml_path", "commit_parent", "directory", "disable_file_fixes", "disable_safe_directory", "disable_search", "disable_telem", "dry_run", "env_vars", "exclude", "fail_ci_if_error", "files", "flags", "force", "gcov_args", "gcov_executable", "gcov_ignore", "gcov_include", "git_service", "handle_no_reports_found", "job_code", "name", "network_filter", "network_prefix", "os", "override_branch", "override_build", "override_build_url", "override_commit", "override_pr", "plugins", "recurse_submodules", "report_code", "report_type", "root_dir", "run_command", "skip_validation", "slug", "swift_project", "token", "url", "use_legacy_upload_endpoint", "use_oidc", "use_pypi", "verbose", "version", "working-directory" [action]
   |
78 |           file: coverage.lcov
   |           ^~~~~

⚠️ SPELL / lychee - 3 errors

📝 Summary
---------------------
🔍 Total...........73
🔗 Unique..........61
✅ Successful......23
⏳ Timeouts.........0
🔀 Redirected.......8
👻 Excluded........47
❓ Unknown..........0
🚫 Errors...........3
⛔ Unsupported......3

Errors in README.md
[403] https://npmjs.org/package/java-caller (at 5:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/java-caller --[301]--> https://www.npmjs.com/package/java-caller
[403] https://npmjs.org/package/java-caller (at 6:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/java-caller --[301]--> https://www.npmjs.com/package/java-caller
[403] https://www.npmjs.com/package/java-caller (at 4:1) | Rejected status code: 403 Forbidden

Hint: Followed 8 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`

⚠️ MARKDOWN / markdown-table-formatter - 1 error

1 files contain markdown tables to format:
- README.md

⚠️ MARKDOWN / markdownlint - 17 errors

CODE_OF_CONDUCT.md:58:44 error MD034/no-bare-urls Bare URL used [Context: "nicolas.vuillamy@gmail.com"]
CODE_OF_CONDUCT.md:71:14 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
CODE_OF_CONDUCT.md:76:1 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:47 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:1 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:68:361 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:70:123 error MD060/table-column-style Table column style [Table pipe has extra space to the left for style "compact"]
README.md:74:315 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:75:310 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:76:208 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:77:233 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]

⚠️ JSON / prettier - 1 error

Checking formatting...
[warn] .cspell.json
[warn] .vscode/launch.json
[warn] examples/cli_app/lib/java-caller-config.json
[warn] examples/cli_app/package.json
[warn] examples/module_app/package.json
[warn] renovate.json
[warn] Code style issues found in 6 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / prettier - 1 error

Checking formatting...
[warn] lib/index.d.ts
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/deploy.yml
[warn] .github/workflows/test.yml
[warn] Code style issues found in 2 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / ts-standard - 1 error

Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.

Notices

⚠️ ESLint v10 flat-config migration required - the following linters are disabled until you migrate: JAVASCRIPT_ES, JSON_ESLINT_PLUGIN_JSONC, JSX_ESLINT, TSX_ESLINT, TYPESCRIPT_ES. Only legacy .eslintrc.js was detected; ESLint v10 dropped support for the .eslintrc.* format. Please migrate to eslint.config.mjs. See the ESLint migration guide.

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,COPYPASTE_JSCPD,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,TYPESCRIPT_STANDARD,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository