Skip to content

fix(deps): update all dependencies #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update all dependencies #188

wants to merge 1 commit into from
+516 −422

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 20, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@chainsafe/libp2p-yamux ^7.0.1 -> ^8.0.0 age adoption passing confidence dependencies major
@libp2p/interface (source) ^2.6.1 -> ^3.0.0 age adoption passing confidence dependencies major
@typescript-eslint/eslint-plugin (source) 8.46.1 -> 8.46.4 age adoption passing confidence devDependencies patch
@typescript-eslint/parser (source) 8.46.1 -> 8.46.4 age adoption passing confidence devDependencies patch
actions/dependency-review-action v4.8.1 -> v4.8.2 age adoption passing confidence action patch
esbuild ^0.25.9 -> ^0.27.0 age adoption passing confidence devDependencies minor
eslint (source) 9.37.0 -> 9.39.1 age adoption passing confidence devDependencies minor
github.com/aperturerobotics/util v1.31.3 -> v1.31.4 age adoption passing confidence require patch
github.com/evanw/esbuild v0.25.10 -> v0.27.0 age adoption passing confidence require minor
github.com/golangci/golangci-lint/v2 v2.5.0 -> v2.6.2 age adoption passing confidence require minor
github.com/libp2p/go-libp2p v0.44.0 -> v0.45.0 age adoption passing confidence require minor
github/codeql-action v4.30.8 -> v4.31.3 age adoption passing confidence action minor
golang.org/x/tools v0.38.0 -> v0.39.0 age adoption passing confidence require minor
lint-staged 16.2.4 -> 16.2.6 age adoption passing confidence devDependencies patch
mvdan.cc/gofumpt v0.9.1 -> v0.9.2 age adoption passing confidence require patch
rimraf 6.0.1 -> 6.1.0 age adoption passing confidence devDependencies minor
vitest (source) ^3.0.7 -> ^4.0.0 age adoption passing confidence devDependencies major

Release Notes

ChainSafe/js-libp2p-yamux (@​chainsafe/libp2p-yamux)

v8.0.1

Compare Source

Bug Fixes
  • make sendReset synchronous to avoid unhandled rejections (#​113) (232fb1b)

v8.0.0

Compare Source

⚠ BREAKING CHANGES
  • Must be used with libp2p@3.x.x, it cannot be used with earlier versions
Features
libp2p/js-libp2p (@​libp2p/interface)

v3.1.0

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

v3.0.0

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.46.4

Compare Source

🩹 Fixes
  • parser: error when both projectService and project are set (#​11333)
  • eslint-plugin: handle override modifier in promise-function-async fixer (#​11730)
  • eslint-plugin: [no-deprecated] fix double-report on computed literal identifiers (#​11006, #​10958)
❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.46.3

Compare Source

🩹 Fixes
  • eslint-plugin: [no-duplicate-enum-values] support signed numbers (#​11722, #​11723)
  • eslint-plugin: [no-misused-promises] expand union type to retrieve target property (#​11706)
❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.46.2

Compare Source

🩹 Fixes
  • eslint-plugin: [prefer-optional-chain] skip optional chaining when it could change the result (#​11702)
❤️ Thank You
  • mdm317

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.46.4

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.46.3

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.46.2

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

actions/dependency-review-action (actions/dependency-review-action)

v4.8.2

Compare Source

Minor fixes:

evanw/esbuild (esbuild)

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

  • Use Uint8Array.fromBase64 if available (#​4286)

    With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

  • Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

    This raises the operating system requirements for running esbuild:

    • Linux: now requires a kernel version of 3.2 or later
    • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Compare Source

  • Enable trusted publishing (#​4281)

    GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

    Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

v0.25.12

Compare Source

  • Fix a minification regression with CSS media queries (#​4315)

    The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

  • Update the list of known JavaScript globals (#​4310)

    This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

    From ES2017:

    • Atomics
    • SharedArrayBuffer

    From ES2020:

    • BigInt64Array
    • BigUint64Array

    From ES2021:

    • FinalizationRegistry
    • WeakRef

    From ES2025:

    • Float16Array
    • Iterator

    Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

    // This can now be tree-shaken by esbuild:
class ExampleIterator extends Iterator {}

  • Add support for the new @view-transition CSS rule (#​4313)

    With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

    /* Original code */
@&#8203;view-transition {
  navigation: auto;
  types: check;
}

/* Old output */
@&#8203;view-transition { navigation: auto; types: check; }

/* New output */
@&#8203;view-transition {
  navigation: auto;
  types: check;
}

    The new view transition feature provides a mechanism for creating animated transitions between documents in a multi-page app. You can read more about view transition rules here.

    This change was contributed by @​yisibl.

  • Trim CSS rules that will never match

    The CSS minifier will now remove rules whose selectors contain :is() and :where() as those selectors will never match. These selectors can currently be automatically generated by esbuild when you give esbuild nonsensical input such as the following:

    /* Original code */
div:before {
  color: green;
  &.foo {
    color: red;
  }
}

/* Old output (with --supported:nesting=false --minify) */
div:before{color:green}:is().foo{color:red}

/* New output (with --supported:nesting=false --minify) */
div:before{color:green}

    This input is nonsensical because CSS nesting is (unfortunately) not supported inside of pseudo-elements such as :before. Currently esbuild generates a rule containing :is() in this case when you tell esbuild to transform nested CSS into non-nested CSS. I think it's reasonable to do that as it sort of helps explain what's going on (or at least indicates that something is wrong in the output). It shouldn't be present in minified code, however, so this release now strips it out.

v0.25.11

Compare Source

  • Add support for with { type: 'bytes' } imports (#​4292)

    The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

    import data from './image.png' with { type: 'bytes' }
const view = new DataView(data.buffer, 0, 24)
const width = view.getInt32(16)
const height = view.getInt32(20)
console.log('size:', width + '\xD7' + height)

  • Lower CSS media query range syntax (#​3748, #​4293)

    With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

    @&#8203;media (640px <= width <= 960px) {
  main {
    display: flex;
  }
}

    will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

    @&#8203;media (min-width: 640px) and (max-width: 960px) {
  main {
    display: flex;
  }
}
eslint/eslint (eslint)

v9.39.1

Compare Source

v9.39.0

Compare Source

v9.38.0

Compare Source

Features

  • ce40f74 feat: update complexity rule to only highlight function header (#​20048) (Atul Nair)
  • e37e590 feat: correct no-loss-of-precision false positives with e notation (#​20187) (Francesco Trotta)

Bug Fixes

  • 50c3dfd fix: improve type support for isolated dependencies in pnpm (#​20201) (Francesco Trotta)
  • a1f06a3 fix: correct SourceCode typings (#​20114) (Pixel998)

Documentation

  • 462675a docs: improve web accessibility by hiding non-semantic character (#​20205) (루밀LuMir)
  • c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#​20203) (루밀LuMir)
  • b39e71a docs: Update README (GitHub Actions Bot)
  • cd39983 docs: move custom-formatters type descriptions to nodejs-api (#​20190) (Percy Ma)

Chores

aperturerobotics/util (github.com/aperturerobotics/util)

v1.31.4

Compare Source

golangci/golangci-lint (github.com/golangci/golangci-lint/v2)

v2.6.2

Compare Source

  1. Bug fixes
    • fmt command with symlinks
    • use file depending on build configuration to invalidate cache
  2. Linters bug fixes
    • testableexamples: from 1.0.0 to 1.0.1
    • testpackage: from 1.1.1 to 1.1.2

v2.6.1

Compare Source

v2.6.0

Compare Source

  1. New linters
    • Add modernize analyzer suite
  2. Linters new features or changes
    • arangolint: from 0.2.0 to 0.3.1
    • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
    • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
    • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
    • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
    • wsl: from 5.2.0 to 5.3.0
  3. Linters bug fixes
    • dupword: from 0.1.6 to 0.1.7
    • durationcheck: from 0.0.10 to 0.0.11
    • exptostd: from 0.4.4 to 0.4.5
    • fatcontext: from 0.8.1 to 0.9.0
    • forbidigo: from 2.1.0 to 2.3.0
    • ginkgolinter: from 0.21.0 to 0.21.2
    • godoc-lint: from 0.10.0 to 0.10.1
    • gomoddirectives: from 0.7.0 to 0.7.1
    • gosec: from 2.22.8 to 2.22.10
    • makezero: from 2.0.1 to 2.1.0
    • nilerr: from 0.1.1 to 0.1.2
    • paralleltest: from 1.0.14 to 1.0.15
    • protogetter: from 0.3.16 to 0.3.17
    • unparam: from 0df0534 to 5beb8c8
  4. Misc.
    • fix: ignore some files to hash the version for custom build
libp2p/go-libp2p (github.com/libp2p/go-libp2p)

v0.45.0

Compare Source

A small release that adjust some noisy logging levels and adds a method for dynamically change the slog Handler for better integration with applications that use go-log.

What's Changed

Full Changelog: libp2p/go-libp2p@v0.44.0...v0.45.0

github/codeql-action (github/codeql-action)

v4.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025
  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

v4.31.2

Compare Source

v4.31.1

Compare Source

v4.31.0

Compare Source

v4.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.9 - 17 Oct 2025
  • Update default CodeQL bundle version to 2.23.3. #​3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

lint-staged/lint-staged (lint-staged)

v16.2.6

Compare Source

Patch Changes

v16.2.5

Compare Source

Patch Changes
  • #​1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.
mvdan/gofumpt (mvdan.cc/gofumpt)

v0.9.2

Compare Source

This release moves the "clothe naked returns" rule under gofumpt -extra, following the discussion in #​285.

Binaries built on go version go1.25.3 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Consider becoming a sponsor if you benefit from the work that went into this release!

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

isaacs/rimraf (rimraf)

v6.1.0

Compare Source

vitest-dev/vitest (vitest)

v4.0.9

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v4.0.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.0.7

Compare Source

   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v4.0.6

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.0.5

Compare Source

   🐞 Bug Fixes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security
Copy link

socket-security bot commented Aug 20, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​@​typescript-eslint/​parser@​8.46.1 ⏵ 8.46.41001007197 +2100
Addednpm/​esbuild@​0.27.0921007394100
Updatedgolang/​github.com/​golangci/​golangci-lint/​v2@​v2.5.0 ⏵ v2.6.274 +110010010070
Updatedgolang/​golang.org/​x/​tools@​v0.38.0 ⏵ v0.39.075 +1100100100100
Updatednpm/​vitest@​3.2.4 ⏵ 4.0.998 +110079 +199 +1100
Updatednpm/​@​typescript-eslint/​eslint-plugin@​8.46.1 ⏵ 8.46.4991008097 +2100
Updatednpm/​rimraf@​6.0.1 ⏵ 6.1.0100 +110010083100
Updatedgolang/​github.com/​evanw/​esbuild@​v0.25.10 ⏵ v0.27.084 +1100100100100
Updatednpm/​@​chainsafe/​libp2p-yamux@​7.0.4 ⏵ 8.0.198 +110010089 +1100
Updatednpm/​@​libp2p/​interface@​2.11.0 ⏵ 3.1.0100 +110090100100
Updatednpm/​lint-staged@​16.2.4 ⏵ 16.2.6100 +110010095100
Updatednpm/​eslint@​9.37.0 ⏵ 9.39.197 +110010095 -1100
Addedgolang/​github.com/​aperturerobotics/​util@​v1.31.498100100100100
Updatedgolang/​mvdan.cc/​gofumpt@​v0.9.1 ⏵ v0.9.299 +1100100100100

View full report

@renovate renovate bot changed the title fix(deps): update dependency @libp2p/interface to v2.11.0 fix(deps): update all dependencies Aug 20, 2025
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from ae2f9d0 to f4729ce Compare August 26, 2025 22:38
@renovate renovate bot force-pushed the renovate/all branch 9 times, most recently from 2a584e8 to e1cc4f9 Compare September 7, 2025 18:00
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from 1417d8f to b67b277 Compare September 10, 2025 21:26
@renovate renovate bot changed the title fix(deps): update all dependencies fix(deps): update all dependencies - autoclosed Sep 16, 2025
@renovate renovate bot closed this Sep 16, 2025
@renovate renovate bot deleted the renovate/all branch September 16, 2025 09:12
@renovate renovate bot changed the title fix(deps): update all dependencies - autoclosed fix(deps): update all dependencies Sep 17, 2025
@renovate renovate bot reopened this Sep 17, 2025
@renovate renovate bot changed the title fix(deps): update all dependencies fix(deps): update all dependencies to v0.25.10 Sep 17, 2025
@renovate renovate bot force-pushed the renovate/all branch 7 times, most recently from 83e340c to b2e1e2f Compare October 27, 2025 15:08
@renovate renovate bot force-pushed the renovate/all branch 13 times, most recently from 2c964ec to 695074f Compare November 4, 2025 20:55
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from cd508e1 to ca1a63f Compare November 13, 2025 04:35
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 75a2d11 to c47989a Compare November 14, 2025 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant