Skip to content

chore(deps): update external major (major)#1654

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate-major-external-major
Open

chore(deps): update external major (major)#1654
renovate[bot] wants to merge 1 commit into
mainfrom
renovate-major-external-major

Conversation

@renovate

@renovate renovate Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence Type Update
@babel/core (source) 7.29.78.0.1 age confidence devDependencies major
@babel/eslint-parser (source) 7.29.78.0.1 age confidence devDependencies major
actions/cache v5v6 age confidence action major
actions/checkout v6v7 age confidence action major
codecov/codecov-action v6v7 age confidence action major
js-yaml 4.2.05.1.0 age confidence devDependencies major
js-yaml 4.2.05.1.0 age confidence devDependencies major
sinon (source) 21.0.322.0.0 age confidence devDependencies major

Release Notes

babel/babel (@​babel/core)

v8.0.1

Compare Source

💥 Breaking Change
  • babel-core, babel-plugin-transform-object-rest-spread, babel-plugin-transform-runtime, babel-preset-env, babel-standalone

v8.0.0

Compare Source

👓 Spec Compliance
💥 Breaking Change
  • babel-cli, babel-node, babel-plugin-proposal-decorators, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-plugin-transform-modules-commonjs, babel-plugin-transform-object-rest-spread, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-regenerator, babel-preset-env, babel-register
  • babel-plugin-transform-runtime, babel-runtime-corejs3, babel-runtime
  • babel-parser
🐛 Bug Fix
  • babel-generator
  • babel-plugin-transform-modules-systemjs
📝 Documentation
🏠 Internal
🏃‍♀️ Performance
actions/cache (actions/cache)

v6.0.0

Compare Source

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v6

Compare Source

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

codecov/codecov-action (codecov/codecov-action)

v7.0.0

Compare Source

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v7

Compare Source

nodeca/js-yaml (js-yaml)

v5.1.0

Compare Source

Added
  • Collection tags can finalize an incrementally populated carrier into a
    different result value.
Changed
  • [breaking] quoteStyle now selects the preferred quote style; use the
    restored forceQuotes option to force quoting non-key strings.

v5.0.0

Compare Source

Added
  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution
    rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys.
    Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before
    rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding,
    flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and
    tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the
    test set.
Changed
  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named
    exports.
  • Reduced the set of exported schemas:
    • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA,
      FAILSAFE_SCHEMA.
    • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not
      specify a schema, only "types").
  • load/dump default behaviour is now specified exactly via schemas:
    • load uses CORE_SCHEMA, without !!merge by default.
    • dump uses YAML11_SCHEMA + CORE_SCHEMA for the quoting check, to
      guarantee backward compatibility by default.
  • !!set is now loaded as a JavaScript Set.
  • Replaced the Type API with a tags API. Similar, but more precise and
    simpler. See examples for details. Tags can be defined via
    defineScalarTag(), defineSequenceTag() and defineMappingTag(), or as a
    spread + override of an existing tag.
  • Renamed Schema.extend() to Schema.withTags().
  • Expanded YAML 1.2 conformance and improved handling of directives, document
    markers, block keys, multiline scalars, tag syntax and other things.
  • load() now throws on empty input instead of returning undefined.
  • Moved browser builds to the js-yaml/browser export.
  • Deprecated the loadAll signature with an iterator (still works, but is a
    candidate for removal).
Removed
  • Removed deprecated safeLoad(), safeLoadAll() and safeDump() exports.
  • Removed DEFAULT_SCHEMA and the nested types export.
  • Removed loader options onWarning, legacy and listener.
  • Removed dumper options styles, replacer, noCompatMode, condenseFlow,
    quotingType and forceQuotes. Renamed noArrayIndent to seqNoIndent.
    Formatting and representation are now configured through presenter options,
    schemas and tag definitions. See migration guide on how to replace.
  • Removed support for importing internal files from lib/.
sinonjs/sinon (sinon)

v22.0.0

Compare Source

  • ed911df5
    Update Ruby gems (Carl-Erik Kopseng)
  • 75a1e5b8
    Update to Node 26 (Carl-Erik Kopseng)
  • 197d6608
    Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)
  • c5ddf80b
    Update fake-timers@​15.4: includes new Temporal API (Carl-Erik Kopseng)
  • f4ab02f6
    Update updatable packages (Carl-Erik Kopseng)
  • 0536afc8
    Quality: Global mutable call id can grow unbounded across long-lived processes (#​2691) (tuanaiseo)
    • refactor: global mutable call id can grow unbounded across l

    callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

    Affected files: proxy-invoke.js

    Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com

    • Wrap around for all values that are too high

    Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com
    Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

  • f4f7d93b
    Perform additional cleanup when calling callThrough() (#​2670) (Cyrille)
  • 6199e9e4
    improve GitHubworkflows by introducing zizmor for monitoring (#​2686) (Till!)

    • fix(workflows): fetch-depth is for actions/checkout

    • chore(workflows): update

    • pin all actions to precise commits
    • avoid credential leakage from actions/checkout
    • group action updates going forward
    • add zimor config to ignore "secrets outside env"
    • add job to keep validating workflows
  • f7476b59
    Use path.normalize() for path normalization (Carl-Erik Kopseng)
  • 2c975393
    fix: make build and node test scripts cross-platform (laplace young)
  • a7692917
    fix: isolate walk state from Object prototype (laplace young)
  • 66df977a
    Fix sinon.restore() cascade-restoring sub-sandboxes (#​2704) (Charlie Leitheiser)

    The ESM port of createApi (#​2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

    createSandbox: function createSandbox(config) {
    const s = createConfiguredSandbox(config);
    sandbox.getFakes().push(s);
    return s;
}

    Sandbox#restore then walks that collection and calls .restore() on each entry. Because a sub-sandbox is itself an entry, every top-level sinon.restore() cascades into every sub-sandbox and undoes its stubs/timers/etc. — defeating the whole point of having an isolated sub-sandbox. The same cascade hits resetHistory and
    verifyAndRestore. This is the regression reported in #​2701.

    Restore the pre-21.1 behaviour: hand the root API a direct reference to createConfiguredSandbox. Sub-sandboxes are now isolated; only subSandbox.restore() (or verifyAndRestore) clears their fakes.

    Also flip the four sandbox tests that were locking in the buggy cascade: they now assert the parent's restore/resetHistory leaves the child untouched, with an explicit child-side cleanup at the
    end.

    Closes #​2701

  • f0bd6e1b
    fix: exclude proto from walk() (#​2699) (Kevin Locke)

    __proto__ is a special property to access an object's prototype. It
    has many pitfalls:

    • Setting it to an object value changes an object's prototype, which is
      generally discouraged and may be unexpected by the iterator callback.
    • Setting it to a non-object value does nothing (meaning seen[k] = true has no effect).
    • When Node.js is run with the --disable-proto=throw option, getting
      or setting __proto__ causes an exception with code
      ERR_PROTO_ACCESS to be thrown.

    Additionally, since this property (and all properties of
    Object.prototype) are currently unused in this project by consumers of
    walk(), it is both safe and preferable to exclude.

    Fixes: #​2695

    Signed-off-by: Kevin Locke kevin@kevinlocke.name

  • 1f8afd50
    chore: add context7.json for ownership confirmation (Morgan Roderick)

Released by Carl-Erik Kopseng on 2026-05-05.

v21.1.2

Compare Source

  • 53817f7d
    Upgrade to ESLint 10 and new shared config (#​2696) (Carl-Erik Kopseng)
    • Upgrade to ESLint 10 and new shared config
    • Update deps
  • d7a682e0
    fix: move npm-run-all to devDeps (#​2694) (Avi Vahl)

    used only during dev, and caused a considerable dep count jump downstream

  • 5b8720ec
    use latest shared eslint-config (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2026-04-11.

v21.1.1

Compare Source

  • 3c8b023b
    Update deps (Carl-Erik Kopseng)
  • 2eabf5da
    fix(#​2692): Remove ESM-only supports-color as it breaks CJS exports (#​2693) (Carl-Erik Kopseng)
    • fix(#​2692): Remove ESM-only supports-color as it breaks CJS exports

Released by Carl-Erik Kopseng on 2026-04-10.

v21.1.0

Compare Source

  • 0a5526c5
    updated deps (Carl-Erik Kopseng)
  • 5262204f
    fix: build artifacts before running bundled tests (Carl-Erik Kopseng)
  • 819bb64b
    Migration to ECMAScript modules (ESM) (#​2683) (Carl-Erik Kopseng)

    This allowed us to finally consume ESM-only dependencies and has broken us free from some CJS shackes. Now produce the same API surface for CJS consumers, as well, by generating ./lib

    • Modern ignores 😁
    • test: add distribution harness
    • test: verify packed cjs and esm entrypoints
    • test: lock distribution api manifest
    • test: smoke test built pkg artifacts
    • docs: require contract tests for package migration
    • test: guard esm migration regressions
    • docs: require contract gate for esm migration
    • build: generate cjs lib from esm source entries
    • refactor: port root api surface to esm
    • build: clean port of root api to esm
    • docs: include implementation plans
    • fix: align lint and smoke tests with esm migration
    • refactor: complete esm port of all core components
    • refactor: finalize esm migration with sandbox and naming fixes
    • fix: finish esm migration stabilization
    • chore: stop tracking generated lib output
    • remove plans
    • prettier
    • linting
    • fix: make distribution tests self-contained
    • fix: build before coverage test bundle
    • refactor: move simple unit tests to src
    • refactor: flatten test and coverage script chains
    • refactor: use parallel mocha for node tests
    • test: restore fake timers cleanup
    • refactor: remove node test runner script
    • remove unneccessary clutter
    • fix: make mocha watch use polling
    • simplify
    • Increase coverage
    • Fix coverage by removing duplicated tests

    These were covering the generated lib/ folder.

    • Move shared util into esm dir
    • fix package dep issues
    • Adjust coverage
    • Upgrade all dependencies

    npx npm-check-updates -u

  • cd2bf5a3
    Use newer endpoint (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2026-04-09.

Configuration

📅 Schedule: (in timezone Europe/Zurich)

  • Branch creation
    • "after 2pm on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown

This PR will trigger no release when merged.

@renovate renovate Bot force-pushed the renovate-major-external-major branch 22 times, most recently from b473756 to b5d59bf Compare June 15, 2026 14:30
@renovate renovate Bot force-pushed the renovate-major-external-major branch 7 times, most recently from 976037f to 18ef342 Compare June 16, 2026 07:44
@renovate renovate Bot force-pushed the renovate-major-external-major branch 29 times, most recently from 5ad2566 to b804ab6 Compare June 24, 2026 03:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants