Update all non-major dependencies#335
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
31c2f41 to
568a655
Compare
568a655 to
0f08fe3
Compare
90d6ec2 to
8c54ee0
Compare
8c54ee0 to
105b315
Compare
105b315 to
2d2d8dc
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.29.0→1.30.11.29.0→1.30.11.29.0→1.30.11.29.0→1.30.11.29.0→1.30.122.22.3-alpine→22.23.1-alpine^0.34.0→^0.35.00.35.34.16.0→4.17.0Release Notes
swissquote/crafty (@swissquote/crafty)
v1.30.1: 1.30.1Compare Source
Bug fixes
crafty cssLintcrashing withERR_MODULE_NOT_FOUNDforresolve-fromwhen upgrading to 1.30.0. The package was declared only as adevDependencyincrafty-preset-stylelintand resolved at runtime only when hoisted transitively by another package in the consumer's tree. It is now vendored directly intocrafty-preset-stylelint, matching the pattern already used bycrafty-preset-eslint(#3175).Tool updates
Full changelog
v1.30.0...v1.30.1
v1.30.0Compare Source
Vitest support
Crafty now ships
@swissquote/crafty-preset-vitest, a first-class preset for running tests with Vitest as an alternative to Jest (#3110).It follows the same patterns as
crafty-preset-jest:crafty testis the single entry point,crafty idegenerates the IDE-facing config, andcrafty test --coverageproduces LCOV output and a SonarQube-compatible test execution report out of the box.Crafty supports exactly one active test runner per project. If both Jest and Vitest presets are configured, Crafty will fail with a clear error.
ESLint 10
crafty-preset-eslintandeslint-plugin-swissquotehave been migrated from ESLint 9 to ESLint 10 (#3076).ESLint 10 release notes
Bug fixes
crafty watchcrash (minimatch_1.default is not a function) in the TypeScript + webpack + fork-ts-checker path. The minimatch wrapper is now exported correctly as a callable default (#3132).crafty watchcrash (stream.push() after EOF) when usingcrafty-preset-postcss+crafty-runner-gulp(#3161).init()feature in PostCSS'sProcessorconfiguration that was inadvertently dropped during the ESM conversion (#3151).Internal
ts-loaderfrom the Rspack runner; TypeScript is now handled directly by the SWC-based Rspack transform (#3149).tmpdependency (#3148).Tool updates
Thanks for the bug reports and contributions
Thanks to @AndreySushkovich for the vitest contribution and to @saniaBarish, Georgios Andreas Nellas, and Quentin Walter for the extensive tests and reproducible bug reports
Full changelog
v1.29.0...v1.30.0
nodejs/node (node)
v22.23.1: 2026-06-23, Version 22.23.1 'Jod' (LTS), @RafaelGSSCompare Source
This release includes a fix for an unexpected behavior introduced
by the recent security release (22.23.0).
Commits
41d2ee13be] - build: switch coverage-windows towindows-2022(Richard Lau) #63940eaa292549e] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #64004v22.23.0: 2026-06-18, Version 22.23.0 'Jod' (LTS), @aduh95Compare Source
This is a security release.
Notable Changes
Commits
38b4c5ed51] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878ad8a10c1bb] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890ca825a87cc] - deps: update undici to 6.27.0 (aduh95) #63711a1a5bb9683] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #628910f48583512] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #6289138c869fc05] - deps: update nghttp2 to 1.68.0 (nodejs-github-bot) #61136290667c84f] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #59790c9f3da76aa] - deps: update nghttp2 to 1.66.0 (Node.js GitHub Bot) #5878660890be563] - deps: update nghttp2 to 1.65.0 (Node.js GitHub Bot) #572695024c7d5d8] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #638207f4eb5af2e] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #63820ebb4ec78a8] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #626565763d40826] - deps: update llhttp to 9.4.1 (Node.js GitHub Bot) #63045c551a51d0c] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#8680a22d40180] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846c79968e108] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#8550c37bff2ff] - http2: fix DEP0194 message (KaKa) #58669ea5dc6b529] - (SEMVER-MAJOR) http2: remove support for priority signaling (Matteo Collina) #582939b6af26132] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#86728dcd38864] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#8732f62693801] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#8701662a3ea09] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854718d5d0e2c] - test: skiptest-fs-utimes-y2K38on armv7 (Richard Lau) #63836041185b61f] - test: skip test-cluster-dgram-reuse on AIX 7.3 (Stewart X Addison) #62238fd890ba01d] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#85439d1d09684] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#8572197a47144] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869lovell/sharp (sharp)
v0.35.2Compare Source
v0.35.1Compare Source
TypeScript: Ensure type definitions are published for both ESM and CJS.
#4537
WebAssembly: Ensure wrapper file is published.
#4538
v0.35.0Compare Source
Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.
Breaking: Remove
installscript frompackage.jsonfile.Compiling from source is now opt-in via the
buildscript.Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based
iqquality metrics.Breaking: Add
limitInputChannelswith a default value of 5.Breaking: Remove deprecated
failOnErrorconstructor property.Breaking: Remove deprecated
paletteBitDepthfrommetadataresponse.Breaking: Remove deprecated properties from
sharpenoperation.Breaking: Rename
format.jp2kasformat.jp2for API consistency.Upgrade to libvips v8.18.3 for upstream bug fixes.
Remove experimental status from WebAssembly binaries.
Add prebuilt binaries for FreeBSD (WebAssembly).
Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.
Ensure TIFF output
bitdepthoption is limited to 1, 2 or 4.Add AVIF/HEIF
tuneoption for control over quality metrics.#4227
Add
keepGainMapandwithGainMapto process HDR JPEG images with embedded gain maps.#4314
Add
toUint8Arrayfor output image as aTypedArraybacked by a transferableArrayBuffer.#4355
Require prebuilt binaries using static paths to aid code bundling.
#4380
TypeScript: Ensure
FormatEnumkeys match reality.#4475
Add
marginoption totrimoperation.#4480
@eddienubes
Ensure HEIF primary item is used as default page/frame.
#4487
Add image Media Type (MIME Type) to metadata response.
#4492
Add
withDensityto set output density in EXIF metadata.#4496
Improve
pkg-configpath discovery.#4504
Add WebP
exactoption for control over transparent pixel colour values.Add support for ECMAScript Modules (ESM).
#4509
@florian-lefebvre
v0.34.5Compare Source
Upgrade to libvips v8.17.3 for upstream bug fixes.
Add experimental support for prebuilt Linux RISC-V 64-bit binaries.
Support building from source with npm v12+, deprecate
--build-from-sourceflag.#4458
Add support for BigTIFF output.
#4459
@throwbi
Improve error messaging when only warnings issued.
#4465
Simplify ICC processing when retaining input profiles.
#4468
v0.34.4Compare Source
Upgrade to libvips v8.17.2 for upstream bug fixes.
Ensure TIFF
subifdand OpenSlidelevelinput options are respected (regression in 0.34.3).Ensure
autoOrientoccurs before non-90 angle rotation.#4425
Ensure
autoOrientremoves existing metadata after shrink-on-load.#4431
TypeScript: Ensure
KernelEnumincludeslinear.#4441
@BayanBennett
Ensure
unlimitedflag is passed upstream when reading TIFF images.#4446
Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
#4451
Add sharp-libvips rpath for yarn v5 support.
#4452
@arcanis
yarnpkg/berry (yarn)
v4.17.0: v4.17.0Compare Source
What's Changed
New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.16.0...@yarnpkg/cli/4.17.0
Configuration
📅 Schedule: (UTC)
* * * * 0,6)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.