Skip to content

Update all non-major dependencies#335

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all-minor-patch
Open

Update all non-major dependencies#335
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@swissquote/crafty 1.29.01.30.1 age confidence devDependencies minor
@swissquote/crafty-preset-eslint 1.29.01.30.1 age confidence devDependencies minor
@swissquote/crafty-preset-images-simple 1.29.01.30.1 age confidence devDependencies minor
@swissquote/crafty-preset-postcss 1.29.01.30.1 age confidence devDependencies minor
@swissquote/crafty-runner-gulp 1.29.01.30.1 age confidence devDependencies minor
node 22.22.3-alpine22.23.1-alpine age confidence final minor
sharp (source, changelog) ^0.34.0^0.35.0 age confidence dependencies minor 0.35.3
yarn (source) 4.16.04.17.0 age confidence packageManager minor

Release Notes

swissquote/crafty (@​swissquote/crafty)

v1.30.1: 1.30.1

Compare Source

Bug fixes
  • Fixed crafty cssLint crashing with ERR_MODULE_NOT_FOUND for resolve-from when upgrading to 1.30.0. The package was declared only as a devDependency in crafty-preset-stylelint and resolved at runtime only when hoisted transitively by another package in the consumer's tree. It is now vendored directly into crafty-preset-stylelint, matching the pattern already used by crafty-preset-eslint (#​3175).
Tool updates
  • Vitest: 4.1.7 → 4.1.8
Full changelog

v1.30.0...v1.30.1

v1.30.0

Compare Source

Vitest support

Crafty now ships @swissquote/crafty-preset-vitest, a first-class preset for running tests with Vitest as an alternative to Jest (#​3110).

It follows the same patterns as crafty-preset-jest: crafty test is the single entry point, crafty ide generates the IDE-facing config, and crafty test --coverage produces LCOV output and a SonarQube-compatible test execution report out of the box.

Crafty supports exactly one active test runner per project. If both Jest and Vitest presets are configured, Crafty will fail with a clear error.

ESLint 10

crafty-preset-eslint and eslint-plugin-swissquote have been migrated from ESLint 9 to ESLint 10 (#​3076).

ESLint 10 release notes

Bug fixes
  • Fixed crafty watch crash (minimatch_1.default is not a function) in the TypeScript + webpack + fork-ts-checker path. The minimatch wrapper is now exported correctly as a callable default (#​3132).
  • Fixed crafty watch crash (stream.push() after EOF) when using crafty-preset-postcss + crafty-runner-gulp (#​3161).
  • Restored the init() feature in PostCSS's Processor configuration that was inadvertently dropped during the ESM conversion (#​3151).
  • Fixed a Stylelint rule that was not correctly matching CSS property names (#​3127).
Internal
  • Removed ts-loader from the Rspack runner; TypeScript is now handled directly by the SWC-based Rspack transform (#​3149).
  • Several internally-bundled package forks converted to ESM, and parts of the PostCSS loader made async to support ESM PostCSS plugins (#​3114).
  • Added a build benchmark suite (#​3156).
  • Security update for the tmp dependency (#​3148).
  • Yarn upgraded to 4.15.0.
Tool updates
  • ESLint: 9.39.4 → 10.4.1
  • typescript-eslint: 8.59.3 → 8.60.1
  • webpack: 5.106.2 → 5.107.2
  • Rspack: 2.0.2 → 2.0.6
  • Vitest: introduced at 4.1.7
  • babel: 7.29.0 → 7.29.7
  • SWC: 1.15.33 → 1.15.40
  • postcss: 8.5.14 → 8.5.15
Thanks for the bug reports and contributions

Thanks to @​AndreySushkovich for the vitest contribution and to @​saniaBarish, Georgios Andreas Nellas, and Quentin Walter for the extensive tests and reproducible bug reports

Full changelog

v1.29.0...v1.30.0

nodejs/node (node)

v22.23.1: 2026-06-23, Version 22.23.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This release includes a fix for an unexpected behavior introduced
by the recent security release (22.23.0).

Commits

v22.23.0: 2026-06-18, Version 22.23.0 'Jod' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits
lovell/sharp (sharp)

v0.35.2

Compare Source

v0.35.1

Compare Source

  • TypeScript: Ensure type definitions are published for both ESM and CJS.
    #​4537

  • WebAssembly: Ensure wrapper file is published.
    #​4538

v0.35.0

Compare Source

  • Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

  • Breaking: Remove install script from package.json file.
    Compiling from source is now opt-in via the build script.

  • Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

  • Breaking: Add limitInputChannels with a default value of 5.

  • Breaking: Remove deprecated failOnError constructor property.

  • Breaking: Remove deprecated paletteBitDepth from metadata response.

  • Breaking: Remove deprecated properties from sharpen operation.

  • Breaking: Rename format.jp2k as format.jp2 for API consistency.

  • Upgrade to libvips v8.18.3 for upstream bug fixes.

  • Remove experimental status from WebAssembly binaries.

  • Add prebuilt binaries for FreeBSD (WebAssembly).

  • Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

  • Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

  • Add AVIF/HEIF tune option for control over quality metrics.
    #​4227

  • Add keepGainMap and withGainMap to process HDR JPEG images with embedded gain maps.
    #​4314

  • Add toUint8Array for output image as a TypedArray backed by a transferable ArrayBuffer.
    #​4355

  • Require prebuilt binaries using static paths to aid code bundling.
    #​4380

  • TypeScript: Ensure FormatEnum keys match reality.
    #​4475

  • Add margin option to trim operation.
    #​4480
    @​eddienubes

  • Ensure HEIF primary item is used as default page/frame.
    #​4487

  • Add image Media Type (MIME Type) to metadata response.
    #​4492

  • Add withDensity to set output density in EXIF metadata.
    #​4496

  • Improve pkg-config path discovery.
    #​4504

  • Add WebP exact option for control over transparent pixel colour values.

  • Add support for ECMAScript Modules (ESM).
    #​4509
    @​florian-lefebvre

v0.34.5

Compare Source

  • Upgrade to libvips v8.17.3 for upstream bug fixes.

  • Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

  • Support building from source with npm v12+, deprecate --build-from-source flag.
    #​4458

  • Add support for BigTIFF output.
    #​4459
    @​throwbi

  • Improve error messaging when only warnings issued.
    #​4465

  • Simplify ICC processing when retaining input profiles.
    #​4468

v0.34.4

Compare Source

  • Upgrade to libvips v8.17.2 for upstream bug fixes.

  • Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

  • Ensure autoOrient occurs before non-90 angle rotation.
    #​4425

  • Ensure autoOrient removes existing metadata after shrink-on-load.
    #​4431

  • TypeScript: Ensure KernelEnum includes linear.
    #​4441
    @​BayanBennett

  • Ensure unlimited flag is passed upstream when reading TIFF images.
    #​4446

  • Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
    #​4451

  • Add sharp-libvips rpath for yarn v5 support.
    #​4452
    @​arcanis

yarnpkg/berry (yarn)

v4.17.0: v4.17.0

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.16.0...@​yarnpkg/cli/4.17.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 31c2f41 to 568a655 Compare June 13, 2026 15:45
@renovate renovate Bot changed the title Update all non-major dependencies to v1.30.0 Update all non-major dependencies to v1.30.1 Jun 13, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 568a655 to 0f08fe3 Compare June 13, 2026 21:38
@renovate renovate Bot changed the title Update all non-major dependencies to v1.30.1 Update all non-major dependencies Jun 13, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 90d6ec2 to 8c54ee0 Compare June 18, 2026 18:40
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 8c54ee0 to 105b315 Compare June 22, 2026 18:38
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 105b315 to 2d2d8dc Compare June 23, 2026 22:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants