fix(deps): update npm non-major dependencies - autoclosed#4218
Closed
renovate[bot] wants to merge 1 commit into
Closed
fix(deps): update npm non-major dependencies - autoclosed#4218renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
renovate
Bot
added
backport-ignore
renovate
Bot
force-pushed
the
renovate/npm-minor-patch
branch
from
0ae6ff0 to
5ab3bcd
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-minor-patch
branch
11 times, most recently
from
ec60b66 to
a2f2618
Compare
renovate
Bot
force-pushed
the
renovate/npm-minor-patch
branch
10 times, most recently
from
9ec37e5 to
a5d5616
Compare
renovate
Bot
force-pushed
the
renovate/npm-minor-patch
branch
from
a5d5616 to
1257481
Compare
|
renovate
Bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.29.0→7.29.77.29.0→7.29.77.29.5→7.29.77.28.5→7.29.77.29.2→7.29.77.29.2→7.29.71.4.1→1.5.08.10.5→8.11.11.31.13→1.31.145.100.10→5.100.145.100.10→5.100.1419.2.14→19.2.158.59.3→8.60.08.59.3→8.60.015.15.0→15.16.04.1.0→4.4.03.4.3→3.4.710.4.0→10.4.15.5.5→5.5.66.1.1→6.1.211.3.6→11.5.16.30.3→6.30.429.4.9→29.4.114.22.0→4.22.38.59.3→8.60.05.106.2→5.107.27.0.2→7.0.34.14.1→4.15.05.0.13→5.0.14Release Notes
babel/babel (@babel/core)
v7.29.7Compare Source
v7.29.7 (2026-05-25)
Re-release all packages with npm provenance attestations
v7.29.6Compare Source
v7.29.6 (2026-05-25)
🐛 Bug Fix
babel-generatorbabel-corebabel-core,babel-generatorCommitters: 3
navikt/aksel (@navikt/aksel-icons)
v8.11.1Compare Source
v8.11.0Compare Source
Minor Changes
NewsletterandNewsletterFill(#4887)v8.10.6Compare Source
percy/cli (@percy/cli)
v1.31.14Compare Source
Full Changelog: percy/cli@v1.13.14...v1.31.14
TanStack/query (@tanstack/react-query)
v5.100.14Compare Source
Patch Changes
fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)
Updated dependencies []:
v5.100.13Compare Source
Patch Changes
d423168]:v5.100.12Compare Source
Patch Changes
v5.100.11Patch Changes
TanStack/query (@tanstack/react-query-devtools)
v5.100.14Compare Source
Patch Changes
ed20b6d]:v5.100.13Compare Source
Patch Changes
v5.100.12Compare Source
Patch Changes
v5.100.11Patch Changes
typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
v8.60.0Compare Source
This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.4Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v8.60.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.4Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
cypress-io/cypress (cypress)
v15.16.0Compare Source
Changelog: https://docs.cypress.io/app/references/changelog#15-16-0
date-fns/date-fns (date-fns)
v4.4.0Compare Source
This release revisits the approach to CDN usage and introduces a new package,
@date-fns/cdnand deprecates thedate-fnsCDN scripts. It allowed reducing the zipped package size from5.83 MBdown to3.96 MBwithout introducing any breaking changes.In
v5.0.0-alpha.0where CDN scripts are completely removed fromdate-fnsthe change is more significant and brings the zipped package size down to2.89 MB.It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.
Changed
DEPRECATED: The
date-fnsCDN scripts are now deprecated and will be removed in the next major release. Please switch to the new@date-fns/cdnpackage for CDN usage.Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new
@date-fns/cdnpackage that still includes them.v4.3.0Compare Source
Kudos to @ImRodry and @puneetdixit200 for their contributions.
Fixed
Fixed missing modularized optimization fallback (for Next.js and others). See #4193.
Fixed
ptlocale first day of week to be Sunday. See #4195 by @ImRodry.Fixed
zh-CN,zh-HK, andzh-TWlocale month parsing for October, November, and December. See #4194 by @puneetdixit200.v4.2.1Compare Source
Fixed
v4.2.0Compare Source
This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.
* Not really
Changed
add,addBusinessDays, andaddDays.cure53/DOMPurify (dompurify)
v3.4.7: DOMPurify 3.4.7Compare Source
IN_PLACE, thanks @GameZoneHackerv3.4.6: DOMPurify 3.4.6Compare Source
IN_PLACEmode, thanks @offset & @BankdeIN_PLACEand Shadow DOM sanitization, thanks @offset & @BankdeIN_PLACEand general DOM Clobbering attacksv3.4.5Compare Source
v3.4.4: DOMPurify 3.4.4Compare Source
selectedcontentelement to default allow-list, thanks @lukewarlowcommandandcommandforattributes to default allowed-list, thanks @lukewarlowIN_PLACEoperations, thanks @DEMON1Aeslint/eslint (eslint)
v10.4.1Compare Source
Bug Fixes
e557467fix: update@eslint/plugin-kitversion to 0.7.2 (#20930) (Francesco Trotta)d4ce898fix: propagate failures from delegated commands (#20917) (Minh Vu)f4f3507fix: prefer-arrow-callback invalid autofix with newline afterasync(#20916) (kuldeep kumar)c5bc78bfix: false positive for reference infinallyblock (#20655) (Tanuj Kanti)27538c0fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)Documentation
61b0adddocs: remove deprecated rule from related rules ofmax-params(#20921) (Tanuj Kanti)305d5b9docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)49b0202docs: fixdisplay: noneof ad (#20901) (Tanuj Kanti)9067f94docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)c91b041docs: Update README (GitHub Actions Bot)e349265docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)Chores
b0e466btest: adddataproperty to invalid tests cases for rules (#20924) (Tanuj Kanti)f78838btest: add CodePath type coverage (#20904) (Pixel998)1daa4bdchore: updateeslint-plugin-eslint-commentstest data to latest commit (#20922) (Francesco Trotta)002942cci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)64bca24chore: update ecosystem plugins (#20912) (ESLint Bot)6d7c832chore: ignore fflate updates in renovate (#20908) (Pixel998)b2c8638ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])a9b8d7fchore: increase maxBuffer for ecosystem tests (#20881) (sethamus)b702eadchore: update ecosystem update PR settings (#20884) (Pixel998)507f60echore: update ecosystem plugins (#20882) (ESLint Bot)92f5c5btest: add unit test for message-count (#20878) (kuldeep kumar)df32108chore: add @eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)327f91dchore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)f0dc4bdchore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)0f4bd25ci: run Discord alert for ecosystem test failures (#20873) (Copilot)prettier/eslint-plugin-prettier (eslint-plugin-prettier)
v5.5.6Compare Source
Patch Changes
b5c96a3Thanks @JounQin! - chore: bump all (dev)Dependenciesremarkablemark/html-react-parser (html-react-parser)
v6.1.2Compare Source
Build System
isaacs/node-lru-cache (lru-cache)
v11.5.1Compare Source
v11.5.0Compare Source
v11.4.0Compare Source
remix-run/react-router (react-router-dom)
v6.30.4Compare Source
kulshekhar/ts-jest (ts-jest)
v29.4.11Compare Source
Bug Fixes
v29.4.10Compare Source
Bug Fixes
resolutionModetots.resolveModuleNamefor hybrid module support (b557a85)Programwhen consecutive compiles need different module kinds (a82a2b3), closes #4774moduleResolutioninstead of forcingNode10(1bffffc)mjsfiles fromnode_modulesfor CJS mode (96d025d)privatenumber/tsx (tsx)
v4.22.3Compare Source
v4.22.2Compare Source
v4.22.1Compare Source
typescript-eslint/typescript-eslint (typescript-eslint)
v8.60.0Compare Source
This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.59.4Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
webpack/webpack (webpack)
v5.107.2Compare Source
Patch Changes
Reduce per-file overhead in
ContextModuleFactory.resolveDependenciesby batchingalternativeRequestshook calls. Previously the hook was invoked once per file in the context (with a single-item array), paying per-call overhead (closure allocation,resolverFactory.get, intermediate arrays inRequireContextPlugin) for every file. The hook is now invoked once per directory with all matched files in one batch —RequireContextPlugin's tap already iterates the items array, so the output is unchanged. Steady-state rebuild on a 4000-filerequire.contextdrops a further ~15 ms (after the watch-mode purge fix in the same release). (by @alexander-akait in #21020)Include each external info's
runtimeConditioninConcatenatedModule#updateHashso changes to a concatenated external's runtime condition invalidate persistent caches instead of slipping through with the module id alone. (by @alexander-akait in #21023)Fix HTML
[contenthash]for referenced asset and inline-style URL changes. (by @alexander-akait in #21018)Resolve chunk-hash placeholders in chunk URLs embedded into extracted HTML. (by @alexander-akait in #21018)
Remove unnecessary
__webpack_require__runtime helpers in ESM library output with multi-module chunks. (by @xiaoxiaojx in #21032)Rewrite
NormalModule#getSideEffectsConnectionStatewalk as an allocation-light iterative loop instead of a generator trampoline, restoring rebuild performance lost in #20993 while keeping deep import chains stack-safe. (by @alexander-akait in #21014)Fix runtime
ReferenceErroron the first activation of a lazy-compiled module whenoutput.library.typeproduces a closure-wrapped bundle (umd,umd2,amd,amd-require,system). (by @alexander-akait in #21013)External modules of these types reference closure-bound identifiers like
__WEBPACK_EXTERNAL_MODULE_react__, supplied by the library wrapper that is generated once per chunk. WhenlazyCompilationactivates an entry or import for the first time, any external dependency the lazily-built module pulls in arrives in a hot-update chunk that lives outside the original wrapper closure, so its factory body cannot resolve the closure identifier and only a manual page refresh recovers.The inactive
LazyCompilationProxyModulenow declares statically-enumerable externals (string and object forms ofexternals) as its own dependencies, so the initial entry chunk's library wrapper already exposes their closure identifiers. When activation later pulls in those externals through the lazily-compiled module, they resolve to the already-installed factories instead of throwing. Function and RegExp externals are not pre-populated because their effective request set isn't knowable up front.Fill in missing
entryOptionswhen an async block joins an existing entrypoint. (by @alexander-akait in #21026)Release per-child
codeGenerationResultsinMultiCompilerand atCompiler.closeto reduce memory retention. (by @alexander-akait in #21015)Reduce peak memory of
SourceMapDevToolPluginon large builds (closes #20961). (by @alexander-akait in #20963)Fix slow
require.context()/ dynamicimport()rebuilds in watch mode (#13636). When a file inside a watched context directory changed,NodeWatchFileSystemwould callinputFileSystem.purge(contextDir). The enhanced-resolvepurgeimplementation matches cache keys withkey.startsWith(contextDir), so the stat cache of every file under the directory was discarded on every rebuild —ContextModuleFactory.resolveDependenciesthen re-stat-ed the whole tree on each rebuild. Single-file rebuilds on a 4000-file context now reuse the warm stat cache, dropping median rebuild from ~1260 ms to ~650 ms in a local reproduction (≈49%). For directory items that are explicitly watched contexts,purgeis now called with{ exact: true }(added inenhanced-resolve@5.22.0) so only the directory's own entry is invalidated; file-level changes in the same aggregated event continue to purge file stats and the parentreaddiras before. (by @alexander-akait in #21020)v5.107.1Compare Source
Patch Changes
Align the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new
parseErrorcallback ("warning"when the tokenizer recovers and the emitted token is still well-formed,"error"when the offset range is incomplete — e.g.eof-in-tag); and add the full WHATWG named character references table sodecodeHtmlEntitieshandles all named entities (including legacy bare forms like&and multi-code-point entities like≂̸) with proper longest-prefix backtracking. (by @alexander-akait in #21000)Tree-shake CommonJS modules imported through a
const NAME = require(LITERAL)binding when only static members ofNAMEare read. Previously webpack treated every export of such modules as referenced (because the barerequire()dependency reportsEXPORTS_OBJECT_REFERENCED), so unusedexports.x = ...assignments remained in the bundle even withusedExportsenabled. The parser now forwardsNAME.x/NAME.x()/NAME["x"]accesses to the underlyingCommonJsRequireDependencyas referenced exports, falling back to the full exports object the momentNAMEis read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (const { x } = require(...)). (by @alexander-akait in #21003)Fix
RangeError: Maximum call stack size exceededthrown fromHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsStateon long linear chains of side-effect-free imports.NormalModule.getSideEffectsConnectionStatepreviously descended throughHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsStaterecursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by @alexander-akait in #20993)Fix
NormalModuleFactoryparser/generator types: (by @alexander-akait in #20999)module.generator.htmlnow usesHtmlGeneratorOptionsinstead ofEmptyGeneratorOptions(theextractoption was hidden from thecreateGenerator/generatorhook types).webassembly/async,webassembly/sync) generator hooks now useEmptyGeneratorOptionsinstead ofEmptyParserOptions.NormalModuleFactory#getParser/createParser/getGenerator/createGeneratorare now generic over the module-type string, returning the specific parser/generator class for known types (e.g.JavascriptParserfor"javascript/auto",CssGeneratorfor"css", etc.) instead of always returning the baseParser/Generator.NormalModuleCreateDatais now generic over the module type soparser,parserOptions,generator, andgeneratorOptionsare narrowed to the specific class / options for the giventype.Link import bindings used inside
define(...)callbacks in ES modules. Previously,HarmonyDetectionParserPluginskipped walking the arguments ofdefinecalls in harmony modules, so references to imported bindings inside an inline AMDdefinefactory (e.g.define(function () { console.log(foo); })) were not rewritten to their imported references and could causeReferenceErrorat runtime. Inner graph usage analysis is also fixed for the related patternconst fn = function () { foo; }; define(fn);. (by @alexander-akait in #20990)HTML-entry pipeline (
experiments.html+experiments.css): emit<link rel="stylesheet">tags for CSS chunks reachable from a<script src>entry. Previously when the bundled JS imported CSS, the resulting.cssfile was emitted to disk but never referenced from the extracted HTML (no<link>tag), and whensplitChunksextracted CSS into sibling chunks the HTML cloned the originating<script>for each one — producing<script src="style.js">pointing at non-existent JS filenames instead of<link rel="stylesheet" href="style.css">. CSS chunks are now sorted by the entrypoint's module post-order index so the<link>tags also appear in source import order, fixing the cascade ordering issue documented inhtml-webpack-plugin#1838andwebpack/mini-css-extract-plugin#959for HTML-entry builds.nonce/crossorigin/referrerpolicyare copied from the originating tag onto the emitted<link>. (by @alexander-akait in #21002)Allow
devtoolandSourceMapDevToolPlugin(or multipleSourceMapDevToolPlugininstances) to coexist on the same asset. Previously the second instance would silently skip any asset whoseinfo.related.sourceMaphad already been set by an earlier instance, and even when it ran the asset had been rewrapped as aRawSourceso no source map could be recovered — producing an empty.mapfile. The plugin now keeps a per-compilation stash of pristine source maps, namespaces its persistent cache entries by the options that affect output, and appends additionalrelated.sourceMapentries instead of overwriting them. The classic workaround of pairingdevtool: 'hidden-source-map'with anew webpack.SourceMapDevToolPlugin({ filename: '[file].secondary.map', noSources: true })now produces both maps in a single build. (by @alexander-akait in #21001)Narrow
TemplatePathFncallback types by context.pathData.chunkis now non-optional for chunk filename callbacks (output.filename,chunkFilename,cssFilename,cssChunkFilename,htmlFilename,htmlChunkFilename,optimization.splitChunks.cacheGroups[*].filename), andpathData.moduleis non-optional for module filename callbacks (output.assetModuleFilename, per-modulegenerator.filename/generator.outputPath,module.parser.css.localIdentName). (by @alexander-akait in #20987)Tighten the
CreateDatatypedef inNormalModuleFactory.CreateDatanow represents the fully-populated value passed to thecreateModule,module, andcreateModuleClasshooks (NormalModuleCreateData & { settings: ModuleSettings }), whileResolveData.createDatais typed asPartial<CreateData>to reflect the empty initial state. Plugins tapping those hooks no longer need to cast individual fields away from optional. (by @alexander-akait in #20992)Stop
webpackPrefetch/webpackPreloadmagic comments from leaking acrossimport()call sites that share awebpackChunkName. When two imports targeted the same named chunk and only one of them setwebpackPrefetch: true, the prefetch directive was applied from every parent chunk that referenced the named chunk. Prefetch and preload orders are now resolved perimport()call site instead of from the shared chunk group's accumulated options. (by @alexander-akait in #20994)Fix
[fullhash:N]and[hash:N](with length suffix) inoutput.publicPathnot being interpolated at runtime. The detection regex inRuntimePluginonly matched[fullhash]/[hash]without a length suffix, so thePublicPathRuntimeModulewas not flagged as a full-hash module and__webpack_require__.pwas emitted with the placeholderXXXXleft in place (e.g.out/XXXX/) instead of the real hash truncated to the requested length. (by @alexander-akait in #21004)Re-export
ModuleNotFoundErrorfromwebpack/lib/ModuleNotFoundErrorfor backward compatibility with old plugins that import it from that path. This re-export will be removed in webpack 6. (by @alexander-akait in #20988)v5.107.0Compare Source
Minor Changes
Add
module.generator.javascript.anonymousDefaultExportNameoption to control whether webpack sets.nameto"default"for anonymous default export functions and classes per ES spec. Defaults totruefor applications andfalsefor libraries (whenoutput.libraryis set) to avoid unnecessary bundle size overhead. Also extract anonymous default export.namefix-up into a shared runtime helper (__webpack_require__.dn), replacing repeated inlineObject.defineProperty/Object.getOwnPropertyDescriptorcalls with a single short call per module to reduce output size. (by @xiaoxiaojx in #20894)Support module concatenation (scope hoisting) for CSS modules with
text,css-style-sheet,style, andlinkexport types (by @xiaoxiaojx in #20851)The `generator.exportsConvention
Configuration
📅 Schedule: (in timezone Europe/Oslo)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.