Skip to content

fix(deps): update all dependencies #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update all dependencies #188

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 20, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@chainsafe/libp2p-yamux ^7.0.1 -> ^8.0.0 age adoption passing confidence dependencies major
@libp2p/interface (source) ^2.6.1 -> ^3.0.0 age adoption passing confidence dependencies major
@typescript-eslint/eslint-plugin (source) 8.46.1 -> 8.46.2 age adoption passing confidence devDependencies patch
@typescript-eslint/parser (source) 8.46.1 -> 8.46.2 age adoption passing confidence devDependencies patch
esbuild 0.25.10 -> 0.25.12 age adoption passing confidence devDependencies patch
eslint (source) 9.37.0 -> 9.39.0 age adoption passing confidence devDependencies minor
github.com/evanw/esbuild v0.25.10 -> v0.25.12 age adoption passing confidence require patch
github.com/golangci/golangci-lint/v2 v2.5.0 -> v2.6.0 age adoption passing confidence require minor
github/codeql-action v4.30.8 -> v4.31.2 age adoption passing confidence action minor
lint-staged 16.2.4 -> 16.2.6 age adoption passing confidence devDependencies patch
mvdan.cc/gofumpt v0.9.1 -> v0.9.2 age adoption passing confidence require patch
rimraf 6.0.1 -> 6.1.0 age adoption passing confidence devDependencies minor
vitest (source) ^3.0.7 -> ^4.0.0 age adoption passing confidence devDependencies major

Release Notes

ChainSafe/js-libp2p-yamux (@​chainsafe/libp2p-yamux)

v8.0.1

Compare Source

Bug Fixes
  • make sendReset synchronous to avoid unhandled rejections (#​113) (232fb1b)

v8.0.0

Compare Source

⚠ BREAKING CHANGES
  • Must be used with libp2p@3.x.x, it cannot be used with earlier versions
Features
libp2p/js-libp2p (@​libp2p/interface)

v3.1.0

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

v3.0.0

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.46.2

Compare Source

🩹 Fixes
  • eslint-plugin: [prefer-optional-chain] skip optional chaining when it could change the result (#​11702)
❤️ Thank You
  • mdm317

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.46.2

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

evanw/esbuild (esbuild)

v0.25.12

Compare Source

  • Fix a minification regression with CSS media queries (#​4315)

    The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

  • Update the list of known JavaScript globals (#​4310)

    This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

    From ES2017:

    • Atomics
    • SharedArrayBuffer

    From ES2020:

    • BigInt64Array
    • BigUint64Array

    From ES2021:

    • FinalizationRegistry
    • WeakRef

    From ES2025:

    • Float16Array
    • Iterator

    Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

    // This can now be tree-shaken by esbuild:
class ExampleIterator extends Iterator {}

  • Add support for the new @view-transition CSS rule (#​4313)

    With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

    /* Original code */
@&#8203;view-transition {
  navigation: auto;
  types: check;
}

/* Old output */
@&#8203;view-transition { navigation: auto; types: check; }

/* New output */
@&#8203;view-transition {
  navigation: auto;
  types: check;
}

    The new view transition feature provides a mechanism for creating animated transitions between documents in a multi-page app. You can read more about view transition rules here.

    This change was contributed by @​yisibl.

  • Trim CSS rules that will never match

    The CSS minifier will now remove rules whose selectors contain :is() and :where() as those selectors will never match. These selectors can currently be automatically generated by esbuild when you give esbuild nonsensical input such as the following:

    /* Original code */
div:before {
  color: green;
  &.foo {
    color: red;
  }
}

/* Old output (with --supported:nesting=false --minify) */
div:before{color:green}:is().foo{color:red}

/* New output (with --supported:nesting=false --minify) */
div:before{color:green}

    This input is nonsensical because CSS nesting is (unfortunately) not supported inside of pseudo-elements such as :before. Currently esbuild generates a rule containing :is() in this case when you tell esbuild to transform nested CSS into non-nested CSS. I think it's reasonable to do that as it sort of helps explain what's going on (or at least indicates that something is wrong in the output). It shouldn't be present in minified code, however, so this release now strips it out.

v0.25.11

Compare Source

  • Add support for with { type: 'bytes' } imports (#​4292)

    The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

    import data from './image.png' with { type: 'bytes' }
const view = new DataView(data.buffer, 0, 24)
const width = view.getInt32(16)
const height = view.getInt32(20)
console.log('size:', width + '\xD7' + height)

  • Lower CSS media query range syntax (#​3748, #​4293)

    With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

    @&#8203;media (640px <= width <= 960px) {
  main {
    display: flex;
  }
}

    will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

    @&#8203;media (min-width: 640px) and (max-width: 960px) {
  main {
    display: flex;
  }
}
eslint/eslint (eslint)

v9.39.0

Compare Source

v9.38.0

Compare Source

Features

  • ce40f74 feat: update complexity rule to only highlight function header (#​20048) (Atul Nair)
  • e37e590 feat: correct no-loss-of-precision false positives with e notation (#​20187) (Francesco Trotta)

Bug Fixes

  • 50c3dfd fix: improve type support for isolated dependencies in pnpm (#​20201) (Francesco Trotta)
  • a1f06a3 fix: correct SourceCode typings (#​20114) (Pixel998)

Documentation

  • 462675a docs: improve web accessibility by hiding non-semantic character (#​20205) (루밀LuMir)
  • c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#​20203) (루밀LuMir)
  • b39e71a docs: Update README (GitHub Actions Bot)
  • cd39983 docs: move custom-formatters type descriptions to nodejs-api (#​20190) (Percy Ma)

Chores

golangci/golangci-lint (github.com/golangci/golangci-lint/v2)

v2.6.0

Compare Source

  1. New linters
    • Add modernize analyzer suite
  2. Linters new features or changes
    • arangolint: from 0.2.0 to 0.3.1
    • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
    • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
    • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
    • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
    • wsl: from 5.2.0 to 5.3.0
  3. Linters bug fixes
    • dupword: from 0.1.6 to 0.1.7
    • durationcheck: from 0.0.10 to 0.0.11
    • exptostd: from 0.4.4 to 0.4.5
    • fatcontext: from 0.8.1 to 0.9.0
    • forbidigo: from 2.1.0 to 2.3.0
    • ginkgolinter: from 0.21.0 to 0.21.2
    • godoc-lint: from 0.10.0 to 0.10.1
    • gomoddirectives: from 0.7.0 to 0.7.1
    • gosec: from 2.22.8 to 2.22.10
    • makezero: from 2.0.1 to 2.1.0
    • nilerr: from 0.1.1 to 0.1.2
    • paralleltest: from 1.0.14 to 1.0.15
    • protogetter: from 0.3.16 to 0.3.17
    • unparam: from 0df0534 to 5beb8c8
  4. Misc.
    • fix: ignore some files to hash the version for custom build
github/codeql-action (github/codeql-action)

v4.31.2

Compare Source

v4.31.1

Compare Source

v4.31.0

Compare Source

v4.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.9 - 17 Oct 2025
  • Update default CodeQL bundle version to 2.23.3. #​3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

lint-staged/lint-staged (lint-staged)

v16.2.6

Compare Source

Patch Changes

v16.2.5

Compare Source

Patch Changes
  • #​1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.
mvdan/gofumpt (mvdan.cc/gofumpt)

v0.9.2

Compare Source

This release moves the "clothe naked returns" rule under gofumpt -extra, following the discussion in #​285.

Binaries built on go version go1.25.3 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Consider becoming a sponsor if you benefit from the work that went into this release!

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

isaacs/rimraf (rimraf)

v6.1.0

Compare Source

vitest-dev/vitest (vitest)

v4.0.6

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.0.5

Compare Source

   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v4.0.4

Compare Source

   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v4.0.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.0.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.0.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.0.0

Compare Source

   🚨 Breaking Changes
   🚀 Features

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security
Copy link

socket-security bot commented Aug 20, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​@​typescript-eslint/​parser@​8.46.1 ⏵ 8.46.21001007196100
Updatednpm/​esbuild@​0.25.10 ⏵ 0.25.12921007394 +3100
Updatedgolang/​github.com/​golangci/​golangci-lint/​v2@​v2.5.0 ⏵ v2.6.074 +110010010070
Updatednpm/​vitest@​3.2.4 ⏵ 4.0.698 +11007999100
Updatednpm/​@​typescript-eslint/​eslint-plugin@​8.46.1 ⏵ 8.46.2991008096100
Updatedgolang/​github.com/​evanw/​esbuild@​v0.25.10 ⏵ v0.25.1284 +1100100100100
Updatednpm/​rimraf@​6.0.1 ⏵ 6.1.0100 +110010085100
Updatednpm/​@​chainsafe/​libp2p-yamux@​7.0.4 ⏵ 8.0.19810010089 +1100
Updatednpm/​@​libp2p/​interface@​3.0.2 ⏵ 3.1.0100 +110090 +1100100
Updatednpm/​lint-staged@​16.2.4 ⏵ 16.2.6100 +110010095100
Updatednpm/​eslint@​9.37.0 ⏵ 9.39.097 +110010096 +2100
Updatedgolang/​mvdan.cc/​gofumpt@​v0.9.1 ⏵ v0.9.299 +1100100100100

View full report

@renovate renovate bot changed the title fix(deps): update dependency @libp2p/interface to v2.11.0 fix(deps): update all dependencies Aug 20, 2025
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from ae2f9d0 to f4729ce Compare August 26, 2025 22:38
@renovate renovate bot force-pushed the renovate/all branch 9 times, most recently from 2a584e8 to e1cc4f9 Compare September 7, 2025 18:00
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from 1417d8f to b67b277 Compare September 10, 2025 21:26
@renovate renovate bot changed the title fix(deps): update all dependencies fix(deps): update all dependencies - autoclosed Sep 16, 2025
@renovate renovate bot closed this Sep 16, 2025
@renovate renovate bot deleted the renovate/all branch September 16, 2025 09:12
@renovate renovate bot changed the title fix(deps): update all dependencies - autoclosed fix(deps): update all dependencies Sep 17, 2025
@renovate renovate bot reopened this Sep 17, 2025
@renovate renovate bot changed the title fix(deps): update all dependencies fix(deps): update all dependencies to v0.25.10 Sep 17, 2025
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 2237415 to 9c2a29e Compare October 14, 2025 06:01
@renovate renovate bot changed the title fix(deps): update all dependencies fix(deps): update all dependencies - autoclosed Oct 15, 2025
@renovate renovate bot closed this Oct 15, 2025
@renovate renovate bot changed the title fix(deps): update all dependencies - autoclosed fix(deps): update all dependencies Oct 15, 2025
@renovate renovate bot reopened this Oct 15, 2025
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from b93853f to ffc5fff Compare October 15, 2025 08:45
@renovate
Copy link
Contributor Author

renovate bot commented Oct 15, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: tools/go.sum
Command failed: go get -t ./...
go: module github.com/libp2p/go-libp2p@v0.44.0 requires go >= 1.24.6; switching to go1.24.9
go: downloading go1.24.9 (linux/amd64)
go: download go1.24.9: golang.org/toolchain@v0.0.1-go1.24.9.linux-amd64: verifying module: checksum database disabled by GOSUMDB=off

@renovate renovate bot force-pushed the renovate/all branch 7 times, most recently from 088a17e to 9b222e0 Compare October 24, 2025 02:56
@renovate renovate bot force-pushed the renovate/all branch 8 times, most recently from b2343b2 to 30ec0f6 Compare October 31, 2025 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant