fix(deps): update external fixes

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@aws-sdk/client-athena (source)	3.1045.0 → 3.1053.0			dependencies	minor
@aws-sdk/client-lambda (source)	3.1045.0 → 3.1053.0			dependencies	minor
@aws-sdk/client-s3 (source)	3.1045.0 → 3.1053.0			dependencies	minor
@aws-sdk/client-sqs (source)	3.1045.0 → 3.1053.0			dependencies	minor
@aws-sdk/credential-provider-node (source)	3.972.39 → 3.972.44			dependencies	patch
@aws-sdk/s3-request-presigner (source)	3.1045.0 → 3.1053.0			dependencies	minor
@redocly/cli	2.30.4 → 2.31.4			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	8.59.2 → 8.59.4			devDependencies	patch
@typescript-eslint/parser (source)	8.59.2 → 8.59.4			devDependencies	patch
date-fns	4.1.0 → 4.3.0			dependencies	minor
esmock	2.7.4 → 2.7.5			devDependencies	patch
hyparquet (source)	1.25.8 → 1.26.0			dependencies	minor
hyparquet-writer (source)	0.14.0 → 0.15.3			dependencies	minor
lint-staged	17.0.4 → 17.0.5			devDependencies	patch
mocha (source)	11.7.5 → 11.7.6			devDependencies	patch
node (source)	24.15.0 → 24.16.0				minor
yaml (source)	2.8.4 → 2.9.0			devDependencies	minor

---

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-athena)

v3.1053.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1052.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1051.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1050.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1049.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1048.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1047.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1046.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

aws/aws-sdk-js-v3 (@​aws-sdk/client-lambda)

v3.1053.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.1052.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.1051.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.1050.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.1049.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.1048.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.1047.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.1046.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)

v3.1053.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1052.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1051.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1050.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1049.0

Compare Source

Bug Fixes

• client-sts: update imports to new module locations (#​8025) (be183b6)

v3.1048.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1047.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1046.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

aws/aws-sdk-js-v3 (@​aws-sdk/client-sqs)

v3.1053.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1052.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1051.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1050.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1049.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1048.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1047.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1046.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

aws/aws-sdk-js-v3 (@​aws-sdk/credential-provider-node)

v3.972.44

Chores

• codegen: update @​smithy dependencies (#​8038) (0d6242d)

v3.972.43

Chores

• credential-provider-node: update dependencies.

v3.972.42

Chores

• codegen: sync for browser bundle fixes (#​8022) (eabae7d)

v3.972.41

Chores

• credential-provider-node: update dependencies.

v3.972.40

Chores

• codegen: dependency version bump (#​8008) (9ce20f6)
• update smithy/core imports (#​7979) (acffbf9)

aws/aws-sdk-js-v3 (@​aws-sdk/s3-request-presigner)

v3.1053.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1052.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1051.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1050.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1049.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1048.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1047.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1046.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

Redocly/redocly-cli (@​redocly/cli)

v2.31.4

Compare Source

Patch Changes

• Updated @​redocly/openapi-core to v2.31.4.

v2.31.3

Compare Source

Patch Changes

• Fixed an issue where the Respect command did not honor the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables when loading remote source descriptions or resolving external $refs.
  Proxy settings are consistently applied during reference resolution as well.
• Updated @​redocly/openapi-core to v2.31.3.

v2.31.2

Compare Source

Patch Changes

• Fixed the remove-unused-components decorator to remove unused components containing allOf keyword.

  Warning: The bundler may now remove more unused components than before.

• Fixed the no-unused-components rule to highlight unused schemas containing allOf keyword.

• Updated @​redocly/openapi-core to v2.31.2.

v2.31.1

Compare Source

Patch Changes

• Updated @​redocly/openapi-core to v2.31.1.

v2.31.0

Compare Source

Patch Changes

• Updated @​redocly/openapi-core to v2.31.0.

v2.30.6

Compare Source

Patch Changes

• Fixed hard crash that happened when no API was provided either via the command argument or in the config.
• Updated @​redocly/openapi-core to v2.30.6.

v2.30.5

Compare Source

Patch Changes

• Fixed a status code mismatch that occurred when using the --har-output option in the respect command.
• Updated @​redocly/openapi-core to v2.30.5.

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.59.4

Compare Source

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#​12294)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

Compare Source

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.59.4

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

date-fns/date-fns (date-fns)

v4.3.0

Compare Source

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #​4193.

• Fixed pt locale first day of week to be Sunday. See #​4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #​4194 by @​puneetdixit200.

v4.2.1

Compare Source

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

Compare Source

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

iambumblehead/esmock (esmock)

v2.7.5: clerical changes; linting+coverage

Compare Source

src files are unchanged; only clerical changes for linting and coverage tools,

• migrate to eslint 10
• migrate to @​eslint/markdown
• remove c8 test-coverage package, use node's --test-cover

hyparam/hyparquet (hyparquet)

v1.26.0

Compare Source

• Bloom filter support (#​165)
• Fix unhandled rejections (#​164)

hyparam/hyparquet-writer (hyparquet-writer)

v0.15.3

Compare Source

• Per-column compression option

v0.15.2

Compare Source

• Bloom filter support (#​30)
• Fix -0/+0 spec behavior in statistics

v0.15.1

Compare Source

• Omit undefined values from variant objects
• Optimize variant writing performance

v0.15.0

Compare Source

• Variant logical type with shredding support (#​29)

lint-staged/lint-staged (lint-staged)

v17.0.5

Compare Source

Patch Changes

• #​1792 1f67271 - Correctly set the --max-arg-length default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.

mochajs/mocha (mocha)

v11.7.6

Compare Source

🩹 Fixes

• make describe().timeout() work (aafe6fd)
• test: replace wmic usage with native Windows API (#​5694) (73ebdfa)

🧹 Chores

• format all code (#​5629) (0696784)
• remove Netlify (#​5630) (8d01d33)

nodejs/node (node)

v24.16.0: 2026-05-21, Version 24.16.0 'Krypton' (LTS), @​aduh95

Compare Source

Notable Changes

• [b267f6bca3] - (SEMVER-MINOR) crypto: implement randomUUIDv7() (nabeel378) #​62553
• [ec2451b9cd] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes to node inspect (Joyee Cheung) #​62713
• [9705f628d9] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #​57775
• [40ccfdecf9] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #​62277
• [d7188af5c9] - (SEMVER-MINOR) http: harden ClientRequest options merge (Matteo Collina) #​63082
• [aa1d8a9afc] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #​62541
• [6f37f7e240] - (SEMVER-MINOR) stream: propagate destruction in duplexPair (Ahmed Elhor) #​61098
• [d14029be7f] - (SEMVER-MINOR) test_runner: support test order randomization (Pietro Marchini) #​61747
• [d142c584cd] - (SEMVER-MINOR) test_runner: align mock timeout api (sangwook) #​62820
• [01a9552585] - (SEMVER-MINOR) test_runner: add mock-timers support for AbortSignal.timeout (DeveloperViraj) #​60751
• [00705a459a] - (SEMVER-MINOR) util: colorize text with hex colors (Guilherme Araújo) #​61556

Commits

• [dd72df060d] - assert,util: fix stale nested cycle memo entries (Ruben Bridgewater) #​62509
• [add94f4bc3] - build: track PDL files as inputs in inspector GN build (Robo) #​62888
• [1b1eb9e334] - build: remove redundant -fuse-linker-plugin from GCC LTO flags (Daniel Lando) #​62667
• [8752b604ec] - crypto: deduplicate and canonicalize CryptoKey usages (Filip Skokan) #​62902
• [341947e7fd] - crypto: reject unintended raw key format string input (Filip Skokan) #​62974
• [28a78747fc] - crypto: remove Argon2 KDF derivation from its job setup (Filip Skokan) #​62863
• [16e8c2b54d] - crypto: fix unsigned conversion of 4-byte RSA publicExponent (DeepView Autofix) #​62839
• [eeae754a87] - crypto: reject inherited key type names (Jonathan Lopes) #​62875
• [9dd5540325] - crypto: add memory tracking for secureContext openssl objects (Mert Can Altin) #​59051
• [b267f6bca3] - (SEMVER-MINOR) crypto: implement randomUUIDv7() (nabeel378) #​62553
• [7597d204c1] - crypto: add support for Ed25519 context parameter (Filip Skokan) #​62474
• [4bf85845da] - debugger: move ProbeInspectorSession and helpers to separate files (Joyee Cheung) #​63013
• [ec2451b9cd] - (SEMVER-MINOR) debugger: add edit-free runtime expression probes to node inspect (Joyee Cheung) #​62713
• [83e98f77b7] - deps: update corepack to 0.35.0 (Node.js GitHub Bot) #​63375
• [ec8c6b939a] - deps: V8: cherry-pick 657d8de (Guy Bedford) #​62784
• [722c0c3274] - deps: update nghttp3 to 1.14.0 (Node.js GitHub Bot) #​61187
• [5304db93d3] - deps: update nghttp3 to 1.13.1 (Node.js GitHub Bot) #​60046
• [e073b3811d] - deps: update nghttp3 to 1.11.0 (James M Snell) #​59249
• [1d00313fb2] - deps: update ngtcp2 to 1.14.0 (James M Snell) #​59249
• [8b3a4fc18f] - deps: update amaro to 1.1.9 (Node.js GitHub Bot) #​63090
• [62fe0cfcd1] - deps: update llhttp to 9.4.1 (Node.js GitHub Bot) #​63045
• [137e09c8e9] - deps: update corepack to 0.34.7 (Node.js GitHub Bot) #​62810
• [14a4cb8fbc] - deps: update timezone to 2026b (Node.js GitHub Bot) #​62962
• [3e1036583a] - deps: upgrade npm to 11.13.0 (npm team) #​62898
• [01dfe5961c] - deps: cherry-pick libuv/libuv@439a54b (skooch) #​62881
• [6cd368b10c] - deps: update sqlite to 3.53.0 (Node.js GitHub Bot) #​62699
• [f218a4f553] - deps: update nbytes to 0.1.4 (Node.js GitHub Bot) #​62698
• [b47688524a] - deps: update archs files for openssl-3.5.6 (Node.js GitHub Bot) #​62629
• [d202e2d343] - deps: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) #​62629
• [2faba66341] - deps: update minimatch to 10.2.5 (Node.js GitHub Bot) #​62594
• [fa46c90c5d] - deps: update googletest to d72f9c8 (Node.js GitHub Bot) #​62593
• [099ded5713] - deps: update simdjson to 4.6.1 (Node.js GitHub Bot) #​62592
• [7ce95afe96] - deps: libuv: cherry-pick aabb765 (Santiago Gimeno) #​62561
• [57ef845623] - deps: update icu to 78.3 (Node.js GitHub Bot) #​62324
• [493ac40e12] - deps: update libuv to 1.52.1 (Node.js GitHub Bot) #​61829
• [b39508b368] - deps: update undici to 7.25.0 (Node.js GitHub Bot) #​63011
• [cb67a925e9] - deps: use npm undici@​seven tag in update-undici.sh (Matteo Collina) #​62739
• [aa1e0bc28b] - doc: fix typos and inconsistencies in crypto.md and webcrypto.md (Filip Skokan) #​62828
• [f2a1735ed9] - doc: fix duplicate word "to to" in util.styleText (Daijiro Wachi) #​62917
• [b6378e215c] - doc: fix node-config-schema (Сковорода Никита Андреевич) #​61596
• [233894a9ce] - doc: fix the TypeScript Execute (tsx) project link (David Thornton) #​63093
• [5d97919f8f] - doc: correct diagnostics_channel built-in channel names (Bryan English) #​62995
• [2a9ccc927e] - doc: use mjs/cjs blocks for callbackify null reason example (Daijiro Wachi) #​62884
• [ef413b5358] - doc: fix typo in test.md (Rich Trott) #​62960
• [76f21c5070] - doc: correct typo in PR contribution instructions (Mike McCready) #​62738
• [ca02af1f7d] - doc: fix duplicate word "of of" in postMessageToThread (Daijiro Wachi) #​62917
• [46c99ed526] - doc: fix duplicate word "for for" in compile cache (Daijiro Wachi) #​62917
• [1a60851734] - doc: fix typo in dns.lookup options description (Daijiro Wachi) #​62882
• [169b5ea2ed] - doc: fix Argon2 parameter bounds (Tobias Nießen) #​62868
• [9a3a190f4e] - doc: clarify diffieHellman.generateKeys recomputes same key (Kit Dallege) #​62205
• [0fba9e87d6] - doc: remove Ayase-252 and meixg from triagger team (Antoine du Hamel) #​62841
• [9c700f3446] - doc: clarify dns.lookup() callback signature when all is true (eungi) #​62800
• [6b7280bc17] - doc: add experimental modules lifetime policy (Paolo Insogna) #​62753
• [ce47ea31c9] - doc: clarify process._debugProcess() in Permission Model (Fahad Khan) #​62537
• [ba01633757] - doc: fix typo in devcontainer guide (Rohan Santhosh Kumar) #​62687
• [70b4d5839b] - doc: clarify Backport-PR-URL metadata added automatically (Mike McCready) #​62668
• [8126d1c3eb] - doc: update WPT test runner README.md (Filip Skokan) #​62680
• [978afea4b5] - doc: fix spelling in release announcement guidance (Rohan Santhosh Kumar) #​62663
• [1684ab8ff8] - doc: note non-monotonic clock in crypto.randomUUIDv7 (nabeel378) #​62600
• [86d4f07930] - doc: update bug bounty program (Rafael Gonzaga) #​62590
• [736ed8a08f] - doc: document TransformStream transformer.cancel option (Tom Pereira) #​62566
• [938af9be01] - doc: mention test runner retry attemp is zero based (Moshe Atlow) #​62504
• [94433e450f] - doc,src,test: fix dead inspector help URL (semimikoh) #​62745
• [ddf1f01659] - esm: add ERR_REQUIRE_ESM_RACE_CONDITION (Antoine du Hamel) #​62462
• [4a506acd16] - fs: add followSymlinks option to glob (Matteo Collina) #​62695
• [f4ea495f9b] - fs: restore fs patchability in ESM loader (Joyee Cheung) #​62835
• [63c111cd60] - fs: validate position argument before length === 0 early return (Edy Silva) #​62674
• [9705f628d9] - (SEMVER-MINOR) fs: add signal option to fs.stat() (Mert Can Altin) #​57775
• [40ccfdecf9] - (SEMVER-MINOR) fs: expose frsize field in statfs (Jinho Jang) #​62277
• [717476a24e] - http: emit 'drain' on OutgoingMessage only after buffers drain (Robert Nagy) #​62936
• [d7188af5c9] - (SEMVER-MINOR) http: harden ClientRequest options merge (Matteo Collina) #​63082
• [64f15c274a] - http: fix leaked error listener on sync HTTP req create + destroy (Tim Perry) #​62872
• [5c4798d799] - http: fix no_proxy leading-dot suffix matching (Daijiro Wachi) #​62333
• [9f3bc70ae5] - http: cleanup pipeline queue (Robert Nagy) #​62534
• [aa1d8a9afc] - (SEMVER-MINOR) http: add req.signal to IncomingMessage (Akshat) #​62541
• [900dc758ff] - http2: expose writable stream state on compat response (T) #​63003
• [b3bfe35912] - inspector: coerce key and value to string in webstorage events (Ali Hassan) #​62616
• [3dc3fb6ad8] - inspector: return errors when CDP protocol event emission fails (Ryuhei Shima) #​62162
• [4f3f21bd7c] - inspector: auto collect webstorage data (Ryuhei Shima) [#​6214

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Zurich)

• Branch creation
  • "after 2pm on Saturday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

This PR will trigger a patch release when merged.