Skip to content

chore(deps): update dependency jest to v30.4.2#1717

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/jest-monorepo
Open

chore(deps): update dependency jest to v30.4.2#1717
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/jest-monorepo

Conversation

@renovate

@renovate renovate Bot commented Mar 5, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
jest (source) 30.0.530.4.2 age confidence

Release Notes

jestjs/jest (jest)

v30.4.2

Compare Source

Fixes
  • [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#​16150)

v30.4.1

Compare Source

Features
  • [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#​16141)
Fixes
  • [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#​16143)

v30.4.0

Compare Source

Features
  • [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#​15994)
  • [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#​16006)
  • [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#​15984)
  • [jest-config] Add support for jest.config.mts as a valid configuration file (#​16005)
  • [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#​16133)
  • [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#​16128)
  • [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#​16128)
  • [@jest/fake-timers] Support faking Temporal.Now.* (#​16131)
  • [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#​16088)
  • [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#​16064)
  • [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#​16062)
  • [jest-runtime] Support require() of ES modules on Node v24.9+ (#​16074)
  • [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#​16127)
  • [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#​16062)
  • [jest-util] Add isError helper (#​16076)
  • [pretty-format] Support React 19 (#​16123)
Fixes
  • [expect-utils] Fix toStrictEqual failing on structuredClone results due to cross-realm constructor mismatch (#​15959)
  • [@jest/expect-utils] Prevent toMatchObject/subset matching from throwing when encountering exotic iterables (#​15952)
  • [fake-timers] Convert Date to milliseconds before passing to @sinonjs/fake-timers (#​16029)
  • [jest] Export GlobalConfig and ProjectConfig TypeScript types (#​16132)
  • [jest-circus] Prevent crash when asyncError is undefined for non-Error throws (#​16003)
  • [jest-circus, jest-jasmine2] Include Error.cause in JSON failureMessages output (#​15967)
  • [jest-config] Fix preset path resolution on Windows when the preset uses subpath exports (#​15961)
  • [jest-config] Allow collectCoverage and coverageProvider in project config without a validation warning (#​16132)
  • [jest-config] Project config validator now emits "is not supported in an individual project configuration" instead of "probably a typing mistake" for known global-only options (#​16132)
  • [jest-environment-node] Fix --localstorage-file warning on Node 25+ (#​16086)
  • [jest-reporters] Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (#​16137)
  • [jest-reporters, jest-runner, jest-runtime, jest-transform] Fix coverage report not showing correct code coverage when using projects config option (#​16140)
  • [jest-runtime] Resolve expect and @jest/expect from the internal module registry so test-file imports share the same JestAssertionError as the global expect (#​16130)
  • [jest-runtime] Improve CJS-from-ESM interop: __esModule/Babel default unwrap, broader named-export coverage, and shared CJS singleton across importers (#​16050)
  • [jest-runtime] Load .js files with ESM syntax but no "type":"module" marker as native ESM (#​16050)
  • [jest-runtime] Extend the .js-with-ESM-syntax fallback to require() on Node v24.9+ - falls back to require(esm) when the CJS parser rejects ESM syntax (#​16078)
  • [jest-runtime] Fix deadlocks and double-evaluation in concurrent ESM and wasm imports (#​16050)
  • [jest-runtime] Fix error when require() is called after the Jest environment has been torn down (#​15951)
  • [jest-runtime] Fix missing error when import() is called after the Jest environment has been torn down (#​16080)
  • [jest-runtime] Fix virtual unstable_mockModule registrations not respected in ESM (#​16081)
  • [jest-runtime] Apply moduleNameMapper when resolving modules with require.resolve() and the paths option (#​16135)
Chore & Maintenance
  • [@jest/fake-timers] Upgrade @sinonjs/fake-timers (#​16139)
  • [jest-runtime] Use synchronous linkRequests / instantiate for ESM linking on Node v24.9+ (#​16063)

v30.3.0

Compare Source

Features
  • [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#​15844)
  • [jest-fake-timers] Add setTimerTickMode to configure how timers advance
  • [*] Reduce token usage when run through LLMs (3f17932)
Fixes
  • [jest-config] Keep CLI coverage output when using --json with --outputFile (#​15918)
  • [jest-mock] Use Symbol from test environment (#​15858)
  • [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#​15864)
  • [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#​15842)
  • [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#​15851)
  • [jest-util] Make sure process.features.require_module is false (#​15867)
Chore & Maintenance
  • [*] Replace remaining micromatch uses with picomatch
  • [deps] Update to sinon/fake-timers v15
  • [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#​15849)
  • Updated Twitter icon to match the latest brand guidelines (#​15869)

v30.2.0

Compare Source

Chore & Maintenance
  • [*] Update example repo for testing React Native projects (#​15832)
  • [*] Update jest-watch-typeahead to v3 (#​15830)

v30.1.3

Compare Source

Fixes
  • Fix unstable_mockModule with node: prefixed core modules.

v30.1.2

Compare Source

Fixes
  • [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#​15803)

v30.1.1

Compare Source

Fixes
  • [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#​15800)
  • [jest-snapshot-utils] Improve messaging about goo.gl snapshot link change (#​15821)

v30.1.0

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the automerge Auto merge PR with Kodiak label Mar 5, 2026
@renovate
renovate Bot enabled auto-merge (rebase) March 5, 2026 06:03
@github-actions

github-actions Bot commented Mar 5, 2026

Copy link
Copy Markdown

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ COPYPASTE jscpd yes no no 0.74s
✅ EDITORCONFIG editorconfig-checker 2 0 0 0.02s
✅ JSON jsonlint 1 0 0 0.49s
✅ JSON npm-package-json-lint yes no no 0.48s
⚠️ JSON prettier 1 0 1 0 0.38s
✅ JSON v8r 1 0 0 8.38s
❌ REPOSITORY betterleaks yes 2 no 1.3s
❌ REPOSITORY checkov yes 5 no 23.65s
❌ REPOSITORY devskim yes 45 no 168.46s
✅ REPOSITORY dustilock yes no no 0.66s
✅ REPOSITORY git_diff yes no no 0.02s
❌ REPOSITORY grype yes 92 no 64.69s
❌ REPOSITORY kingfisher yes 1 no 10.95s
❌ REPOSITORY osv-scanner yes 92 no 4.23s
❌ REPOSITORY secretlint yes 1 no 1.28s
✅ REPOSITORY syft yes no no 5.45s
⚠️ REPOSITORY trivy yes 1 no 17.37s
✅ REPOSITORY trivy-sbom yes no no 3.62s
✅ REPOSITORY trufflehog yes no no 3.7s
✅ SPELL cspell 3 0 0 2.5s
❌ SPELL lychee 2 1 0 0.83s
✅ YAML prettier 1 0 0 0 0.34s
✅ YAML v8r 1 0 0 1.33s
❌ YAML yamllint 1 4 0 5.03s

Detailed Issues

❌ REPOSITORY / betterleaks - 2 errors
○
  ○
  ●
  ○  betterleaks 1.6.0

┌─generic-api-key──○
│
│ 9 │ SECRET=REDACTED
│   │        ^^^^^^^^
│
│ attributes:
│   path .......... .env.example
│   resource ...... fs.content
└○


┌─generic-api-key──○
│
│ 63 │           POSTGRES_PASSWORD: REDACTED
│    │                              ^^^^^^^^
│
│ attributes:
│   path .......... .github/workflows/ci.yml
│   resource ...... fs.content
└○


11:01PM INF scanned ~417722 bytes (417.72 KB) in 1.2s
11:01PM WRN leaks found: 2
❌ REPOSITORY / checkov - 5 errors
dockerfile scan results:

Passed checks: 77, Failed checks: 1, Skipped checks: 0

Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
	FAILED for resource: /Dockerfile.
	File: /Dockerfile:1-47
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

		1  | ARG NODE_VERSION=lts-slim
		2  | 
		3  | FROM node:${NODE_VERSION} AS dependencies
		4  | 
		5  | WORKDIR /app
		6  | 
		7  | ENV PNPM_HOME="/pnpm"
		8  | ENV PATH="$PNPM_HOME:$PATH"
		9  | 
		10 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		11 |     --mount=type=bind,source=package.json,target=/app/package.json \
		12 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		13 |     corepack enable && \
		14 |     pnpm install --frozen-lockfile --strict-peer-dependencies
		15 | 
		16 | FROM dependencies AS builder
		17 | 
		18 | COPY --chown=node:node src/ /app/src
		19 | 
		20 | RUN --mount=type=bind,source=package.json,target=/app/package.json \
		21 |     --mount=type=bind,source=nest-cli.json,target=/app/nest-cli.json \
		22 |     --mount=type=bind,source=tsconfig.json,target=/app/tsconfig.json \
		23 |     --mount=type=bind,source=tsconfig.build.json,target=/app/tsconfig.build.json \
		24 |     pnpm build
		25 | 
		26 | FROM builder AS pruner
		27 | 
		28 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		29 |     --mount=type=bind,source=package.json,target=/app/package.json \
		30 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		31 |     pnpm prune --prod --ignore-scripts
		32 | 
		33 | FROM gcr.io/distroless/nodejs22-debian12:nonroot
		34 | 
		35 | WORKDIR /app
		36 | 
		37 | ENV PORT=3000
		38 | 
		39 | COPY --chown=nonroot:nonroot --from=pruner /app/node_modules ./node_modules
		40 | COPY --chown=nonroot:nonroot --from=builder /app/dist .
		41 | COPY --chown=nonroot:nonroot CHANGELOG.md LICENSE package.json /app/
		42 | 
		43 | EXPOSE ${PORT}
		44 | 
		45 | HEALTHCHECK --interval=30s --timeout=2s --start-period=10s --retries=2 CMD [ "/nodejs/bin/node", "bin/health-checker.js" ]
		46 | 
		47 | CMD ["main.js"]
github_actions scan results:

Passed checks: 212, Failed checks: 4, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CodeQL)
	File: /.github/workflows/codeql-analysis.yml:27-28
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Publish)
	File: /.github/workflows/publish.yml:11-12
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CI)
	File: /.github/workflows/ci.yml:0-1
❌ REPOSITORY / devskim - 45 errors
n Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":1257,"startColumn":109,"endLine":1257,"endColumn":112,"charOffset":57697,"charLength":3,"snippet":{"text":"mD4","rendered":{"text":"mD4","markdown":"`mD4`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":950,"startColumn":91,"endLine":950,"endColumn":94,"charOffset":43402,"charLength":3,"snippet":{"text":"mD5","rendered":{"text":"mD5","markdown":"`mD5`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":902,"startColumn":61,"endLine":902,"endColumn":64,"charOffset":41149,"charLength":3,"snippet":{"text":"Md5","rendered":{"text":"Md5","markdown":"`Md5`"}},"sourceLanguage":"yaml"}}}],"fixes":[],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/auth/auth.module.spec.ts"},"region":{"startLine":250,"startColumn":20,"endLine":250,"endColumn":29,"charOffset":8053,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"typescript"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".devcontainer/docker-compose.yml"},"region":{"startLine":24,"startColumn":50,"endLine":24,"endColumn":59,"charOffset":717,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"test/auth.end2end.spec.ts"},"region":{"startLine":188,"startColumn":20,"endLine":188,"endColumn":29,"charOffset":5337,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"typescript"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS197836","level":"error","message":{"text":"Do not take the hash of low-entropy content."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"pnpm-lock.yaml"},"region":{"startLine":714,"startColumn":28,"endLine":714,"endColumn":53,"charOffset":31882,"charLength":25,"snippet":{"text":"sha512-hO+ga+uYZ/WA4OtiME","rendered":{"text":"sha512-hO+ga+uYZ/WA4OtiME","markdown":"`sha512-hO+ga+uYZ/WA4OtiME`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Cryptography.HashAlgorithm.InsufficientEntropy"],"DevSkimSeverity":"Important","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]}

(Truncated to last 3636 characters out of 313723)
❌ REPOSITORY / grype - 92 errors
Medium    0.3% (25th)  0.2    
qs                    6.14.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.4% (27th)  0.2    
qs                    6.15.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.4% (27th)  0.2    
lodash                4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (23rd)  0.2    
lodash                4.17.23    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (23rd)  0.2    
lodash-es             4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (23rd)  0.2    
diff                  4.0.2      4.0.4     npm   GHSA-73rr-hh4g-fpgx  Low       0.6% (42nd)  0.2    
qs                    6.14.0     6.14.2    npm   GHSA-w7fw-mjwx-w883  Low       0.5% (37th)  0.2    
brace-expansion       5.0.4      5.0.6     npm   GHSA-jxxr-4gwj-5jf2  Medium    0.3% (19th)  0.2    
jws                   3.2.2      3.2.3     npm   GHSA-869p-cjfg-cm3x  High      0.2% (9th)   0.1    
multer                2.0.2      2.2.0     npm   GHSA-3p4h-7m6x-2hcm  Medium    0.3% (19th)  0.1    
undici                6.14.1     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.3% (17th)  0.1    
undici                6.23.0     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.3% (17th)  0.1    
undici                7.22.0     7.28.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.3% (17th)  0.1    
js-yaml               3.14.1     3.15.0    npm   GHSA-h67p-54hq-rp68  Medium    0.3% (17th)  0.1    
js-yaml               4.1.0      4.2.0     npm   GHSA-h67p-54hq-rp68  Medium    0.3% (17th)  0.1    
@nestjs/core          10.4.22    11.1.18   npm   GHSA-36xv-jgw5-4q75  Medium    0.2% (14th)  0.1    
undici                6.14.1     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
undici                6.23.0     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
undici                7.22.0     7.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
brace-expansion       1.1.11     1.1.12    npm   GHSA-v6h2-p8h4-qcjw  Low       0.5% (36th)  0.1    
brace-expansion       2.0.1      2.0.2     npm   GHSA-v6h2-p8h4-qcjw  Low       0.5% (36th)  0.1    
undici                6.14.1     6.19.2    npm   GHSA-3g92-w8c5-73pq  Low       0.5% (37th)  0.1    
tmp                   0.0.33     0.2.4     npm   GHSA-52f5-9888-hmc6  Low       0.3% (25th)  < 0.1  
undici                6.14.1     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (15th)  < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (15th)  < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (15th)  < 0.1  
undici                6.14.1     6.21.2    npm   GHSA-cxrh-j4jr-qwg3  Low       0.3% (16th)  < 0.1  
undici                6.14.1     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (13th)  < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (13th)  < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (13th)  < 0.1  
webpack               5.97.1     5.104.1   npm   GHSA-8fgc-7cc6-rx7x  Low       0.2% (9th)   < 0.1  
webpack               5.97.1     5.104.0   npm   GHSA-38r7-794h-5758  Low       0.2% (9th)   < 0.1  
@babel/core           7.27.4     7.29.6    npm   GHSA-4x5r-pxfx-6jf8  Low       0.1% (1st)   < 0.1  
serialize-javascript  6.0.1      7.0.3     npm   GHSA-5c6j-r48x-rmvq  High      N/A          N/A    
follow-redirects      1.15.9     1.16.0    npm   GHSA-r4q5-vmmm-2653  Medium    N/A          N/A
[0064] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 3636 characters out of 9608)
❌ REPOSITORY / kingfisher - 1 error
New Kingfisher release 1.106.0 available
 INFO kingfisher: Launching with 8 concurrent scan jobs. Use --num-jobs to override.
 INFO kingfisher::rule_loader: Loaded 925 rules
 INFO kingfisher::scanner::runner: Using Vectorscan rule cache cache_dir=/github/home/.cache/kingfisher/rule-cache
 INFO kingfisher::scanner::runner: Starting secret validation phase...
POSTGRES URL WITH HARDCODED PASSWORD => [KINGFISHER.POSTGRES.1]
 |Finding.......: [REDACTED:ec28d7f5]
 |Fingerprint...: 2034115162828868254
 |Confidence....: medium
 |Entropy.......: 3.87
 |Validation....: Inactive Credential
 |__Response....: Postgres connection failed.
 |Language......: YAML
 |Line Num......: 24
 |Path..........: ./.devcontainer/docker-compose.yml


==========================================
Scan Summary:
==========================================
 |Findings....................: 1
 |__Successful Validations....: 0
 |__Failed Validations........: 1
 |__Skipped Validations.......: 0
 |Rules Applied...............: 925
 |__Blobs Scanned.............: 228
 |Bytes Scanned...............: 8.18 MiB
 |Scan Duration...............: 100ms 547us 454ns
 |Scan Date...................: 2026-07-13 23:02:01 +00:00
 |Kingfisher Version..........: 1.104.0
 |__Latest Version............: 1.106.0
New Kingfisher release 1.106.0 available
❌ SPELL / lychee - 1 error
📝 Summary
---------------------
🔍 Total............7
🔗 Unique...........4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......1
👻 Excluded.........5
❓ Unknown..........0
🚫 Errors...........1
⛔ Unsupported......1

Errors in pnpm-lock.yaml
[403] https://www.npmjs.com/support (at 2279:65) | Rejected status code: 403 Forbidden

Hint: Followed 1 redirect. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`
❌ REPOSITORY / osv-scanner - 92 errors
lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 6.14.1  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-phc3-fgpg-7m6h | 5.9  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-pr7r-676h-xcf6 | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid                 | 9.0.1   | 11.1.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-38r7-794h-5758 | 3.7  | npm       | webpack              | 5.97.1  | 5.104.0       | pnpm-lock.yaml |
| https://osv.dev/GHSA-8fgc-7cc6-rx7x | 3.7  | npm       | webpack              | 5.97.1  | 5.104.1       | pnpm-lock.yaml |
| https://osv.dev/GHSA-58qx-3vcg-4xpx | 4.4  | npm       | ws                   | 8.18.1  | 8.20.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-96hv-2xvq-fx4p | 7.5  | npm       | ws                   | 8.18.1  | 8.21.0        | pnpm-lock.yaml |
+-------------------------------------+------+-----------+----------------------+---------+---------------+----------------+

(Truncated to last 3636 characters out of 12374)
❌ REPOSITORY / secretlint - 1 error
.devcontainer/docker-compose.yml
  24:21  error  [PostgreSQLConnection] found PostgreSQL connection string: ****************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

.github/workflows/ci.yml
  89:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string
  95:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 3 problems (3 errors, 0 warnings, 0 infos)
❌ YAML / yamllint - 4 errors
pnpm-lock.yaml
  1:1       warning  missing document start "---"  (document-start)
  40:501    error    line too long (545 > 500 characters)  (line-length)
  10046:501 error    line too long (537 > 500 characters)  (line-length)
  10181:501 error    line too long (584 > 500 characters)  (line-length)
⚠️ JSON / prettier - 1 error
[error] Cannot find package 'prettier-plugin-toml' imported from noop.js
⚠️ REPOSITORY / trivy - 1 error
│                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-11525                   │
│                 ├────────────────┤          │        │                   │                                                         ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-6733  │          │        │                   │                                                         │ undici: Undici: Response queue poisoning on reused           │
│                 │                │          │        │                   │                                                         │ keep-alive sockets can lead to...                            │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-6733                    │
├─────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ uuid            │ CVE-2026-41907 │ MEDIUM   │        │ 9.0.1             │ 11.1.1, 12.0.1, 13.0.1                                  │ uuid: uuid: Out-of-bounds write vulnerability impacts data   │
│                 │                │          │        │                   │                                                         │ integrity and confidentiality                                │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-41907                   │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────


DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



Dockerfile (dockerfile)
=======================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────



📣 Notices:
  - Version 0.72.0 of Trivy is now available, current version is 0.71.2

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 3636 characters out of 35307)

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@renovate
renovate Bot force-pushed the renovate/jest-monorepo branch 5 times, most recently from bbddaa4 to a01b890 Compare March 6, 2026 00:38
@kodiakhq kodiakhq Bot removed the automerge Auto merge PR with Kodiak label Mar 6, 2026
@kodiakhq

kodiakhq Bot commented Mar 6, 2026

Copy link
Copy Markdown

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

@renovate
renovate Bot force-pushed the renovate/jest-monorepo branch 16 times, most recently from 12bbf62 to 5fd7678 Compare March 10, 2026 05:58
@renovate renovate Bot changed the title chore(deps): update dependency jest to v30.2.0 chore(deps): update dependency jest to v30.3.0 Mar 10, 2026
@renovate
renovate Bot force-pushed the renovate/jest-monorepo branch 2 times, most recently from 974b734 to f455fc8 Compare March 11, 2026 04:51
@renovate
renovate Bot force-pushed the renovate/jest-monorepo branch 15 times, most recently from 7628465 to d905af6 Compare April 7, 2026 05:48
@renovate
renovate Bot force-pushed the renovate/jest-monorepo branch 10 times, most recently from f3e3028 to 986b47f Compare April 15, 2026 08:26
@renovate
renovate Bot force-pushed the renovate/jest-monorepo branch 4 times, most recently from dd8e169 to 8ac8b30 Compare April 21, 2026 02:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants