chore(deps): update dependencies#171
Conversation
Code Review: fastify 5.9.0 → 5.10.0This is a Renovate-generated minor dependency bump. Here's the analysis: What ChangedDirect dependency:
Transitive dependency (indirect, via fastify):
Notable Improvements in 5.10.0
|
37c70f9 to
e9d7420
Compare
Code Review: chore(deps): update dependenciesOverviewThis is a routine Renovate-generated dependency update PR bumping four packages:
Analysisvitest 4.1.10 (patch — low risk)
fastify 5.10.0 (minor — worth noting)
Lock file cleanup VerdictSafe to merge. All updates are low-risk patch/minor bumps from active, well-maintained projects. No application logic is changed. The fastify transitive dependency restructuring is intentional upstream behavior and is handled correctly in the lock file. Suggestion: If CI passes (tests + type checks), this can be merged without further review. Enabling automerge for this class of Renovate PRs (patch-level test tooling, minor Fastify bumps with high confidence scores) could reduce maintenance overhead going forward. |
e9d7420 to
3d7234d
Compare
Dependency Update ReviewPR: chore(deps): update dependencies (Renovate) OverviewRoutine automated patch/minor dependency bumps across 6 packages. All changes are in
Notable Changesfastify 5.9.0 → 5.10.0 is the most significant update here:
biome 2.5.2 → 2.5.3 fixes a deadlock in the Language Server and a parser panic on CSS modules — both developer experience improvements with no impact on output. vitest 4.1.10 fixes a browser filesystem access check and a VM module resolution edge case — neither applies to this project's test setup. Lock FileThe Assessment✅ Safe to merge. All updates are low-risk with no API-breaking changes for this project. The fastify minor bump brings performance and correctness improvements. No source code or tests are affected. Recommend verifying CI passes (tests + format check) before merging. |
3d7234d to
0d120ba
Compare
Dependency Update ReviewSummary: Renovate-generated bump of 9 packages — all patch or minor in What Changed
Notable highlights
Transitive major bumps (lock file only)The
AssessmentSafe to merge. The changes are mechanically clean, and the lock file correctly resolves the dual-version scenario for Recommended: Run |
0d120ba to
053fed3
Compare
Code Review: PR #171 — chore(deps): update dependenciesOverviewThis is a Renovate-generated dependency update PR bumping 9 packages across dev, optional, and type dependencies. All changes are limited to Package-by-package assessmentFastify ecosystem (optional dependencies — runtime impact)
Dev tooling (no runtime impact)
Potential concerns
Checklist
VerdictApprove and merge. This is a routine, low-risk dependency maintenance PR. The |
053fed3 to
d57647d
Compare
Dependency Update ReviewPR: chore(deps): update dependencies Summary of Changes
Notable Items
This release includes a meaningful bug fix: "do not end parts() iteration while busboy still holds undelivered parts". This directly affects the CSV upload flow in
Two transitive dependency bumps to be aware of:
Includes a fix: "propagate return value from
CI/infrastructure changes only — no logic changes to security header generation. The CSP configuration in Lockfile AnalysisThe
Security ConsiderationsNo new attack surface is introduced. The Test CoverageNo new tests are needed — this is a pure dependency update with no application logic changes. The key gate is confirming VerdictSafe to merge. Routine automated maintenance with no breaking changes. The Pre-merge: Confirm Optional follow-up: When Review generated by Claude Sonnet 4.6 |
This PR contains the following updates:
2.5.2→2.5.313.0.2→13.1.010.0.0→10.1.09.1.3→9.3.025.9.4→25.9.54.1.9→4.1.104.1.9→4.1.105.9.0→5.10.08.1.3→8.1.44.1.9→4.1.10Release Notes
biomejs/biome (@biomejs/biome)
v2.5.3Compare Source
Patch Changes
#10815
86613d5Thanks @WaterWhisperer! - Fixed a parser panic reported in #10708: Biome now recovers when unsupported CSS Modules@valuerules or scoped@keyframesnames end at EOF.#10534
da9b403Thanks @Mokto! - FixednoUnusedVariablesfalse positives in Svelte files: Svelte store subscriptions ($storereferences in templates now keep the underlyingstorebinding from being flagged), and$bindable()props that are only written to in the script block (write-only is intentional for bindable props) are no longer reported as unused.#10827
098ba41Thanks @Aqu1bp! - Fixed #10698: ThenoUnsafeOptionalChainingrule now reports unsafe optional chains wrapped in TypeScriptas,satisfies, type assertion, and instantiation expressions, such asnew (value?.constructor as Constructor)().#10773
3c6513dThanks @otkrickey! - Fixed #10772:useVueValidVOnno longer reports a missing handler for v-on directives using a verb modifier (.stop/.prevent) without an expression, e.g.<div @​click.stop></div>. The rule also accepts the arg-less object syntax<div v-on="$listeners"></div>instead of reporting a missing event name.#10721
d83c66bThanks @minseong0324! - Improved type-aware lint rule inference for built-in globals and indexed function calls. Biome now resolvesError(...),new Error(...), optionalError#stack, and calls through indexed function values such ashandlers[0]()more accurately.#10865
6450276Thanks @ematipico! - Fixed #10845. Biome Language Server no longer goes in deadlock when the scanner is enabled.#10853
93d8e53Thanks @Netail! - Fixed #10840: Astro shorthand attribute syntax is now correctly being parsed from embedded nodes.#10820
bba3092Thanks @JamBalaya56562! - Fixed #10619:noProcessEnvnow also reports computed (bracket) member access. Previously only dot access was checked, soprocess["env"]andenv["NODE_ENV"](whereenvis imported fromnode:process) were missed. Both static and computed accesses are now reported.#10835
3447b2fThanks @dyc3! - Fixed #10824:useDomQuerySelectornow supports anignoreoption for receiver identifiers that should not be reported.#10875
b12e486Thanks @dyc3! - Fixed #10795:--profile-rulesnow reports timings for each plugin separately asplugin/<pluginName>, matching the naming used by plugin suppressions, instead of aggregating all plugins under a singleplugin/pluginentry.#10877
d6bc447Thanks @ematipico! - Fixed biome-zed#164: Biome no longer inserts stray whitespace when format-on-type runs after closing delimiters such as),], and}.#10867
a21463eThanks @dyc3! - Fixed #10864: Biome no longer crashes when checking or linting HTML files with unquoted attribute values such as<textarea rows=4></textarea>.fastify/fastify-helmet (@fastify/helmet)
v13.1.0Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify-helmet@v13.0.2...v13.1.0
fastify/fastify-multipart (@fastify/multipart)
v10.1.0Compare Source
What's Changed
Full Changelog: fastify/fastify-multipart@v10.0.0...v10.1.0
fastify/fastify-static (@fastify/static)
v9.3.0Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify-static@v9.2.0...v9.3.0
v9.2.0Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify-static@v9.1.3...v9.2.0
vitest-dev/vitest (@vitest/coverage-v8)
v4.1.10Compare Source
🐞 Bug Fixes
View changes on GitHub
fastify/fastify (fastify)
v5.10.0Compare Source
What's Changed
jsonandcharsetin reply.send by @climba03003 in #6830New Contributors
Full Changelog: fastify/fastify@v5.9.0...v5.10.0
vitejs/vite (vite)
v8.1.4Compare Source
Features
Bug Fixes
import.meta.urlin preload function as-is (#22839) (f1f90ed)Documentation
@defaultforserver.cors(#22859) (70435b2)Miscellaneous Chores
Code Refactoring
Tests
Build System
onwarnwithonLog(#22741) (c581b55)Configuration
📅 Schedule: (in timezone Europe/Zurich)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.