chore(deps): update all non-major dependencies#60
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
March 5, 2026 17:28
c3f622e to
c05c01f
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
March 25, 2026 00:44
03eec7b to
9d24029
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
April 16, 2026 17:53
bfa050c to
b186b07
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
April 17, 2026 08:55
b186b07 to
3bd5e87
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
May 20, 2026 01:15
3bd5e87 to
b012015
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
June 9, 2026 14:37
ad00c18 to
5f8ba48
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
June 15, 2026 11:08
5f8ba48 to
c74897c
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
June 30, 2026 01:44
768f24b to
4d3e416
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 8, 2026 19:15
4d3e416 to
8b5edee
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 9, 2026 20:49
8b5edee to
0555f65
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v6.18.0→v6.19.220.20.0→20.20.2^3.8.1→^3.9.54.12.0→4.17.14.12.0→4.17.1Release Notes
docker/build-push-action (docker/build-push-action)
v6.19.2Compare Source
GIT_AUTH_TOKENhost by @crazy-max in #1458Full Changelog: docker/build-push-action@v6.19.1...v6.19.2
v6.19.1Compare Source
GIT_AUTH_TOKENhost from GitHub server URL by @crazy-max in #1456Full Changelog: docker/build-push-action@v6.19.0...v6.19.1
v6.19.0Compare Source
github.comby @crazy-max in #1451Full Changelog: docker/build-push-action@v6.18.0...v6.19.0
nodejs/node (node)
v20.20.2: 2026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
Commits
cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831f333d0be5f] - deps: V8: overridedepot_toolsversion (Richard Lau) #623442acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #62285af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#83400ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#8210123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#84000830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839v20.20.1: 2026-03-05, Version 20.20.1 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
91a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741Commits
6f580d5399] - assert: fix deepEqual always return redacted on URL (Xuguang Mei) #5085391a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #61790f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #6141980feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #6066288b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #618305c053264f1] - deps: V8: backport6a0a25a(Vivian Wang) #616874a398699d0] - deps: update googletest to5a9c3f9(Node.js GitHub Bot) #617314fa43adf15] - deps: update googletest to56efe39(Node.js GitHub Bot) #616051a855d490c] - deps: update googletest to8508785(Node.js GitHub Bot) #61417d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #60523e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #619280707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #6182746043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #611356be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #6127110881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #611381594a78c85] - deps: update googletest to065127f(Node.js GitHub Bot) #610557fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #6089809259532ef] - deps: update googletest to1b96fa1(Node.js GitHub Bot) #60739aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #60646cc849fde27] - deps: update googletest to279f847(Node.js GitHub Bot) #60219a99ba553a2] - deps: update googletest to50b8600(Node.js GitHub Bot) #599556349a79f5f] - deps: update googletest to7e17b15(Node.js GitHub Bot) #591318ba759f1a0] - deps: update googletest to35b75a2(Node.js GitHub Bot) #58710927d906850] - deps: update googletest toe9092b1(Node.js GitHub Bot) #58565bf8919f5c2] - deps: update googletest to0bdccf4(Node.js GitHub Bot) #57380ae6231dac0] - deps: update googletest toe235eb3(Node.js GitHub Bot) #568730561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #61732f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #6054315bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #6191204d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #619122ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #61510622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #608422cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #6064365e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #605502dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #614532c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #59354a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #59344ffd0ada45f] - doc: fix typo intest/common/README.md(Yoo) #59180b4d9d006e7] - doc: fix broken sentence inURL.parse(Superchupu) #5916445e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #59123e9fd10b5d6] - doc: fixfetchsubsections inglobals.md(Antoine du Hamel) #589333715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #58753098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #58599545bf434e1] - doc: fix typo of filehttp.md,outgoingMessage.setTimeoutsection (yusheng chen) #58188b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #614508fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #6137131d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #581785ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #614025c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #61639183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #55623dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #619484106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #60995de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #60565368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #61629e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #591585630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #584781e5363bb63] - test: marktest-http2-debugas flaky on LinuxONE (Richard Lau) #58494662998787a] - test: settest-fs-cpas flaky (Stefan Stojanovic) #567990807127339] - test: marktest-esm-loader-hooks-inspect-waitflaky (Richard Lau) #568036320cd0721] - test: skip strace test with shared openssl (Richard Lau) #6198783b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #587526cf9b5786e] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #61672cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #616636dc2a99a0d] - tools: validate release commit diff as part oflint-release-proposal(Antoine du Hamel) #614405014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #582556c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #619031abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #6175964beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734prettier/prettier (prettier)
v3.9.5Compare Source
diff
Markdown: Cap ordered list mark at 999,999,999 (#19351 by @tats-u)
CommonMark parsers only support ordered list item numbers up to 999,999,999.
With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:
Markdown: Avoid corrupting empty link with title (#19487 by @andersk)
Do not remove
<>from an inline link or image with an empty URL and a title, as this removal would change its interpretation.Less: Remove extra spaces after
[in map lookups (#19503 by @kovsu)CSS: Prevent addition space in
type()with+(#19516 by @bigandy)This fixes the addition space before
+in CSStype()declaration. For exampletype(<number>+)was being converted intotype(<number> +)which is invalid CSS and does not work.Less: Remove spaces between merge markers and colons (#19517 by @kovsu)
Markdown: Preserve wiki links with aliases (#19527 by @kovsu)
TypeScript: Fix comments being dropped on shorthand
typeimport/export specifiers (#19565 by @kirkwaiblinger)Miscellaneous: Preserving comments'
placementproperty (#19567 by @Janther)Prettier@3.9.0 deleted an undocumented property on comments, which was already used by plugins,
comment.placementis now available again after comment attach.Flow: Stop enforcing empty module declaration to break (#19568 by @fisker)
Angular: Support expression for exhaustive typechecking (#19571 by @fisker)
TypeScript: Ignore comments inside mapped type when checking type parameter comments (#19572 by @fisker)
Less: Fix adjacent block comments being corrupted (#19574 by @kovsu)
JavaScript: Handle dangling comments in
SwitchStatement(#19581 by @fisker)TypeScript: Remove space in comment-only object type (#19583 by @fisker)
v3.9.4Compare Source
v3.9.3Compare Source
v3.9.2Compare Source
v3.9.1Compare Source
v3.9.0Compare Source
diff
🔗 Release Notes
v3.8.5Compare Source
v3.8.4Compare Source
diff
Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @byplayer)
Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.
v3.8.3Compare Source
diff
SCSS: Prevent trailing comma in
if()function (#18471 by @kovsu)v3.8.2Compare Source
diff
Angular: Support Angular v21.2 (#18722, #19034 by @fisker)
Exhaustive typechecking with
@default never;arrow functionandinstanceofexpressions.yarnpkg/berry (yarn)
v4.17.1: v4.17.1Compare Source
What's Changed
New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.17.0...@yarnpkg/cli/4.17.1
v4.17.0: v4.17.0Compare Source
What's Changed
New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.16.0...@yarnpkg/cli/4.17.0
v4.16.0: v4.16.0Compare Source
What's Changed
New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.15.0...@yarnpkg/cli/4.16.0
v4.15.0: v4.15.0Compare Source
What's Changed
npmMinimalAgeGate: 1dthe default by @arcanis in #7135New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.14.1...@yarnpkg/cli/4.15.0
v4.14.1: v4.14.1Compare Source
What's Changed
New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.14.0...@yarnpkg/cli/4.14.1
v4.14.0: v4.14.0Compare Source
What's Changed
required under PnP by @clemyan in #7077enableScripts: **redacted**the default by @arcanis in #7089exec:protocol respectenableScriptsby @arcanis in #7090approvedGitRepositoriesby @arcanis in #7091New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.13.0...@yarnpkg/cli/4.14.0
v4.13.0: v4.13.0Compare Source
What's Changed
Contextby @erickzhao in #6989/<name>/<version>format by @arcanis in #6993tarto v7 by @mhassan1 in #7038--modeoption toupgrade-interactivecommand by @ipanasenko in #7050c/r/lbulk selection shortcuts toupgrade-interactiveby @ipanasenko in #7051New Contributors
Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.12.0...@yarnpkg/cli/4.13.0
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.