Skip to content

fix(deps): update patch updates (patch) #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update patch updates (patch) #249

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 16, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@actions/core (source) ^2.0.0 -> ^2.0.1 age confidence
@anolilab/lint-staged-config (source) ^3.0.39 -> ^3.0.41 age confidence
@anolilab/rc (source) 3.0.0-alpha.2 -> 3.0.0 age confidence
@anolilab/semantic-release-clean-package-json (source) 4.0.0-alpha.2 -> 4.0.0 age confidence
@anolilab/semantic-release-pnpm (source) 3.0.0-alpha.2 -> 3.0.0 age confidence
esbuild 0.27.0 -> 0.27.2 age confidence
p-retry ^7.1.0 -> ^7.1.1 age confidence
publint (source) ^0.3.15 -> ^0.3.16 age confidence
sort-package-json ^3.5.1 -> ^3.5.2 age confidence

Release Notes

actions/toolkit (@​actions/core)

v2.0.1

anolilab/javascript-style-guide (@​anolilab/lint-staged-config)

v3.0.41

Compare Source

Dependencies

v3.0.40

Compare Source

Miscellaneous Chores
  • remove deprecated packages and update repository URLs (0a3d423)
  • update configuration and scripts (5d6a44f)
  • update package dependencies and configurations (94cb27e)
Dependencies
anolilab/semantic-release (@​anolilab/rc)

v3.0.0

Compare Source

⚠ BREAKING CHANGES
    • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required
Features
  • add debug logging for branch and release channel information in create-inline-plugin-creator.ts (c67aa85)
Bug Fixes
  • update dependencies and configurations across multiple packages (c37a51f)
  • update dependencies and node version across multiple packages (cbfde4b)
Miscellaneous Chores

v3.0.0-alpha.3

Compare Source

⚠ BREAKING CHANGES
    • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required
Features
  • add debug logging for branch and release channel information in create-inline-plugin-creator.ts (c67aa85)
Bug Fixes
  • update dependencies and configurations across multiple packages (c37a51f)
  • update dependencies and node version across multiple packages (cbfde4b)
Miscellaneous Chores
anolilab/semantic-release (@​anolilab/semantic-release-clean-package-json)

v4.0.0

Compare Source

⚠ BREAKING CHANGES
    • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required
Bug Fixes
  • update dependencies and configurations across multiple packages (c37a51f)
  • update dependencies and node version across multiple packages (cbfde4b)
Miscellaneous Chores
Dependencies

v4.0.0-alpha.3

Compare Source

⚠ BREAKING CHANGES
    • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required
Bug Fixes
  • update dependencies and configurations across multiple packages (c37a51f)
  • update dependencies and node version across multiple packages (cbfde4b)
Miscellaneous Chores
Dependencies
anolilab/semantic-release (@​anolilab/semantic-release-pnpm)

v3.0.0

Compare Source

⚠ BREAKING CHANGES
    • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required
Features
  • enhance npm authentication and trusted publishing support (440d032)
  • update dependencies in pnpm-lock.yaml and pnpm-workspace.yaml (7e73992)
Bug Fixes
  • enhance integration and unit tests for npm authentication (79ae50d)
  • update dependencies and configurations across multiple packages (c37a51f)
  • update dependencies and node version across multiple packages (cbfde4b)
  • update package dependencies and configurations (fed735c)
Miscellaneous Chores
Code Refactoring
  • clean up whitespace and comments in get-config.ts and verify-auth.ts (26dc037)
  • enhance inline plugin creator with consistent git root handling (4ebaea4)
  • enhance type handling and logging in multi-semantic-release (b6b34c2)
  • Ensure consistent cwd handling across all plugin hooks (3028b71)
  • update test cases and improve type handling (328c392)
Dependencies

v3.0.0-alpha.3

Compare Source

⚠ BREAKING CHANGES
    • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required
Features
  • enhance npm authentication and trusted publishing support (440d032)
  • update dependencies in pnpm-lock.yaml and pnpm-workspace.yaml (7e73992)
Bug Fixes
  • enhance integration and unit tests for npm authentication (79ae50d)
  • update dependencies and configurations across multiple packages (c37a51f)
  • update dependencies and node version across multiple packages (cbfde4b)
  • update package dependencies and configurations (fed735c)
Miscellaneous Chores
Code Refactoring
  • clean up whitespace and comments in get-config.ts and verify-auth.ts (26dc037)
  • enhance inline plugin creator with consistent git root handling (4ebaea4)
  • enhance type handling and logging in multi-semantic-release (b6b34c2)
  • Ensure consistent cwd handling across all plugin hooks (3028b71)
  • update test cases and improve type handling (328c392)
Dependencies
evanw/esbuild (esbuild)

v0.27.2

Compare Source

  • Allow import path specifiers starting with #/ (#​4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#​4357, #​4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}

/* Old output (with --target=chrome110) */
main {
  mask: url(x.png) center/5rem no-repeat;
}

/* New output (with --target=chrome110) */
main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
}

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#​4176, #​4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}

// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}

// New output (with --minify)
x===0?foo():bar();

  • Forbid using declarations inside switch clauses (#​4323)

    This is a rare change to remove something that was previously possible. The Explicit Resource Management proposal introduced using declarations. These were previously allowed inside case and default clauses in switch statements. This had well-defined semantics and was already widely implemented (by V8, SpiderMonkey, TypeScript, esbuild, and others). However, it was considered to be too confusing because of how scope works in switch statements, so it has been removed from the specification. This edge case will now be a syntax error. See tc39/proposal-explicit-resource-management#215 and rbuckton/ecma262#14 for details.

    Here is an example of code that is no longer allowed:

    switch (mode) {
  case 'read':
    using readLock = db.read()
    return readAll(readLock)

  case 'write':
    using writeLock = db.write()
    return writeAll(writeLock)
}

    That code will now have to be modified to look like this instead (note the additional { and } block statements around each case body):

    switch (mode) {
  case 'read': {
    using readLock = db.read()
    return readAll(readLock)
  }
  case 'write': {
    using writeLock = db.write()
    return writeAll(writeLock)
  }
}

    This is not being released in one of esbuild's breaking change releases since this feature hasn't been finalized yet, and esbuild always tracks the current state of the specification (so esbuild's previous behavior was arguably incorrect).

v0.27.1

Compare Source

  • Fix bundler bug with var nested inside if (#​4348)

    This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

  • Fix minifier bug with for inside try inside label (#​4351)

    This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

    // Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}

// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}

// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}

  • Inline IIFEs containing a single expression (#​4354)

    Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

    // Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}

// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();

// New output (with --minify)
const foo=()=>{console.log(x())};

  • The minifier now strips empty finally clauses (#​4353)

    This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

    // Original code
function foo(callback) {
  if (DEBUG) stack.push(callback.name);
  try {
    callback();
  } finally {
    if (DEBUG) stack.pop();
  }
}

// Old output (with --minify --define:DEBUG=false)
function foo(a){try{a()}finally{}}

// New output (with --minify --define:DEBUG=false)
function foo(a){a()}

  • Allow tree-shaking of the Symbol constructor

    With this release, calling Symbol is now considered to be side-effect free when the argument is known to be a primitive value. This means esbuild can now tree-shake module-level symbol variables:

    // Original code
const a = Symbol('foo')
const b = Symbol(bar)

// Old output (with --tree-shaking=true)
const a = Symbol("foo");
const b = Symbol(bar);

// New output (with --tree-shaking=true)
const b = Symbol(bar);
sindresorhus/p-retry (p-retry)

v7.1.1

Compare Source

  • Fix delayed abort when signal is already aborted before delay phase 2aba573
publint/publint (publint)

v0.3.16

Compare Source

Patch Changes
  • Re-enable file existence checks for TS and TSX files if they do not use custom conditions. In v0.3.10, this was done unconditionally instead which missed catching possible file typos if only common conditions are used. (7b1408e)
keithamus/sort-package-json (sort-package-json)

v3.5.2

Compare Source

Bug Fixes

Configuration

📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from prisis as a code owner December 16, 2025 13:35
@renovate renovate bot added the c: dependencies Pull requests that adds/updates a dependency label Dec 16, 2025
@renovate renovate bot enabled auto-merge (squash) December 16, 2025 13:35
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 16, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 16, 2025
edited
Loading

Thank you for following the naming conventions! 🙏

@socket-security
Copy link

socket-security bot commented Dec 16, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​anolilab/​lint-staged-config@​3.0.39 ⏵ 3.1.172100100 +396 +180
Updatedesbuild@​0.27.0 ⏵ 0.27.2911007394100
Addednormalize-url@​8.1.010010010081100
Addedsemver@​7.7.310010010087100
Addedtypescript@​5.9.31001009010090
Addedprettier@​3.7.4901009797100
Updated@​actions/​core@​2.0.0 ⏵ 2.0.199 -110010092 +7100

View full report

@renovate renovate bot force-pushed the renovate/patch-patch-updates branch from 18a0a4c to 4e1a121 Compare December 17, 2025 13:16
@renovate
fix(deps): update patch updates
7bb1369 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
@renovate renovate bot force-pushed the renovate/patch-patch-updates branch from 4e1a121 to 7bb1369 Compare December 22, 2025 09:35
@socket-security
Copy link

socket-security bot commented Dec 22, 2025

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm safer-buffer is 94.0% likely obfuscated

Confidence: 0.94

Location: Package overview

From: pnpm-lock.yamlnpm/safer-buffer@2.1.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisis prisis Awaiting requested review from prisis prisis is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c: dependencies Pull requests that adds/updates a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant