Skip to content

chore(deps): update node dependencies#793

Open
loopingz wants to merge 1 commit intomainfrom
renovate/node-dependencies
Open

chore(deps): update node dependencies#793
loopingz wants to merge 1 commit intomainfrom
renovate/node-dependencies

Conversation

@loopingz
Copy link
Contributor

@loopingz loopingz commented Jan 14, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
@adobe/css-tools dependencies patch ^4.4.1^4.4.4
@hono/node-server dependencies patch ^1.19.5^1.19.11
@hono/node-server@<1.19.10 pnpm.overrides patch ^1.19.10^1.19.11
@rollup/plugin-commonjs (source) devDependencies patch ^28.0.8^28.0.9
@rollup/plugin-commonjs (source) devDependencies patch ^28.0.3^28.0.9
@rollup/plugin-node-resolve (source) devDependencies patch ^16.0.1^16.0.3
@rollup/plugin-replace (source) devDependencies patch ^6.0.2^6.0.3
@rollup/plugin-typescript (source) devDependencies patch ^12.1.2^12.3.0
@types/micromatch (source) devDependencies patch ^4.0.9^4.0.10
@types/node (source) devDependencies patch ^22.19.2^22.19.15
@types/node (source) devDependencies patch ^22.19.2^22.19.15
@types/node (source) devDependencies patch ^22.19.1^22.19.15
@types/node (source) devDependencies patch ^22.13.5^22.19.15
@types/node (source) dependencies patch ^22.19.2^22.19.15
@types/node (source) devDependencies patch ^22.15.0^22.19.15
@types/node (source) pnpm.overrides patch ^22.19.2^22.19.15
@types/papaparse (source) devDependencies patch ^5.5.1^5.5.2
@types/tar-stream (source) devDependencies patch ^3.1.3^3.1.4
@vertesia/client (source) dependencies patch 0.82.10.82.4
ajv (source) dependencies patch ^8.17.1^8.18.0
ansi-escapes dependencies patch ^6.2.0^6.2.1
chalk dependencies patch ^5.3.0^5.6.2
chalk dependencies patch ^5.4.1^5.6.2
cli-spinners dependencies patch ^2.9.1^2.9.2
commander dependencies patch ^14.0.2^14.0.3
concurrently devDependencies patch ^9.1.2^9.2.1
dayjs (source) dependencies patch ^1.11.19^1.11.20
dompurify dependencies patch ^3.3.2^3.3.3
dompurify@<3.3.2 pnpm.overrides patch ^3.3.2^3.3.3
dotenv dependencies patch ^17.2.3^17.3.1
esbuild@<0.25.0 pnpm.overrides patch ^0.27.1^0.27.4
eventsource dependencies patch ^3.0.6^3.0.7
eventsource-parser dependencies patch ^1.1.1^1.1.2
fast-xml-parser dependencies patch ^5.3.8^5.5.8
fast-xml-parser@<5.3.8 pnpm.overrides patch ^5.5.7^5.5.8
firebase (source, changelog) dependencies patch ^10.12.2^10.14.1
globals devDependencies patch ^17.3.0^17.4.0
globals devDependencies minor ^17.3.0^17.4.0
hono (source) dependencies patch ^4.10.3^4.12.8
hono (source) peerDependencies patch ^4.12.7^4.12.8
hono@<4.12.7 (source) pnpm.overrides patch ^4.12.7^4.12.8
i18next (source) dependencies minor ^25.8.14^25.10.4
is-generator-function pnpm.overrides minor 1.0.101.1.2
jose dependencies minor ^6.0.11^6.2.2
katex (source) dependencies patch ^0.16.28^0.16.40
log-symbols dependencies patch ^7.0.0^7.0.1
mermaid dependencies minor ^11.4.0^11.13.0
mime dependencies patch ^4.0.0^4.1.0
mime dependencies patch ^4.0.4^4.1.0
mocha (source) devDependencies patch ^10.2.0^10.8.2
monaco-editor dependencies minor ^0.52.2^0.55.1
ms dependencies patch 3.0.0-canary.13.0.0-canary.202508261828
open dependencies patch ^10.1.0^10.2.0
prettier (source) devDependencies minor 3.5.33.8.1
qs@>=6.0.0 <6.14.0 pnpm.overrides minor [^6.14.1^6.15.0](https://renovatebot.com/diffs/npm/qs@&gt;&#x3D;6.0.0 <6.14.0/6.14.1/6.15.0)
remark-github-blockquote-alert (source) dependencies minor ^2.0.0^2.1.0
rimraf devDependencies minor ^6.0.1^6.1.3
rimraf devDependencies patch ^6.1.2^6.1.3
rimraf devDependencies patch ^5.0.5^5.0.10
rollup (source) devDependencies minor ^4.59.0^4.60.0
rollup (source) peerDependencies minor ^4.59.0^4.60.0
serialize-javascript@<7.0.3 pnpm.overrides patch ^7.0.3^7.0.4
sharp (source, changelog) dependencies minor ^0.33.4^0.34.5
sharp (source, changelog) dependencies minor ^0.33.5^0.34.5
tar-stream dependencies patch ^3.1.7^3.1.8
tmp dependencies patch ^0.2.4^0.2.5
typescript (source) devDependencies patch ^5.9.2^5.9.3
typescript (source) dependencies patch ^5.6.3^5.9.3
typescript (source) dependencies patch ^5.5.3^5.9.3
undici@>=6.0.0 <6.21.3 (source) pnpm.overrides patch [^7.24.1^7.24.5](https://renovatebot.com/diffs/npm/undici@&gt;&#x3D;6.0.0 <6.21.3/7.24.1/7.24.5)
unist-util-visit dependencies patch ^5.0.0^5.1.0
vega-lite (source) dependencies patch ^6.4.1^6.4.2
yaml (source) dependencies patch ^2.6.0^2.8.3
zod (source) dependencies patch ^4.3.5^4.3.6
zod (source) dependencies patch ^3.24.1^3.25.76

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

honojs/node-server (@​hono/node-server@<1.19.10)

v1.19.11

Compare Source

What's Changed

  • fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @​usualoma in #​309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

vertesia/composableai (@​vertesia/client)

v0.82.4

Compare Source

v0.82.3

Compare Source

v0.82.2

Compare Source

iamkun/dayjs (dayjs)

v1.11.20

Compare Source

Bug Fixes
cure53/DOMPurify (dompurify)

v3.3.3: DOMPurify 3.3.3

Compare Source

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua
evanw/esbuild (esbuild@<0.25.0)

v0.27.4

Compare Source

  • Fix a regression with CSS media queries (#​4395, #​4405, #​4406)

    Version 0.25.11 of esbuild introduced support for parsing media queries. This unintentionally introduced a regression with printing media queries that use the <media-type> and <media-condition-without-or> grammar. Specifically, esbuild was failing to wrap an or clause with parentheses when inside <media-condition-without-or>. This release fixes the regression.

    Here is an example:

    /* Original code */
@&#8203;media only screen and ((min-width: 10px) or (min-height: 10px)) {
  a { color: red }
}

/* Old output (incorrect) */
@&#8203;media only screen and (min-width: 10px) or (min-height: 10px) {
  a {
    color: red;
  }
}

/* New output (correct) */
@&#8203;media only screen and ((min-width: 10px) or (min-height: 10px)) {
  a {
    color: red;
  }
}

  • Fix an edge case with the inject feature (#​4407)

    This release fixes an edge case where esbuild's inject feature could not be used with arbitrary module namespace names exported using an export {} from statement with bundling disabled and a target environment where arbitrary module namespace names is unsupported.

    With the fix, the following inject file:

    import jquery from 'jquery';
export { jquery as 'window.jQuery' };

    Can now always be rewritten as this without esbuild sometimes incorrectly generating an error:

    export { default as 'window.jQuery' } from 'jquery';

  • Attempt to improve API handling of huge metafiles (#​4329, #​4415)

    This release contains a few changes that attempt to improve the behavior of esbuild's JavaScript API with huge metafiles (esbuild's name for the build metadata, formatted as a JSON object). The JavaScript API is designed to return the metafile JSON as a JavaScript object in memory, which makes it easy to access from within a JavaScript-based plugin. Multiple people have encountered issues where this API breaks down with a pathologically-large metafile.

    The primary issue is that V8 has an implementation-specific maximum string length, so using the JSON.parse API with large enough strings is impossible. This release will now attempt to use a fallback JavaScript-based JSON parser that operates directly on the UTF8-encoded JSON bytes instead of using JSON.parse when the JSON metafile is too big to fit in a JavaScript string. The new fallback path has not yet been heavily-tested. The metafile will also now be generated with whitespace removed if the bundle is significantly large, which will reduce the size of the metafile JSON slightly.

    However, hitting this case is potentially a sign that something else is wrong. Ideally you wouldn't be building something so enormous that the build metadata can't even fit inside a JavaScript string. You may want to consider optimizing your project, or breaking up your project into multiple parts that are built independently. Another option could potentially be to use esbuild's command-line API instead of its JavaScript API, which is more efficient (although of course then you can't use JavaScript plugins, so it may not be an option).

v0.27.3

Compare Source

  • Preserve URL fragments in data URLs (#​4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

  • Parse and print CSS @scope rules (#​4322)

    This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

    Here's an example:

    /* Original code */
@&#8203;scope (:global(.foo)) to (:local(.bar)) {
  .bar {
    color: red;
  }
}

/* Old output (with --loader=local-css --minify) */
@&#8203;scope (:global(.foo)) to (:local(.bar)){.o{color:red}}

/* New output (with --loader=local-css --minify) */
@&#8203;scope(.foo)to (.o){.o{color:red}}

  • Fix a minification bug with lowering of for await (#​4378, #​4385)

    This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

  • Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

    This PR was contributed by @​MikeWillCook.

v0.27.2

Compare Source

  • Allow import path specifiers starting with #/ (#​4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#​4357, #​4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}

/* Old output (with --target=chrome110) */
main {
  mask: url(x.png) center/5rem no-repeat;
}

/* New output (with --target=chrome110) */
main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
}

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#​4176, #​4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}

// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}

// New output (with --minify)
x===0?foo():bar();

  • Forbid using declarations inside switch clauses (#​4323)

    This is a rare change to remove something that was previously possible. The Explicit Resource Management proposal introduced using declarations. These were previously allowed inside case and default clauses in switch statements. This had well-defined semantics and was already widely implemented (by V8, SpiderMonkey, TypeScript, esbuild, and others). However, it was considered to be too confusing because of how scope works in switch statements, so it has been removed from the specification. This edge case will now be a syntax error. See tc39/proposal-explicit-resource-management#215 and rbuckton/ecma262#14 for details.

    Here is an example of code that is no longer allowed:

    switch (mode) {
  case 'read':
    using readLock = db.read()
    return readAll(readLock)

  case 'write':
    using writeLock = db.write()
    return writeAll(writeLock)
}

    That code will now have to be modified to look like this instead (note the additional { and } block statements around each case body):

    switch (mode) {
  case 'read': {
    using readLock = db.read()
    return readAll(readLock)
  }
  case 'write': {
    using writeLock = db.write()
    return writeAll(writeLock)
  }
}

    This is not being released in one of esbuild's breaking change releases since this feature hasn't been finalized yet, and esbuild always tracks the current state of the specification (so esbuild's previous behavior was arguably incorrect).

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.5.8

Compare Source

sindresorhus/globals (globals)

v17.4.0

Compare Source

honojs/hono (hono)

v4.12.8

Compare Source

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.7...v4.12.8

i18next/i18next (i18next)

v25.10.4

Compare Source

  • feat(types): exists() is now a type guard that narrows the key to SelectorKey, so a validated key can be passed directly to t() 2364

v25.10.3

Compare Source

  • check also for I18NEXT_NO_SUPPORT_NOTICE env variable

v25.10.2

Compare Source

  • feat(types): keyFromSelector is now type-safe — the selector callback is constrained against your resource definitions, catching invalid keys at compile time. Supports optional ns and keyPrefix options for non-default namespace/prefix contexts 2364

v25.10.1

Compare Source

  • fix(types): FilterKeys now correctly excludes base keys that have context variants when the provided context doesn't match any of them (e.g. key some with variant some_me is no longer accessible with context="one")

v25.10.0

Compare Source

  • feat(types): keyFromSelector now returns a branded SelectorKey type that t() accepts directly, enabling pre-computed and reusable translation keys 2364
  • feat: support selector syntax for keyPrefix in getFixedT and per-call options 2367
  • feat(types): interpolation values are now automatically typed based on built-in format specifiers — {{val, number}} requires number, {{val, datetime}} requires Date, {{name}} requires string, etc. Custom formatters can be typed via interpolationFormatTypeMap in CustomTypeOptions 2378
  • fix(types): FilterKeys in selector mode now preserves non-context, non-plural leaf keys when context is provided, fixing incorrect type narrowing when combining returnObjects: true with context 2398

v25.9.0

Compare Source

  • feat(types): selector API now enforces { count: number } when a key resolves to plural forms 2373
  • fix(types): string unions with invalid members are now correctly detected as type errors when used as context option 2172

v25.8.20

Compare Source

    • fix: getFixedT() selector now resolves namespaces against the effective ns rather than the global init options 2406

v25.8.19

Compare Source

  • fix: selector API namespace resolution regression for single-string ns and primary namespace in array 2405. Reverts the broad namespace-prefix rewrite from v25.8.15 and replaces it with a targeted fix that only rewrites paths starting with a secondary namespace in a multi-namespace array, matching the type-level contract of GetSource

v25.8.18

Compare Source

  • improve selector api to accept array of selector functions, analogous to array of keys 2404
inspect-js/is-generator-function (is-generator-function)

v1.1.2

Compare Source

Fixed
  • [Fix] fix broken logic #45
Commits
  • [Dev Deps] update @arethetypeswrong/cli, @ljharb/eslint-cig, @ljharb/tsconfig, @types/tape, for-each 9638da4
  • [Deps] update call-bound, get-proto d5e41c1

v1.1.1

Compare Source

Commits
  • [Refactor] use generator-function 5477ff1

v1.1.0

Compare Source

Commits
  • [actions] reuse common workflows 7301651
  • [actions] split out node 10-20, and 20+ 40f30a5
  • [meta] use npmignore to autogenerate an npmignore file ec843a4
  • [New] add types 6dd27c4
  • [actions] update codecov uploader 717f85e
  • [Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape 4280e62
  • [actions] update rebase action to use reusable workflow 895c2d0
  • [Tests] use for-each 3caee87
  • [Robustness] use call-bound 1eb55de
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, object-inspect, tape 5bbd4cd
  • [Robustness] use safe-regex-test 5f8b992
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, tape c730f4c
  • [Robustness] use get-proto 6dfff38
  • [Tests] replace aud with npm audit 725db70
  • [Deps] update has-tostringtag 5cc3c2d
  • [Dev Deps] add missing peer dep 869a507
panva/jose (jose)

v6.2.2

Compare Source

Fixes
  • reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Compare Source

Refactor
  • reorganize internals, less files, smaller footprint (d4231f9)

v6.2.0

Compare Source

Features
  • re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)
Documentation
  • clarify return of general jws and jwe (56682b4)
KaTeX/KaTeX (katex)

v0.16.40

Compare Source

Bug Fixes

v0.16.39

Compare Source

Bug Fixes

v0.16.38

Compare Source

Bug Fixes

v0.16.37

Compare Source

Bug Fixes

v0.16.36

Compare Source

Bug Fixes

v0.16.35

Compare Source

Bug Fixes

v0.16.34

Compare Source

Bug Fixes

v0.16.33

Compare Source

Bug Fixes

v0.16.32

Compare Source

Bug Fixes

v0.16.31

Compare Source

Bug Fixes

v0.16.30

Compare Source

Bug Fixes

v0.16.29

Compare Source

Bug Fixes
mermaid-js/mermaid (mermaid)

v11.13.0

Compare Source

Minor Changes
Patch Changes

Configuration

📅 Schedule: Branch creation - Only on Wednesday ( * * * * 3 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@loopingz loopingz requested a review from a team as a code owner January 14, 2026 00:17
@loopingz loopingz added the dependencies Pull requests that update a dependency file label Jan 14, 2026
@loopingz loopingz force-pushed the renovate/node-dependencies branch 7 times, most recently from 3d1398d to f8f0e41 Compare January 21, 2026 12:11
@loopingz loopingz force-pushed the renovate/node-dependencies branch 9 times, most recently from 33138e2 to f82d88e Compare January 29, 2026 00:14
@loopingz loopingz force-pushed the renovate/node-dependencies branch 5 times, most recently from 6af554e to eb0f7a1 Compare February 1, 2026 18:39
@loopingz loopingz force-pushed the renovate/node-dependencies branch 7 times, most recently from d0a02f0 to d353601 Compare March 10, 2026 12:32
@loopingz loopingz force-pushed the renovate/node-dependencies branch 17 times, most recently from 71b10f1 to 8e259df Compare March 17, 2026 12:19
@loopingz loopingz force-pushed the renovate/node-dependencies branch 11 times, most recently from e0564ea to ab34922 Compare March 22, 2026 00:16
@loopingz loopingz force-pushed the renovate/node-dependencies branch from ab34922 to de13f22 Compare March 22, 2026 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@loopingz @renovate-bot