Skip to content

fix(deps): update npm - - package.json#1379

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/manager
Open

fix(deps): update npm - - package.json#1379
renovate[bot] wants to merge 1 commit intomainfrom
renovate/manager

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 3, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@aws-sdk/credential-providers (source) ^3.980.0^3.1000.0 age confidence dependencies minor
@babel/core (source) ^7.28.6^7.29.0 age confidence devDependencies patch
@esbuild/darwin-arm64 ^0.27.2^0.27.3 age confidence optionalDependencies patch
@esbuild/darwin-x64 ^0.27.2^0.27.3 age confidence optionalDependencies patch
@esbuild/linux-x64 0.27.20.27.3 age confidence optionalDependencies patch
@esbuild/win32-x64 0.27.20.27.3 age confidence optionalDependencies patch
@eslint/js (source) ^9.39.2^9.39.3 age confidence devDependencies patch
@fontsource/roboto (source) ^5.2.9^5.2.10 age confidence dependencies patch
@primer/octicons-react (source) ^19.21.2^19.22.0 age confidence dependencies minor
@types/lodash (source) ^4.17.23^4.17.24 age confidence devDependencies patch
@types/node (source) ^22.19.7^22.19.13 age confidence devDependencies patch
@vitejs/plugin-react (source) ^5.1.2^5.1.4 age confidence devDependencies patch
axios (source) ^1.13.4^1.13.6 age confidence dependencies patch
cypress (source) ^15.9.0^15.11.0 age confidence devDependencies minor
eslint (source) ^9.39.2^9.39.3 age confidence devDependencies patch
eslint-plugin-cypress ^5.2.1^5.3.0 age confidence devDependencies patch
isomorphic-git (source) ^1.36.3^1.37.2 age confidence dependencies minor
lint-staged ^16.2.7^16.3.0 age confidence devDependencies minor 16.3.2 (+1)
mongo 606f8e081ed620 digest
node c02800165b74d0 final digest
node c02800165b74d0 stage digest
openid-client ^6.8.1^6.8.2 age confidence dependencies patch
simple-git (source) ^3.30.0^3.32.3 age confidence dependencies minor
typescript-eslint (source) ^8.54.0^8.56.1 age confidence devDependencies patch

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/credential-providers)

v3.1000.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.999.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.998.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.997.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.996.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.995.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.994.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.993.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

evanw/esbuild (@​esbuild/darwin-arm64)

v0.27.3

Compare Source

  • Preserve URL fragments in data URLs (#​4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>

    • icons.css:

      .triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}

    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

  • Parse and print CSS @scope rules (#​4322)

    This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

    Here's an example:

    /* Original code */
@&#8203;scope (:global(.foo)) to (:local(.bar)) {
  .bar {
    color: red;
  }
}

/* Old output (with --loader=local-css --minify) */
@&#8203;scope (:global(.foo)) to (:local(.bar)){.o{color:red}}

/* New output (with --loader=local-css --minify) */
@&#8203;scope(.foo)to (.o){.o{color:red}}

  • Fix a minification bug with lowering of for await (#​4378, #​4385)

    This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

  • Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

    This PR was contributed by @​MikeWillCook.

eslint/eslint (@​eslint/js)

v9.39.3

Compare Source

Bug Fixes

  • 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

fontsource/font-files (@​fontsource/roboto)

v5.2.10

Compare Source

primer/octicons (@​primer/octicons-react)

v19.22.0

Compare Source

Minor Changes
vitejs/vite-plugin-react (@​vitejs/plugin-react)

v5.1.4

Compare Source

Fix canSkipBabel not accounting for babel.overrides (#​1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

cypress-io/cypress (cypress)

v15.11.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

v15.10.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-10-0

isomorphic-git/isomorphic-git (isomorphic-git)

v1.37.2

Compare Source

Bug Fixes

v1.37.1

Compare Source

Bug Fixes

v1.37.0

Compare Source

Features
lint-staged/lint-staged (lint-staged)

v16.3.0

Compare Source

Minor Changes

  • #​1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

  • #​1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes
  • #​1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.
panva/openid-client (openid-client)

v6.8.2

Compare Source

Fixes
  • use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)
steveukx/git-js (simple-git)

v3.32.3

Compare Source

Patch Changes

v3.32.2

Compare Source

Patch Changes
  • 8d02097: Enhanced clone unsafe switch detection.

v3.32.1

Compare Source

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

v3.32.0

Compare Source

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised
    along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes
  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

v3.31.1

Compare Source

Patch Changes
  • a44184f: Resolve NPM publish steps
typescript-eslint/typescript-eslint (typescript-eslint)

v8.56.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@netlify
Copy link

netlify bot commented Feb 3, 2026
edited
Loading

Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name Link
🔨 Latest commit f106327
🔍 Latest deploy log https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/69a6f5232cfc3f00081cadad

@github-actions
Copy link

github-actions bot commented Feb 3, 2026
edited
Loading

Dependency Review

The following issues were found:

  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.

View full job summary

@codecov
Copy link

codecov bot commented Feb 3, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.77%. Comparing base (1bda10c) to head (f106327).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1379   +/-   ##
=======================================
  Coverage   81.77%   81.77%           
=======================================
  Files          67       67           
  Lines        4769     4769           
  Branches      827      827           
=======================================
  Hits         3900     3900           
  Misses        853      853           
  Partials       16       16

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/manager branch 3 times, most recently from 25d5918 to 9eba341 Compare February 5, 2026 21:30
@renovate renovate bot changed the title chore(deps): update npm - - package.json fix(deps): update npm - - package.json Feb 5, 2026
@renovate renovate bot force-pushed the renovate/manager branch 20 times, most recently from 9bfc238 to b3c86b6 Compare February 12, 2026 19:07
@renovate renovate bot force-pushed the renovate/manager branch 12 times, most recently from 7b9e42a to 736d606 Compare February 24, 2026 13:51
@renovate renovate bot force-pushed the renovate/manager branch 17 times, most recently from 03860bd to 6a806b6 Compare February 28, 2026 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

fix maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants