Skip to content

fix(deps): update all non-major dependencies #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #120

wants to merge 1 commit into from
+109 −109

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 8, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
@biomejs/biome (source) 2.2.2 -> 2.2.4 age confidence
@biomejs/biome (source) ^2.2.2 -> ^2.2.4 age confidence
@cloudflare/workers-types ^4.20250904.0 -> ^4.20250924.0 age confidence
discord-api-types (source) ^0.38.22 -> ^0.38.26 age confidence
pnpm (source) 10.15.1 -> 10.17.1 age confidence
wrangler (source) ^4.33.2 -> ^4.40.1 age confidence

Release Notes

biomejs/biome (@​biomejs/biome)

v2.2.4

Compare Source

Patch Changes

  • #​7453 aa8cea3 Thanks @​arendjr! - Fixed #​7242: Aliases specified in
    package.json's imports section now support having multiple targets as part of an array.

  • #​7454 ac17183 Thanks @​arendjr! - Greatly improved performance of
    noImportCycles by eliminating allocations.

    In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

  • #​7447 7139aad Thanks @​rriski! - Fixes #​7446. The GritQL
    $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

  • #​6710 98cf9af Thanks @​arendjr! - Fixed #​4723: Type inference now recognises
    index signatures and their accesses when they are being indexed as a string.

Example
type BagOfPromises = {
  // This is an index signature definition. It declares that instances of type
  // `BagOfPromises` can be indexed using arbitrary strings.
  [property: string]: Promise<void>;
};

let bag: BagOfPromises = {};
// Because `bag.iAmAPromise` is equivalent to `bag["iAmAPromise"]`, this is
// considered an access to the string index, and a Promise is expected.
bag.iAmAPromise;

  • #​7415 d042f18 Thanks @​qraqras! - Fixed #​7212, now the useOptionalChain rule recognizes optional chaining using
    typeof (e.g., typeof foo !== 'undefined' && foo.bar).

  • #​7419 576baf4 Thanks @​Conaclos! - Fixed #​7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript
    private members if the rule encounters a computed access on this.

    In the following example, member as previously reported as unused. It is no longer reported.

    class TsBioo {
  private member: number;

  set_with_name(name: string, value: number) {
    this[name] = value;
  }
}

  • 351bccd Thanks @​ematipico! - Added the new nursery lint rule
    noJsxLiterals, which disallows the use of string literals inside JSX.

    The rule catches these cases:

    <>
  <div>test</div> {/* test is invalid */}
  <>test</>
  <div>
    {/* this string is invalid */}
    asdjfl test foo
  </div>
</>

  • #​7406 b906112 Thanks @​mdevils! - Fixed an issue (#​6393) where the useHookAtTopLevel rule reported excessive diagnostics for nested hook calls.

    The rule now reports only the offending top-level call site, not sub-hooks of composite hooks.

    // Before: reported twice (useFoo and useBar).
function useFoo() {
  return useBar();
}
function Component() {
  if (cond) useFoo();
}
// After: reported once at the call to useFoo().

  • #​7461 ea585a9 Thanks @​arendjr! - Improved performance of
    noPrivateImports by eliminating allocations.

    In one repository, the total runtime of Biome with only noPrivateImports enabled went from ~3.2s down to ~1.4s.

  • 351bccd Thanks @​ematipico! - Fixed #​7411. The Biome Language Server had a regression where opening an editor with a file already open wouldn't load the project settings correctly.

  • #​7142 53ff5ae Thanks @​Netail! - Added the new nursery rule noDuplicateDependencies, which verifies that no dependencies are duplicated between the
    bundledDependencies, bundleDependencies, dependencies, devDependencies, overrides,
    optionalDependencies, and peerDependencies sections.

    For example, the following snippets will trigger the rule:

    {
  "dependencies": {
    "foo": ""
  },
  "devDependencies": {
    "foo": ""
  }
}
    {
  "dependencies": {
    "foo": ""
  },
  "optionalDependencies": {
    "foo": ""
  }
}
    {
  "dependencies": {
    "foo": ""
  },
  "peerDependencies": {
    "foo": ""
  }
}

  • 351bccd Thanks @​ematipico! - Fixed #​3824. Now the option CLI
    --color is correctly applied to logging too.

v2.2.3

Compare Source

Patch Changes

  • #​7353 4d2b719 Thanks @​JeetuSuthar! - Fixed #​7340: The linter now allows the navigation property for view-transition in CSS.

    Previously, the linter incorrectly flagged navigation: auto as an unknown property. This fix adds navigation to the list of known CSS properties, following the CSS View Transitions spec.

  • #​7275 560de1b Thanks @​arendjr! - Fixed #​7268: Files that are explicitly passed as CLI arguments are now correctly ignored if they reside in an ignored folder.

  • #​7358 963a246 Thanks @​ematipico! - Fixed #​7085, now the rule noDescendingSpecificity correctly calculates the specificity of selectors when they are included inside a media query.

  • #​7387 923674d Thanks @​qraqras! - Fixed #​7381, now the useOptionalChain rule recognizes optional chaining using Yoda expressions (e.g., undefined !== foo && foo.bar).

  • #​7316 f9636d5 Thanks @​Conaclos! - Fixed #​7289. The rule useImportType now inlines import type into import { type } when the style option is set to inlineType.

    Example:

    import type { T } from "mod";
// becomes
import { type T } from "mod";

  • #​7350 bb4d407 Thanks @​siketyan! - Fixed #​7261: two characters (KATAKANA MIDDLE DOT, U+30FB) and (HALFWIDTH KATAKANA MIDDLE DOT, U+FF65) are no longer considered as valid characters in identifiers. Property keys containing these character(s) are now preserved as string literals.

  • #​7377 811f47b Thanks @​ematipico! - Fixed a bug where the Biome Language Server didn't correctly compute the diagnostics of a monorepo setting, caused by an incorrect handling of the project status.

  • #​7245 fad34b9 Thanks @​kedevked! - Added the new lint rule useConsistentArrowReturn.

    This rule enforces a consistent return style for arrow functions.

Invalid
const f = () => {
  return 1;
};

This rule is a port of ESLint's arrow-body-style rule.

  • #​7370 e8032dd Thanks @​fireairforce! - Support dynamic import defer and import source. The syntax looks like:

    import.source("foo");
import.source("x", { with: { attr: "val" } });
import.defer("foo");
import.defer("x", { with: { attr: "val" } });

  • #​7369 b1f8cbd Thanks @​siketyan! - Range suppressions are now supported for Grit plugins.

    For JavaScript, you can suppress a plugin as follows:

    // biome-ignore-start lint/plugin/preferObjectSpread: reason
Object.assign({ foo: "bar" }, baz);
// biome-ignore-end lint/plugin/preferObjectSpread: reason

    For CSS, you can suppress a plugin as follows:

    body {
  /* biome-ignore-start lint/plugin/useLowercaseColors: reason */
  color: #fff;
  /* biome-ignore-end lint/plugin/useLowercaseColors: reason */
}

  • #​7384 099507e Thanks @​ematipico! - Reduced the severity of certain diagnostics emitted when Biome deserializes the configuration files.
    Now these diagnostics are emitted as Information severity, which means that they won't interfere when running commands with --error-on-warnings

  • #​7302 2af2380 Thanks @​unvalley! - Fixed #​7301: useReadonlyClassProperties now correctly skips JavaScript files.

  • #​7288 94d85f8 Thanks @​ThiefMaster! - Fixed #​7286. Files are now formatted with JSX behavior when javascript.parser.jsxEverywhere is explicitly set.

    Previously, this flag was only used for parsing, but not for formatting, which resulted in incorrect formatting of conditional expressions when JSX syntax is used in .js files.

  • #​7311 62154b9 Thanks @​qraqras! - Added the new nursery rule noUselessCatchBinding. This rule disallows unnecessary catch bindings.

    try {
    // Do something
- } catch (unused) {}
+ } catch {}

  • #​7349 45c1dfe Thanks @​ematipico! - Fixed #​4298. Biome now correctly formats CSS declarations when it contains one single value:

    .bar {
-  --123456789012345678901234567890: var(--1234567890123456789012345678901234567);
+  --123456789012345678901234567890: var(
+    --1234567890123456789012345678901234567
+  );
}

  • #​7295 7638e84 Thanks @​ematipico! - Fixed #​7130. Removed the emission of a false-positive diagnostic. Biome no longer emits the following diagnostic:

    lib/main.ts:1:5 suppressions/unused ━━━━━━━━━━━━━━━━━━━━━━━━━

  ⚠ Suppression comment has no effect because the tool is not enabled.

  > 1 │ /** biome-ignore-all assist/source/organizeImports: For the lib root file, we don't want to organize exports */
      │     ^^^^^^^^^^^^^^^^

  • #​7377 811f47b Thanks @​ematipico! - Fixed #​7371 where the Biome Language Server didn't correctly recompute the diagnostics when updating a nested configuration file.

  • #​7348 ac27fc5 Thanks @​ematipico! - Fixed #​7079. Now the rule useSemanticElements doesn't trigger components and custom elements.

  • #​7389 ab06a7e Thanks @​Conaclos! - Fixed #​7344. useNamingConvention no longer reports interfaces defined in global declarations.

    Interfaces declared in global declarations augment existing interfaces.
    Thus, they must be ignored.

    In the following example, useNamingConvention reported HTMLElement.
    It is now ignored.

    export {};
declare global {
  interface HTMLElement {
    foo(): void;
  }
}

  • #​7315 4a2bd2f Thanks @​vladimir-ivanov! - Fixed #​7310: useReadonlyClassProperties correctly handles nested assignments, avoiding false positives when a class property is assigned within another assignment expression.

    Example of code that previously triggered a false positive but is now correctly ignored:

    class test {
  private thing: number = 0; // incorrectly flagged

  public incrementThing(): void {
    const temp = { x: 0 };
    temp.x = this.thing++;
  }
}
cloudflare/workerd (@​cloudflare/workers-types)

v4.20250924.0

Compare Source

v4.20250923.0

Compare Source

v4.20250922.0

Compare Source

v4.20250921.0

Compare Source

v4.20250920.0

Compare Source

v4.20250919.0

Compare Source

v4.20250918.0

Compare Source

v4.20250917.0

Compare Source

v4.20250913.0

Compare Source

v4.20250912.0

Compare Source

v4.20250911.0

Compare Source

v4.20250910.0

Compare Source

v4.20250909.0

Compare Source

v4.20250906.0

Compare Source

v4.20250905.0

Compare Source

discordjs/discord-api-types (discord-api-types)

v0.38.26

Compare Source

Bug Fixes
  • add guild_id back to GatewayVoiceStateUpdateDispatchData (#​1346) (e52ac85)

v0.38.25

Compare Source

Features

v0.38.24

Compare Source

Features

v0.38.23

Compare Source

Bug Fixes
Features
pnpm/pnpm (pnpm)

v10.17.1

Compare Source

Patch Changes
  • When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #​9974.
  • Fix state.json creation path when executing pnpm patch in a workspace project #​9733.
  • When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #​9987.

v10.17.0

Compare Source

Minor Changes

  • The minimumReleaseAgeExclude setting now supports patterns. For instance:

    minimumReleaseAge: 1440
minimumReleaseAgeExclude:
  - "@&#8203;eslint/*"

    Related PR: #​9984.

Patch Changes
  • Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #​9978.
  • When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #​9979.

v10.16.1

Compare Source

Patch Changes
  • The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #​9963.
  • Forcibly disable ANSI color codes when generating patch diff #​9914.

v10.16.0

Compare Source

Minor Changes

  • There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

    The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

    If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

    minimumReleaseAgeExclude:
  - webpack

    Related issue: #​9921.

  • Added support for finders #​9946.

    In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:

    pnpm why minimist

    prints the chain of dependencies to any installed instance of minimist:

    verdaccio 5.20.1
├─┬ handlebars 4.7.7
│ └── minimist 1.2.8
└─┬ mv 2.1.1
  └─┬ mkdirp 0.5.6
    └── minimist 1.2.8

    What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

    This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

    Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:

    module.exports = {
  finders: {
    react17: (ctx) => {
      return ctx.readManifest().peerDependencies?.react === "^17.0.0";
    },
  },
};

    Now we can use this finder function by running:

    pnpm why --find-by=react17

    pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
└── graphql-tag 2.12.6

    It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:

    module.exports = {
  finders: {
    react17: (ctx) => {
      const manifest = ctx.readManifest();
      if (manifest.peerDependencies?.react === "^17.0.0") {
        return `license: ${manifest.license}`;
      }
      return false;
    },
  },
};

    Every matched package will also print out the license from its package.json:

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
│   license: MIT
└── graphql-tag 2.12.6
    license: MIT
Patch Changes
  • Fix deprecation warning printed when executing pnpm with Node.js 24 #​9529.
  • Throw an error if nodeVersion is not set to an exact semver version #​9934.
  • pnpm publish should be able to publish a .tar.gz file #​9927.
  • Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #​9626.
cloudflare/workers-sdk (wrangler)

v4.40.1

Compare Source

Patch Changes

v4.40.0

Compare Source

Minor Changes
  • #​10743 a7ac751 Thanks @​jonesphillip! - Changes --fileSizeMB to --file-size for wrangler r2 bucket catalog compaction command.
    Small fixes for pipelines commands.
Patch Changes

  • #​10706 81fd733 Thanks @​1000hz! - Fixed an issue that caused some Workers to have an incorrect service tag applied when using a redirected configuration file (as used by the Cloudflare Vite plugin). This resulted in these Workers not being correctly grouped with their sibling environments in the Cloudflare dashboard.

  • Updated dependencies [06e9a48]:

    • miniflare@​4.20250924.0

v4.39.0

Compare Source

Minor Changes

  • #​10647 555a6da Thanks @​efalcao! - VPC service binding support

  • #​10612 97a72cc Thanks @​jonesphillip! - Added new pipelines commands (pipelines, streams, sinks, setup), moved old pipelines commands behind --legacy

  • #​10652 acd48ed Thanks @​edmundhung! - Rename Hyperdrive local connection string environment variable from WRANGLER_HYPERDRIVE_LOCAL_CONNECTION_STRING_<BINDING_NAME> to CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_<BINDING_NAME>. The old variable name is still supported but will now show a deprecation warning.

  • #​10721 55a10a3 Thanks @​penalosa! - Stabilise Worker Loader bindings

Patch Changes

v4.38.0

Compare Source

Minor Changes
Patch Changes

v4.37.1

Compare Source

Patch Changes

  • #​10658 3029b9a Thanks @​1000hz! - Fixed an issue with service tags not being applied properly to Workers when the Wrangler configuration file did not include a top-level name property.

  • #​10657 31ec996 Thanks @​penalosa! - Disable remote bindings with the --local flag

  • Updated dependencies [783afeb]:

    • miniflare@​4.20250913.0

v4.37.0

Compare Source

Minor Changes

  • #​10546 d53a0bc Thanks @​1000hz! - On deploy or version upload, Workers with multiple environments are tagged with metadata that groups them together in the Cloudflare Dashboard.

  • #​10596 735785e Thanks @​penalosa! - Add Miniflare & Wrangler support for unbound Durable Objects

  • #​10622 15c34e2 Thanks @​nagraham! - Modify R2 Data Catalog compaction commands to enable/disable for Catalog (remove table/namespace args), and require Cloudflare API token on enable.

Patch Changes
  • Updated dependencies [735785e]:
    • miniflare@​4.20250906.2

v4.36.0

Compare Source

Minor Changes
Patch Changes

v4.35.0

Compare Source

Minor Changes

  • #​10491 5cb806f Thanks @​zebp! - Add traces, OTEL destinations, and configurable persistence to observability settings

    Adds a new traces field to the observability settings in your Worker configuration that configures the behavior of automatic tracing. Both traces and logs support providing a list of OpenTelemetry compliant destinations where your logs/traces will be exported to as well as an implicitly-enabled persist option that controls whether or not logs/traces are persisted to the Cloudflare observability platform and viewable in the Cloudflare dashboard.

Patch Changes

v4.34.0

Compare Source

Minor Changes

  • #​10478 cc47b51 Thanks @​danielrs! - Beta feature preview_urls is now disabled by default.

    This change makes preview_urls disabled by default when it's not provided, making
    the feature opt-in instead of opt-out.

Patch Changes

Configuration

📅 Schedule: Branch creation - "before 9am on monday" in timezone Europe/Gibraltar, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 2e6fa02 to 9feab33 Compare September 14, 2025 22:21
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from e36cad8 to 428e495 Compare September 22, 2025 16:49
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 86f342d to a80aa30 Compare September 25, 2025 01:01
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from a80aa30 to 7536b60 Compare September 25, 2025 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants