chore(deps): update dependency npm-check-updates to v19 by renovate[bot] · Pull Request #51 · nos/core-plugin-staking-crypto

$ ncu --format homepage
...
 mocha                      ^11.7.2  →   ^11.7.5    https://mochajs.org/
 npm-registry-fetch         ^19.0.0  →   ^19.1.1
 prettier                   ^3.6.2  →    ^3.8.1     https://prettier.io
...

Full Changelog: raineorshine/npm-check-updates@v19.4.1...v19.5.0

`v19.4.1`

Compare Source

What's Changed

Fixed a small cooldown regression with number types in the ncurc

Full Changelog: raineorshine/npm-check-updates@v19.4.0...v19.4.1

`v19.4.0`

Compare Source

What's Changed

feat(cooldown): support cooldown strings like "7d", "12h", "30m" by @aversini in #1598

New Contributors

@aversini made their first contribution in #1598

Full Changelog: raineorshine/npm-check-updates@v19.3.2...v19.4.0

`v19.3.2`

Compare Source

What's Changed

docs: close code tag instead of reopening another one by @sod in #1588
fix(tests): resolve EBUSY errors on Windows by retrying directory removal by @Zamiell in #1590

New Contributors

@sod made their first contribution in #1588

Full Changelog: raineorshine/npm-check-updates@v19.3.1...v19.3.2

`v19.3.1`

Compare Source

What's Changed

fix(catalog): use the right yarn config name by @MKruschke in #1586

Full Changelog: raineorshine/npm-check-updates@v19.3.0...v19.3.1

`v19.3.0`

Compare Source

What's Changed

feat: support yarn catalogs by @MKruschke in #1582
Fixed default catalog behavior.
- See discussion here: #1582 (comment)
- If you think this is wrong, please open an issue.

Full Changelog: raineorshine/npm-check-updates@v19.2.1...v19.3.0

`v19.2.1`

Compare Source

Full Changelog: raineorshine/npm-check-updates@v19.2.0...v19.2.1

`v19.2.0`

Compare Source

What's Changed

Add --format dep
Add interactive mode keyboard controls to docs by @jsoref in #1577
Spelling by @jsoref in #1578

New Contributors

@jsoref made their first contribution in #1577

Full Changelog: raineorshine/npm-check-updates@v19.1.2...v19.2.0

`v19.1.2`

Compare Source

What's Changed

fix: support singular 'catalog' field in pnpm-workspace.yaml by @afonsojramos in #1572

New Contributors

@afonsojramos made their first contribution in #1572

Full Changelog: raineorshine/npm-check-updates@v19.1.1...v19.1.2

`v19.1.1`

Compare Source

What's Changed

fix(cooldown): handle CooldownFunction in config file by @SebastianSedzik in #1565

Full Changelog: raineorshine/npm-check-updates@v19.1.0...v19.1.1

`v19.1.0`

Compare Source

What's Changed

feat(cooldown): support for cooldown predicate function by @SebastianSedzik in #1563

Full Changelog: raineorshine/npm-check-updates@v19.0.0...v19.1.0

`v19.0.0`

Compare Source

Breaking

node >= 20 required
--workspaces (plural) short option -ws changed to -w
- Better compatibility with commander v13
- Short option should always be a single character for consistency
- Replaces the short option for --workspace (singular)
- --workspace (singular) no longer has a short option.

Thanks to community members for raising awareness and to @SebastianSedzik for the implementation.

See: #1547

Feature: `--cooldown`

Usage:

ncu --cooldown [n]
ncu -c [n]

The cooldown option helps protect against supply chain attacks by requiring package versions to be published at least the given number of days before considering them for upgrade.

Note that previous stable versions will not be suggested. The package will be completely ignored if its latest published version is within the cooldown period. This is due to a limitation of the npm registry, which does not provide a way to query previous stable versions.

Example:

Let's examine how cooldown works with a package that has these versions available:

1.0.0          Released 7 days ago    (initial version)
1.1.0          Released 6 days ago    (minor update)
1.1.1          Released 5 days ago    (patch update)
1.2.0          Released 5 days ago    (minor update)
2.0.0-beta.1   Released 5 days ago    (beta release)
1.2.1          Released 4 days ago    (patch update)
1.3.0          Released 4 days ago    (minor update) [latest]
2.0.0-beta.2   Released 3 days ago    (beta release)
2.0.0-beta.3   Released 2 days ago    (beta release) [beta]

With default target (latest):

$ ncu --cooldown 5

No update will be suggested because:

Latest version (1.3.0) is only 4 days old.
Cooldown requires versions to be at least 5 days old
Use --cooldown 4 or lower to allow this update

With @beta/@tag target:

$ ncu --cooldown 3 --target @&#8203;beta

No update will be suggested because:

Current beta (2.0.0-beta.3) is only 2 days old
Cooldown requires versions to be at least 3 days old
Use --cooldown 2 or lower to allow this update

With other targets:

$ ncu --cooldown 5 --target greatest|newest|minor|patch|semver

Each target will select the best version that is at least 5 days old:

greatest → 1.2.0        (highest version number outside cooldown)
newest   → 2.0.0-beta.1 (most recently published version outside cooldown)
minor    → 1.2.0        (highest minor version outside cooldown)
patch    → 1.1.1        (highest patch version outside cooldown)

Note for latest/tag targets:

⚠️ For packages that update frequently (e.g. daily releases), using a long cooldown period (7+ days) with the default --target latest or --target @tag may prevent all updates since new versions will be published before older ones meet the cooldown requirement. Please consider this when setting your cooldown period.

`v18.1.1`

Compare Source

`v18.1.0`

Compare Source

`v18.0.3`

Compare Source

`v18.0.2`

Compare Source

`v18.0.1`

Compare Source

`v18.0.0`

Compare Source

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

yarn dlx ncu -g --packageManager yarn → yarn dlx ncu -g
pnpm dlx ncu --global --packageManager pnpm → pnpm dlx ncu -g
bunx ncu -g--packageManager pnpm → bunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

ncu -g → ncu -g--packageManager npm

Thanks to @LuisFerLCC for the improvement (#1514).

raineorshine/npm-check-updates@v17.1.18...v18.0.0

`v17.1.18`

Compare Source

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

yarn dlx ncu -g --packageManager yarn → yarn dlx ncu -g
pnpm dlx ncu --global --packageManager pnpm → pnpm dlx ncu -g
bunx ncu -g--packageManager pnpm → bunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

ncu -g → ncu -g--packageManager npm

Thanks to @LuisFerLCC for the improvement (#1514).

raineorshine/npm-check-updates@v17.1.18...v18.0.0

`v17.1.17`

Compare Source

`v17.1.16`

Compare Source

`v17.1.15`

Compare Source

`v17.1.14`

Compare Source

`v17.1.13`

Compare Source

`v17.1.12`

Compare Source

`v17.1.11`

Compare Source

`v17.1.10`

Compare Source

`v17.1.9`

Compare Source

`v17.1.8`

Compare Source

`v17.1.7`

Compare Source

`v17.1.6`

Compare Source

`v17.1.5`

Compare Source

`v17.1.4`

Compare Source

`v17.1.3`

Compare Source

`v17.1.2`

Compare Source

`v17.1.1`

Compare Source

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

yarn dlx ncu -g --packageManager yarn → yarn dlx ncu -g
pnpm dlx ncu --global --packageManager pnpm → pnpm dlx ncu -g
bunx ncu -g--packageManager pnpm → bunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

ncu -g → ncu -g--packageManager npm

Thanks to @LuisFerLCC for the improvement (#1514).

raineorshine/npm-check-updates@v17.1.18...v18.0.0

`v17.1.0`

Compare Source

`v17.0.6`

Compare Source

`v17.0.5`

Compare Source

`v17.0.4`

Compare Source

`v17.0.3`

Compare Source

`v17.0.2`

Compare Source

`v17.0.1`

Compare Source

`v17.0.0`

Compare Source

Breaking

Require node >= 18.18.0
Deprecated versions are no longer excluded by default, as it requires fetching package info for every published version, significantly slowing down upgrades.
- You can opt in with --no-deprecated in the CLI or deprecated: false in your ncurc config.
In workspaces mode, --root is now set by default (#1353)
- To not check the root package.json, use --no-root.
If you have a packageManager field in your package.json, it is now upgraded by default (#1390)
- Use --dep prod,dev,optional for the old behavior.

raineorshine/npm-check-updates@v16.14.20...v17.0.0

`v16.14.20`

Compare Source

Breaking

Require node >= 18.18.0
Deprecated versions are no longer excluded by default, as it requires fetching package info for every published version, significantly slowing down upgrades.
- You can opt in with --no-deprecated in the CLI or deprecated: false in your ncurc config.
In workspaces mode, --root is now set by default (#1353)
- To not check the root package.json, use --no-root.
If you have a packageManager field in your package.json, it is now upgraded by default (#1390)
- Use --dep prod,dev,optional for the old behavior.

raineorshine/npm-check-updates@v16.14.20...v17.0.0

`v16.14.19`

Compare Source

`v16.14.18`

Compare Source

`v16.14.17`

Compare Source

`v16.14.16`

Compare Source

`v16.14.15`

Compare Source

`v16.14.14`

Compare Source

`v16.14.13`

Compare Source

`v16.14.12`

Compare Source

`v16.14.11`

Compare Source

`v16.14.10`

Compare Source

`v16.14.9`

Compare Source

`v16.14.8`

Compare Source

`v16.14.7`

Compare Source

`v16.14.6`

Compare Source

`v16.14.5`

Compare Source

`v16.14.4`

Compare Source

`v16.14.3`

Compare Source

`v16.14.2`

Compare Source

Breaking

Require node >= 18.18.0
Deprecated versions are no longer excluded by default, as it requires fetching package info for every published version, significantly slowing down upgrades.
- You can opt in with --no-deprecated in the CLI or deprecated: false in your ncurc config.
In workspaces mode, --root is now set by default (#1353)
- To not check the root package.json, use --no-root.
If you have a packageManager field in your package.json, it is now upgraded by default (#1390)
- Use --dep prod,dev,optional for the old behavior.

raineorshine/npm-check-updates@v16.14.20...v17.0.0

`v16.14.1`

Compare Source

`v16.14.0`

Compare Source

Feature

Added experimental support for bun package manager.
Automatically used if bun.lockb is detected.
Assistance needed to test it out on different platforms.

$ ncu --packageManager bun
$ ncu -p bun

Thanks to @ImBIOS for the PR!

`v16.13.4`

Compare Source

`v16.13.3`

Compare Source

`v16.13.2`

Compare Source

`v16.13.1`

Compare Source

`v16.13.0`

Compare Source

Feature

Added --install option to control auto-install behavior.

Usage:

ncu --install [value]

Default: prompt

Control the auto-install behavior.

always	Runs your package manager's install command automatically after upgrading.
never	Does not install and does not prompt.
prompt	Shows a message after upgrading that recommends an install, but does not install. In interactive mode, prompts for install. (default)

`v16.12.3`

Compare Source

`v16.12.2`

Compare Source

`v16.12.1`

Compare Source

`v16.12.0`

Compare Source

`v16.11.2`

Compare Source

`v16.11.1`

Compare Source

`v16.11.0`

Compare Source

`v16.10.19`

Compare Source

`v16.10.18`

Compare Source

`v16.10.17`

Compare Source

`v16.10.16`

Compare Source

`v16.10.15`

Compare Source

`v16.10.14`

Compare Source

`v16.10.13`

Compare Source

`v16.10.12`

Compare Source

`v16.10.11`

Compare Source

`v16.10.10`

Compare Source

`v16.10.9`

Compare Source

`v16.10.8`

Compare Source

`v16.10.7`

Compare Source

`v16.10.6`

Compare Source

`v16.10.5`

Compare Source

`v16.10.4`

Compare Source

`v16.10.3`

Compare Source

`v16.10.2`

Compare Source

`v16.10.1`

Compare Source

`v16.10.0`

Compare Source

Feature

Added filterResults option to filter out upgrades based on a user provided function.

filterResults runs after new versions are fetched, in contrast to filter and filterVersion, which run before. This allows you to filter out upgrades with filterResults based on how the version has changed (e.g. a major version change).

Only available in .ncurc.js or when importing npm-check-updates as a module.

/** Filter out non-major version updates.
  @&#8203;param {string} packageName               The name of the dependency.
  @&#8203;param {string} currentVersion            Current version declaration (may be range).
  @&#8203;param {SemVer[]} currentVersionSemver    Current version declaration in semantic versioning format (may be range).
  @&#8203;param {string} upgradedVersion           Upgraded version.
  @&#8203;param {SemVer} upgradedVersionSemver     Upgraded version in semantic versioning format.
  @&#8203;returns {boolean}                        Return true if the upgrade should be kept, otherwise it will be ignored.
*/
filterResults: (packageName, {currentVersion, currentVersionSemver, upgradedVersion, upgradedVersionSemver}) => {
  const currentMajorVersion = currentVersionSemver?.[0]?.major
  const upgradedMajorVersion = upgradedVersionSemver?.major
  if (currentMajorVersion && upgradedMajorVersion) {
    return currentMajorVersion < upgradedMajorVersion
  }
  return true
}

For the SemVer type definition, see: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring

Thanks to mslowiak for this enhancement!

Feature

Added --format lines

$ ncu --format lines
@&#8203;ava/typescript@^4.0.0
ava@^5.2.0
eslint@^8.36.0
lerna@^6.5.1
typescript@^5.0.2

This is particularly useful for upgrading global modules:

npm install -g $(ncu -g --format lines)

Thanks to @vanodevium for the PR!

Feature

Added --cacheClear option for—you guessed it—clearing the cache 🫥.

This brings the suite of cache-related options to:

--cache : Cache versions to the cache file.
--cacheClear : Clear the default cache, or the cache file specified by --cacheFile.
--cacheExpiration <min> : Cache expiration in minutes (default: 10).
--cacheFile <path> : Filepath for the cache file (default: "~/.ncu-cache.json").

Thanks to @ly3xqhl8g9 whose code is gratefully more lucid than his username.

Feature

Added workspace support! 🚢

Upgrade all workspaces:

ncu --workspaces
ncu -ws

Upgrade a single workspace:

ncu --workspace a
ncu -w a

Upgrade more than one workspace:

ncu --workspace a --workspace b
ncu -w a -w b

Upgrade all workspaces AND the root project:

ncu --workspaces --root

Upgrade a single workspace AND the root project:

ncu --workspace a --root

Notes

If workspaces or --workspace is run in --interactive mode, ncu will prompt to npm install once in the root project rather than separately in each workspace (#1182).
Running --deep will not trigger workspace support.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update dependency npm-check-updates to v19

3dbb3c2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency npm-check-updates to v19#51

chore(deps): update dependency npm-check-updates to v19#51
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-check-updates-19.x

renovate bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Mar 31, 2026

Release Notes

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

Breaking

Feature: --cooldown

Breaking

Breaking

Breaking

Breaking

Breaking

Breaking

Feature

Feature

Feature

Feature: `--cooldown`