Update npm dependencies#80
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
7f68c04 to
3055607
Compare
3055607 to
a9fab7d
Compare
a9fab7d to
3420966
Compare
3420966 to
77ab502
Compare
77ab502 to
4edcc7a
Compare
4edcc7a to
f74ee04
Compare
f74ee04 to
2b27c10
Compare
2b27c10 to
6a13b13
Compare
6a13b13 to
262afe1
Compare
262afe1 to
6a20b82
Compare
6a20b82 to
06a3ce8
Compare
06a3ce8 to
950e503
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.10.1→3.10.23.10.1→3.10.23.10.1→3.10.23.10.1→3.10.23.10.1→3.10.23.10.1→3.10.210.6.0→10.7.01.71.0→1.73.05.9.5→5.14.25.9.5→5.14.25.9.5→5.14.25.9.5→5.14.226.4.0→26.5.0^0.56.0→^0.58.01.71.0→1.73.0^0.23.0→^0.24.011.9.0→11.11.0^6.0.2→^7.0.08.62.0→8.63.0Release Notes
facebook/docusaurus (@docusaurus/core)
v3.10.2Compare Source
Backport and cherry-pick commits from main for v3.10.2 patch release:
@swc/html, fix StackBlitz playground #12055extractLeadingEmoji()edge cases #12100@types/gtag.js, upgrade@swc/html#12080docusaurus serveshould pass--hosttoserver.listen()#12127trustPolicydowngrade issue #12012@11ty/gray-matter#12181facebook/docusaurus (@docusaurus/faster)
v3.10.2Compare Source
facebook/docusaurus (@docusaurus/preset-classic)
v3.10.2Compare Source
eslint/eslint (eslint)
v10.7.0Compare Source
Features
cf2a9bffeat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)f8b873afeat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)557fde8feat: support computedNumber.parseIntmember access inradixrule (#21041) (Pixel)0b4a73bfeat: add suggestions to no-compare-neg-zero (#21034) (den$)96cdd42feat: report invalid signed numeric radix values inradixrule (#21030) (Pixel)Bug Fixes
3e7bf15fix: applyignoreClassesWithImplementsto class expressions (#21069) (Pixel)0d7d70cfix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)75ec753fix: handle static template literals ineqeqeqrule (#21058) (Pixel)b717a22fix: preventeqeqeqnull option from reporting non-equality operators (#21057) (Pixel)e35b05ffix: avoidno-invalid-regexpfalse positive for shadowed RegExp (#21051) (Pixel)a3172b6fix: avoidno-control-regexfalse positive for shadowed RegExp (#21050) (Pixel)d1f637efix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)8859baffix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)a9e5961fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)8a240a7fix: avoid false positives inradixrule for spread arguments (#21044) (Pixel)Documentation
c30d808docs: Update README (GitHub Actions Bot)5139800docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)04174cbdocs: Update README (GitHub Actions Bot)026e130docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)9d42fefdocs: Update README (GitHub Actions Bot)b230159docs: Update README (GitHub Actions Bot)0129972docs: correct**/.jsglob to**/*.jsin config files guide (#21036) (EduardF1)Chores
9489379chore: update dependency @eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])81a4774chore: updates for v9.39.5 release (Jenkins)9835414chore: enable$ExpectTypeannotations in all TypeScript files (#21071) (Francesco Trotta)72adf6bchore: restrictmarkdownlint-cli2updates in renovate (#21067) (lumir)833ec10chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])7ea106dchore: update ecosystem plugins (#21059) (ESLint Bot)8fb550echore: add prettier update commit to.git-blame-ignore-revs(#21056) (lumir)e4e1166chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])0493f53chore: update prettier to v3.9.0 (#21054) (Pixel)1056a99chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])4d4155dci: run ecosystem tests on pull requests (#21027) (sethamus)993539fchore: update dependency @eslint/json to ^2.0.1 (#21042) (renovate[bot])53f8b69test: add error locations tono-constant-binary-expression(#21039) (lumir)5ab71d5refactor: clean up radix rule internals (#21015) (Pixel)a80a9a4chore: update ecosystem plugins (#21035) (ESLint Bot)7c9a029ci: add Node.js 26 to CI (#20847) (lumir)oxc-project/eslint-plugin-oxlint (eslint-plugin-oxlint)
v1.73.0Compare Source
No significant changes
View changes on GitHub
v1.72.0Compare Source
No significant changes
View changes on GitHub
Rel1cx/eslint-react (eslint-plugin-react-dom)
v5.14.2Compare Source
🐞 Fixes
react-x/globals: added detection for global writes through destructuring assignments and property deletion withdelete. (#1896)react-x/globals: propagated render-time global mutation effects through directly called helpers and stable local aliases. (#1896)🏗️ Internal
react-debugcomponent and source detection,react-naming-conventionnaming rules, andreact-x/immutabilityReact Compiler fixtures.Full Changelog: Rel1cx/eslint-react@v5.14.1...v5.14.2
v5.14.1Compare Source
🐞 Fixes
react-rsc/function-definition: fixed invalid async autofixes for object and class methods with local'use server'directives, including generator and computed methods; accessors and constructors are now reported without an unsafe fix.🏗️ Internal
react-rsc/function-definition, covering directive placement, export resolution, function forms, and autofix behavior.react-rsc/function-definitionandreact-x/unsupported-syntax.Full Changelog: Rel1cx/eslint-react@v5.14.0...v5.14.1
v5.14.0Compare Source
✨ New
react-x/refs: added render-reachability support for function declarations, IIFEs, synchronous array callbacks, and render-time callbacks passed touseMemoanduseReducer. (#1895)react-x/refs: added lazy-initialization support for explicitundefinedguards and for null guards enclosing additional nested conditions. (#1895)🐞 Fixes
react-x/refs: reworked render-time call analysis as an unbounded fixed-point propagation, removing the previous 50-iteration cap. (#1895)react-x/refs: tightened inverted lazy-initialization handling so the non-null branch must unconditionally return or throw. (#1895)react-x/refs: stopped treating!ref.currentas a null guard because initialized refs may contain falsy values. (#1895)🏗️ Internal
react-x/refs: refactored ref aliases, function bindings, JSX refs, and duplicate initialization tracking to use scoped ESLint variable identities and position-aware binding events instead of file-wide identifier names. (#1895)react-x/immutabilityand documented them in the spec diff report.@effect/language-serviceto^0.86.5.preactto^10.29.7.viteto^8.1.4in example apps.dprintJSON plugin to^0.23.0.Full Changelog: Rel1cx/eslint-react@v5.13.2...v5.14.0
v5.13.2Compare Source
🐞 Fixes
react-x/immutability: fixed false positive onref.currentwrite insideuseEffect. (#1894)🏗️ Internal
@types/nodeto^26.1.1.preactto^10.29.6.tsdownto^0.22.4.Full Changelog: Rel1cx/eslint-react@v5.13.1...v5.13.2
v5.13.1Compare Source
🐞 Fixes
react-x/refs: aligned error message wording forreadDuringRender,writeDuringRender, andrefPassedToFunctionwith the React Compiler specification.Full Changelog: Rel1cx/eslint-react@v5.13.0...v5.13.1
v5.13.0Compare Source
✨ New
react-x/refsnow detects nested property writes on a ref's value (e.g.ref.current.inner = value), which are now reported aswriteDuringRenderinstead of being misclassified as a read.react-x/refsnow tracks functions bound to (and called through) simple object-member-expression targets (e.g.object.foo = () => ref.current; object.foo();), closing a gap in the render-reachability analysis that previously only covered plain variable bindings.react-x/refsnow detectsref.currentaccesses inside the lazy initializer function passed directly asuseState's first argument, since it runs synchronously during the initial render unlike other hook-callback arguments.react-x/refsnow exempts calls to a function namedrender(e.g.props.render(ref), a common render-prop pattern) from therefPassedToFunctiondiagnostic, alongside the existingmergeRefs/hook exemptions.🐞 Fixes
react-x/refslazy-init guard-block detection so it is direction-aware: inside the branch of anif (ref.current == null)-style guard that is guaranteed to seeref.currentas null, only a direct write is treated as the (single) valid initialization; reads or values passed to a function there are still reported.🏗️ Internal
react-x/refsinternals, replacingisRefCurrentNullCheckwithgetRefCurrentNullCheckBranchinlib.ts.fumadocspackages andpreact.react-debug/jsxrule.Full Changelog: Rel1cx/eslint-react@v5.12.2...v5.13.0
v5.12.1Compare Source
📝 Documentation
react-x/immutabilityrule description in docs.🏗️ Internal
Full Changelog: Rel1cx/eslint-react@v5.12.0...v5.12.1
v5.12.0Compare Source
✨ New
react-x/immutabilityto align with the React Compiler'sValidateNoFreezingKnownMutableFunctionsvalidation pass: it now detects functions that (transitively) mutate a captured local variable and reports them when passed as a JSX prop, passed as a hook argument, or returned from a hook. (#1891)📝 Documentation
🏗️ Internal
typescript-eslintpackages to^8.63.0.eslint-plugin-perfectionistto^5.10.0.Full Changelog: Rel1cx/eslint-react@v5.11.3...v5.12.0
v5.11.3Compare Source
🐞 Fixes
FunctionComponentDetectionHint.DoNotIncludeFunctionDefinedAsClassPropertychecking for objectPropertynodes instead of classPropertyDefinitionnodes, so functions defined as class fields are now correctly excluded when the hint is set. (#1890)🏗️ Internal
MessageIDtypes.eslint-plugin-jsdoc,typedoc,undiciandpnpm.Full Changelog: Rel1cx/eslint-react@v5.11.2...v5.11.3
v5.11.2Compare Source
📝 Documentation
react-x/no-children-count,react-x/no-children-for-each,react-x/no-children-map,react-x/no-children-only,react-x/no-children-to-array, andreact-x/no-clone-element) with clearer guidance on why child introspection creates fragile component coupling and links to Astryx'sno-react-introspectionrule. (#1889)THIRD-PARTY-LICENSEfile.Full Changelog: Rel1cx/eslint-react@v5.11.0...v5.11.2
v5.11.0Compare Source
✨ New
react-x/refsnow detects ref mutations/reads inside helper functions that are called (directly, or through a simple variable alias) during render, closing a gap where any nested function was previously treated as a safe boundary regardless of whether it was actually invoked during render.react-x/refsnow reports a second guarded ref initialization: only a singleif (ref.current == null) { ref.current = ... }guarded initialization is allowed per ref per component/hook, and a second guarded write (in the same or a differentifblock) is reported asduplicateRefInit.react-x/refsnow supports.currentaccesses whose base is a member expression that looks like a ref (e.g.props.ref.current), not just a plain identifier.🏗️ Internal
packages/ast/src/check.ts.@effect/language-serviceto^0.86.4andpreactto^10.29.4.react-x/static-componentsinternals without changing behavior:findVariableForIdentifiernow delegates to@typescript-eslint/utils/ast-utils'sfindVariableinstead of a hand-rolled scope-chain walk,resolveDynamicValuewas split intofindDynamicCreationSiteandfindReassignmentCreationSite, and render-boundary/JSX-candidate handling was extracted into dedicated helpers.Check.isDirectiveandCheck.isIdentifierin@eslint-react/ast: both now take the node as the first argument and an optionalnameas the second, replacing the previous curried(name) => (node) => booleanshape. RemovedCheck.isStringLiteral; usets-pattern'sisMatchingor an inline type guard instead.Full Changelog: Rel1cx/eslint-react@v5.10.4...v5.11.0
v5.10.4Compare Source
🐞 Fixes
react-x/no-misused-capture-owner-stacknot recognizingprocess.env.NODE_ENVchecks wrapped in TypeScript type expressions such as(process.env as any).NODE_ENV. (#1813)Extract.getFullyQualifiedNameto unwrapTSAsExpression,TSTypeAssertion,TSNonNullExpression, andChainExpressionbefore resolving names. This improves name resolution for rules that identify React APIs or collect component/hook names through type-wrapped expressions.Full Changelog: Rel1cx/eslint-react@v5.10.3...v5.10.4
v5.10.3Compare Source
🏗️ Internal
typescript-eslintpackages to^8.62.1.@effect/language-serviceto^0.86.3.undiciandundici-typesto^8.6.0.@eslint-react/eslint-pluginpackage description.Full Changelog: Rel1cx/eslint-react@v5.10.2...v5.10.3
v5.10.2Compare Source
🐞 Fixes
<div {...{ [key]: value }} />) as static prop names. The actual property name is the runtime value of the variable; computed string literal keys are still recognized. Affected rules:react-x/no-missing-keyreact-jsx/no-children-prop-with-childrenreact-jsx/no-children-propreact-jsx/no-useless-fragmentreact-dom/no-dangerously-set-innerhtml-with-childrenreact-dom/no-dangerously-set-innerhtmlreact-dom/no-missing-button-typereact-dom/no-missing-iframe-sandboxreact-dom/no-string-style-propreact-dom/no-unsafe-iframe-sandboxreact-dom/no-unsafe-target-blankreact-dom/no-void-elements-with-childrenreact-web-api/no-leaked-event-listenerreact-web-api/no-leaked-fetchreact-x/unsupported-syntaxto no longer report IIFEs in JSX. This makes the rule consistent with the upstreamreact-hooks/unsupported-syntaxand removes theiifemessage.✨ New
react-x/unsupported-syntaxnow detectsevalcalls viaglobalThis.eval,globalThis["eval"], and type assertions like(globalThis as any).eval.🏗️ Internal
resolveparameter toExtract.getPropertyNameso callers can control how identifier and private identifier property names are resolved.Extract.getPropertyName.Full Changelog: Rel1cx/eslint-react@v5.10.1...v5.10.2
v5.10.1Compare Source
🐞 Fixes
static-componentsrule todisable-conflict-eslint-plugin-react-hooks, closes #1884.📝 Documentation
noCircularEffectrecipe sample to use@eslint-react/kitcollectors andsimpleTraverse, and updated the recipe overview accordingly.🏗️ Internal
typescript-eslint,@types/node,vite, andtailwindcss.fumadocs,lucide-react, andpostcssin the website.Full Changelog: Rel1cx/eslint-react@v5.10.0...v5.10.1
v5.10.0Compare Source
📝 Documentation
react-x/no-unused-state.🏗️ Internal
eslintto^10.6.0.js-yamlworkspace override to^4.3.0.Full Changelog: Rel1cx/eslint-react@v5.9.5...v5.10.0
nodejs/node (node)
v26.5.0: 2026-07-08, Version 26.5.0 (Current), @richardlauCompare Source
Notable Changes
New release key
Welcome to our newest releaser, Stewart X Addison. Future Node.js releases may be signed with his release key,
655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD.Other notable changes
55f48446c7] - (SEMVER-MINOR) buffer: implement blob.textStream() (Matthew Aitken) #64036b373202efc] - (SEMVER-MINOR) esm: add--experimental-import-textflag (Efe) #6230039e0c14455] - (SEMVER-MINOR) perf_hooks: sample delay per event loop iteration (Pablo Erhard) #62935999a83c937] - (SEMVER-MINOR) stream: expose ReadableStreamTee (Matteo Collina) #641954e0236dc3d] - (SEMVER-MINOR) tls: report negotiated TLS groups (Filip Skokan) #64119Commits
87648c0a6c] - benchmark: trim down the argon2 sets (Filip Skokan) #64218a483bfd3f0] - buffer: remove unreachable overflow check in atob (haramjeong) #601616d14279688] - buffer: add fast api for isUtf8 and isAscii (Gürgün Dayıoğlu) #6416955f48446c7] - (SEMVER-MINOR) buffer: implement blob.textStream() (Matthew Aitken) #64036a67d9a7a44] - build: allow linting node.1 (Aviv Keller) #6415706c1fbc25b] - build: enable Maglev for riscv64 (Jamie Magee) #62605518309c363] - build: suppress clang errors building libffi on Windows (René) #642226a80ab485c] - build: add manually-dispatched stress-test workflow (Joyee Cheung) #64118f4e7bf1f1c] - build: pin envinfo versions in github actions (Joyee Cheung) #6411766f6ac0d86] - build: support setting an emulator from configure script (Ivan Trubach) #538997f26c54aa6] - child_process: fix permission model propagation via NODE_OPTIONS (Matteo Collina) #6397232bb554f5b] - crypto: fix large DH generator validation (Tobias Nießen) #640920908d76ef6] - crypto: reject small-order EdDSA points during verify (Filip Skokan) #640267f7e5863c2] - deps: update undici to 8.7.0 (Node.js GitHub Bot) #64282af91029801] - deps: update nghttp3 to 1.17.0 (Node.js GitHub Bot) #641822e500ba7b0] - deps: update googletest to8b53336(Node.js GitHub Bot) #6418174e3aa24ba] - deps: update sqlite to 3.53.3 (Node.js GitHub Bot) #64180c7e57f55a7] - deps: c-ares: cherry-pick8ba37af(René) #64110879fdc4daf] - deps: V8: backportda20a19(Kevin Gibbons) #64101a640543a7c] - deps: V8: cherry-pick0cc9eb2(Kevin Gibbons) #64101feefd179e5] - deps: V8: cherry-pick1a391f9(Kevin Gibbons) #641018ef643d4b0] - deps: update googletest to0b1e895(Node.js GitHub Bot) #640399e50bb0655] - dgram: skip dns.lookup() for literal IP addresses (Ruben Bridgewater) #64133dc052c095c] - diagnostics_channel: return original thenable (Stephen Belanger) #62407a22a840293] - doc: clarify QUIC stream state wording (EduardF1) #636608d4bec2d71] - doc: update Http2SecureServer.on("timeout") default value (YuSheng Chen) #64187da88f70afa] - doc: add note on visibility of CI failures to new contributor guide (Stewart X Addison) #6425620ce359ccb] - doc: clarify HTTP/1.1 response ordering (Matteo Collina) #6421305eae2835c] - doc: recommend node-stress-single-test for flaky tests (Trivikram Kamat) #642233966eb67e7] - doc: fix typo in examples (Vas Sudanagunta) #6418412a2b9daa3] - doc: fix typo in node-config-schema.json (Hamid Reza Ghavami) #641880854482671] - doc: clarify defense-in-depth issues (Matteo Collina) #64215ef4915fc3a] - doc: fix Fast FFI argument count in ffi.md (Daijiro Wachi) #63960bb2eed863c] - doc: add sxa GPG key (ed25519) (Stewart X Addison) #64193b7bf6e3a06] - doc: add guide and answers to FAQs for first-time contributors (Joyee Cheung) #63685ff537ba858] - doc: updateHttp2Server.close&Http2SecureServer.close(YuSheng Chen) #63298f3db304588] - doc: update list of people inSECURITY.md(Richard Lau) #641522a126647b0] - doc: clarify vfs is not a sandbox (Matteo Collina) #6414385fc79dd9b] - doc: fix broken links and duplicate stability label (Antoine du Hamel) #64130189e830eb3] - doc: add missing option to man page (Richard Lau) #641567a16ccccd0] - doc: announce upcoming end of tier 2 support for macOS x64 (Antoine du Hamel) #63931d5f826045f] - doc: update toolchain for official AIX releases (Richard Lau) #6406860abc4400f] - doc: fix callback example import in fs docs (Kamal Rawal) #63912e470c74a6c] - doc: fix keepAliveTimeout default in http.createServer options (Jahanzaib iqbal) #63974851b460583] - esm: improve ERR_REQUIRE_ASYNC_MODULE (Joyee Cheung) #642600cd443df39] - esm: print required top-level await locations without evaluating (Joyee Cheung) #64154b373202efc] - (SEMVER-MINOR) esm: add--experimental-import-textflag (Efe) #62300eacfbd0ca5] - http: add CONNECT method handling for default Host header with proxy (Archkon) #64114aeb539a383] - http: fix drain event with cork/uncork (David Evans) #640388e8874b216] - http: document and validate options.path when it's in absolute-form (Joyee Cheung) #64108eb2e96bc28] - inspector: fix crash when writing to closed inspector socket (ympark2011) #64209243b0e4e57] - lib: reject string "0" in validatePort when allowZero is false (Daijiro Wachi) #6417434a537c0ed] - lib: use__proto__: nullwhen callingObjectDefineProperty(Antoine du Hamel) #642391f72393f19] - lib: lazily initialize kEvents and kHandlers maps (Guilherme Araújo) #6370292a3dc3191] - lib,permission: fix addon permission drop (Martin Wagner) #6400787b8f2a296] - meta: fix linter warning instale.yml(Antoine du Hamel) #64281829c4a5913] - meta: bump actions/cache from 5.0.5 to 6.1.0 (dependabot[bot]) #642480808dcd31c] - meta: bump github/codeql-action/autobuild from 4.36.1 to 4.36.2 (dependabot[bot]) #6424764aa17058f] - meta: bump github/codeql-action/analyze from 4.36.1 to 4.36.2 (dependabot[bot]) #64246873d1e0412] - meta: bump actions/checkout from 6.0.2 to 7.0.0 (dependabot[bot]) #64245fe460ccf0b] - meta: bump codecov/codecov-action from 6.0.1 to 7.0.0 (dependabot[bot]) #64244845c63ed50] - meta: bump rtCamp/action-slack-notify from 2.3.3 to 2.4.0 (dependabot[bot]) #642432cad2d6de5] - meta: bump github/codeql-action/init from 4.36.1 to 4.36.2 (dependabot[bot]) #642420ddde950c7] - meta: bump actions/setup-python from 6.2.0 to 6.3.0 (dependabot[bot]) #64241c0a8760d2f] - meta: bump github/codeql-action/upload-sarif from 4.36.1 to 4.36.2 (dependabot[bot]) #64240f49704b9d0] - meta: clarify V8 flags are outside threat model (Matteo Collina) #642246b8dc58e6e] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #64057fe5260cca7] - meta: update status of past strategic initiatives (Joyee Cheung) #634807b01040008] - meta: speed up stale bot (Aviv Keller) #64075874c46c24f] - meta: update sccache version in test-linux-quic (René) #6404348c5c86363] - module: enable import support for addons by default (Chengzhong Wu) #6422139e0c14455] - (SEMVER-MINOR) perf_hooks: sample delay per event loop iteration (Pablo Erhard) #62935f90f1bd032] - **peConfiguration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.