Skip to content

chore(deps): update all non-major dependencies#455

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#455
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@nuxt/eslint-config (source) ^1.15.2^1.16.0 age confidence devDependencies minor
@types/node (source) 24.12.424.13.3 age confidence devDependencies minor
@vitest/coverage-v8 (source) ^4.1.7^4.1.10 age confidence devDependencies patch
MatteoGabriele/agentscan-action v2.0.0v2.0.1 age confidence action patch
eslint (source) ^10.4.1^10.6.0 age confidence devDependencies minor 10.7.0
knip (source) ^6.14.2^6.26.0 age confidence devDependencies minor
pnpm (source) 11.5.011.11.0 age confidence packageManager minor
semver ^7.8.1^7.8.5 age confidence devDependencies patch
std-env ^4.1.0^4.2.0 age confidence dependencies minor
vitest (source) ^4.1.7^4.1.10 age confidence devDependencies patch
vue-tsc (source) ^3.3.3^3.3.7 age confidence devDependencies patch

Release Notes

nuxt/eslint (@​nuxt/eslint-config)

v1.16.0

Compare Source

   🚀 Features
    View changes on GitHub
vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.10

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub

v4.1.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
MatteoGabriele/agentscan-action (MatteoGabriele/agentscan-action)

v2.0.1

Compare Source

v2.0.1

  • fix: scan the PR/issue author instead of the triggering actor
    The action now resolves the username from payload.pull_request.user.login / payload.issue.user.login first, falling back to context.actor only if neither is present. (#​31)

Full Changelog: MatteoGabriele/agentscan-action@v2.0.0...v2.0.1

eslint/eslint (eslint)

v10.6.0

Compare Source

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#​20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#​20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#​20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#​21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#​21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#​21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#​21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#​21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#​21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#​21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#​20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#​20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#​20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#​20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#​20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#​20983) (lumir)

Chores

v10.5.0

Compare Source

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#​20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#​20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#​20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#​20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#​20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#​20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#​20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#​20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#​20926) (sethamus)

Chores

webpro-nl/knip (knip)

v6.26.0: Release 6.26.0

Compare Source

  • ci: add path filters (#​1871) (4249935) - thanks @​trueberryless!
  • Add CodeRabbit as gold sponsor (1da09fd)
  • Fix up docs a bit more (39125a7)
  • Don't report ambient declaration files as unused (aed361c)
  • Register oclif command files as entries (3b4d58c)
  • Add electron-vite plugin (d92107e)
  • Add esbuild plugin (ef3b601)
  • Ignore more globally available binaries (8292981)
  • Resolve #-imports to source when node condition is unbuilt (resolve #​1873) (f2713ed)
  • Ignore gh as a globally available binary (a6f0772)
  • Resolve Vitest benchmark files as entries (5742913)
  • Extract shared Vue auto-import machinery into plugins/_vue (7301075)
  • Scope compiler extensions per workspace (5e6f82b)
  • Resolve auto-imported components in the Vue SFC compiler (009aad8)
  • Add plugins for the Vue auto-import ecosystem (f638c83)
  • Enable Vue SFC compiler on unplugin-vue and @​vitejs/plugin-vue (9396ab1)
  • Recognize vite-plugin-vue-meta-layouts (same layouts convention) (3ceee89)
  • Add vite-plugin-pages and unplugin-icons plugins (9bc1754)
  • Add vite-plugin-pwa and @​intlify/unplugin-vue-i18n plugins (45dea0a)
  • Dog, food. (e1249ad)
  • Update query snapshot (a45941d)
  • Don't misread Nitro route types as Vue component auto-imports (43aecd5)
  • Read oxlint jsPlugins from vite-plus vite.config and .oxlintrc.json (589ffda)
  • Add vite-plus plugin for run.tasks and staged scripts (f041c19)
  • Support @​vite-pwa/nuxt PWA config in nuxt.config (8fa7b11)
  • Add @​vite-pwa/assets-generator plugin (4254f7d)
  • Add @​nuxtjs/i18n plugin (dfb9acb)
  • Read plugin entries from vite.config options and index.html (d533da8)
  • Fix false positives in VitePress, next-mdx and unplugin-vue-i18n plugins (b99702a)
  • Respect optional peers in pnpm and Yarn packageExtensions (aab080b)
  • Detect babel plugins in the Storybook config (5dea975)
  • Add shared AST helpers for imported calls and first property values (c84bb7a)
  • Inline trivial resolveFromAST wrappers and normalize orval and sst (620079d)
  • Extract inline resolveFromAST implementations to dedicated files (b5231c1)
  • Normalize resolveFromAST files to a uniform contract (fc1ba0f)
  • chore: migrate to Astro 7 and Sätteri (#​1875) (f256a5b) - thanks @​trueberryless!
  • Show contributor count on docs homepage (6b8454a)
  • Exclude gitignored package entry points (606e5d0)
  • Add Tauri plugin (199180d)
  • Add Laravel plugin (1974533)
  • Add Quasar plugin (a220729)

v6.25.0: Release 6.25.0

Compare Source

v6.24.0: Release 6.24.0

Compare Source

v6.23.0: Release 6.23.0

Compare Source

v6.22.0: Release 6.22.0

Compare Source

v6.21.0: Release 6.21.0

Compare Source

v6.20.0: Release 6.20.0

Compare Source

v6.19.0: Release 6.19.0

Compare Source

v6.18.0: Release 6.18.0

Compare Source

v6.17.2: Release 6.17.2

Compare Source

v6.17.1: Release 6.17.1

Compare Source

  • Remove ignoreBinaries w/ tar (b13d0ca)
  • Wrap up docs/refs (29f3e46)
  • Update dependencies (7b2f345)
  • Fix up vscode-languageclient imports (820c233)

v6.17.0: Release 6.17.0

Compare Source

v6.16.1: Release 6.16.1

Compare Source

v6.16.0: Release 6.16.0

Compare Source

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from danielroe as a code owner June 8, 2026 07:39
@socket-security

socket-security Bot commented Jun 8, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​nuxt/​eslint-config@​1.16.0981007894100
Addedvitest@​4.1.10981007999100
Added@​vitest/​coverage-v8@​4.1.10991007999100
Added@​types/​node@​24.13.31001008196100
Addedstd-env@​4.2.0991008788100
Addedvue-tsc@​3.3.71001009296100
Updatedsemver@​7.8.1 ⏵ 7.8.5100 +1100100 +193100
Addedeslint@​10.6.09810010095100
Addedknip@​6.26.0991009596100

View full report

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 362853f to 83fed88 Compare June 11, 2026 08:58
@socket-security

socket-security Bot commented Jun 11, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@nuxt/eslint-config@1.16.0npm/knip@6.26.0npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm eslint-plugin-jsdoc is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@nuxt/eslint-config@1.16.0npm/eslint-plugin-jsdoc@63.0.13

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jsdoc@63.0.13. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 668462e to 30a0294 Compare June 18, 2026 17:02
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 9 times, most recently from f6f12a9 to 1a39875 Compare June 25, 2026 23:45
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from ec675fd to 49e304c Compare July 2, 2026 00:44
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 10071a2 to ba1e27a Compare July 9, 2026 07:52
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from ba1e27a to 2ceaa35 Compare July 10, 2026 22:18
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 2ceaa35 to 3b0b884 Compare July 11, 2026 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants