fix(deps): update all non-major dependencies#197
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 7, 2026 16:53
4d8cba7 to
a848e21
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 8, 2026 13:35
a848e21 to
4b87c74
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
14 times, most recently
from
July 15, 2026 01:05
56f5b9e to
8b0f089
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
July 16, 2026 19:11
583a2af to
a57c0eb
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 17, 2026 21:38
a57c0eb to
6256a4f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.10.1→3.10.23.10.1→3.10.23.10.1→3.10.23.10.1→3.10.22.68.0→2.69.22.70.0(+1)7.1.2→7.2.08.62.1→8.63.08.64.01.6.1→1.6.2v5.4.0→v5.5.0v5.6.04.0.0→4.0.24.0.4(+1)v7.2.0→v7.3.0v4.2.0→v4.4.0v6.1.0→v6.2.0v4.1.0→v4.2.010.6.0→10.7.03.9.4→3.9.58.62.1→8.63.08.64.08.1.0→8.1.48.1.54.1.9→4.1.105.108.3→5.108.4Release Notes
facebook/docusaurus (@docusaurus/core)
v3.10.2Compare Source
Backport and cherry-pick commits from main for v3.10.2 patch release:
@swc/html, fix StackBlitz playground #12055extractLeadingEmoji()edge cases #12100@types/gtag.js, upgrade@swc/html#12080docusaurus serveshould pass--hosttoserver.listen()#12127trustPolicydowngrade issue #12012@11ty/gray-matter#12181sveltejs/kit (@sveltejs/kit)
v2.69.2Compare Source
Patch Changes
definevalues onglobalThiswhen running Vitest (#16246)v2.69.1Compare Source
Patch Changes
fix: prevent prototype pollution when deleting file inputs (#16218)
fix: prevent unhandled promise rejection (#16219)
v2.69.0Compare Source
Minor Changes
submittedproperty of remote forms (#14811)Patch Changes
fix: clear issues and touched states on form reset (#16163)
fix: return
undefinedfromfields.branch.issues()when onlyfields.branch.leafhas issues (#16187)sveltejs/vite-plugin-svelte (@sveltejs/vite-plugin-svelte)
v7.2.0Compare Source
Minor Changes
v7.1.4Compare Source
Patch Changes
v7.1.3Compare Source
Patch Changes
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v8.63.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
xyflow/xyflow (@xyflow/svelte)
v1.6.2Compare Source
Patch Changes
c707267,0c0cebc,56cf3b0,a01bb6b,9b3f390,cdfcbeb]:actions/setup-java (actions/setup-java)
v5.5.0Compare Source
asciidoctor/asciidoctor.js (asciidoctor)
v4.0.2Compare Source
Summary
Release meta
Released on: 2026-07-06
Released by: github-actions[bot]
Published by: GitHub
Logs: full diff
Changelog
Improvements
data:URI (e.g.image::data:image/svg+xml;base64,…[opts=inline]).readSvgContentsdecodes both Base64 and percent-encodeddata:payloads instead of only reading from a file or remote URI, so a diagram or image embedded as a data-URI can be rendered as inline<svg>without writing a file or enablingallow-uri-read. The SVG format is inferred from theimage/svg+xmlmedia type, so an explicitformat=svgattribute is no longer required on adata:URI targetBug Fixes
imageUrinow returns adata:URI image target as-is instead of attempting to read it as a file or fetch it via the Fetch API; previously, with bothdata-uriandallow-uri-readset, adata:URI target (e.g.data:image/png;base64,…) triggered a spurious "could not retrieve image data from URI" warningasciidoctor-versionattribute reporting the hard-coded upstream Ruby version (3.0.0.dev) instead of the actual library version — it now resolves to the@asciidoctor/corepackage version (e.g.4.0.1), so references such as{asciidoctor-version}reflect the real releaseAsciidoctor.js(instead ofAsciidoctor) in the HTML5<meta name="generator">and manpageGenerator:metadata, so the generated output identifies the JavaScript library and its version (e.g.Asciidoctor.js 4.0.1)<<Some section title>>) not resolving inside list items, description list items and table cells — they rendered as<a href="#Some section title">[Some section title]</a>instead of linking to the section’s generated ID. Unlike paragraph text (substituted lazily during conversion, after the reftext→id map is built), list/cell/dlist text is pre-computed eagerly in_resolveAllTexts, which ran before the map existed; the synchronousresolveIdfallback then matched against the rawreftextattribute rather than the computedxreftext(a section’s title), so the lookup failed. Text pre-computation now runs in two passes — titles and reftexts first, then the reftext→id map is built, then list/cell/dlist content text — restoring Ruby’s invariant that all references are known before any content substitution resolves a natural cross-reference#2, e.g.converter.outfilesuffix = '.html') being silently overwritten with accessor functions after the first conversion — normalizing the converter applied theBackendTraitsmixin, which installed same-named accessor methods on the instance, clobbering the author’s strings. Code readingconverter.outfilesuffixthen got a function instead of.html(and only after normalization, so the value’s type changed mid-lifecycle).applyBackendTraitsno longer overwrites an existing same-named data property, andDocumentreads backend traits through_getBackendTraits()rather than the accessor methods, so flat string properties stay strings throughout.jstemplate in a"type": "module"(ESM) project crashed withtemplate.render is not a function, and.mjstemplates were silently ignored (the extension was not even recognised). The template loader used a CommonJSrequire()for.js/.cjsfiles, which returned the ESM namespace object (not the render function) for ESM.jsfiles and did not handle.mjsat all..jsand.mjstemplates are now loaded with a dynamicimport()(which Node resolves as either ESM or CommonJS) and the render function is taken from the module’s default export, so all combinations of extension (.js,.cjs,.mjs) and module format (ESM or CommonJS) work. The same loading is applied to the optionalhelpersfile (helpers.js/helpers.cjs/helpers.mjs), which can now also be an ES modulev4.0.1Compare Source
Summary
Release meta
Released on: 2026-07-01
Released by: github-actions[bot]
Published by: GitHub
Logs: full diff
Changelog
Bug Fixes
:reassigned: one…:reassigned: two) must resolve to the value in scope at each reference (Ruby rendersonethentwo), but every reference rendered the last value when any content preceded the entries (including a document header). The parser reset the shared block-attributes object between blocks withObject.keys(...), which skips theSymbol-keyedATTR_ENTRIES_KEY, so the array ofAttributeEntryobjects leaked and accumulated across blocks; each block’s attribute-entry playback then replayed every assignment. The reset now usesReflect.ownKeys(...)so the entries are cleared too:x: 1…* item {x}…:x: 2…* item {x}) — unlike paragraph content (resolved lazily during conversion with attribute-entry playback), list item and table cell text is pre-computed eagerly afterrestoreAttributes()reverted the document to its header state, so body-level attributes were out of scope and rendered as unresolved ({x}) or with the wrong value._resolveAllTextsnow replays each block’s attribute entries in document order (mirroringAbstractBlock#convert) while pre-computing, then restores the header state. In addition, a block carrying onlySymbol-keyed attribute entries (an:attr:entry immediately preceding a list or table) now still receives them — the parser’s transfer guard usedObject.keys(...).length(0 for entry-only attributes) instead ofReflect.ownKeys(...).length, matching Ruby’sattributes.empty?where:attribute_entriesis countedsource_locationon log messages emitted through the reader/preprocessor path (e.g.include file not found,unterminated <type> block, unterminated preprocessor conditionals) — these were logged as a plain string with the cursor baked into the text as a"<path>: line <N>: "prefix, somessage.getSourceLocation()returnednull(regression from 2.x). The reader now logs an auto-formatting message that keeps the cursor as a structuredsource_location, sogetSourceLocation()(getFile()/getLineNumber()) is populated again andgetText()stays clean; the stderrLoggerstill renders the"<path>: line <N>: "prefix. This restores line-anchored diagnostics for downstream tooling (IDE integrations, linters, CI annotations)allow-uri-readnot being recognised when declared with an empty value (e.g.allow-uri-read=orattributes: { 'allow-uri-read': '' }) — include resolution checked the attribute’s truthiness viagetAttribute, but ’'is falsy in JavaScript while Asciidoctor treats the mere presence of an attribute as enabled; the include reader (Node and browser modes) now checks presence viahasAttribute, matching Ruby’sattr?` semanticsasyncsubstitutor methods —applySubs,subQuotes,subMacros,subPostReplacements,subSource,subCallouts,highlightSource,restorePassthroughsandparseAttributesare allasyncbut their JSDoc@returnsdeclared the unwrapped type (e.g.string), so the emitted.d.tsadvertisedstringinstead ofPromise<string>; callers following the types could concatenate the returned Promise and produce[object Promise]. The JSDoc now declaresPromise<…>and the.d.tswas regeneratedImprovements
MemoryLogger#getMessages()— it previously returnedany[]; theLogMessagewrapper class is now exported andgetMessages()is declared to returnLogMessage[], so consumers get typedgetSeverity()(string),getText()(string) andgetSourceLocation()(Cursor | undefined) accessors. The wrapper’s internal_text/_sourceLocationfields were renamed to publictext/sourceLocationproperties (consistent withseverity), providing dual property/getter accessdocker/build-push-action (docker/build-push-action)
v7.3.0Compare Source
docker/login-action (docker/login-action)
v4.4.0Compare Source
v4.3.0Compare Source
Full Changelog: docker/login-action@v4.2.0...v4.3.0
docker/metadata-action (docker/metadata-action)
v6.2.0Compare Source
docker/setup-buildx-action (docker/setup-buildx-action)
v4.2.0Compare Source
Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0
eslint/eslint (eslint)
v10.7.0Compare Source
Features
cf2a9bffeat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)f8b873afeat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)557fde8feat: support computedNumber.parseIntmember access inradixrule (#21041) (Pixel)0b4a73bfeat: add suggestions to no-compare-neg-zero (#21034) (den$)96cdd42feat: report invalid signed numeric radix values inradixrule (#21030) (Pixel)Bug Fixes
3e7bf15fix: applyignoreClassesWithImplementsto class expressions (#21069) (Pixel)0d7d70cfix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)75ec753fix: handle static template literals ineqeqeqrule (#21058) (Pixel)b717a22fix: preventeqeqeqnull option from reporting non-equality operators (#21057) (Pixel)e35b05ffix: avoidno-invalid-regexpfalse positive for shadowed RegExp (#21051) (Pixel)a3172b6fix: avoidno-control-regexfalse positive for shadowed RegExp (#21050) (Pixel)d1f637efix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)8859baffix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)a9e5961fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)8a240a7fix: avoid false positives inradixrule for spread arguments (#21044) (Pixel)Documentation
c30d808docs: Update README (GitHub Actions Bot)5139800docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)04174cbdocs: Update README (GitHub Actions Bot)026e130docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)9d42fefdocs: Update README (GitHub Actions Bot)b230159docs: Update README (GitHub Actions Bot)0129972docs: correct**/.jsglob to**/*.jsin config files guide (#21036) (EduardF1)Chores
9489379chore: update dependency @eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])81a4774chore: updates for v9.39.5 release (Jenkins)9835414chore: enable$ExpectTypeannotations in all TypeScript files (#21071) (Francesco Trotta)72adf6bchore: restrictmarkdownlint-cli2updates in renovate (#21067) (lumir)833ec10chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])7ea106dchore: update ecosystem plugins (#21059) (ESLint Bot)8fb550echore: add prettier update commit to.git-blame-ignore-revs(#21056) (lumir)e4e1166chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])0493f53chore: update prettier to v3.9.0 (#21054) (Pixel)1056a99chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])4d4155dci: run ecosystem tests on pull requests (#21027) (sethamus)993539fchore: update dependency @eslint/json to ^2.0.1 (#21042) (renovate[bot])53f8b69test: add error locations tono-constant-binary-expression(#21039) (lumir)5ab71d5refactor: clean up radix rule internals (#21015) (Pixel)a80a9a4chore: update ecosystem plugins (#21035) (ESLint Bot)7c9a029ci: add Node.js 26 to CI (#20847) (lumir)prettier/prettier (prettier)
v3.9.5Compare Source
diff
Markdown: Cap ordered list mark at 999,999,999 (#19351 by @tats-u)
CommonMark parsers only support ordered list item numbers up to 999,999,999.
With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:
Markdown: Avoid corrupting empty link with title (#19487 by @andersk)
Do not remove
<>from an inline link or image with an empty URL and a title, as this removal would change its interpretation.Less: Remove extra spaces after
[in map lookups (#19503 by @kovsu)CSS: Prevent addition space in
type()with+(#19516 by @bigandy)This fixes the addition space before
+in CSStype()declaration. For exampletype(<number>+)was being converted intotype(<number> +)which is invalid CSS and does not work.Less: Remove spaces between merge markers and colons (#19517 by @kovsu)
Markdown: Preserve wiki links with aliases (#19527 by @kovsu)
TypeScript: Fix comments being dropped on shorthand
typeimport/export specifiers (#19565 by @kirkwaiblinger)Miscellaneous: Preserving comments'
placementproperty (#19567 by @Janther)Prettier@3.9.0 deleted an undocumented property on comments, which was already used by plugins,
comment.placementis now available again after comment attach.Flow: Stop enforcing empty module declaration to break (#19568 by @fisker)
Angular: Support expression for exhaustive typechecking (#19571 by @fisker)
TypeScript: Ignore comments inside mapped type when checking type parameter comments (#19572 by @fisker)
Less: Fix adjacent block comments being corrupted (#19574 by @kovsu)
JavaScript: Handle dangling comments in
SwitchStatement(#19581 by @fisker)TypeScript: Remove space in comment-only object type (#19583 by @fisker)
typescript-eslint/typescript-eslint (typescript-eslint)
v8.63.0Compare Source
This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
vitejs/vite (vite)
v8.1.4Compare Source
Features
Bug Fixes
import.meta.urlin preload function as-is (#22839) (f1f90ed)Documentation
@defaultforserver.cors(#22859) (70435b2)Miscellaneous Chores
Code Refactoring
Tests
Build System
onwarnwithonLog(#22741) (c581b55)v8.1.3Compare Source
Bug Fixes
es-module-lexerto 2.3.0 (#22838) (7103c3a)v8.1.2Compare Source
Bug Fixes
v8.1.1Compare Source
Features
Bug Fixes
import.meta.hot.invalidate()(#22797) (709eb8e)@importurls with lightningcss (#22718) (9fa7ab4)Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.