Skip to content

fix(deps): update npm non-breaking updates #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(deps): update npm non-breaking updates #8

renovate wants to merge 2 commits into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Nov 19, 2025
edited
Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@commitlint/config-conventional (source) ^20.2.0^20.3.0 age confidence devDependencies minor
@ng-catbee/monaco-editor (source) ^21.0.1^21.0.3 age confidence devDependencies patch
@typescript-eslint/parser (source) ^8.50.0^8.51.0 age confidence devDependencies minor
node (source) >=18.0>=18.20.8 age confidence engines minor
sass ^1.97.0^1.97.1 age confidence dependencies patch
typescript-eslint (source) ^8.50.0^8.51.0 age confidence devDependencies minor

Release Notes

conventional-changelog/commitlint (@​commitlint/config-conventional)

v20.3.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

catbee-technologies/ng-catbee (@​ng-catbee/monaco-editor)

v21.0.3

Compare Source

v21.0.2

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.51.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.50.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

nodejs/node (node)

v18.20.8: 2025-03-27, Version 18.20.8 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release updates OpenSSL to 3.0.16 and root certificates to NSS 3.108.

Commits

v18.20.7: 2025-02-20, Version 18.20.7 'Hydrogen' (LTS), @​aduh95

Compare Source

Notable Changes
Commits

v18.20.6: 2025-01-21, Version 18.20.6 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits

v18.20.5: 2024-11-12, Version 18.20.5 'Hydrogen' (LTS), @​aduh95

Compare Source

Notable Changes
  • [ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333
Commits

v18.20.4: 2024-07-08, Version 18.20.4 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
Commits

v18.20.3: 2024-05-21, Version 18.20.3 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
  • acorn updated to 8.11.3.
  • acorn-walk updated to 8.3.2.
  • ada updated to 2.7.8.
  • c-ares updated to 1.28.1.
  • corepack updated to 0.28.0.
  • nghttp2 updated to 1.61.0.
  • ngtcp2 updated to 1.3.0.
  • npm updated to 10.7.0. Includes a fix from npm@​10.5.1 to limit the number of open connections npm/cli#7324.
  • simdutf updated to 5.2.4.
  • zlib updated to 1.3.0.1-motley-7d77fb7.
Commits

v18.20.2: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Commits

v18.20.1: 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
  • CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
  • llhttp version 9.2.1
  • undici version 5.28.4
Commits

v18.20.0: 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes
Added support for import attributes

Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax available
across all currently supported Node.js release lines.

This adds the with keyword which should be used in place of the previous
assert keyword, which will be removed in a future semver-major Node.js
release.

For example,

import "foo" assert { ... }

should be replaced with

import "foo" with { ... }

For more details, see

Contributed by Nicolò Ribaudo in #​51136
and Antoine du Hamel in #​50140.

Doc deprecation for dirent.path

Please use newly added dirent.parentPath instead.

Contributed by Antoine du Hamel in #​50976
and #​51020.

Experimental node-api feature flags

Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called node_api_nogc_env has been introduced as the const version
of napi_env and node_api_nogc_finalize as a variant of napi_finalize that
accepts a node_api_nogc_env as its first argument.

This feature can be turned off by defining
NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT.

Contributed by Gabriel Schulhof in #​50060.

Root certificates updated to NSS 3.98

Certificates added:

  • Telekom Security TLS ECC Root 2020
  • Telekom Security TLS RSA Root 2023

Certificates removed:

  • Security Communication Root CA
Updated dependencies
  • ada updated to 2.7.6.
  • base64 updated to 0.5.2.
  • c-ares updated to 1.27.0.
  • corepack updated to 0.25.2.
  • ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
  • npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
  • simdutf8 updated to 4.0.8.
  • Timezone updated to 2024a.
  • zlib updated to 1.3.0.1-motley-40e35a7.
vm: fix V8 compilation cache support for vm.Script

Previously repeated compilation of the same source code using vm.Script
stopped hitting the V8 compilation cache after v16.x when support for
importModuleDynamically was added to vm.Script, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.

The recent fixes allow the compilation cache to be hit again
for vm.Script when --experimental-vm-modules is not used even in the
presence of the importModuleDynamically option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for vm.CompileFunction.

Contributed by Joyee Cheung in #​49950
and #​50137.

Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner November 19, 2025 08:17
@vercel
Copy link

vercel bot commented Nov 19, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
catbee-docs Ready Ready Preview Jan 2, 2026 11:20am

@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 1c80dce to a41d52b Compare November 19, 2025 10:40
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from a41d52b to adeaece Compare November 19, 2025 10:45
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from adeaece to cb39f6e Compare November 19, 2025 10:51
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from cb39f6e to 41c63ea Compare November 20, 2025 11:46
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 41c63ea to f8521cd Compare November 23, 2025 11:40
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from f8521cd to 308c7fe Compare November 23, 2025 11:44
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 308c7fe to 4e89cc6 Compare November 24, 2025 19:48
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 4e89cc6 to 034bb75 Compare November 25, 2025 20:12
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 034bb75 to 9a4b05f Compare November 28, 2025 08:03
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 0b21a2c to c4e91d5 Compare December 20, 2025 15:35
@github-actions github-actions bot added size/S and removed size/XS labels Dec 20, 2025
@renovate renovate bot changed the title chore(deps): update node.js to >=18.20.8 fix(deps): update npm non-breaking updates Dec 20, 2025
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from c4e91d5 to 67607fd Compare December 21, 2025 10:49
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 67607fd to 628f20b Compare December 22, 2025 16:30
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 628f20b to cdfaf64 Compare December 23, 2025 19:33
@github-actions github-actions bot added size/L and removed size/S labels Dec 23, 2025
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from cdfaf64 to 0a266f5 Compare December 25, 2025 07:04
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 0a266f5 to 3280515 Compare December 26, 2025 11:02
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 3280515 to ab43f11 Compare December 30, 2025 07:35
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from ab43f11 to 9b59857 Compare January 1, 2026 11:49
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from 9b59857 to b1e83a5 Compare January 2, 2026 07:49
@renovate renovate bot force-pushed the dependency/npm-non-breaking-updates branch from b1e83a5 to a2c3ee8 Compare January 2, 2026 11:19
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 2, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate
Copy link
Author

renovate bot commented Jan 2, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependency renovate size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cyber-hari