Update all non-major dependencies

Open renovate[bot] opened this issue 1 year ago • 4 comments

This PR contains the following updates:

Package	Change	Type	Update
chai (source)	`4.4.1` -> `4.5.0`	devDependencies	minor
eslint (source)	`8.57.0` -> `8.57.1`	devDependencies	patch
eslint-config-prettier	`9.1.0` -> `9.1.2`	devDependencies	patch
fs-extra	`11.2.0` -> `11.3.2`	devDependencies	minor
js-yaml	`4.1.0` -> `4.1.1`	dependencies	patch
loglevel	`1.9.1` -> `1.9.2`	dependencies	patch
mocha (source)	`10.3.0` -> `10.8.2`	devDependencies	minor
node (source)	`20.11.1` -> `20.19.5`		minor
prettier (source)	`3.2.5` -> `3.6.2`	devDependencies	minor

Release Notes

chaijs/chai (chai)

`v4.5.0`

Compare Source

Update type detect (#1631) 1a36d35

What's Changed

Update type detect by @koddsson in #1631

Full Changelog: https://github.com/chaijs/chai/compare/v4.4.1...v4.5.0

eslint/eslint (eslint)

`v8.57.1`

Compare Source

Bug Fixes

a19072f fix: add logic to handle fixTypes in the lintText() method (#18900) (Francesco Trotta)
04c7188 fix: Don't lint same file multiple times (#18899) (Francesco Trotta)
87ec3c4 fix: do not throw when defining a global named __defineSetter__ (#18898) (Francesco Trotta)
60a1267 fix: Provide helpful error message for nullish configs (#18889) (Milos Djermanovic)
a0dea8e fix: allow name in global ignores, fix --no-ignore for non-global (#18875) (Milos Djermanovic)
3836bb4 fix: do not crash on error in fs.walk filter (#18886) (Milos Djermanovic)
2dec349 fix: skip processor code blocks that match only universal patterns (#18880) (Milos Djermanovic)

Documentation

6a5add4 docs: v8.x Add EOL banner (#18744) (Amaresh S M)
b034575 docs: v8.x add version support page to the dropdown (#18731) (Amaresh S M)
760ef7d docs: v8.x add version support page in the side navbar (#18740) (Amaresh S M)
428b7ea docs: Add Powered by Algolia label to the search (#18658) (Amaresh S M)
c68c07f docs: version selectors synchronization (#18265) (Milos Djermanovic)

Build Related

35d366a build: Support updates to previous major versions (#18870) (Milos Djermanovic)

Chores

140ec45 chore: upgrade @eslint/js@8.57.1 (#18913) (Milos Djermanovic)
bcdfc04 chore: package.json update for @eslint/js release (Jenkins)
3f6ce8d chore: pin vite-plugin-commonjs@0.10.1 (#18910) (Milos Djermanovic)
9f07549 chore: ignore /docs/v8.x in link checker (#18660) (Milos Djermanovic)

prettier/eslint-config-prettier (eslint-config-prettier)

`v9.1.2`

Compare Source

jprichardson/node-fs-extra (fs-extra)

`v11.3.2`

Compare Source

Fix spurrious UnhandledPromiseRejectionWarning that could occur when calling .copy() in some cases (#1056, #1058)

`v11.3.1`

Compare Source

Fix case where move/moveSync could incorrectly think files are identical on Windows (#1050)

`v11.3.0`

Compare Source

Add promise support for newer fs methods (#1044, #1045)
Use fs.opendir in copy()/copySync() for better perf/scalability (#972, #1028)

nodeca/js-yaml (js-yaml)

`v4.1.1`

Compare Source

Security

Fix prototype pollution issue in yaml merge (<<) operator.

pimterry/loglevel (loglevel)

`v1.9.2`

Compare Source

mochajs/mocha (mocha)

`v10.8.2`

Compare Source

🩹 Fixes

support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
test link in html reporter (#5224) (f054acc)

📚 Documentation

indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

deps: bump the github-actions group with 1 update (#5132) (e536ab2)

`v10.8.1`

Compare Source

🩹 Fixes

handle case of invalid package.json with no explicit config (#5198) (f72bc17)
Typos on mochajs.org (#5237) (d8ca270)
use accurate test links in HTML reporter (#5228) (68803b6)

`v10.8.0`

Compare Source

🌟 Features

highlight browser failures (#5222) (8ff4845)

🩹 Fixes

remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

add SECURITY.md pointing to Tidelift (#5210) (bd7e63a)
adopt Collective Funds Guidelines 0.1 (#5199) (2b03d86)
update README, LICENSE and fix outdated (#5197) (1203e0e)

🧹 Chores

fix npm scripts on windows (#5219) (1173da0)
remove trailing whitespace in SECURITY.md (7563e59)

`v10.7.3`

Compare Source

🩹 Fixes

make release-please build work (#5194) (afd66ef)

`v10.7.0`

Compare Source

:tada: Enhancements

#4771 feat: add option to not fail on failing test suite (@ilgonmic)

`v10.6.1`

Compare Source

:bug: Fixes

#3825 fix: do not exit when only unref'd timer is present in test code (@boneskull)
#5040 fix: support canonical module (@JacobLey)

`v10.6.0`

Compare Source

:tada: Enhancements

#5150 feat: allow ^ versions for character encoding packages (@JoshuaKGoldberg)
#5151 feat: allow ^ versions for file matching packages (@JoshuaKGoldberg)
#5152 feat: allow ^ versions for yargs packages (@JoshuaKGoldberg)
#5153 feat: allow ^ versions for data serialization packages (@JoshuaKGoldberg)
#5154 feat: allow ^ versions for miscellaneous packages (@JoshuaKGoldberg)

`v10.5.2`

Compare Source

:bug: Fixes

#5032 fix: better tracking of seen objects in error serialization (@sam-super)

`v10.5.1`

Compare Source

:bug: Fixes

#5086 fix: Add error handling for nonexistent file case with --file option (@khoaHyh)

`v10.5.0`

Compare Source

:tada: Enhancements

#5015 feat: use <progress> and <svg> for browser progress indicator instead of <canvas> (@yourWaifu)
#5143 feat: allow using any 3.x chokidar dependencies (@simhnna)
#4835 feat: add MOCHA_OPTIONS env variable (@icholy)

:bug: Fixes

#5107 fix: include stack in browser uncaught error reporting (@JoshuaKGoldberg)

:nut_and_bolt: Other

#5110 chore: switch two-column list styles to be opt-in (@marjys)
#5135 chore: fix some typos in comments (@StevenMia)
#5130 chore: rename 'master' to 'main' in docs and tooling (@JoshuaKGoldberg)

`v10.4.0`

Compare Source

:tada: Enhancements

#4829 feat: include .cause stacks in the error stack traces (@voxpelli)
#4985 feat: add file path to xunit reporter (@bmish)

:bug: Fixes

#5074 fix: harden error handling in lib/cli/run.js (@stalet)

:nut_and_bolt: Other

#5077 chore: add mtfoley/pr-compliance-action (@JoshuaKGoldberg)
#5060 chore: migrate ESLint config to flat config (@JoshuaKGoldberg)
#5095 chore: revert #5069 to restore Netlify builds (@voxpelli)
#5097 docs: add sponsored to sponsorship link rels (@JoshuaKGoldberg)
#5093 chore: add 'status: in triage' label to issue templates and docs (@JoshuaKGoldberg)
#5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@JoshuaKGoldberg)
#5100 chore: fix header generation and production build crashes (@JoshuaKGoldberg)
#5104 chore: bump ESLint ecmaVersion to 2020 (@JoshuaKGoldberg)
#5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@LcsK)
#4869 docs: fix documentation concerning glob expansion on UNIX (@binki)
#5122 test: fix xunit integration test (@voxpelli)
#5123 chore: activate dependabot for workflows (@voxpelli)
#5125 build(deps): bump the github-actions group with 2 updates (@dependabot)

nodejs/node (node)

`v20.19.5`: 2025-09-03, Version 20.19.5 'Iron' (LTS), @marco-ippolito

Compare Source

Notable Changes

[f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #58355
[4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308
[d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #58499
[3c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241

Commits

[ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #58270
[c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #58171
[d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #58867
[84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #58213
[068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #58942
[edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #57498
[0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #58628
[1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #57768
[0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655
[a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335
[cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #57335
[82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #57180
[43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #56855
[91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566
[b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #58711
[ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382
[142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #58712
[fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144
[c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #57386
[cded8e7e77] - dns: fix parse memory leaky (theanarkh) #58973
[182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #58404
[621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449
[b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426
[f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #58355
[4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308
[530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #58911
[38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #57318
[d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309
[d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #58499
[8c3bc156ed] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #57073
[e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #56835
[e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #57219
[026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #57183
[3c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241
[ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #57076
[1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607
[b73a1356ce] - doc: add module namespace object links (Dario Piotrowicz) #57093
[09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #57092
[2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090
[cd8259cb4e] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #57046
[7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #57091
[14fcfc242b] - doc: add a note about require('../common') in testing documentation (Aditi) #56953
[bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028
[acd4d7f269] - doc: improve documentation on argument validation (Aditi) #56954
[4cd6b3ca73] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #57015
[01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #57004
[77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #56907
[77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #56539
[73e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #55947
[9a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #55791
[04d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #58982
[959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291
[8757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #58877
[6fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #58477
[9991788e4a] - http: coerce content-length to number (Marco Ippolito) #57458
[ff5cf8a428] - http2: fix check for frame->hd.type (hanguanqiang) #57644
[2f333b6c51] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #56299
[cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #56299
[faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #57177
[a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #58916
[b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #58551
[2c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #58550
[4095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #58108
[631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #58456
[7d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #58110
[1558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #58106
[e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #58356
[1b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #58111
[2b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #58107
[833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #57966
[c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #57718
[9046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #57717
[46388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #57715
[d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #57714
[47004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #57713
[4abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #57503
[45e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #57537
[d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #57483
[704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #57443
[3f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #57257
[7e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #57253
[8d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #57292
[cc2abb5d17] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #57259
[4fad2b8758] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #57256
[5f5bb8b986] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #57255
[e949359a56] - meta: bump actions/setup-python from 5.3.0 to 5.4.0 (dependabot[bot]) #56867
[d3c5ad7510] - meta: bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (dependabot[bot]) #56866
[56decfe2d1] - meta: bump codecov/codecov-action from 5.0.7 to 5.3.1 (dependabot[bot]) #56864
[52e518444d] - meta: bump actions/cache from 4.1.2 to 4.2.0 (dependabot[bot]) #56862
[9cac93d9c3] - meta: bump actions/stale from 9.0.0 to 9.1.0 (dependabot[bot]) #56860
[ecf4252f7c] - meta: update last name for jkrems (Jan Martin) #57006
[e8beaaaedf] - meta: bump actions/upload-artifact from 4.4.3 to 4.6.0 (dependabot[bot]) #56861
[5462c257f8] - meta: bump actions/setup-node from 4.1.0 to 4.2.0 (dependabot[bot]) #56868
[89c37891a0] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #56889
[2a0175c291] - meta: add @nodejs/url as codeowner (Chengzhong Wu) #56783
[c12aae1e78] - meta: bump github/codeql-action from 3.28.18 to 3.29.2 (dependabot[bot]) #58922
[4ef09990f1] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #58552
[889654eb2c] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #58112
[091e5c1bb9] - meta: bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot]) #57716
[01415153de] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #57254
[72ea8aac34] - meta: bump github/codeql-action from 3.27.5 to 3.28.8 (dependabot[bot]) #56859
[99a271e588] - meta: bump step-security/harden-runner from 2.12.0 to 2.12.2 (dependabot[bot]) #58923
[b4c4c02490] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #58109
[5361bb9157] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #57258
[28e33acf30] - meta: bump step-security/harden-runner from 2.10.2 to 2.10.4 (dependabot[bot]) #56863
[fad773cede] - module: throw error when re-runing errored module jobs (Joyee Cheung) #58957
[2531185423] - module: allow cycles in require() in the CJS handling in ESM loader (Joyee Cheung) #58598
[ed43b69689] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #56491
[6e02db1b12] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #58067
[badba50d30] - module: fix incorrect formatting in require(esm) cycle error message (haykam821) #57453
[939ecf8906] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #57187
[ba7f8a0353] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #57126
[c1e7fa2586] - module: handle .mjs in .js handler in CommonJS (Joyee Cheung) #55590
[41f3dfd21b] - module: fix require.resolve() crash on non-string paths (Aditi) #56942
[043dcdd628] - os: fix GetInterfaceAddresses memory lieaky (theanarkh) #58940
[9b74e9bfd9] - permission: ignore internalModuleStat on module loading (Rafael Gonzaga) #55797
[611a147b45] - readline: fix unresolved promise on abortion (Daniel Venable) #54030
[f891ae3421] - repl: avoid deprecated require.extensions in tab completion (baki gul) #58653
[7ba44290bf] - repl: fix tab completion not working with computer string properties (Dario Piotrowicz) #58709
[eb842048b2] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #57126
[4f004937ec] - src: fixup errorhandling more in various places (James M Snell) #57852
[5daa7fe2e2] - src: fix module buffer allocation (X-BW) #57738
[586b1be11b] - src: fix build when using shared simdutf (Antoine du Hamel) #58407
[563e61f012] - src: fix possible dereference of null pointer (Eusgor) #58459
[cbec07ea0b] - src: fix FIPS init error handling (Tobias Nießen) #58379
[80fb80e71b] - src: fix -Wunreachable-code in src/node_api.cc (Shelley Vohr) #58901
[5e97719860] - test: skip test-http-imports on macos (Marco Ippolito) #59745
[69c43bdfcc] - test: fix internet/test-dns (Michaël Zasso) #59660
[6fd58e0338] - tools: update coverage GitHub Actions to fixed version (Rich Trott) #59512
[eb7bbce73e] - tools: disable failing coverage jobs (Antoine du Hamel) #58770
[65b1669936] - util: fix formatting of objects with built-in Symbol.toPrimitive (Shima Ryuhei) #57832
[8a29f13bec] - util: fix parseEnv incorrectly splitting multiple ‘=‘ in value (HEESEUNG) #57421
[077d5020c4] - v8: fix missing callback in heap utils destroy (Ruben Bridgewater) #58846
[34ae9f8b18] - vm: import call should return a promise in the current context (Chengzhong Wu) #58309
[0dd3a8d6d1] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #58902
[1b83a2bd2d] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #58371
[9dc9604502] - zlib: fix pointer alignment (jhofstee) #57727

`v20.19.4`: 2025-07-15, Version 20.19.4 'Iron' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

(CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

Commits

[db7b93fcef] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721

`v20.19.3`: 2025-06-23, Version 20.19.3 'Iron' (LTS), @marco-ippolito

Compare Source

Notable Changes

[c535a3c483] - crypto: graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142
[[af1dc63815](https://redirect.github.com/nodejs/node/co