fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
crate-ci/typos	action	minor	v1.33.1 -> v1.34.0
github/codeql-action	action	patch	v3.29.0 -> v3.29.2
node (source)		minor	22.16.0 -> 22.17.0
pnp (source)	dependencies	minor	0.9.4 -> 0.11.0
pnpm (source)	packageManager	patch	10.12.3 -> 10.12.4
taiki-e/install-action	action	minor	v2.54.0 -> v2.56.0

---

Release Notes

crate-ci/typos (crate-ci/typos)

v1.34.0

Compare Source

github/codeql-action (github/codeql-action)

v3.29.2

Compare Source

v3.29.1

Compare Source

nodejs/node (node)

v22.17.0: 2025-06-24, Version 22.17.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes

⚠️ Deprecations

Instantiating node:http classes without new

Constructing classes like IncomingMessage or ServerResponse without the new
keyword is now discouraged. This clarifies API expectations and aligns with standard
JavaScript behavior. It may warn or error in future versions.

Contributed by Yagiz Nizipli in #​58518.

options.shell = "" in node:child_process

Using an empty string for shell previously had undefined behavior. This change
encourages explicit choices (e.g., shell: true or a shell path) and avoids
relying on implementation quirks.

Contributed by Antoine du Hamel and Renegade334 #​58564.

HTTP/2 priority signaling

The HTTP/2 prioritization API (e.g., stream.priority) is now deprecated due to
poor real-world support. Applications should avoid using priority hints and expect future removal.

Contributed by Matteo Collina and Antoine du Hamel #​58313.

✅ Features graduated to stable

assert.partialDeepStrictEqual()

This method compares only a subset of properties in deep object comparisons,
useful for flexible test assertions. Its stabilization means it's now safe for
general use and won't change unexpectedly in future releases.

Contributed by Ruben Bridgewater in #​57370.

Miscellaneous

• dirent.parentPath
• filehandle.readableWebStream()
• fs.glob()
• fs.openAsBlob()
• node:readline/promises
• port.hasRef()
• readable.compose()
• readable.iterator()
• readable.readableAborted
• readable.readableDidRead
• Duplex.fromWeb()
• Duplex.toWeb()
• Readable.fromWeb()
• Readable.isDisturbed()
• Readable.toWeb()
• stream.isErrored()
• stream.isReadable()
• URL.createObjectURL()
• URL.revokeObjectURL()
• v8.setHeapSnapshotNearHeapLimit()
• Writable.fromWeb()
• Writable.toWeb()
• writable.writableAborted
• Startup Snapshot API
• ERR_INPUT_TYPE_NOT_ALLOWED
• ERR_UNKNOWN_FILE_EXTENSION
• ERR_UNKNOWN_MODULE_FORMAT
• ERR_USE_AFTER_CLOSE

Contributed by James M Snell in
#​57513 and
#​58541.

Semver-minor features

🔧 fs.FileHandle.readableWebStream gets autoClose option

This gives developers explicit control over whether the file descriptor should
be closed when the stream ends. Helps avoid subtle resource leaks.

Contributed by James M Snell in #​58548.

🔧 fs.Dir now supports explicit resource management

This improves ergonomics around async iteration of directories. Developers can
now manually control when a directory is closed using .close() or with Symbol.asyncDispose.

Contributed by Antoine du Hamel in #​58206.

📊 http2 gains diagnostics channel: http2.server.stream.finish

Adds observability support for when a stream finishes. Useful for logging,
monitoring, and debugging HTTP/2 behavior without patching internals.

Contributed by Darshan Sen in #​58560.

🔐 Permissions: implicit allow-fs-read to entrypoint

Node.js permissions model now allows read access to the entry file by default.
It makes running permission-restricted apps smoother while preserving security.

Contributed by Rafael Gonzaga in #​58579.

🎨 util.styleText() adds 'none' style

This lets developers remove styling cleanly without hacks. Useful for overriding
inherited terminal styles when composing styled strings.

Contributed by James M Snell in #​58437.

🧑‍💻 Community updates

• [0105c13556] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [3b857735ef] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [fdf7612735] - doc: add puskin to collaborators (Giovanni Bucci) #​58308

Commits

• [ffe7e1ace0] - (SEMVER-MINOR) assert: mark partialDeepStrictEqual() as stable (Ruben Bridgewater) #​57370
• [269931f289] - async_hooks: ensure AsyncLocalStore instances work isolated (Gerhard Stöbich) #​58149
• [9e0746a4ff] - benchmark: fix broken fs.cpSync benchmark (Dario Piotrowicz) #​58472
• [dee8cb5bcb] - benchmark: add more options to cp-sync (Sonny) #​58278
• [e840fd5b85] - benchmark: fix typo in method name for error-stack (Miguel Marcondes Filho) #​58128
• [b9a16e97e0] - buffer: give names to Buffer.prototype.*Write() functions (Livia Medeiros) #​58258
• [d56a5e40af] - buffer: use constexpr where possible (Yagiz Nizipli) #​58141
• [215587feca] - build: add support for OpenHarmony operating system (hqzing) #​58350
• [9bcef6821c] - build: fix uvwasi pkgname (Antoine du Hamel) #​58270
• [7c3883c2ae] - build: search for libnode.so in multiple places (Jan Staněk) #​58213
• [3f954accb3] - build: fix pointer compression builds (Joyee Cheung) #​58171
• [04c8f59f84] - build: use FILE_OFFSET_BITS=64 esp. on 32-bit arch (RafaelGSS) #​58090
• [8c2cf3a372] - build: use //third_party/simdutf by default in GN (Shelley Vohr) #​58115
• [cff8006792] - child_process: give names to ChildProcess functions (Livia Medeiros) #​58370
• [6816d779b6] - child_process: give names to promisified exec() and execFile() (LiviaMedeiros) #​57916
• [5572cecca4] - crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL (Shelley Vohr) #​58387
• [d6aa02889c] - deps: use proper C standard when building libuv (Yaksh Bariya) #​58587
• [375a6413d5] - deps: update simdjson to 3.12.3 (Node.js GitHub Bot) #​57682
• [e0cd138e52] - deps: update googletest to e9092b1 (Node.js GitHub Bot) #​58565
• [31e592631f] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #​58566
• [386c24260b] - deps: update sqlite to 3.50.0 (Node.js GitHub Bot) #​58272
• [f84998d40b] - deps: update OpenSSL gen container to Ubuntu 22.04 (Michaël Zasso) #​58432
• [d49fd29859] - deps: update llhttp to 9.3.0 (Fedor Indutny) #​58144
• [e397980a1a] - deps: update libuv to 1.51.0 (Node.js GitHub Bot) #​58124
• [a28c33645c] - dns: fix dns query cache implementation (Ethan Arrowood) #​58404
• [6939b0c624] - doc: fix the order of process.md sections (Allon Murienik) #​58403
• [1ca253c363] - doc: add support link for panva (Filip Skokan) #​58591
• [8319edbcf6] - doc: update metadata for _transformState deprecation (James M Snell) #​58530
• [697d258136] - doc: deprecate passing an empty string to options.shell (Antoine du Hamel) #​58564
• [132fc804e8] - doc: correct formatting of example definitions for --test-shard (Jacob Smith) #​58571
• [7d0df646f6] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [1e6d7da0ce] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [5a917bc1d0] - doc: explain child_process code and signal null values everywhere (Darshan Sen) #​58479
• [0105c13556] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [2bdc87cd64] - doc: update git node release example (Antoine du Hamel) #​58475
• [28f9b43186] - doc: add missing options.info for ZstdOptions (Jimmy Leung) #​58360
• [e19496dfc1] - doc: add missing options.info for BrotliOptions (Jimmy Leung) #​58359
• [7f905863db] - doc: clarify x509.checkIssued only checks metadata (Filip Skokan) #​58457
• [5cc97df637] - doc: add links to parent class for node:zlib classes (Antoine du Hamel) #​58433
• [36e0d5539b] - doc: remove remaining uses of @@​wellknown syntax (René) #​58413
• [2f36f8e863] - doc: clarify behavior of --watch-path and --watch flags (Juan Ignacio Benito) #​58136
• [3b857735ef] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [9d5e969bb6] - doc: add latest security release steward (Rafael Gonzaga) #​58339
• [b22bb03167] - doc: fix CryptoKey.algorithm type and other interfaces in webcrypto.md (Filip Skokan) #​58294
• [670f31060b] - doc: mark the callback argument of crypto.generatePrime as mandatory (Allon Murienik) #​58299
• [39d9a61239] - doc: remove comma delimiter mention on permissions doc (Rafael Gonzaga) #​58297
• [573b0b7bfe] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [a5a686a3ae] - doc: update commit-queue documentation (Dario Piotrowicz) #​58275
• [fdf7612735] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [be492a1708] - doc: update stability status for diagnostics_channel to experimental (Idan Goshen) #​58261
• [7d00fc2206] - doc: clarify napi_get_value_string_* for bufsize 0 (Tobias Nießen) #​58158
• [c8500a2c4a] - doc: fix typo of file http.md, outgoingMessage.setTimeout section (yusheng chen) #​58188
• [34a9b856c3] - doc: update return types for eventNames method in EventEmitter (Yukihiro Hasegawa) #​58083
• [faedee59d2] - doc: fix typo in benchmark script path (Miguel Marcondes Filho) #​58129
• [570d8d3f10] - doc: clarify future Corepack removal in v25+ (Trivikram Kamat) #​57825
• [a71b9fc2ff] - doc: mark multiple APIs stable (James M Snell) #​57513
• [73a97d47f3] - doc,lib: update source map links to ECMA426 (Chengzhong Wu) #​58597
• [8b41429499] - doc,src,test: fix typos (Noritaka Kobayashi) #​58477
• [0cea14ec7f] - errors: show url of unsupported attributes in the error message (Aditi) #​58303
• [b9586bf898] - (SEMVER-MINOR) fs: add autoClose option to FileHandle readableWebStream (James M Snell) #​58548
• [72a1b061f3] - fs: unexpose internal constants (Chengzhong Wu) #​58327
• [5c36510dec] - fs: add support for URL for fs.glob's cwd option (Antoine du Hamel) #​58182
• [3642b0d944] - fs: improve cpSync no-filter copyDir performance (Dario Piotrowicz) #​58461
• [24865bc7e8] - fs: improve cpSync dest overriding performance (Dario Piotrowicz) #​58160
• [1b3847694d] - (SEMVER-MINOR) fs: add to Dir support for explicit resource management (Antoine du Hamel) #​58206
• [cff62e3265] - fs: ensure dir.read() does not throw synchronously (Antoine du Hamel) #​58228
• [cb39e4ca1f] - fs: glob is stable, so should not emit experimental warnings (Théo LUDWIG) #​58236
• [597bfefbe1] - http: deprecate instantiating classes without new (Yagiz Nizipli) #​58518
• [5298da0102] - http: remove unused functions and add todos (Yagiz Nizipli) #​58143
• [cff440e0fa] - http,https: give names to anonymous or misnamed functions (Livia Medeiros) #​58180
• [43bf1f619a] - http2: add raw header array support to h2Session.request() (Tim Perry) #​57917
• [e8a0f5b063] - http2: add lenient flag for RFC-9113 (Carlos Fuentes) #​58116
• [49cb90d4a5] - (SEMVER-MINOR) http2: add diagnostics channel 'http2.server.stream.finish' (Darshan Sen) #​58560
• [6a56c68728] - http2: add diagnostics channel 'http2.server.stream.error' (Darshan Sen) #​58512
• [59806b41d3] - http2: add diagnostics channel 'http2.server.stream.start' (Darshan Sen) #​58449
• [d3d662ae47] - http2: remove no longer userful options.selectPadding (Jimmy Leung) #​58373
• [dec6c9af8c] - http2: add diagnostics channel 'http2.server.stream.created' (Darshan Sen) #​58390
• [9e98899986] - http2: add diagnostics channel 'http2.client.stream.close' (Darshan Sen) #​58329
• [86610389d8] - http2: add diagnostics channel 'http2.client.stream.finish' (Darshan Sen) #​58317
• [2d3071671e] - http2: add diagnostics channel 'http2.client.stream.error' (Darshan Sen) #​58306
• [6c3e426d6f] - http2: add diagnostics channel 'http2.client.stream.start' (Darshan Sen) #​58292
• [b99d131a61] - http2: add diagnostics channel 'http2.client.stream.created' (Darshan Sen) #​58246
• [b0644330f5] - http2: give name to promisified connect() (LiviaMedeiros) #​57916
• [4092d3611a] - inspector: add mimeType and charset support to Network.Response (Shima Ryuhei) #​58192
• [d7d8599f7c] - inspector: add protocol method Network.dataReceived (Chengzhong Wu) #​58001
• [aabafbc28f] - inspector: support for worker inspection in chrome devtools (Shima Ryuhei) #​56759
• [20d978de9a] - lib: make ERM functions into wrappers returning undefined (Livia Medeiros) #​58400
• [13567eac5f] - (SEMVER-MINOR) lib: graduate error codes that have been around for years (James M Snell) #​58541
• [342b5a0d7a] - lib: remove no-mixed-operators eslint rule (Ruben Bridgewater) #​58375
• [af7baef75a] - lib: fix sourcemaps with ts module mocking (Marco Ippolito) #​58193
• [8f73f42d4e] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #​58552
• [5dfedbeb86] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #​58551
• [53c50f66f5] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #​58109
• [a1a7024831] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #​58550
• [a379988ef6] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #​58108
• [f6a46c87f2] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​58456
• [98b6aa0dcd] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #​58112
• [5202b262e3] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #​58110
• [d97616ac6e] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #​58106
• [f4065074cf] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #​58356
• [e6d1224e54] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #​58111
• [26da160ab2] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #​58107
• [4cc4195493] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #​58067
• [72fac71b92] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #​56491
• [fecd841c93] - net: always publish to 'net.client.socket' diagnostics channel (Darshan Sen) #​58349
• [25ee328d2b] - path: improve path.resolve() performance when used as process.cwd() (Ruben Bridgewater) #​58362
• [6fd1b23260] - permission: remove useless conditional (Juan José) #​58514
• [5b2cca51a3] - report: use uv_getrusage_thread in report (theanarkh) #​58405
• [63ec23e84b] - sqlite: add build option to build without sqlite (Michael Dawson) #​58122
• [9d8677bff5] - sqlite: handle thrown errors in result callback (Colin Ihrig) #​58426
• [3490c75760] - sqlite: set name and length on sqlite.backup() (Livia Medeiros) #​58251
• [50bdd94e0b] - src: update std::vector<v8::Local<T>> to use v8::LocalVector<T> (Aditi) #​58500
• [7de58417cc] - src: env_vars caching and local variable scope optimization (Mert Can Altin) #​57624
• [6d99ec33a4] - src: fix FIPS init error handling (Tobias Nießen) #​58379
• [4c23a9575e] - src: fix possible dereference of null pointer (Eusgor) #​58459
• [eb143e902b] - src: fix -Wreturn-stack-address error (Shelley Vohr) #​58439
• [31058b8785] - src: reorganize ContextifyFunction methods (Chengzhong Wu) #​58434
• [7521077299] - src: improve CompileFunctionAndCacheResult error handling (Chengzhong Wu) #​58434
• [0c9efccb12] - src: fix build when using shared simdutf (Antoine du Hamel) #​58407
• [aa00f5946f] - src: add a variant of ToV8Value() for primitive arrays (Aditi) #​57576
• [29a11506fc] - src: remove unused checkMessagePort internal binding (Dario Piotrowicz) #​58267
• [0ce3feed5b] - src: remove unused shouldRetryAsESM internal binding (Dario Piotrowicz) #​58265
• [517219613d] - src: add a couple fast apis in node_os (James M Snell) #​58210
• [3f834da09e] - src: fix module buffer allocation (X-BW) #​57738
• [a793706db0] - src: remove overzealous tcsetattr error check (Ben Noordhuis) #​58200
• [5656c74517] - src: remove NonCopyableMaybe (Tobias Nießen) #​58168
• [cab242334b] - src: improve parsing of boolean options (Edy Silva) #​58039
• [a5df778150] - src,lib: obtain sourceURL in magic comments from V8 (Chengzhong Wu) #​58389
• [bd6743b434] - src,permission: implicit allow-fs-read to app entrypoint (Rafael Gonzaga) #​58579
• [5bd99e4a4d] - stream: making DecompressionStream spec compilent for trailing junk (0hm☘️) #​58316
• [6582b19488] - test: reduce flakiness in test-heapdump-http2 (Joyee Cheung) #​58148
• [0f6a262744] - test: improve flakiness detection on stack corruption tests (Darshan Sen) #​58601
• [983affaea2] - test: mark timeouts & flaky test as flaky on IBM i (Abdirahim Musse) #​58583
• [3603362b6f] - test: rewrite test-child-process-spawn-args (Michaël Zasso) #​58546
• [93900b0c17] - test: make sqlite-database-sync tests work with system sqlite (Jelle Licht) #​58507
• [7d505f4185] - test: force slow JSON.stringify path for overflow (Shelley Vohr) #​58181
• [2e8570b8f9] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #​58478
• [1f1e194c0f] - test: update WPT for WebCryptoAPI to 591c95c (Node.js GitHub Bot) #​58176
• [d822632d91] - test: remove --no-warnings flag (Tobias Nießen) #​58424
• [01377713d7] - test: add tests ensuring worker threads cannot access internals (Joe) #​58332
• [99a20902fc] - test: leverage process.features.openssl_is_boringssl in test (Shelley Vohr) #​58421
• [b3e0cf1b15] - test: fix test-buffer-tostring-range on allocation failure (Joyee Cheung) #​58416
• [1d4b3451c5] - test: skip in test-buffer-tostring-rangeerror on allocation failure (Joyee Cheung) #​58415
• [612c393c71] - test: fix missing edge case in test-blob-slice-with-large-size (Joyee Cheung) #​58414
• [b11b9cdad8] - test: make crypto tests work with BoringSSL (Shelley Vohr) #​58117
• [99711ee548] - test: test reordering of setAAD and setAuthTag (Tobias Nießen) #​58396
• [828aaaa3f7] - test: switch from deprecated optparse to argparse (Aviv Keller) #​58224
• [9af305408e] - test: do not skip OCB decryption in FIPS mode (Tobias Nießen) #​58382
• [9527c876bf] - test: show more information in test-http2-debug upon failure (Joyee Cheung) #​58391
• [9be0601112] - test: remove loop over single element (Tobias Nießen) #​58368
• [40a03d3d14] - test: add chacha20-poly1305 to auth tag order test (Tobias Nießen) #​58367
• [cccb15df7e] - test: skip wasm-allocation tests for pointer compression builds (Joyee Cheung) #​58171
• [f18041ae8e] - test: remove references to create(De|C)ipher (Tobias Nießen) #​58363
• [ca8d66c1fc] - test: remove unnecessary console.log from test-repl-null-thrown (Dario Piotrowicz) #​58281
• [455372023d] - test: allow tmpDir.path to be modified (Aviv Keller) #​58173
• [1f1fab60c7] - test: fix executable flags (Livia Medeiros) #​58250
• [8bafc0f061] - test: deflake test-http2-client-socket-destroy (Luigi Pinca) #​58212
• [97aac9f17a] - test: skip test-buffer-tostring-rangeerror when low on memory (Ruben Bridgewater) #​58142
• [2896760da1] - test: mark test-http2-debug as flaky on LinuxONE (Richard Lau) #​58494
• [7327d14780] - test: reduce iteration count in test-child-process-stdout-flush-exit (Antoine du Hamel) #​58273
• [1bd7a2edf9] - test_runner: support mocking json modules (Jacob Smith) #​58007
• [a3877c53b1] - test_runner: add level parameter to reporter.diagnostic (Jacopo Martinelli) #​57923
• [253772c2d9] - tools: bump the eslint group in /tools/eslint with 6 updates (dependabot[bot]) #​58549
• [b7feda97b0] - tools: disable failing coverage jobs (Antoine du Hamel) #​58770
• [8a47096093] - tools: ignore deps/ and benchmark/ for CodeQL (Rafael Gonzaga) #​58254
• [70be158126] - tools: add read permission to workflows that read contents (Antoine du Hamel) #​58255
• [e4373be766] - tools: exclude deps/v8/tools from CodeQL scans (Rich Trott) #​58132
• [23ceb364d4] - tools: bump the eslint group in /tools/eslint with 6 updates (dependabot[bot]) #​58105
• [5b6ced3255] - tty: improve color terminal color detection (Ruben Bridgewater) #​58146
• [7be70979c6] - tty: use terminal VT mode on Windows (Anna Henningsen) #​58358
• [b7d7ffe793] - typings: add inspector internalBinding typing (Shima Ryuhei) #​58492
• [0056d1a2e2] - typings: remove no longer valid FixedSizeBlobCopyJob type (Dario Piotrowicz) #​58305
• [581c0738f9] - typings: remove no longer valid revokeDataObject type (Dario Piotrowicz) #​58305
• [1db1c870f0] - typings: add missing typings for TypedArray (Jason Zhang) #​58248
• [6d3f43c9a6] - url: improve performance of the format function (Giovanni Bucci) #​57099
• [54288bdb42] - (SEMVER-MINOR) util: add 'none' style to styleText (James M Snell) #​58437
• [6af5358f9c] - util: add internal assignFunctionName() function (LiviaMedeiros) #​57916
• [9f2e5aad38] - vm: import call should return a promise in the current context (Chengzhong Wu) #​58309
• [92304a5e62] - watch: fix watch args not being properly filtered (Dario Piotrowicz) #​58279
• [539df8e98d] - win,tools: use Azure Trusted Signing (Stefan Stojanovic) #​58502
• [ef66357637] - worker: give names to MessagePort functions (Livia Medeiros) #​58307
• [b3cd847528] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #​58371

yarnpkg/pnp-rs (pnp)

v0.11.0

Fixed

• fix windows failure (#​22)

Other

• add release-plz.yml (#​24)
• remove indexmap
• remove serde_with (#​32)
• remove the unused Serialize on PackageLocator (#​31)
• bump deps (#​30)
• use fxhash in zip data structures (#​28)
• remove the lazy_static crate (#​27)
• improve NODEJS_BUILTINS (#​26)
• remove unnecessary derive Serialize on Error (#​25)
• use fxhash (#​23)
• clippy::result_large_err for the Error type (#​21)
• run cargo clippy --fix + manual fixes (#​20)
• run cargo fmt (#​19)
• add cargo check and cargo test --all-features (#​18)
• add rust-toolchain.toml (#​17)
• disable more
• enable most tests on windows CI

pnpm/pnpm (pnpm)

v10.12.4

Compare Source

Patch Changes

• Fix pnpm licenses command for local dependencies #​9583.

• Fix a bug in which pnpm ls --filter=not-exist --json prints nothing instead of an empty array #​9672.

• Fix a deadlock that sometimes happens during peer dependency resolution #​9673.

• Running pnpm install after pnpm fetch should hoist all dependencies that need to be hoisted.
  Fixes a regression introduced in [v10.12.2] by [#​9648]; resolves [#​9689].

  [v10.12.2]: https://github.com/pnpm/pnpm/releases/tag/v10.12.2Add commentMore actions
  [#​9648]: https://github.com/pnpm/pnpm/pull/9648
  [#​9689]: https://github.com/pnpm/pnpm/issues/9689

taiki-e/install-action (taiki-e/install-action)

v2.56.0: 2.56.0

Compare Source

• Support coreutils. (#​1017, thanks @​jayvdb)

v2.55.4: 2.55.4

Compare Source

• Update trivy@latest to 0.64.0.

• Update just@latest to 1.41.0.

v2.55.3: 2.55.3

Compare Source

• Update dprint@latest to 0.50.1.

v2.55.2: 2.55.2

Compare Source

• Update zizmor@latest to 1.11.0.

• Update cargo-dinghy@latest to 0.8.1.

v2.55.1: 2.55.1

Compare Source

• Update vacuum@latest to 0.17.1.

• Update typos@latest to 1.34.0.

v2.55.0: 2.55.0

Compare Source

• Support vacuum. (#​1016, thanks @​jayvdb)

• Update cargo-shear@latest to 1.3.2.

v2.54.3: 2.54.3

Compare Source

• Update cargo-careful@latest to 0.4.8.

v2.54.2: 2.54.2

Compare Source

• Update rclone@latest to 1.70.2.

• Update zizmor@latest to 1.10.0.

v2.54.1: 2.54.1

Compare Source

• Update wasmtime@latest to 34.0.1.

• Update cargo-tarpaulin@latest to 0.32.8.

• Update knope@latest to 0.21.0.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 1db9b41 in 53 seconds. Click for details.

• Reviewed 155 lines of code in 6 files
• Skipped 0 files when reviewing.
• Skipped posting 6 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/ci.yml:63

• Draft comment:
  Updated the typos action from v1.33.1 to v1.34.0 (commit 392b78fe18a52790c53f42456e46124f77346842). This change correctly pins the action revision. Please verify that any changes in typos' behavior are acceptable.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is about a dependency change, specifically updating a version of an action. It asks the PR author to verify changes in behavior, which is against the rules. The comment does not provide a specific code suggestion or ask for a specific test to be written. Therefore, it should be removed.

2. .github/workflows/zizmor.yml:32

• Draft comment:
  The install-action and CodeQL upload-sarif action have been updated to v2.55.3 and v3.29.2 respectively. Both are now pinned to new commit hashes. These updates appear appropriate; ensure that any new behavior from these actions is compatible with your workflow.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is purely informative and asks the PR author to ensure compatibility, which violates the rules. It does not provide a specific code suggestion or ask for a specific test to be written. Therefore, it should be removed.

3. .node-version:1

• Draft comment:
  Node version has been bumped from 22.16.0 to 22.17.0. Verify that any new changes or deprecations in Node v22.17.0 do not adversely affect the build.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is about a dependency change, specifically the Node version. The comment asks the PR author to verify that the new version does not adversely affect the build, which is against the rules. The rules specify not to comment on pure dependency changes or ask the author to verify or ensure things.

4. Cargo.lock:973

• Draft comment:
  The 'pnp' crate version has been bumped from 0.9.4 to 0.10.0, and the redundant 'regex' dependency has been removed from its dependency list. This likely reflects an upstream change in 'pnp'. Please confirm that this removal does not impact functionality.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

5. Cargo.toml:95

• Draft comment:
  Updated the 'pnp' dependency in Cargo.toml from version 0.9.4 to 0.10.0, consistent with the change in Cargo.lock.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is purely informative, as it only states that a dependency version was updated in a file. It does not provide any actionable feedback or suggestions for improvement. According to the rules, purely informative comments should be removed.

6. package.json:11

• Draft comment:
  The packageManager field has been updated to use [email protected], which aligns with the dependency updates in the repository.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is purely informative, as it only states that the packageManager field has been updated to use a specific version of pnpm. It does not provide any actionable feedback or suggestions for improvement.

Workflow ID: wflow_oKFau2fxzMgfuQnN

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.22%. Comparing base (00bf597) to head (dd96564).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #168   +/-   ##
=======================================
  Coverage   92.22%   92.22%           
=======================================
  Files          13       13           
  Lines        3060     3060           
=======================================
  Hits         2822     2822           
  Misses        238      238           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

CodSpeed Performance Report

Merging #168 will not alter performance

_{Comparing renovate/all (dd96564) with main (00bf597)}

Summary

✅ 3 untouched benchmarks

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud