chore(deps): update minor and patch updates#1658
Conversation
41b0a8e to
b1f5160
Compare
b1f5160 to
3e0d220
Compare
Greptile SummaryThis is a routine automated dependency update from Renovate bot, bumping 12 dev-only packages (eslint, prettier, miniflare, jest-fetch-mock, tsx, tsdown, and related tooling). No production runtime dependencies are changed.
Confidence Score: 5/5Safe to merge — all changes are dev tooling only with no production runtime code modified. Every changed source file is a cosmetic Prettier reformat of union type declarations; no logic, types, or exported APIs are altered. The tsconfig.json addition of node to the types array is the only structural change, and it affects the TypeScript development experience rather than the published library output. tsconfig.json — the addition of node to the types array is worth a quick sanity check to confirm it was intentionally added (e.g., to resolve a compilation error introduced by the @types/node bump) rather than an accidental side effect of the automated update. Important Files Changed
|
This PR contains the following updates:
0.18.3→0.18.422.19.20→22.20.18.61.0→8.63.010.4.1→10.6.029.15.2→29.15.418.1.0→18.2.13.0.3→3.2.04.20260609.0→4.20260708.13.8.4→3.9.50.22.2→0.22.44.22.4→4.23.08.61.0→8.63.0Release Notes
arethetypeswrong/arethetypeswrong.github.io (@arethetypeswrong/cli)
v0.18.4Patch Changes
644fab1]typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v8.63.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.62.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.62.0Compare Source
🚀 Features
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.61.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
eslint/eslint (eslint)
v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)v10.5.0Compare Source
Features
5ca8c52feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)b565783feat: report no-with violations at the with keyword (#20971) (Pixel998)2ce032ffeat: report max-lines-per-function violations at function head (#20966) (Pixel998)732cb3efeat: report max-nested-callbacks violations at function head (#20967) (Pixel998)f9c138afeat: report max-depth violations on keywords (#20943) (Pixel998)bdb496cfeat: correct max-depth handling for else-if chains (#20944) (Pixel998)c296873feat: update error loc inmax-statementsto function header (#20907) (Taejin Kim)Documentation
8ae1b5bdocs: Update README (GitHub Actions Bot)ca7eb90docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)f99b47adocs: Update README (GitHub Actions Bot)acf03d4docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)Chores
b18bf58chore: update ecosystem plugins (#20959) (ESLint Bot)c2d1444refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)243b8c5chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)217b2a9test: add unit tests for ParserService (#20949) (Taejin Kim)72003e7test: add location information to error messages inmax-statements(#20945) (lumir)7797c26refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)67c46fachore: update ecosystem plugins (#20938) (ESLint Bot)95d8c7achore: update dependency @eslint/json to v2 (#20934) (renovate[bot])cf9e496chore: update @arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)fb6d396test: run type tests with TypeScript 7 (#20868) (sethamus)jest-community/eslint-plugin-jest (eslint-plugin-jest)
v29.15.4Compare Source
Bug Fixes
module(#1976) (da02c0c)v29.15.3Compare Source
Bug Fixes
eslint-community/eslint-plugin-n (eslint-plugin-n)
v18.2.1Compare Source
🩹 Fixes
v18.2.0Compare Source
🌟 Features
module.exportsforrequire(esm)interop (#542) (04c99df)jefflau/jest-fetch-mock (jest-fetch-mock)
v3.2.0First release since 3.0.3 (March 2020). Everything merged to master in the intervening years ships in this release, plus a round of new fixes. Version 3.1.0 was tagged in 2024 but never published to npm; its contents are included here.
Added
Responseobject directly tomockResponse,mockResponseOnce,once,mockResponsesand the conditional mocking functions — including responses with binary (Buffer) bodies (#223, thanks @alexkolson)Responseobject (sync or async)URLobjects (and anything else with atoString) accepted as fetch input (#193)redirectedresponses via thecounterparam in response init (#168)enginesfield declaring the Node >= 12 floor (required by thedomexceptiondependency)Fixed
NodeJS.Global, which was removed from@types/node— types now work with modern@types/node/TypeScript setups (#184, #201, #248)dontMockIf/dontMockOnceIfpredicates now receive the fully-constructedRequest(method, headers from the init argument), matchingdoMockIfbehaviorfetch()called with an already-aborted signal now rejects (as per the fetch spec) instead of throwing synchronously, so it can be caught with.catch()(#237)fetch.isMockingreturns a plain boolean again afterresetMocks()(#183)DOMExceptionis polyfilled in Node environments, fixingmockAbortunderjest-environment-node(#159)mockIf/doMockIfcallbacks may return synchronously (#220)Changed
inputargument is now required, matching the DOM signature (#206, #207)cross-fetchfloor raised to ^3.1.8 (security fixes in transitivenode-fetch) (#228, #249)promise-polyfilldependency was removed — unreachable code on Node ≥ 12, which theenginesfield declaresInternal
integration/suite: six consumer fixtures (jsdom, React + Testing Library, TypeScript strict, node native-fetch host, Jest 30, and a real-HTTP-server passthrough e2e) run against the packed tarball in CI and gate every releasecloudflare/workers-sdk (miniflare)
v4.20260708.1Compare Source
Minor Changes
#14535
1b965c5Thanks @Naapperas! - Support dynamic retry delays for Workflow steps in local devA step's
retries.delaycan now be a function that computes the delay per failed attempt, in addition to a static duration. The function receives{ ctx, error }and returns a delay (a number of milliseconds or a duration string like"30 seconds"), and its result is fed into the configuredbackoff.The function is invoked once per failed attempt with a 5 second timeout. If it throws, times out, or returns an invalid value, the step fails without further retries.
v4.20260708.0Compare Source
Minor Changes
#14489
e3f0cd6Thanks @edmundhung! - AddlistDurableObjectIds()to MiniflareMiniflare now exposes
listDurableObjectIds()for listing persisted Durable Object instance IDs by binding name. The Vitest pool now uses this shared Miniflare API internally instead of duplicating Miniflare's storage listing logic.#14465
2fedb1fThanks @vaishnav-mk! - Add rollback support when terminating Workflow instancesWorkflowInstance.terminate({ rollback: true })now runs registered rollback handlers before marking a local Workflow instance as terminated. Wrangler also supports this viawrangler workflows instances terminate --rollback, including local mode.The rollback option is only sent for terminate operations and is rejected by the Local Explorer API for pause, resume, and restart actions.
Patch Changes
#14596
8511ddfThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
v4.20260706.0Compare Source
Patch Changes
#14567
0852346Thanks @dependabot! - Update dependencies of "miniflare", "wrangler", "create-cloudflare"The following dependency versions have been updated:
v4.20260702.0Compare Source
Minor Changes
#14469
e7e5780Thanks @connyay! - Support Queues across separate local dev processesQueue producers can now send messages to consumers running in a separate local dev process. Messages produced before the consumer process has registered, or while it is down or reloading, are dropped rather than buffered, with a debug-level log emitted.
Patch Changes
#14514
d88555eThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14492
1ac96a1Thanks @penalosa! - Replace the CommonJSxdg-app-pathsdependency with a vendored pure-ESM implementationxdg-app-paths(and itsxdg-portable/os-pathsdependencies) are CommonJS only, which caused "Dynamic require of 'path' is not supported" errors when the surrounding code was bundled to ESM. The global config/cache directory resolution is now provided by a small, dependency-free pure-ESM module in@cloudflare/workers-utilsthat reproduces the previous path resolution exactly (verified against the real package in unit tests), so existing config and credential locations are unchanged. This also drops the transitivefseventsoptional dependency thatxdg-app-pathspulled in.Miniflare and create-cloudflare now consume the shared helpers from
@cloudflare/workers-utilsinstead of maintaining their own copies, importing node-only leaf entry points (@cloudflare/workers-utils/fs-helpers,@cloudflare/workers-utils/global-wrangler-config-path) where ESM bundling is required.#14572
f416dd9Thanks @petebacondarwin! - Key local rate limit counters bynamespace_idinstead of binding namewrangler devand Miniflare previously tracked each rate limit binding's counter by its binding name, so two bindings that referenced the samenamespace_idwere treated as separate limiters. Counters are now keyed bynamespace_id, matching production: bindings that share anamespace_idshare a limit, while distinct namespaces stay isolated. This also re-enables rate limit bindings in multiworkerwrangler devsessions, where they were previously stripped from secondary Workers to avoid a startup crash.#14409
16fbf81Thanks @matingathani! -reset()fromcloudflare:testnow resets ratelimit binding state between tests. Previously,RATE_LIMITERSbindings retained their in-memory bucket counts across test boundaries, causing later tests in the same file to see stale rate-limit exhaustion state.v4.20260701.0Compare Source
Patch Changes
#14502
6b0ce98Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
v4.20260630.0Compare Source
Patch Changes
#14490
75d8cb0Thanks @petebacondarwin! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14478
f10d4adThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14490
75d8cb0Thanks @petebacondarwin! - Fix edge cases on the local R2 public bucket endpoint (/cdn-cgi/local/r2/public) to match r2.dev: write methods are rejected with 401, malformed/multiple/inverted ranges with 400 and unsatisfiable ranges (includingbytes=-0) with 416,Rangeis honored on HEAD requests with a bodyless 206,Content-Rangeis correct for suffix ranges, object keys are percent-decoded exactly once (keys containing a literal%no longer fail), and objects stored without a content type are served asapplication/octet-streaminstead of omitting theContent-Typeheader. Unread object bodies are also cancelled (on HEAD and unsatisfiable-range responses) instead of leaking a read stream until garbage collection.#14490
75d8cb0Thanks @petebacondarwin! - Add Workflow introspection tocreateTestHarness()Worker handles can now introspect Workflow bindings by name, allowing tests to disable sleeps, mock step results, and wait for Workflow outcomes. Tests can introspect a known Workflow instance by ID or track instances created after introspection starts.
v4.20260625.0Compare Source
Patch Changes
#14406
3b743c1Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
v4.20260623.0Compare Source
Patch Changes
#14364
a085decThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14383
9a0de8fThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14397
fab565fThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
v4.20260617.1Compare Source
Patch Changes
#14118
b38823fThanks @aicayzer! - FixUint8Arraystep outputs in local Workflows being persisted with the full backingArrayBufferA
Uint8Arrayreturned from a Workflows step underwrangler devwas serialised together with its full underlyingArrayBuffer, causing a rawSQLITE_TOOBIGerror at view sizes well below the documented 1MiB step-output limit. For example, a 200KB view sliced from an 800KB buffer (a common pattern fromcrypto.getRandomValuesorarr.slice(...)on a larger pool) would fail. The view's bytes are now copied to a tight buffer before persistence, bringing local behaviour in line with production. Fixes #14101.v4.20260617.0Compare Source
Patch Changes
#14347
673b09eThanks @jamesopstad! - Update undici from 7.24.8 to 7.28.0#14346
e930bd4Thanks @haidargit! - Bumpwsfrom 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4pGHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in
ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash awsserver or client via OOM. The fix shipped in ws@8.21.0 (commit2b2abd45, released 2026-05-22), which also introduces themaxBufferedChunksandmaxFragmentsoptions. This change bumps the workspace catalog entry so thatminiflare,wrangler, and@cloudflare/vite-pluginall pick up the patched release.#14314
5c3bb11Thanks @harryzcy! - Bump esbuild to 0.28.1This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.
#14331
296ad65Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
v4.20260616.0Compare Source
Minor Changes
#14221
0e055d3Thanks @mglewis! - Supportcf.image(transform via Workers) image transformations in local devfetch(url, { cf: { image: { ... } } })now transforms images locally via Sharp, instead of returning the original bytes unchanged. This mirrors the production "transform via Workers" feature, so Workers already usingcf.imagebehave much more closely to production inwrangler dev.As with the Images binding,
cf.imagetransforms require Sharp to be installed — transforms are silently skipped if Sharp is unavailable.Patch Changes
#14271
27db82cThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14298
2a6a26bThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14317
9a424edThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14287
41f391fThanks @edmundhung! - Improve errors for missing resource bindingsWhen methods like
getKVNamespace()orgetR2Bucket()are called with a binding name that is not configured for that resource type, Miniflare now reports the expected binding type in the error message.v4.20260611.0Compare Source
Minor Changes
#14119
2047a32Thanks @tahmid-23! - Add support for serving R2 bucket objects publicly via the dev serverEach local R2 bucket is now exposed under
/cdn-cgi/local/r2/public/<bucket-id>/<key>on the existing user-facing dev server. The<bucket-id>is the bucket'sidwhen set, otherwise its binding name. Buckets with aremoteProxyConnectionStringare not exposed. The endpoint supports GET and HEAD, range requests, conditional headers, and forwards stored HTTP metadata.Patch Changes
#14246
f3990b2Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#14256
4597f08Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
prettier/prettier (prettier)
v3.9.5Compare Source
diff
Markdown: Cap ordered list mark at 999,999,999 (#19351 by @tats-u)
CommonMark parsers only support ordered list item numbers up to 999,999,999.
With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:
Markdown: Avoid corrupting empty link with title (#19487 by @andersk)
Do not remove
<>from an inline link or image with an empty URL and a title, as this removal would change its interpretation.Less: Remove extra spaces after
[in map lookups (#19503 by @kovsu)CSS: Prevent addition space in
type()with+(#19516 by @bigandy)This fixes the addition space before
+in CSStype()declaration. For exampletype(<number>+)was being converted intotype(<number> +)which is invalid CSS and does not work.Less: Remove spaces between merge markers and colons (#19517 by @kovsu)
Markdown: Preserve wiki links with aliases (#19527 by @kovsu)
TypeScript: Fix comments being dropped on shorthand
typeimport/export specifiers (#19565 by @kirkwaiblinger)Miscellaneous: Preserving comments'
placementproperty (#19567 by @Janther)Prettier@3.9.0 deleted an undocumented property on comments, which was already used by plugins,
comment.placementis now available again after comment attach.Flow: Stop enforcing empty module declaration to break ([#19568](https://redirect.github.com
Configuration
📅 Schedule: (in timezone UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.