chore(deps): update all by renovate[bot] · Pull Request #11 · LuminescentDev/ui

renovate · 2024-05-09T19:15:10Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
@builder.io/qwik (source)	`1.18.0` → `1.19.0`	devDependencies	minor
@builder.io/qwik-city (source)	`1.18.0` → `1.19.0`	devDependencies	minor
@cloudflare/workers-types	`4.20251223.0` → `4.20260214.0`	devDependencies	minor
@types/node (source)	`25.0.3` → `25.2.3`	devDependencies	minor
@vitejs/plugin-react (source)	`5.1.2` → `5.1.4`	devDependencies	patch
dotenv	`17.2.3` → `17.3.1`	devDependencies	minor
eslint-plugin-qwik (source)	`1.18.0` → `1.19.0`	devDependencies	minor
eslint-plugin-react-refresh	`^0.4.26` → `^0.5.0`	devDependencies	minor
node (source)	`23.11.0` → `23.11.1`		patch
pnpm (source)	`10.26.1` → `10.29.3`	packageManager	minor
prettier (source)	`3.7.4` → `3.8.1`	devDependencies	minor
undici (source)	`7.16.0` → `7.22.0`	devDependencies	minor
vite (source)	`7.3.0` → `7.3.1`	devDependencies	patch
vite (source)	`5.4.14` → `5.4.21`	devDependencies	patch
vite-tsconfig-paths	`6.0.3` → `6.1.1`	devDependencies	minor

Release Notes

QwikDev/qwik (@builder.io/qwik)

`v1.19.0`

Compare Source

Minor Changes

✨ untrack() now accepts signals and stores directly, as well as accepting arguments when you pass a function. This makes retrieving values without subscribing to them more efficient. (by @wmertens in #8247)

Patch Changes

🐞🩹 we now prevent merging useVisibleTask$ code together with other segments to prevent overpreloading when their entry contains a lot of transitive imports. (by @maiieul in #8275)
🐞🩹 duplicated preload bundles in SSR preload (by @chebanenko in #8248)
⚡️: the core.js and preloader.js references in q-manifest and bundle-graph are now filtered out for smaller outputs. (by @maiieul in #8278)

QwikDev/qwik (@builder.io/qwik-city)

`v1.19.0`

Compare Source

Minor Changes

✨ allow mocking route loaders & actions in QwikCityMockProvider (by @alexismch in #8102)

Patch Changes

🐞🩹 qwik-city spa routeStateInternal and routeLocation url origins mismatch (by @maiieul in #8234)
feat(qwik-city): add getOrigin option to QwikCityBunOptions and QwikCityDenoOptions for improved URL handling (by @JerryWu1234 in #8251)
Make RequestEvents readonly instead of frozen (by @DustinJSilk in #8135)

cloudflare/workerd (@cloudflare/workers-types)

vitejs/vite-plugin-react (@vitejs/plugin-react)

`v5.1.4`

Compare Source

Fix `canSkipBabel` not accounting for `babel.overrides` (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

`v5.1.3`

Compare Source

motdotla/dotenv (dotenv)

`v17.3.1`

Compare Source

Changed

Fix as2 example command in README and update spanish README

`v17.3.0`

Compare Source

Added

Add a new README section on dotenv’s approach to the agentic future.

Changed

Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

`v17.2.4`

Compare Source

Changed

Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

QwikDev/qwik (eslint-plugin-qwik)

`v1.19.0`

Compare Source

ArnaudBarre/eslint-plugin-react-refresh (eslint-plugin-react-refresh)

`v0.5.0`

Compare Source

Breaking changes

The package now ships as ESM and requires ESLint 9 + node 20. Because legacy config doesn't support ESM, this requires to use flat config
A new reactRefresh export is available and prefered over the default export. It's an object with two properties:
- plugin: The plugin object with the rules
- configs: An object containing configuration presets, each exposed as a function. These functions accept your custom options, merge them with sensible defaults for that config, and return the final config object.
customHOCs option was renamed to extraHOCs
Validation of HOCs calls is now more strict, you may need to add some HOCs to the extraHOCs option

Config example:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig(
  /* Main config */
  reactRefresh.configs.vite({ extraHOCs: ["someLibHOC"] }),
);

Config example without config:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig({
  files: ["**/*.ts", "**/*.tsx"],
  plugins: {
    // other plugins
    "react-refresh": reactRefresh.plugin,
  },
  rules: {
    // other rules
    "react-refresh/only-export-components": [
      "warn",
      { extraHOCs: ["someLibHOC"] },
    ],
  },
});

Why

This version follows a revamp of the internal logic to better make the difference between random call expressions like export const Enum = Object.keys(Record) and actual React HOC calls like export const MemoComponent = memo(Component). (fixes #93)

The rule now handles ternaries and patterns like export default customHOC(props)(Component) which makes it able to correctly support files like this one given this config:

{
  "react-refresh/only-export-components": [
    "warn",
    { "extraHOCs": ["createRootRouteWithContext"] }
  ]
}

[!NOTE]
Actually createRoute functions from TanStack Router are not React HOCs, they return route objects that fake to be a memoized component but are not. When only doing createRootRoute({ component: Foo }), HMR will work fine, but as soon as you add a prop to the options that is not a React component, HMR will not work. I would recommend to avoid adding any TanStack function to extraHOCs it you want to preserve good HMR in the long term. Bluesky thread.

Because I'm not 100% sure this new logic doesn't introduce any false positive, this is done in a major-like version. This also give me the occasion to remove the hardcoded connect from the rule. If you are using connect from react-redux, you should now add it to extraHOCs like this:

{
  "react-refresh/only-export-components": ["warn", { "extraHOCs": ["connect"] }]
}

nodejs/node (node)

`v23.11.1`: 2025-05-14, Version 23.11.1 (Current), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

src:

(CVE-2025-23166) fix error handling on async crypto operation

Commits

[a271810ce2] - deps: update c-ares to v1.34.5 (Node.js GitHub Bot) #57792
[a12107f0dd] - (CVE-2025-23166) src: fix error handling on async crypto operations (RafaelGSS) nodejs-private/node-private#688

pnpm/pnpm (pnpm)

`v10.29.3`

Compare Source

`v10.29.2`

Compare Source

`v10.29.1`: pnpm 10.29.1

Compare Source

Minor Changes

The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
Support configuring auditLevel in the pnpm-workspace.yaml file #10540.
Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #10436.

Patch Changes

Fixed pnpm list --json returning incorrect paths when using global virtual store #10187.
Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #10290.
Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #10497.
Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #10176.
Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #10281.
Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #10460.
Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #10540.
update tar to version 7.5.7 to fix security issue

Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842
Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #10325.
Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #10271.
pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #10561.
Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #10457.

Platinum Sponsors

Gold Sponsors

`v10.28.2`: pnpm 10.28.2

Compare Source

Patch Changes

Security fix: prevent path traversal in directories.bin field.
When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.
Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #9950.

Platinum Sponsors

Gold Sponsors

`v10.28.1`

Compare Source

`v10.28.0`

Compare Source

`v10.27.0`

Compare Source

`v10.26.2`: pnpm 10.26.2

Compare Source

Patch Changes

Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #10307.
Fix installation of Git dependencies using annotated tags #10335.

Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.
Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #10244.
Try to avoid making network calls with preferOffline #10334.

Platinum Sponsors

Gold Sponsors

prettier/prettier (prettier)

`v3.8.1`

Compare Source

`v3.8.0`

Compare Source

diff

🔗 Release note

nodejs/undici (undici)

`v7.22.0`

Compare Source

`v7.21.0`

Compare Source

What's Changed

build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @dependabot[bot] in #4796
test: restore global dispatcher after fetch tests by @mcollina in #4790
Add missing close method to WebSocketStream interface by @piotr-cz in #4802
fix: error stream instead of canceling by @KhafraDev in #4804
Fix clientTtl cleanup race in Agent by @mcollina in #4807
feat(#4230): Implement pingInterval for dispatching PING frames by @metcoder95 in #4296
fix: handle undefined __filename in bundled environments by @mcollina in #4812
fix: set finalizer only for fetch responses by @tsctx in #4803

New Contributors

@piotr-cz made their first contribution in #4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

`v7.20.0`

Compare Source

What's Changed

fix: preserve fetch stack traces by @mcollina in #4778
Fix error handling in MockPool example by @dave-kennedy in #4781
feat: expose statusText in request() ResponseData by @domenic in #4784
test: reduce retry-after invalid date flake by @mcollina in #4788
extractBody fixes by @KhafraDev in #4791
fix: MockAgent delayed response with AbortSignal (#4693) by @mcollina in #4772
fix: onParserTimeout potentially accessing undefined by @vbfox in #4758

New Contributors

@dave-kennedy made their first contribution in #4781
@vbfox made their first contribution in #4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

`v7.19.2`

Compare Source

What's Changed

Minor code cleanups to decompress interceptor by @domenic in #4754
fix(h2): fix flaky stream end handling on macOS by @mcollina in #4762
return response when receiving 401 instead of network error by @KhafraDev in #4769
fix: properly close idle connections in test server cleanup by @mcollina in #4764
fix: decode HTTP headers as latin1 instead of utf8 by @mcollina in #4768
fix: submodule update by @Uzlopak in #4648
build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @dependabot[bot] in #4720

New Contributors

@domenic made their first contribution in #4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

`v7.19.1`

Compare Source

What's Changed

fix: use commit hash when generating release (#4757) by @fenichelar in #4759
fix fetch 401 loop by @KhafraDev in #4761

New Contributors

@fenichelar made their first contribution in #4759

Full Changelog: nodejs/undici@v7.19.0...v7.19.1

`v7.19.0`

Compare Source

What's Changed

fix: Handle FormData body type correctly in RetryAgent retried requests by @eliotschu in #4692
feat(client): expose HTTP/2 flow-control options by @pabloelisseo in #4706
Implement origin normalization in MockAgent for case-insensitivity and URL handling by @SksOp in #4731
fix websocket basic auth by @KhafraDev in #4747
fix(cache): regenerate stream from source when cache.match is called after GC by @mcollina in #4713
chore: use testcontext for test:cache by @Uzlopak in #4571
chore: use testcontext for subresource integrity tests by @Uzlopak in #4575
feat(cache): add origins option for whitelist filtering by @mcollina in #4739
ci: test shared-builtin only on Node.js 24 and 25 by @mcollina in #4746
fix websocketstream open error by @KhafraDev in #4748

New Contributors

@eliotschu made their first contribution in #4692
@pabloelisseo made their first contribution in #4706
@SksOp made their first contribution in #4731

Full Changelog: nodejs/undici@v7.18.2...v7.19.0

`v7.18.2`

Compare Source

What's Changed

fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by @mcollina in #4729

Full Changelog: nodejs/undici@v7.18.1...v7.18.2

`v7.18.1`

Compare Source

What's Changed

Test and Fix running without SSL by @mcollina in #4727
docs: add security warning for strictContentLength option by @mcollina in #4726
build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by @dependabot[bot] in #4718
build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #4719

Full Changelog: nodejs/undici@v7.18.0...v7.18.1

`v7.18.0`

Compare Source

What's Changed

Full Changelog: nodejs/undici@v7.17.0...v7.18.0

`v7.17.0`

Compare Source

What's Changed

chore: extract infra and encoding methods by @Uzlopak in #4523
ci: remove h2 by @Uzlopak in #4534
ci: make nodejs-shared wf reusable, install binaryen for wasm-opt, test on node-nightly by @Uzlopak in #4535
ci: fix nightly shared library case by @Uzlopak in #4543
test: consume bodies of fetch responses to fix failing macos 20 ci by @Uzlopak in #4528
docs: add Cache Interceptor example to README by @tawseefnabi in #4393
test: remove node20 version check by @Uzlopak in #4544
types: use MessagePort instance type in MessageEvent by @Renegade334 in #4546
ci: set write permissions on job level by @Uzlopak in #4537
lint: activate n/no-process-exit by @Uzlopak in #4548
ci: run benchmarks on pull_requests and by pushing on specific branches only by @Uzlopak in #4536
chore: activate n/prefer-node-protocol to enforce 'node:' prefix for requiring node built-ins by @Uzlopak in #4547
feat(H2): correct CONNECT behaviour by @metcoder95 in #4541
test: fix plans by @Uzlopak in #4550
feat: add runtime feature "detection" by [

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

cloudflare-workers-and-pages · 2024-05-09T19:16:09Z

Deploying ui with Cloudflare Pages

Latest commit:	`6349edc`
Status:	🚫 Build failed.

View logs

renovate bot changed the title ~~Update dependency wrangler to v3.55.0~~ Update All May 10, 2024

renovate bot force-pushed the renovate/all branch 4 times, most recently from 78adf2b to b3c5105 Compare May 17, 2024 14:46

renovate bot force-pushed the renovate/all branch 5 times, most recently from a8dd0f0 to 8477199 Compare May 27, 2024 11:39

renovate bot force-pushed the renovate/all branch 10 times, most recently from 36f842f to b307c97 Compare June 4, 2024 11:33

renovate bot force-pushed the renovate/all branch 9 times, most recently from 934c82b to 12c69c6 Compare June 10, 2024 22:42

renovate bot force-pushed the renovate/all branch 9 times, most recently from cd99096 to 6c252f3 Compare February 3, 2026 10:04

renovate bot force-pushed the renovate/all branch 15 times, most recently from 5226b4a to 77d5e4e Compare February 12, 2026 00:41

renovate bot force-pushed the renovate/all branch 4 times, most recently from fca5b73 to d5cc004 Compare February 14, 2026 00:39

chore(deps): update all

6349edc

renovate bot force-pushed the renovate/all branch from d5cc004 to 6349edc Compare February 14, 2026 04:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all#11

chore(deps): update all#11
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all

renovate bot commented May 9, 2024 •

edited

Loading

Uh oh!

cloudflare-workers-and-pages bot commented May 9, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented May 9, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Minor Changes

Patch Changes

Minor Changes

Patch Changes

Fix canSkipBabel not accounting for babel.overrides (#​1098)

Changed

Added

Changed

Changed

Breaking changes

Why

v23.11.1: 2025-05-14, Version 23.11.1 (Current), @​RafaelGSS

Notable Changes

Commits

v10.29.1: pnpm 10.29.1

Minor Changes

Patch Changes

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Patch Changes

Platinum Sponsors

Gold Sponsors

v10.26.2: pnpm 10.26.2

Patch Changes

Platinum Sponsors

Gold Sponsors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

Configuration

Uh oh!

cloudflare-workers-and-pages bot commented May 9, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Deploying ui with Cloudflare Pages

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented May 9, 2024 •

edited

Loading

Fix `canSkipBabel` not accounting for `babel.overrides` (#1098)

`v23.11.1`: 2025-05-14, Version 23.11.1 (Current), @RafaelGSS

`v10.29.1`: pnpm 10.29.1

`v10.28.2`: pnpm 10.28.2

`v10.26.2`: pnpm 10.26.2

cloudflare-workers-and-pages bot commented May 9, 2024 •

edited

Loading