chore(deps): update support-deps#2785
Open
renovate[bot] wants to merge 2 commits into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/support-deps
branch
from
July 3, 2026 00:00
e48de8f to
9d4ecf7
Compare
renovate
Bot
force-pushed
the
renovate/support-deps
branch
8 times, most recently
from
July 10, 2026 13:01
0527bed to
a97d6f0
Compare
renovate
Bot
force-pushed
the
renovate/support-deps
branch
11 times, most recently
from
July 17, 2026 15:57
7d923c5 to
2d7d48a
Compare
joelmccoy
force-pushed
the
renovate/support-deps
branch
from
July 17, 2026 16:55
2d7d48a to
94a0709
Compare
| datasource | package | from | to | | --------------- | ------------------------------- | ------- | ------- | | npm | @commitlint/cli | 21.1.0 | 21.2.1 | | npm | @commitlint/config-conventional | 21.1.0 | 21.2.0 | | npm | @eslint/eslintrc | 3.3.5 | 3.3.6 | | npm | @eslint/js | 9.39.4 | 9.39.5 | | npm | @types/node | 24.13.2 | 24.13.3 | | npm | @vitest/coverage-v8 | 4.1.9 | 4.1.10 | | github-tags | actions/setup-node | v6.4.0 | v7.0.0 | | npm | adm-zip | 0.5.17 | 0.6.0 | | github-tags | astral-sh/setup-uv | v8.2.0 | v8.3.2 | | github-tags | astral-sh/uv | 0.11.25 | 0.11.28 | | github-releases | astral-sh/uv | 0.11.25 | 0.11.28 | | npm | csv-parse | 7.0.0 | 7.0.1 | | github-tags | defenseunicorns/uds-cli | v0.34.0 | v0.34.2 | | github-tags | defenseunicorns/uds-common | v1.25.0 | v1.26.3 | | docker | ghcr.io/zarf-dev/packages/init | v0.80.0 | v0.81.1 | | github-tags | github/codeql-action | v4.36.2 | v4.37.0 | | npm | js-yaml | 5.2.0 | 5.2.1 | | github-tags | slackapi/slack-github-action | v3.0.3 | v3.0.5 | | npm | typescript | 6.0.3 | 7.0.2 | | npm | vitest | 4.1.9 | 4.1.10 | | github-tags | zarf-dev/zarf | v0.80.0 | v0.81.1 |
renovate
Bot
force-pushed
the
renovate/support-deps
branch
from
July 18, 2026 01:11
380a136 to
6305d7f
Compare
Contributor
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
21.1.0→21.2.121.1.0→21.2.03.3.5→3.3.69.39.4→9.39.524.13.2→24.13.34.1.9→4.1.10v6.4.0→v7.0.0^0.5.16→^0.6.0v8.2.0→v8.3.20.11.25→0.11.280.11.290.11.25→0.11.280.11.297.0.0→7.0.1v0.34.0→v0.34.2v1.25.0→v1.26.3fbd0ab8→7b450ffv0.80.0→v0.81.1v4.36.2→v4.37.0v4.37.15.2.0→5.2.1v3.0.3→v3.0.5v4.0.0(+2)^6.0.0→^7.0.04.1.9→4.1.10v0.80.0→v0.81.1Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
conventional-changelog/commitlint (@commitlint/cli)
v21.2.1Compare Source
Note: Version bump only for package @commitlint/cli
v21.2.0Compare Source
Features
conventional-changelog/commitlint (@commitlint/config-conventional)
v21.2.0Compare Source
Features
eslint/eslintrc (@eslint/eslintrc)
v3.3.6Compare Source
Bug Fixes
js-yamlto 4.3.0 to address security vulnerability (#235) (0c5de74)eslint/eslint (@eslint/js)
v9.39.5Compare Source
Bug Fixes
253be16fix: handle unavailable require cache (backport of #20812 to v9.x) (#21065) (Eric)Documentation
74930eddocs: switch build to Node.js 24 (#20894) (Milos Djermanovic)eaec8bbdocs: Add ESLint v9.x EOL notice (#20828) (Milos Djermanovic)Chores
458205fchore: update@eslint/eslintrcand@eslint/jsfor v9.39.5 (#21077) (Francesco Trotta)202117bchore: package.json update for @eslint/js release (Jenkins)d9eb6edtest: disable warning forvm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER(#21074) (Francesco Trotta)7b431a7chore: overridere2dependency for@metascraper/helpers(#21068) (Milos Djermanovic)daf7791chore: pin fflate@0.8.2 (#20895) (Milos Djermanovic)daee8baci: use pnpm ineslint-flat-config-utilstype integration test (#20829) (Milos Djermanovic)116d4beci: unpin Node.js 25.x in CI (#20619) (Copilot)vitest-dev/vitest (@vitest/coverage-v8)
v4.1.10Compare Source
🐞 Bug Fixes
View changes on GitHub
actions/setup-node (actions/setup-node)
v7.0.0Compare Source
What's Changed
Enhancements:
Bug fixes:
mirrorTokeningetManifestif it's provided by @deiga in #1548Documentation updates:
Dependency update:
New Contributors
Full Changelog: actions/setup-node@v6...v7.0.0
v7Compare Source
v6.5.0Compare Source
What's Changed
Full Changelog: actions/setup-node@v6.4.0...v6.5.0
cthackers/adm-zip (adm-zip)
v0.6.0Compare Source
==================
Security
Buffer.alloc(memory exhaustion / DoS) before any validation. Allocation is now bounded by the data actually present — STORED output is sized from the real bytes, DEFLATED output is grown by the inflater and capped at the declared size (#568)__proto__previously resolved toObject.prototype, crashingaddFileand hiding the entry fromgetEntry/readFile. The table is now prototype-lessBug fixes
extractAllTo/extractAllToAsyncnot restoring directory permissions withkeepOriginalPermission; directory modes are applied after their contents are written, deepest path first, and no longer lock the extractor out of a restrictive directory (#530)addLocalFolderwhen a folder contains a symlink pointing back to an ancestor (e.g. workspacenode_modules); the walk now tracks resolved real paths and skips already-visited directories (#541)ERR_INVALID_ARG_TYPE) that crashed the process whenwriteFileToAsynccould not open the target file (bad permissions, invalid filename, exhausted file descriptors); write failures are now reported through the callback and write errors are no longer silently swallowed (#470, #459, #402)name(e.g.a/b/c/now returnsc) (#466)extractEntryToflattening subdirectories whenmaintainEntryPathis false; the structure below the extracted directory is now preserved instead of collapsing (and overwriting) files by basename (#306)utimesaborting extraction; setting the modification time is now best-effort and never fails extraction of already-written content (#379)test()always returning false for any archive containing a file (it indexed the entries array with an entry object instead of reading the entry); it now correctly verifies each entry's CRCPerformance
Added
types.d.ts), so@types/adm-zipis no longer requiredNotes
extractEntryTo(dir, target, /* maintainEntryPath */ false)now preserves subdirectories beneath the extracted directory rather than flattening themv0.5.18Compare Source
What's Changed
New Contributors
Full Changelog: cthackers/adm-zip@v0.5.17...v0.5.18
astral-sh/setup-uv (astral-sh/setup-uv)
v8.3.2Compare Source
v8.3.1Compare Source
v8.3.0Compare Source
astral-sh/uv (astral-sh/uv)
v0.11.28Compare Source
Released on 2026-07-07.
Security
This release updates our ZIP library, astral-async-zip, to v0.0.20, which includes 15 changes that harden our ZIP handling against parser differentials. uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.
See the upstream commits for a full list of changes.
Python
Enhancements
-qand-qq(#20163)uv builderrors (#20159)Performance
uv pip install(#19914)Bug fixes
--upgradewhenupgrade-packageis configured (#19955)uv treein dependency-group-only projects (#20167)v0.11.27Compare Source
Released on 2026-07-06.
Enhancements
--python-downloads-json-url(#16749)Preview features
uv workspace list --scripts(#20099)Performance
requires-pythonspecifiers in Simple API parsing (#20104)Bug fixes
packagestable for pylock.toml (#20145)uv pip tree(#20062)uv add --indexupdates an existing index URL (#19818)Other changes
pubAPIs used in Pixi (#20074)v0.11.26Compare Source
Released on 2026-06-30.
Performance
ForkMap::contains(#20023)Bug fixes
adaltas/node-csv (csv-parse)
v7.0.1Compare Source
Bug Fixes
defenseunicorns/uds-cli (defenseunicorns/uds-cli)
v0.34.2Compare Source
v0.34.1Compare Source
What's Changed
Full Changelog: defenseunicorns/uds-cli@v0.34.0...v0.34.1
defenseunicorns/uds-common (defenseunicorns/uds-common)
v1.26.3Compare Source
Miscellaneous
v1.26.2Compare Source
Miscellaneous
v1.26.1Compare Source
Features
pathsinput to scope addlicense walk (#691) (ef26a64)Miscellaneous
github/codeql-action (github/codeql-action)
v4.37.0Compare Source
config-fileinput for thecodeql-action/initstep will soon support a new[owner/]repo[@​ref][:path]format. All components except the repository name are optional. If omitted,ownerdefaults to the same owner as the repository the analysis is running for,reftomain, andpathto.github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973v4.36.3Compare Source
No user facing changes.
nodeca/js-yaml (js-yaml)
v5.2.1Compare Source
Fixed
Mapsupport to !!omap (should work whenrealMapTagused)Security
addItem. Regression from v5(usually not critical, because YAML11_SCHEMA is not default anymore).
slackapi/slack-github-action (slackapi/slack-github-action)
v3.0.5: Slack GitHub Action v3.0.5Compare Source
Patch Changes
96fddbe: fix: revert multiline yaml parsing indentation changev3.0.4: Slack GitHub Action v3.0.4Compare Source
Patch Changes
fa03fe4: refactor: send webhooks with the@slack/webhookpackagemicrosoft/TypeScript (typescript)
v7.0.2Compare Source
zarf-dev/zarf (zarf-dev/zarf)
v0.81.1Compare Source
Bug Fixes
What's Changed
🚀 Updates
📦 Dependencies
Full Changelog: zarf-dev/zarf@v0.81.0...v0.81.1
Verifying Init Packages
The init packages in this release are signed with keyless Sigstore signing. Verify with:
amd64:
arm64:
See RELEASES.md for details.
v0.81.0Compare Source
⚠ BREAKING CHANGES
Features
Bug Fixes
What's Changed
🚀 Updates
Full Changelog: zarf-dev/zarf@v0.81.0-rc1...v0.81.0
Verifying Init Packages
The init packages in this release are signed with keyless Sigstore signing. Verify with:
amd64:
arm64:
See RELEASES.md for details.
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.