Skip to content

fix(deps): update patch updates (patch)#1020

Merged
prisis merged 3 commits into
mainfrom
renovate/patch-patch-updates
May 18, 2026
Merged

fix(deps): update patch updates (patch)#1020
prisis merged 3 commits into
mainfrom
renovate/patch-patch-updates

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 21, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@anolilab/eslint-config (source) 27.0.127.0.2 age confidence
@anolilab/prettier-config (source) 10.0.010.0.1 age confidence
@anolilab/semantic-release-pnpm (source) 8.1.88.1.9 age confidence
@anolilab/semantic-release-preset (source) 13.4.913.4.10 age confidence
@eslint-react/eslint-plugin (source) 5.7.15.7.3 age confidence
axios@>=1.0.0 <=1.13.4 (source) [>=1.13.5>=1.13.6](https://renovatebot.com/diffs/npm/axios@>=1.0.0 <=1.13.4/1.13.5/1.13.6) age confidence
caniuse-lite 1.0.300017911.0.30001792 age confidence
chrono-node@<2.2.4 >=2.2.4>=2.2.7 age confidence
defu@<=6.1.4 >=6.1.5>=6.1.7 age confidence
hono@<4.12.14 (source) >=4.12.14>=4.12.18 age confidence
husky ^9.x^9.0.11 age confidence
pnpm (source) 10.33.210.33.4 age confidence
publint (source) 0.3.180.3.19 age confidence
tmp@<=0.2.3 >=0.2.4>=0.2.5 age confidence
undici@<6.24.0 (source) >=6.24.0>=6.24.1 age confidence
yaml@>=2.0.0 <2.8.3 (source) [>=2.8.3>=2.8.4](https://renovatebot.com/diffs/npm/yaml@>=2.0.0 <2.8.3/2.8.3/2.8.4) age confidence

Release Notes

anolilab/javascript-style-guide (@​anolilab/eslint-config)

v27.0.2

Compare Source

Bug Fixes
Dependencies
anolilab/javascript-style-guide (@​anolilab/prettier-config)

v10.0.1

Compare Source

anolilab/semantic-release (@​anolilab/semantic-release-pnpm)

v8.1.9

Compare Source

anolilab/semantic-release (@​anolilab/semantic-release-preset)

v13.4.10

Compare Source

Dependencies
Rel1cx/eslint-react (@​eslint-react/eslint-plugin)

v5.7.3

Compare Source

🐞 Fixes
  • react-x/immutability: Exempted ref mutations via a naming heuristic — any object whose identifier is ref or ends with Ref is treated as a mutable ref and skipped from immutability checks. This fixes false positives when mutating RefObject<T> values received as props (#​1752, #​1751).
  • react-x/immutability: Added noRefLikeStateName diagnostic to prevent state variables from being named ref or ending with Ref, which would otherwise bypass the ref exemption heuristic (#​1752).
📝 Documentation
  • Fixed the full rule name in react-jsx/no-key-after-spread documentation (jsx/no-key-after-spreadjsx-no-key-after-spread) (#​1750).

Full Changelog: Rel1cx/eslint-react@v5.7.2...v5.7.3

v5.7.2

Compare Source

🐞 Fixes
  • react-x/no-unused-state: Removed the rule from the recommended preset for now (#​1747, #​1748).
📝 Documentation
  • Added individual CHANGELOG.md files for all rules (#​1746).
  • Added rule changelog links to all rule documentation pages.
  • Updated AST Explorer links in docs.
  • Various documentation cleanups.
🏗️ Internal
  • Updated baseline metrics.
  • Updated roadmap milestone labels.
  • Upgraded dprint biome plugin from 0.12.9 to 0.12.10.
  • Cleaned up snapshot generation script and snapshot file.

Full Changelog: Rel1cx/eslint-react@v5.7.1...v5.7.2

axios/axios (axios@>=1.0.0 <=1.13.4)

v1.13.6

Compare Source

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

  • React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#​5764)
  • Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#​7385)

🐛 Bug Fixes

  • Environment Compatibility:

    • Fixed module exports for React Native and Browserify environments. (#​7386)
    • Added safe FormData detection for the WeChat Mini Program environment. (#​7324)

  • Error Handling:

    • AxiosError.message is now correctly enumerable. (#​7392)
    • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#​7403)

🔧 Maintenance & Chores

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

Full Changelog: v1.13.5...v1.13.6

browserslist/caniuse-lite (caniuse-lite)

v1.0.30001792

Compare Source

wanasit/chrono (chrono-node@<2.2.4)

v2.2.7

Compare Source

  • Improvement: Apply case-sensitive timezone extraction on date expressions f036345
  • Fix: Time parsing ending with "a" or "p" 77fbd83
  • New: BCE/CE year label support dde6103
  • New: "tmrw" as abbr for "tomorrow" b9c02f5

v2.2.6

Compare Source

  • Fix: Improve performance by avoid unnecessary parsing in time exp cdfb6bc
  • Fix: negative time range parsing 053cc8f
  • Fix: handling quote sign around time parsing 6a52cf3

v2.2.5

Compare Source

  • Fix: Performance improvement by reduce the usage of dayjs in results 38cbefb
  • Fix: Small performance improvement through caching fab8f51
  • New: Adding basic benchmark ac08a8c
unjs/defu (defu@<=6.1.4)

v6.1.7

Compare Source

compare changes

🩹 Fixes
  • defu.d.cts: Export Defu types (#​157)
📦 Build
  • Correct the types export entry (#​160)
❤️ Contributors

v6.1.6

Compare Source

compare changes

📦 Build
❤️ Contributors
honojs/hono (hono@<4.12.14)

v4.12.18

Compare Source

v4.12.17

Compare Source

v4.12.16

Compare Source

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

v4.12.15

Compare Source

What's Changed
New Contributors

Full Changelog: honojs/hono@v4.12.14...v4.12.15

typicode/husky (husky)

v9.0.11

Compare Source

v9.0.10

Compare Source

v9.0.9

Compare Source

v9.0.8

Compare Source

v9.0.7

Compare Source

  • fix: typo and source ~/.huskyrc correctly (compatibility with v8)
  • docs: fix example by @​typicode in #​1363

v9.0.6

Compare Source

v9.0.5

Compare Source

v9.0.4

Compare Source

v9.0.3

Compare Source

v9.0.2

Compare Source

pnpm/pnpm (pnpm)

v10.33.4: pnpm 10.33.4

Compare Source

Patch Changes

  • Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

    A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.

  • Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #​11341.

Platinum Sponsors

Bit

Gold Sponsors

Sanity Discord Vite
SerpApi CodeRabbit Stackblitz
Workleap Nx

v10.33.3

Compare Source

publint/publint (publint)

v0.3.19

Compare Source

Patch Changes

  • Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#​224)

  • Fix internal browser directory traversal logic (#​224)

raszi/node-tmp (tmp@<=0.2.3)

v0.2.5

Compare Source

nodejs/undici (undici@<6.24.0)

v6.24.1

Compare Source

Full Changelog: nodejs/undici@v6.24.0...v6.24.1

eemeli/yaml (yaml@>=2.0.0 <2.8.3)

v2.8.4

Compare Source

  • Disable alias resolution with maxAliasCount:0 (#​677)
  • Handle invalid unicode escapes (e1a1a77)
  • Apply minFractionDigits only to decimal strings (#​676)

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • "after 10:00 before 19:00 every weekday except after 13:00 before 14:00"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the c: dependencies Pull requests that adds/updates a dependency label Apr 21, 2026
@renovate renovate Bot requested a review from prisis as a code owner April 21, 2026 15:41
@renovate renovate Bot added the c: dependencies Pull requests that adds/updates a dependency label Apr 21, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026
edited
Loading

Thank you for following the naming conventions! 🙏

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 21, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​commitlint/​core@​20.5.3731005497100
Added@​types/​eslint-plugin-tailwindcss@​3.17.01001006579100
Addedbrowserslist-config-anolilab@​9.0.0661009489100
Added@​types/​eslint-plugin-jsx-a11y@​6.10.11001006880100
Added@​textlint-rule/​textlint-rule-preset-google@​0.1.2701008575100
Added@​stylistic/​eslint-plugin-migrate@​4.4.1941007082100
Added@​typescript-eslint/​parser@​8.59.11001007198100
Added@​tanstack/​eslint-plugin-router@​1.161.61001007295100
Updated@​anolilab/​semantic-release-preset@​13.4.9 ⏵ 13.4.107210010096 +1100
Added@​total-typescript/​ts-reset@​0.6.11001007380100
Added@​commitlint/​cli@​20.5.31001007397100
Added@​unocss/​eslint-plugin@​66.6.81001007393100
Added@​visulima/​tsconfig@​2.1.373100999680
Added@​tanstack/​eslint-plugin-query@​5.100.910010075100100
Added@​visulima/​packem@​2.0.0-alpha.767510010096100
Added@​stylistic/​eslint-plugin@​5.10.01001007592100
Addedcz-conventional-changelog@​3.3.0991008975100
Addedcaniuse-lite@​1.0.300017921001007696100
Added@​e18e/​eslint-plugin@​0.4.17710010091100
Added@​stylistic/​eslint-plugin-ts@​4.4.11001007782100
Added@​html-eslint/​parser@​0.60.01001007792100
Added@​types/​eslint@​9.6.11001007880100
Added@​ospm/​eslint-plugin-react-unhookify@​1.0.27810010086100
Added@​vitest/​coverage-v8@​4.1.5991007999100
Added@​types/​confusing-browser-globals@​1.0.31001009679100
Added@​html-eslint/​eslint-plugin@​0.60.0991008095100
Added@​visulima/​package@​4.1.7841001009680
Addedcross-env@​10.1.010010010082100
Added@​eslint-community/​eslint-plugin-eslint-comments@​4.7.11001008284100
Updated@​anolilab/​semantic-release-pnpm@​8.1.8 ⏵ 8.1.98410010096 +1100
Added@​textlint-rule/​textlint-rule-no-invalid-control-character@​3.0.09910010084100
Added@​textlint-rule/​textlint-rule-no-unmatched-pair@​2.0.41001009885100
Addedcommitizen@​4.3.19910010085100
See 15 more rows in the dashboard

View full report

@renovate
fix(deps): update patch updates
6cdd842 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
@renovate renovate Bot force-pushed the renovate/patch-patch-updates branch from e18294b to 6cdd842 Compare May 9, 2026 22:20
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 10, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@prisis prisis merged commit 7b1116a into main May 18, 2026
7 of 9 checks passed
@prisis prisis deleted the renovate/patch-patch-updates branch May 18, 2026 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisis prisis Awaiting requested review from prisis prisis is a code owner

Assignees

No one assigned

Labels

c: dependencies Pull requests that adds/updates a dependency package: lint-staged-config

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@prisis