chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@types/node (source)	18.16.18 -> 18.16.19					devDependencies	patch
@typescript-eslint/eslint-plugin	5.59.11 -> 5.60.1					devDependencies	minor
@typescript-eslint/parser	5.59.11 -> 5.60.1					devDependencies	minor
@vitest/utils (source)	0.32.2 -> 0.32.4					devDependencies	patch
cross-fetch	3.1.6 -> 3.1.8					devDependencies	patch
eslint (source)	8.43.0 -> 8.44.0					devDependencies	minor
google-github-actions/release-please-action	v3.7.9 -> v3.7.10					action	patch
node	18.16.0 -> 18.16.1						patch
pnpm (source)	8.6.2 -> 8.6.5					packageManager	patch
typescript (source)	5.1.3 -> 5.1.6					devDependencies	patch

---

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v5.60.1

Compare Source

Note: Version bump only for package @​typescript-eslint/eslint-plugin

You can read about our versioning strategy and releases on our website.

v5.60.0

Compare Source

Features

• eslint-plugin: [restrict-plus-operands] add allow* options (#​6161) (def09f8)

5.59.11 (2023-06-12)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.10 (2023-06-12)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.9 (2023-06-05)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.8 (2023-05-29)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.7 (2023-05-22)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.6 (2023-05-15)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.5 (2023-05-08)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.4 (2023-05-08)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.3 (2023-05-08)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.2 (2023-05-01)

Note: Version bump only for package @​typescript-eslint/eslint-plugin

5.59.1 (2023-04-24)

Bug Fixes

• eslint-plugin: [prefer-regexp-exec] skip malformed regexes (#​6935) (05ed60e)
• eslint-plugin: [unified-signatures] no parameters function (#​6940) (2970861)

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v5.60.1

Compare Source

Note: Version bump only for package @​typescript-eslint/parser

You can read about our versioning strategy and releases on our website.

v5.60.0

Compare Source

Note: Version bump only for package @​typescript-eslint/parser

5.59.11 (2023-06-12)

Note: Version bump only for package @​typescript-eslint/parser

5.59.10 (2023-06-12)

Note: Version bump only for package @​typescript-eslint/parser

5.59.9 (2023-06-05)

Note: Version bump only for package @​typescript-eslint/parser

5.59.8 (2023-05-29)

Note: Version bump only for package @​typescript-eslint/parser

5.59.7 (2023-05-22)

Note: Version bump only for package @​typescript-eslint/parser

5.59.6 (2023-05-15)

Note: Version bump only for package @​typescript-eslint/parser

5.59.5 (2023-05-08)

Note: Version bump only for package @​typescript-eslint/parser

5.59.4 (2023-05-08)

Note: Version bump only for package @​typescript-eslint/parser

5.59.3 (2023-05-08)

Note: Version bump only for package @​typescript-eslint/parser

5.59.2 (2023-05-01)

Note: Version bump only for package @​typescript-eslint/parser

5.59.1 (2023-04-24)

Note: Version bump only for package @​typescript-eslint/parser

vitest-dev/vitest (@​vitest/utils)

v0.32.4

Compare Source

   🐞 Bug Fixes

• browser: Correctly optimize CJS dependencies  -  by @​sheremet-va (3d090)

    View changes on GitHub

v0.32.3

Compare Source

   🚀 Features

• Add concurrent option to sequence config  -  by @​fenghan34 and @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3604 (f427f)
• Introduce global configuration for retry setting  -  by @​imentu and @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3598 and https://github.com/vitest-dev/vitest/issues/3603 (9a117)
• Don't rely on util package in @​vitest/utils  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3685 (f91da)
• Support accessing other fixtures in fixture function  -  by @​fenghan34 in https://github.com/vitest-dev/vitest/issues/3651 (1621c)
• Support use function/class as bench name  -  by @​fenghan34 in https://github.com/vitest-dev/vitest/issues/3711 (a749a)
• reporters: Show full test suite when testing 1 spec file at a time  -  by @​Dunqing in https://github.com/vitest-dev/vitest/issues/3543 (7531c)
• runner: Support test.extend  -  by @​fenghan34 in https://github.com/vitest-dev/vitest/issues/3554 (2db1a)

   🐞 Bug Fixes

• Remove "concordance" from dependencies list  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3597 (969dc)
• Show diff correctly  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3620 (73dd4)
• Util import  -  by @​fubhy in https://github.com/vitest-dev/vitest/issues/3621 (2fb4c)
• Compat with frozen Math  -  by @​turadg in https://github.com/vitest-dev/vitest/issues/3527 (0db67)
• CTRL+C to terminate run  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/3642 (fa663)
• Run mode stuck in TTY terminals  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/3690 (141a8)
• Use first stack frame in json reporter  -  by @​tim-smart in https://github.com/vitest-dev/vitest/issues/3645 (80ea7)
• Print actual number for toBeCalledTimes  -  by @​antfu in https://github.com/vitest-dev/vitest/issues/3696 (d3640)
• benchmark:
  • Don't fail when running correct benchmarks  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3629 (edad9)
• browser:
  • Correctly print diff  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3627 (d756e)
  • Esm injector doesn't replace class expressions  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3641 (5c0ac)
  • Transform superclass identifier  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3681 (a1e04)
• coverage:
  • v8 to prevent crash on dynamic CJS files  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/3657 (40f18)
• runner:
  • Make the default value of retry and repeats 0  -  by @​Dunqing in https://github.com/vitest-dev/vitest/issues/3638 (6d146)
• utils:
  • Respect all flags in format function  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3695 (91e16)
• watch:
  • Cancel using h key  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/3618 (60c36)

    View changes on GitHub

lquixada/cross-fetch (cross-fetch)

v3.1.8

Compare Source

v3.1.7

Compare Source

eslint/eslint (eslint)

v8.44.0

Compare Source

Features

• 1766771 feat: add es2023 and es2024 environments (#​17328) (Milos Djermanovic)
• 4c50400 feat: add ecmaVersion: 2024, regexp v flag parsing (#​17324) (Milos Djermanovic)
• 4d411e4 feat: add ternaryOperandBinaryExpressions option to no-extra-parens rule (#​17270) (Percy Ma)
• c8b1f4d feat: Move parserServices to SourceCode (#​17311) (Milos Djermanovic)
• ef6e24e feat: treat unknown nodes as having the lowest precedence (#​17302) (Brad Zacher)
• 1866e1d feat: allow flat config files to export a Promise (#​17301) (Milos Djermanovic)

Bug Fixes

• a36bcb6 fix: no-unused-vars false positive with logical assignment operators (#​17320) (Gweesin Chan)
• 7620b89 fix: Remove no-unused-labels autofix before potential directives (#​17314) (Francesco Trotta)
• 391ed38 fix: Remove no-extra-semi autofix before potential directives (#​17297) (Francesco Trotta)

Documentation

• 526e911 docs: resubmit pr 17115 doc changes (#​17291) (唯然)
• e1314bf docs: Integration section and tutorial (#​17132) (Ben Perlmutter)
• 19a8c5d docs: Update README (GitHub Actions Bot)

Chores

• 49e46ed chore: upgrade @​eslint/js@​8.44.0 (#​17329) (Milos Djermanovic)
• a1cb642 chore: package.json update for @​eslint/js release (ESLint Jenkins)
• 840a264 test: More test cases for no-case-declarations (#​17315) (Elian Cordoba)
• e6e74f9 chore: package.json update for eslint-config-eslint release (ESLint Jenkins)
• eb3d794 chore: upgrade semver@7.5.3 (#​17323) (Ziyad El Abid)
• cf88439 chore: upgrade optionator@0.9.3 (#​17319) (Milos Djermanovic)
• 9718a97 refactor: remove unnecessary code in flat-eslint.js (#​17308) (Milos Djermanovic)
• f82e56e perf: various performance improvements (#​17135) (moonlightaria)
• da81e66 chore: update eslint-plugin-jsdoc to 46.2.5 (#​17245) (唯然)
• b991640 chore: switch eslint-config-eslint to the flat format (#​17247) (唯然)

google-github-actions/release-please-action (google-github-actions/release-please-action)

v3.7.10

Compare Source

Bug Fixes

• bump release-please from 15.10.4 to 15.11.0 (#​778) (18e5fcf)

nodejs/node (node)

v18.16.1: 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
• CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
• CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
• CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
• CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 28th March.
  • OpenSSL security advisory 20th April.
  • OpenSSL security advisory 30th May
• c-ares vulnerabilities:
  • GHSA-9g78-jv2r-p7vc
  • GHSA-8r8p-23f3-64c2
  • GHSA-54xr-f67r-4pc4
  • GHSA-x6mf-cxr9-8q6v

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

• [bf3e2c8928] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#​393
• [70f9449072] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #​48156
• [35d4efb57b] - deps: update c-ares to 1.19.1 (RafaelGSS) #​48115
• [392dfedc77] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #​48402
• [46cd5fe38b] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #​48402
• [7e3d2d85c2] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#​426
• [4ff6ba050a] - http: disable request smuggling via rempty headers (Paolo Insogna) nodejs-private/node-private#​428
• [ab269129a6] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#​408
• [925e8f5619] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#​416
• [d6fae8e47e] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #​47851

pnpm/pnpm (pnpm)

v8.6.5

Compare Source

Patch Changes

• Improve the performance of searching for auth tokens #​6717.

Our Gold Sponsors

Our Silver Sponsors

v8.6.4

Compare Source

Patch Changes

• In cases where both aliased and non-aliased dependencies exist to the same package, non-aliased dependencies will be used for resolving peer dependencies, addressing issue #​6588.
• Ignore the port in the URL, while searching for authentication token in the .npmrc file #​6354.
• Don't add the version of a local directory dependency to the lockfile. This information is not used anywhere by pnpm and is only causing more Git conflicts #​6695.

Our Gold Sponsors

Our Silver Sponsors

v8.6.3

Compare Source

Patch Changes

• When running a script in multiple projects, the script outputs should preserve colours #​2148.
• Don't crash when the APPDATA env variable is not set on Windows #​6659.
• Don't fail when a package is archived in a tarball with malformed tar headers #​5362.
• Peer dependencies of subdependencies should be installed, when node-linker is set to hoisted #​6680.
• Throw a meaningful error when applying a patch to a dependency fails.
• pnpm update --global --latest should work #​3779.
• pnpm license ls should work even when there is a patched git protocol dependency #​6595

Our Gold Sponsors

Our Silver Sponsors

Microsoft/TypeScript (typescript)

v5.1.5: TypeScript 5.1.5

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript v5.1.0 (Beta).
• fixed issues query for Typescript v5.1.1 (RC).
• fixed issues query for Typescript v5.1.2 (Stable).
• fixed issues query for Typescript v5.1.3 (Stable).
• (5.1.4 intentionally skipped)
• fixed issues query for Typescript v5.1.5 (Stable).

Downloads are available on:

• npm
• NuGet package

---

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.