Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 21 updates#161

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-0712a6f116
Closed

chore(deps): bump the minor-and-patch group across 1 directory with 21 updates#161
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-0712a6f116

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 21 updates in the / directory:

Package From To
eslint 10.5.0 10.6.0
eslint-plugin-import-x 4.16.2 4.17.1
globals 17.6.0 17.7.0
lint-staged 17.0.7 17.0.8
typescript-eslint 8.61.1 8.62.1
@hono/node-server 2.0.5 2.0.6
@sentry/node 10.59.0 10.63.0
@simplewebauthn/server 13.3.1 13.3.2
hono 4.12.26 4.12.27
node-cron 4.4.1 4.5.0
nodemailer 9.0.1 9.0.3
puppeteer 25.1.0 25.3.0
@playwright/test 1.61.0 1.61.1
@sentry/react 10.59.0 10.63.0
@tailwindcss/vite 4.3.1 4.3.2
@tanstack/react-virtual 3.14.3 3.14.5
react-hook-form 7.79.0 7.80.0
react-router-dom 7.18.0 7.18.1
tailwindcss 4.3.1 4.3.2
@vitejs/plugin-react 6.0.2 6.0.3
vite 8.0.16 8.1.2

Updates eslint from 10.5.0 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)
Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates eslint-plugin-import-x from 4.16.2 to 4.17.1

Release notes

Sourced from eslint-plugin-import-x's releases.

v4.17.1

Patch Changes

  • #498 cf25a01 Thanks @​marcalexiei! - fix(extensions): don't require an extension for package subpaths that resolve to a .d.ts (e.g. vitest/config)

v4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Changelog

Sourced from eslint-plugin-import-x's changelog.

4.17.1

Patch Changes

  • #498 cf25a01 Thanks @​marcalexiei! - fix(extensions): don't require an extension for package subpaths that resolve to a .d.ts (e.g. vitest/config)

4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Commits
  • b767b8c chore: release eslint-plugin-import-x (#499)
  • cf25a01 fix(extensions): don't require extension for package subpaths resolving to .d...
  • b543300 docs: document the esmodule option for no-dynamic-require rule (#496)
  • 7578513 chore: release eslint-plugin-import-x (#472)
  • e3cc7e4 fix: strip querystrings and hash fragments when checking for file existence (...
  • 9a07009 fix: make extensions rule check Node.js subpath imports (#484)
  • 3e13121 fix: memoize legacyNodeResolve resolver to avoid native memory leak (#481)
  • fce29b1 fix(deps): replace @​package-json/types with an inline minimal type (#476)
  • 1c84235 fix: handle access errors during case checks (#494)
  • 96222bf chore: drop unused tmp (#487)
  • Additional commits viewable in compare view

Updates globals from 17.6.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

  • Update globals (2026-06-22) (#345) 33b75f9

sindresorhus/globals@v17.6.0...v17.7.0

Commits

Updates lint-staged from 17.0.7 to 17.0.8

Release notes

Sourced from lint-staged's releases.

v17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Changelog

Sourced from lint-staged's changelog.

17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Commits
  • 5f3b8f2 Merge pull request #1812 from lint-staged/changeset-release/main
  • 43a9b8d chore(changeset): release
  • 630e2f6 Merge pull request #1809 from lint-staged/restore-merge-status
  • 179b437 fix: restore Git merge status after creating backup stash
  • 6bae2e2 Merge pull request #1811 from lint-staged/exec-git-ignore-stderr
  • b82a830 ci: run npm audit omitting dev, including prod dependencies
  • 0b19b80 build(deps): update dependencies
  • 3d0b2c0 fix: ignore stderr when doing Git operations
  • See full diff in compare view

Updates typescript-eslint from 8.61.1 to 8.62.1

Release notes

Sourced from typescript-eslint's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.62.1 (2026-06-29)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @hono/node-server from 2.0.5 to 2.0.6

Release notes

Sourced from @​hono/node-server's releases.

v2.0.6

What's Changed

Full Changelog: honojs/node-server@v2.0.5...v2.0.6

Commits
  • ff75c61 2.0.6
  • 814720f fix: preserve status and statusText when cloning a Response with live headers...
  • a76209a ci: use npm Staged publishing (#364)
  • 44c365a ci: publish to npm from CI with OIDC trusted publishing and bump np (#361)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​hono/node-server since your current version.


Updates @sentry/node from 10.59.0 to 10.63.0

Release notes

Sourced from @​sentry/node's releases.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 26.97 KB
@​sentry/browser - with treeshaking flags 25.44 KB

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

... (truncated)

Commits
  • 2362e9f release: 10.63.0
  • 5b51d5e Merge pull request #21874 from getsentry/prepare-release/10.63.0
  • 4e16503 meta(changelog): Update changelog for 10.63.0
  • 690f778 test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21...
  • 429cdaf test(node-integration-tests): Fix flaky postgresjs basic transaction/error or...
  • 35998e6 test(e2e/hono): Isolate request-data extraction tests onto a dedicated route ...
  • 88e7ad5 feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#...
  • e316151 ref(server-utils): Move mysql orchestrion integration onto bindTracingChannel...
  • e7c24a5 feat(server-utils): Restore caller context for callback tracing channels (#21...
  • bf21b16 fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#...
  • Additional commits viewable in compare view

Updates @simplewebauthn/server from 13.3.1 to 13.3.2

Release notes

Sourced from @​simplewebauthn/server's releases.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Changelog

Sourced from @​simplewebauthn/server's changelog.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Commits
  • 84656ff Update version to 13.3.2
  • dd0d73c Fail cert path validation closed instead
  • 213e9ba Add test for failure to chain to trust anchor
  • 989507a Add tests for notAfter enforcement
  • b55f4b9 Move explanation into test
  • 7bed04c Update comments around cert chain validity
  • 6ee9644 Add new tests
  • c23890a Update existing test to use helpers
  • 8d02ed4 Add X.509 cert helpers for tests
  • 8a53d70 Use X509ChainBuilder for chain validation
  • Additional commits viewable in compare view

Updates hono from 4.12.26 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

Commits

Updates node-cron from 4.4.1 to 4.5.0

Release notes

Sourced from node-cron's releases.

v4.5.0

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run.
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday).

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call.
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker.
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search).
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation.
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero.
  • Bundle dist into flat files instead of preserving the module tree (reduces import time).

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression.
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks).
Changelog

Sourced from node-cron's changelog.

[4.5.0] - 2026-06-21

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run. (#557)
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday). (#560)

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call. (#561)
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker. (#562)
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search). (#563)
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation. (#564)
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero. (#565)
  • Bundle dist into flat files instead of preserving the module tree (reduces import time). (#566)

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression. (#567)
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks). (#568)
Commits
  • cd9a5a7 chore(release): 4.5.0 (#569)
  • fbdd883 Rewrite README to surface scheduling capabilities (#568)
  • c80a396 perf(build): bundle di...

    Description has been truncated

…1 updates

Bumps the minor-and-patch group with 21 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [eslint](https://github.com/eslint/eslint) | `10.5.0` | `10.6.0` |
| [eslint-plugin-import-x](https://github.com/un-ts/eslint-plugin-import-x) | `4.16.2` | `4.17.1` |
| [globals](https://github.com/sindresorhus/globals) | `17.6.0` | `17.7.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.7` | `17.0.8` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.61.1` | `8.62.1` |
| [@hono/node-server](https://github.com/honojs/node-server) | `2.0.5` | `2.0.6` |
| [@sentry/node](https://github.com/getsentry/sentry-javascript) | `10.59.0` | `10.63.0` |
| [@simplewebauthn/server](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/server) | `13.3.1` | `13.3.2` |
| [hono](https://github.com/honojs/hono) | `4.12.26` | `4.12.27` |
| [node-cron](https://github.com/node-cron/node-cron) | `4.4.1` | `4.5.0` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `9.0.1` | `9.0.3` |
| [puppeteer](https://github.com/puppeteer/puppeteer) | `25.1.0` | `25.3.0` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` |
| [@sentry/react](https://github.com/getsentry/sentry-javascript) | `10.59.0` | `10.63.0` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.3.1` | `4.3.2` |
| [@tanstack/react-virtual](https://github.com/TanStack/virtual/tree/HEAD/packages/react-virtual) | `3.14.3` | `3.14.5` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.79.0` | `7.80.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.18.0` | `7.18.1` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.1` | `4.3.2` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.2` |



Updates `eslint` from 10.5.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.5.0...v10.6.0)

Updates `eslint-plugin-import-x` from 4.16.2 to 4.17.1
- [Release notes](https://github.com/un-ts/eslint-plugin-import-x/releases)
- [Changelog](https://github.com/un-ts/eslint-plugin-import-x/blob/master/CHANGELOG.md)
- [Commits](un-ts/eslint-plugin-import-x@v4.16.2...v4.17.1)

Updates `globals` from 17.6.0 to 17.7.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.6.0...v17.7.0)

Updates `lint-staged` from 17.0.7 to 17.0.8
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v17.0.7...v17.0.8)

Updates `typescript-eslint` from 8.61.1 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint)

Updates `@hono/node-server` from 2.0.5 to 2.0.6
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v2.0.5...v2.0.6)

Updates `@sentry/node` from 10.59.0 to 10.63.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.59.0...10.63.0)

Updates `@simplewebauthn/server` from 13.3.1 to 13.3.2
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases)
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.2/packages/server)

Updates `hono` from 4.12.26 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.26...v4.12.27)

Updates `node-cron` from 4.4.1 to 4.5.0
- [Release notes](https://github.com/node-cron/node-cron/releases)
- [Changelog](https://github.com/node-cron/node-cron/blob/main/CHANGELOG.md)
- [Commits](node-cron/node-cron@v4.4.1...v4.5.0)

Updates `nodemailer` from 9.0.1 to 9.0.3
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v9.0.1...v9.0.3)

Updates `puppeteer` from 25.1.0 to 25.3.0
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-v25.1.0...puppeteer-v25.3.0)

Updates `@playwright/test` from 1.61.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.61.0...v1.61.1)

Updates `@sentry/react` from 10.59.0 to 10.63.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.59.0...10.63.0)

Updates `@tailwindcss/vite` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-vite)

Updates `@tanstack/react-virtual` from 3.14.3 to 3.14.5
- [Release notes](https://github.com/TanStack/virtual/releases)
- [Changelog](https://github.com/TanStack/virtual/blob/main/packages/react-virtual/CHANGELOG.md)
- [Commits](https://github.com/TanStack/virtual/commits/@tanstack/react-virtual@3.14.5/packages/react-virtual)

Updates `react-hook-form` from 7.79.0 to 7.80.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.79.0...v7.80.0)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `tailwindcss` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `@vitejs/plugin-react` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

Updates `vite` from 8.0.16 to 8.1.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.2/packages/vite)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: eslint-plugin-import-x
  dependency-version: 4.17.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: lint-staged
  dependency-version: 17.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: typescript-eslint
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@hono/node-server"
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@sentry/node"
  dependency-version: 10.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@simplewebauthn/server"
  dependency-version: 13.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: node-cron
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: nodemailer
  dependency-version: 9.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: puppeteer
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@sentry/react"
  dependency-version: 10.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@tanstack/react-virtual"
  dependency-version: 3.14.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-hook-form
  dependency-version: 7.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: vite
  dependency-version: 8.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@aliceout

aliceout commented Jul 3, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 3, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/minor-and-patch-0712a6f116 branch July 3, 2026 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant