Skip to content

build(deps): bump lru-cache from 11.3.6 to 11.5.0#127

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/lru-cache-11.5.0
Closed

build(deps): bump lru-cache from 11.3.6 to 11.5.0#127
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/lru-cache-11.5.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 20, 2026

Bumps lru-cache from 11.3.6 to 11.5.0.

Changelog

Sourced from lru-cache's changelog.

cringe lorg

11.5

  • Add backgroundFetchSize option, defaulting to 1, to set an effective size for provisional background fetch objects while in flight, if they do not shadow an existing stale entry.

11.4

  • Add cache property to status objects, in order to differentiate which cache is emitting the metric or trace.
  • Several small bugs regarding fetch behavior edge cases.
    • onInsert does not fire for background fetch internal promises.
    • dispose() and disposeAfter() now fire for the stale value left behind when an in-process background fetch is pre-empted by eviction.
    • fetchMethod that returns a non-Promise value is handled correctly.
    • No Error is created, or abort() signaled, when a background fetch promise is resolved. (Presumably the implementation is done by that point.)

11.3

  • Add observability features, expand the coverage of LRUCache.Status objects.

11.2

  • Add the perf option to specify performance, Date, or any other object with a now() method that returns a number.

11.1

  • Add the onInsert method

11.0

  • Drop support for node less than v20

10.4

  • Accidental minor update, should've been patch.

10.3

  • add forceFetch() method
  • set disposeReason to 'expire' when it's the result of a TTL

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump lru-cache from 11.3.6 to 11.5.0
594af14 
Bumps [lru-cache](https://github.com/isaacs/node-lru-cache) from 11.3.6 to 11.5.0.
- [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-lru-cache@v11.3.6...v11.5.0)

---
updated-dependencies:
- dependency-name: lru-cache
  dependency-version: 11.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 20, 2026
@dependabot dependabot Bot requested a review from theagenticguy as a code owner May 20, 2026 13:14
@theagenticguy theagenticguy mentioned this pull request May 28, 2026
Merged
6 tasks
@theagenticguy
Copy link
Copy Markdown
Owner

theagenticguy commented May 28, 2026

Superseded by #137 — consolidated into one merge with the rest of this week's bumps. Lockfile regenerated, full local gate (lint + typecheck + test + banned-strings) is green.

@theagenticguy theagenticguy deleted the dependabot/npm_and_yarn/lru-cache-11.5.0 branch May 28, 2026 16:43
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 28, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

theagenticguy added a commit that referenced this pull request May 28, 2026
@theagenticguy
build(deps): consolidate weekly Dependabot bumps (2026-05-28) (#137)
9e6ccb7 
## Summary

Consolidates the 11 open Dependabot PRs into a single merge to cut CI
churn. Lockfile regenerated and full local gate (`pnpm run check` — lint
+ typecheck + test + banned-strings) is green.

### npm bumps

| Package | From | To |
| --- | --- | --- |
| `@aws-sdk/client-bedrock-runtime` | 3.1045.0 | 3.1054.0 |
| `@aws-sdk/client-sagemaker-runtime` | 3.1045.0 | 3.1054.0 |
| `@duckdb/node-api` | 1.5.2-r.1 | 1.5.2-r.2 |
| `@types/node` (typescript-tooling group) | 25.7.0 | 25.9.1 |
| `astro` | 6.3.3 | 6.3.8 |
| `lefthook` | 2.1.6 | 2.1.8 |
| `lru-cache` | 11.3.6 | 11.5.0 |
| `tsx` | 4.21.0 | 4.22.3 |
| `web-tree-sitter` (tree-sitter group) | 0.26.8 | 0.26.9 |

### github-actions bumps (SHA-pinned)

| Action | From | To |
| --- | --- | --- |
| `github/codeql-action` | v4.35.4 (`68bde55…`) | v4.35.5 (`9e0d7b8…`) |
| `github/codeql-action` (release.yml, codeql-bundle) | `9887d98…` |
`f4d0a7a…` |
| `pnpm/action-setup` | v4.1.0 (`a7487c7…`) | v6.0.8 (`0e279bb…`) |

### Held back

- **license-checker-rseidelsohn 4.4.2 → 5.0.0** — v5 requires Node >= 24
but the repo's `engines.node` is `>=22.0.0` and CI's `node-version`
matrix runs both 22 and 24. Pick this up when the repo drops Node 22
support. PR #135 stays open as a tracking marker if the user prefers;
otherwise it should be closed with a comment.

## Closes

#123, #124, #125, #126, #127, #128, #129, #133, #134, #136

(also supersedes #135 modulo the Node 22 caveat above)

## Test plan

- [x] `pnpm install --no-frozen-lockfile` (lockfile regen clean)
- [x] `pnpm run lint` — biome clean across 670 files
- [x] `pnpm run typecheck` — clean across all 19 workspace projects
- [x] `pnpm run test` — 1959 tests, 0 failures across 16 packages
- [x] `pnpm run banned-strings` — PASS
- [ ] CI green on Node 22 + Node 24 matrix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theagenticguy theagenticguy Awaiting requested review from theagenticguy theagenticguy is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theagenticguy