Skip to content

fix(deps): update all non-major dependencies#343

Merged
kriszyp merged 3 commits intomainfrom
renovate/all-minor-patch
Apr 14, 2026
Merged

fix(deps): update all non-major dependencies#343
kriszyp merged 3 commits intomainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 13, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@aws-sdk/client-s3 (source) 3.1013.03.1024.0 age confidence dependencies minor 3.1029.0 (+4)
@aws-sdk/lib-storage (source) 3.964.03.1024.0 age confidence dependencies minor 3.1029.0 (+4)
@datadog/pprof 5.13.55.14.1 age confidence dependencies minor
@typescript-eslint/parser (source) 8.57.08.58.0 age confidence devDependencies minor 8.58.1
alasql 4.6.64.17.1 age confidence dependencies minor 4.17.2
docker/login-action v4.0.0v4.1.0 age confidence action minor
fastify (source) 5.8.25.8.4 age confidence dependencies patch
fs-extra 11.3.311.3.4 age confidence dependencies patch
graphql 16.13.116.13.2 age confidence dependencies patch
lodash (source) 4.17.234.18.1 age confidence dependencies minor
needle 3.3.13.5.0 age confidence dependencies minor
node-forge 1.3.31.4.0 age confidence dependencies minor
oxlint (source) 1.52.01.58.0 age confidence devDependencies minor 1.60.0 (+1)
pino (source) 8.16.08.21.0 age confidence dependencies minor
pkijs 3.2.53.4.0 age confidence dependencies minor
prettier (source) ~3.7.3~3.8.0 age confidence devDependencies minor 3.8.2
semver 7.7.37.7.4 age confidence dependencies patch
sinon (source) 21.0.221.0.3 age confidence devDependencies patch 21.1.2 (+2)
typescript-eslint (source) 8.57.08.58.0 age confidence devDependencies minor 8.58.1
undici (source) 7.24.57.24.7 age confidence devDependencies patch 7.25.0 (+1)
ws 8.18.38.20.0 age confidence dependencies minor
yaml (source) 2.8.22.8.3 age confidence dependencies patch

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1021.0

Compare Source

Bug Fixes
  • codegen: sync for adaptive retry throttling detection fix (#​7905) (03f108d)
Features
  • client-s3: Add Bucket Metrics configuration support to directory buckets (67ff7cc)

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1015.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

aws/aws-sdk-js-v3 (@​aws-sdk/lib-storage)

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1021.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1015.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1013.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1012.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1011.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1010.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1009.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1008.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1007.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1006.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1005.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1004.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1003.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1002.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1001.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.1000.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.999.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.998.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.997.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.996.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.995.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.994.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.993.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.992.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.991.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.990.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.989.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.988.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.987.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.986.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.985.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.984.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.983.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.982.0

Compare Source

Bug Fixes
  • middleware-websocket: establish stream pipeline prior to continuing with request (#​7704) (52b25e8)

v3.981.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.980.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.978.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.975.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.974.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.972.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.971.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.970.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.969.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.968.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.967.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.966.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

v3.965.0

Compare Source

Note: Version bump only for package @​aws-sdk/lib-storage

DataDog/pprof-nodejs (@​datadog/pprof)

v5.14.1

Compare Source

v5.14.0

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.58.0

Compare Source

🚀 Features
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

alasql/alasql (alasql)

v4.17.1

Compare Source

v4.17.0: 2026-01-09

Compare Source

What's Changed

  • Add multi-column user-defined aggregate functions to close #​1966
  • Add SEPARATOR clauses and fix ORDER BY for GROUP_CONCAT to close #​2413
  • Improve UNION to support parenthesised SELECT and ORDER BY to close #​2414
  • Fix aggregate functions (COUNT/MAX/MIN) for PARTITION BY to close #​2408
  • Fix CSV importer to respect column-type to close #​1181
  • Fix GROUP BY with aliased expressions to close #​1968
  • Fix UNION ALL across NOT IN clause to close #​1146
  • Make CLOSE a context-aware keyword to close #​2248
  • Make OPEN a context-aware keyword to close #​2224

New Contributors

Full Changelog: AlaSQL/alasql@v4.16.0...v4.17.0

v4.16.0: 2025-12-23

Compare Source

What's Changed

  • Add grammar stub for transactions when using IndexedDB to close #​1969
  • Fix output when reusing aggregate function to close #​1147
  • Fix subqueries for CREATE VIEW to close #​1154
  • Fix NULL values for GROUP_CONCAT to close #​1259

Full Changelog: AlaSQL/alasql@v4.15.0...v4.16.0

v4.15.0: 2025-12-22

Compare Source

What's Changed

  • Add support for SEARCH INTO $variable to close #​2363
  • Fix key properties for column objects on table-level constraints to close #​1643
  • Fix trigger CALL for row data parameters (#​2377)
  • Make PATH a context-aware keyword to close #​2222
  • Make DELETED and INSERTED context-aware keywords to close #​2237
  • Make KEY a context-aware keyword to close #​2227
  • Make ORDER a context-aware keyword to close #​2223

Full Changelog: AlaSQL/alasql@v4.14.0...v4.15.0

v4.14.0: 2026-12-16

Compare Source

What's Changed

  • Add support for quoted table alias to close #​606
  • Add support for all SQL operations on anonymous data tables to close #​2348

Full Changelog: AlaSQL/alasql@v4.13.0...v4.14.0

v4.13.0: 2015-12-14

Compare Source

What's Changed

  • Add UNNEST function to close #​2141
  • Fix DEFAULT values when FILESTORAGE and LOCALSTORAGE to close #​1848

Full Changelog: AlaSQL/alasql@v4.12.0...v4.13.0

v4.12.0: 2025-12-13

Compare Source

What's Changed

  • Add support for comma-separated tables in CROSS JOIN ... USING/ON syntax to close #​130
  • Add support for INSERT INTO table SET col = val syntax to close #​136
  • Add support for INSERT IGNORE syntax to close #​143
  • Add parser support for ON DELETE and ON UPDATE CASCADE to close #​897
  • Fix async callback for XLSX export to close #​107
  • Fix negative numbers in JSON contexts to close #​475
  • Fix joinstar options for inline data to closer #​1004
  • Fix SELECT for columns from JOINed inline data to close #​1985
  • Fix UPDATE on tables with PK when data is directly assigned to close #​1989
  • Fix TypeScript type resolution to close #​2317

Full Changelog: AlaSQL/alasql@v4.11.0...v4.12.0

v4.11.0: 2025-12-07

Compare Source

What's Changed

  • Add BREAK/CONTINUE and LEAVE/ITERATE statements to close #​37
  • Add OUTPUT for INSERT/DELETE/UPDATE to close #​48
  • Add bitwise operations to close #​155
  • Improve implicit JOIN performance to close #​188
  • Add support for recursive CTE (Common Table Expression) to close #​200
  • Add WITH ROLLUP and WITH CUBE syntax to close #​292
  • Fix UNION ALL for HTML tables to close #​485
  • Fix XML character escape in XLSXML export to close #​525
  • Add support for table-prefixed columns in arithmetic expressions for GROUP BY to close #​536
  • Fix ORDER BY in INTERSECT/EXCEPT queries to close #​635
  • Improve errors for async IndexedDB operations to close #​845
  • Add support for @​ symbol in column names with backticks and qualified syntax to close #​884
  • Fix GROUP BY across columns with same name to close #​941
  • Throw error for invalid column names to close #​1173
  • Add support for table names starting with numbers to close #​1185
  • Add nested JSON output from arrow notation via INTO OBJECT() to close #​1278
  • Add REGEXP support for MySQL style word boundaries to close #​1384
  • Fix numbers in REPLACE() to close #​1455
  • Fix (NOT) IN for empty sets to close #​1529
  • Fix RECORDSET for no rows to close #​1547
  • Fix ORDER BY use of quoted column names to close #​2039
  • Fix RECORDSET for computed columns after SELECT * to close #​2070
  • Add subquery caching with correlation check to close #​2280

Full Changelog: AlaSQL/alasql@v4.10.1...v4.11.0

v4.10.1: 2025-11-21

Compare Source

What's Changed

  • ORDER BY clause for multiple UNIONs to fix #​7 after 11 years and 11 days
  • Let SELECT * INTO SQL() handle NULL values to fix #​42 after 10 years, 10 months and 7 days
  • ORDER BY with numeric column ref on SELECT * to fix #​125 after 10 years, 7 months and 4 days
  • Use DISTINCT with object values in SELECT and SEARCH to fix #​167 after 10 years, 6 months and 12 days
  • Support BETWEEN operator in CASE statement to fix #​735 after 9 years, 3 months, and 4 days
  • Allow nested subqueries for IN clause to fix #​847 after 8 years, 7 months and 29 days
  • Support import of multi-sheet XLSX to fix #​848 after 8 years, 7 months and 29 days
  • Let SERIAL columns handle explicitly provided values including NULL to fix #​895 after 8 years, 4 months and 28 days
  • Let UNIQUE constraint support JSON properties and expressions to fix #​925 after 8 years, 3 months, and 18 days
  • Update indexes when bulk loading data to fix #​1027 after 7 years, 4 months and 17 days
  • Support ROW_NUMBER() OVER (PARTITION BY) syntax for row numbering to fix #​1126 after 6 years, 3 months and 5 days
  • Let INSERT INTO SELECT FROM overwrite data with defaults to fix #​1484 after 6 years, 3 months and 5 days
  • Avoid timezone challenge for test408 to accomodate #​1587 after 2 years and 11 months.
  • Extract compiled JS from SQL to fix #​2169 7 days
  • Let CREATE INDEX support qualified table names to fix #​2184 after 2 days
  • Qualified table names for SHOW COLUMNS and SHOW INDEX to fix #​2200 after 16 hours

New Contributors

  • Thank you to Github for sponsoring @​Copilot who made their first contributions and helped nail issues with a combined age of 109 years, 1 month and 28 days from guiding it for a few hours. #theFutureIsNow

Full Changelog: AlaSQL/alasql@v4.9.0...v4.10.1

v4.10.0

Compare Source

v4.9.0: 2025-11-12

Compare Source

What's Changed

  • Regression of piping data via txt() in CLI mode to fix #​2149

New Contributors

Full Changelog: AlaSQL/alasql@v4.8.0...v4.9.0

v4.8.0: 2025-11-04

Compare Source

What's Changed

  • Support MAX on dates to fix #​2147
  • Let ROUND of NULL be undefined to fix #​2155

Also

  • Thank you to @​t-wy for lots of well documented questions and challenges.

Full Changelog: AlaSQL/alasql@v4.7.0...v4.8.0

v4.7.0: 2025-11-03

Compare Source

What's Changed

Also

  • Thanks to @​garyg1 making their first contribution and helping the quality of the readme info.

Full Changelog: AlaSQL/alasql@v4.6.6...v4.7.0

docker/login-action (docker/login-action)

v4.1.0

Compare Source

Full Changelog: docker/login-action@v4.0.0...v4.1.0

fastify/fastify (fastify)

v5.8.4

Compare Source

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

Compare Source

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

New Contributors

Full Changelog: fastify/fastify@v5.8.2...v5.8.3

jprichardson/node-fs-extra (fs-extra)

v11.3.4

Compare Source

  • Fix bug where calling ensureSymlink/ensureSymlinkSync with a relative srcPath would fail if the symlink already existed (#​1038, #​1064)
graphql/graphql-js (graphql

Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "before 9am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested review from a team as code owners April 13, 2026 04:28
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 13, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​typescript-eslint/​parser@​8.57.0 ⏵ 8.58.0100 +110071 +198100
Updatedundici@​7.24.5 ⏵ 7.24.772 +1100100 +197 -1100
Updatedtypescript-eslint@​8.57.0 ⏵ 8.58.01001007498100
Updatedlodash@​4.17.23 ⏵ 4.18.176 +1100 +1887 +190100
Updatednode-forge@​1.3.3 ⏵ 1.4.095 +1100 +401008970
Updated@​aws-sdk/​lib-storage@​3.964.0 ⏵ 3.1024.0100 +11008598 +1100
Updatedneedle@​3.3.1 ⏵ 3.5.099100100 +186 -2100
Updatedsemver@​7.7.3 ⏵ 7.7.410010010086100
Updatedfs-extra@​11.3.3 ⏵ 11.3.4100 +110010087100
Updatedpkijs@​3.2.5 ⏵ 3.4.099 +110095 +289 +4100
Updatedyaml@​2.8.2 ⏵ 2.8.399 +1100 +210090100
Updatedws@​8.18.3 ⏵ 8.20.09810010090100
Updatedprettier@​3.7.4 ⏵ 3.8.29010097 +195100
Updatedpino@​8.16.0 ⏵ 8.21.098 +110010090100
Updatedsinon@​21.0.2 ⏵ 21.0.397 +110098 +191100
Updatedoxlint@​1.52.0 ⏵ 1.58.099 +110091 +196 +2100
Updated@​datadog/​pprof@​5.13.5 ⏵ 5.14.192100100 +194 -1100
Updatedgraphql@​16.13.1 ⏵ 16.13.29710010096100
Updatedfastify@​5.8.2 ⏵ 5.8.499 +1100 +210097100
Updated@​aws-sdk/​client-s3@​3.1013.0 ⏵ 3.1024.098 +1100100 +198 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 13, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

kriszyp
kriszyp reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@kriszyp kriszyp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah to most of this stuff, but clearly the alasql upgrade broke a bunch of SQL stuff.

@dawsontoth
Copy link
Copy Markdown
Contributor

dawsontoth commented Apr 13, 2026

Should we configure renovate to ignore that specific dep's updates?

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 62664ae to 18ac46b Compare April 13, 2026 13:25
@kriszyp
Copy link
Copy Markdown
Member

kriszyp commented Apr 13, 2026

Should we configure renovate to ignore that specific dep's updates?

Sure, if that's the recommended way to note that we know newer versions are breaking and will require code updates to upgrade. (I remember when that was as simple as removing the ^, but alas, modern dep management)

@dawsontoth dawsontoth force-pushed the renovate/all-minor-patch branch from 18ac46b to 5743296 Compare April 13, 2026 16:11
@dawsontoth
Copy link
Copy Markdown
Contributor

dawsontoth commented Apr 13, 2026

I backed out the alasql changes and put them in their own group. It will create a separate PR for us to evaluate it when capacity allows.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 5743296 to 2c72f72 Compare April 13, 2026 16:12
@dawsontoth
Copy link
Copy Markdown
Contributor

dawsontoth commented Apr 13, 2026

well that was odd -- it usually stops when it detects commits from me, lol. It just force pushed over my force push 😆

@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Apr 13, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

dawsontoth
dawsontoth approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dawsontoth dawsontoth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The checks look a lot happier now!

@dawsontoth dawsontoth requested a review from kriszyp April 13, 2026 16:37
kriszyp
kriszyp approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@kriszyp kriszyp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thank you!

@kriszyp
Copy link
Copy Markdown
Member

kriszyp commented Apr 13, 2026

And #347 for follow-up.

@dawsontoth
Copy link
Copy Markdown
Contributor

dawsontoth commented Apr 13, 2026

@kriszyp i updated the renovate rules so that alasql will have separate PRs for its updates, making us scrutinize them a bit more.

@kriszyp kriszyp merged commit ff8987b into main Apr 14, 2026
36 of 37 checks passed
@kriszyp kriszyp deleted the renovate/all-minor-patch branch April 14, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kriszyp kriszyp kriszyp approved these changes

@cb1kenobi cb1kenobi cb1kenobi approved these changes

@dawsontoth dawsontoth dawsontoth approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dawsontoth @kriszyp @cb1kenobi