fix(deps): update external fixes

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@aws-sdk/client-athena (source)	3.1053.0 → 3.1057.0
@aws-sdk/client-cloudfront (source)	3.1053.0 → 3.1057.0
@aws-sdk/client-s3 (source)	3.1053.0 → 3.1057.0
@aws-sdk/client-s3 (source)	3.1000.0 → 3.1057.0
@aws-sdk/client-s3 (source)	3.1009.0 → 3.1057.0
@aws-sdk/client-secrets-manager (source)	3.1053.0 → 3.1057.0
@aws-sdk/client-sqs (source)	3.1053.0 → 3.1057.0
@babel/core (source)	7.29.0 → 7.29.7
@babel/eslint-parser (source)	7.28.6 → 7.29.7
@babel/plugin-syntax-import-assertions (source)	7.28.6 → 7.29.7
@supabase/postgrest-js (source)	2.106.1 → 2.106.2
@typescript-eslint/eslint-plugin (source)	8.59.4 → 8.60.0
@typescript-eslint/parser (source)	8.59.4 → 8.60.0
date-fns	4.3.0 → 4.4.0
electrodb	3.5.0 → 3.9.0
esmock	2.7.5 → 2.7.6
lint-staged	17.0.5 → 17.0.6
zip-lib	1.3.2 → 1.3.4

---

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-athena)

v3.1057.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1056.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1055.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

v3.1054.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-athena

aws/aws-sdk-js-v3 (@​aws-sdk/client-cloudfront)

v3.1057.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cloudfront

v3.1056.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cloudfront

v3.1055.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cloudfront

v3.1054.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cloudfront

aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)

v3.1057.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1056.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1055.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1054.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

aws/aws-sdk-js-v3 (@​aws-sdk/client-secrets-manager)

v3.1057.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-secrets-manager

v3.1056.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-secrets-manager

v3.1055.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-secrets-manager

v3.1054.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-secrets-manager

aws/aws-sdk-js-v3 (@​aws-sdk/client-sqs)

v3.1057.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1056.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1055.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1054.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

babel/babel (@​babel/core)

v7.29.7

Compare Source

v7.29.6

Compare Source

babel/babel (@​babel/eslint-parser)

v7.29.7

Compare Source

babel/babel (@​babel/plugin-syntax-import-assertions)

v7.29.7

Compare Source

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

supabase/supabase-js (@​supabase/postgrest-js)

v2.106.2

Compare Source

This was a version bump only for @​supabase/postgrest-js to align it with other projects, there were no code changes.

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.60.0

Compare Source

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.60.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

date-fns/date-fns (date-fns)

v4.4.0

Compare Source

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

• DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

• Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

tywalch/electrodb (electrodb)

v3.9.0

Compare Source

Added

• Added a new returnOnConditionCheckFailure execution option for write operations. Instead of throwing when a condition expression fails, the call resolves with { rejected: true }. Pass true to get just the rejection flag, or "all_old" to also receive the existing item under data. The "all_old" mode requires AWS SDK v3, or AWS SDK v2 >= 2.1408.0.

v3.8.0

Compare Source

Added

• Issue #​545; Added support for passing an abortSignal to the go() query options, allowing users to cancel in-flight DynamoDB requests.

Updated

• Issue #​571 Upgrading to jsonschema@​1.5.0 removes the url module entirely in favour of the WHATWG URL global, silencing the warning. Thank you for your first contribution to the project, @​willmizzi!

v3.7.5

Compare Source

• Issue #​554; Fixed hydrate: true returning no items when querying composite type indexes with keys_only or include projections.

v3.7.4

Compare Source

• Issue #​558; Fixed composite index (type: "composite") projection types being too narrow. keys_only returned {} and array projections omitted pk/sk composite attributes from the response type, even though DynamoDB always returns them as native columns. Response types, attributes parameter, and collection queries now correctly include composite key attributes.
• Issue #​559; Fixed composite index query response types marking pk/sk composite attributes as optional even though composite indexes are sparse — items only appear in the index if all key attributes are present, so they are always defined in query results.

v3.7.3

Compare Source

• Issue #​556; Fixed where clause on projected indexes exposing all entity attributes instead of only projected attributes when the index has non-empty SK composites. Calling .where() directly now correctly restricts to projected attributes, matching the existing behavior of .gte().where() and other SK operation chains.

v3.7.2

Compare Source

Fixed

• Issue #​553; Fixed parse method returning data instead of null for invalid items.
• Issue #​561; Fixed parse method not allowing the ignoreOwnership option to be overridden.

v3.7.1

Compare Source

Added

• Issue #​543; New client option for go() method allowing dynamic DynamoDB client override at query execution time. This enables use cases like multi-region routing, per-request client selection, and easier testing. Supported for all operation types: entity operations, collection queries, batch operations, and transactions.

v3.7.0

Compare Source

Adds support for multi-attribute indexes read more.

v3.6.2

Compare Source

Added

• Fast follow to 3.6.0, relaxes projection attribute constraint on collection entities. 3.6.0 required [collection] member entities to all share the same attributes when using a projection defined index. This constraint came from the original scope of 3.6.0. Thankfully, due to the work of @​anatolzak, 3.6.0 shipped with robust collection typing and this no longer was a concern.

v3.6.1

Compare Source

Fixed

• Issue #​548; Fixed invalid ProjectionExpression generated for entities without a sort key when using the attributes option. An empty string was incorrectly added to ExpressionAttributeNames, causing DynamoDB to reject the request.

v3.6.0

Compare Source

Added

• Issue #​507; You can now scan an index. See docs Contribution provided by @​anatolzak
• Issue #​508; Added support for INCLUDE projection type in index definitions, allowing selective attribute projection for optimized query performance and cost reduction. See docs Contribution provided by @​anatolzak

v3.5.3

Compare Source

[3.5.3]

v3.5.2

Compare Source

[3.5.2]

v3.5.1

Compare Source

Fixed

• Issue #​519; The concurrency option has been deprecated in the TS types, which did not affect any runtime behavior, in favor of the concurrent option. Contribution provided by @​anatolzak via PR #​520. Thank you for your contribution!

[3.5.2]

Fixed

• Issue #​516; Fixed the missing ProjectionExpression parameter when performing a batchGet with specific attributes to return. Contribution provided by @​anatolzak via PR #​517. Thank you for your contribution!

[3.5.3]

Fixed

• Issue #​540 Rolls back a change introduced in 3.5.0 (via 533) that caused over-filtering in collection queries, resulting in some collection members not being returned.

iambumblehead/esmock (esmock)

v2.7.6: wildcard-issue resolved

Compare Source

mostly resolves a recently-discovered issue resolving certain wildcard-pattern export keys

• update test-coverage badge to reference "main" branch,
• specify node v24 at build+publish ci-job
• increment eslint and lint-related
• increment resolvewithplus, resolves wildcard-export-related issue. see iambumblehead/resolvewithplus#76 thanks @​AdaptivChris

lint-staged/lint-staged (lint-staged)

v17.0.6

Compare Source

Patch Changes

• #​1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

• #​1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

• #​1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

• #​1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

fpsqdb/zip-lib (zip-lib)

v1.3.4

Compare Source

   🐞 Bug Fixes

• Arbitrary File Write via Symlink Overwrite, Thanks to @​cznzl for the report.  -  by @​fpsqdb (10846)

    View changes on GitHub

v1.3.3

Compare Source

   🚀 Features

• Upgrade yauzl to 3.3.1 and update other dependencies.  -  by @​fpsqdb (2a18d)

    View changes on GitHub

---

Configuration

📅 Schedule: (in timezone Europe/Zurich)

• Branch creation
  • "after 2pm on Saturday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

This PR will trigger a patch release when merged.

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-athena-client-v1.10.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-cloud-manager-client-v1.4.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-content-client-v1.9.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-data-access-v3.73.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-google-client-v1.6.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-http-utils-v1.28.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-ims-client-v1.13.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-launchdarkly-client-v1.2.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-tokowaka-client-v1.17.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[solaris007]

🎉 This PR is included in version @adobe/spacecat-shared-utils-v1.116.5 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀