Skip to content

build(deps): bump npm-check-updates from 20.0.0 to 21.0.0 in /site#8757

Merged
zirain merged 2 commits intomainfrom
dependabot/npm_and_yarn/site/npm-check-updates-21.0.0
Apr 16, 2026
Merged

build(deps): bump npm-check-updates from 20.0.0 to 21.0.0 in /site#8757
zirain merged 2 commits intomainfrom
dependabot/npm_and_yarn/site/npm-check-updates-21.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026

Bumps npm-check-updates from 20.0.0 to 21.0.0.

Release notes

Sourced from npm-check-updates's releases.

v21.0.0

⚠️ Breaking Changes

This is a major breaking change with significant architectural updates.

ESM Migration & Module System

  • Pure ESM: Converted to pure ESM with dual-build support (ESM/CJS) via Vite 8.
  • Import Syntax: Programmatic usage now requires named imports or namespace imports.
    • Old: import ncu from 'npm-check-updates'
    • New: import * as ncu from 'npm-check-updates' or import { run } from 'npm-check-updates'
  • Node.js Requirements: Now requires ^20.19.0 || ^22.12.0 || >=24.0.0. This is required for native require(esm) support and the Rolldown engine.
  • npm Requirements: Minimum version increased to >=10.0.0.

Configuration Files (.ncurc.js)

  • Files named .ncurc.js that use module.exports will now fail in projects that are not "type": "module".
  • Fix: Rename these files to .ncurc.cjs or convert them to use export default.

Dependency Updates (Pure ESM versions)

Package Old Version New Version
camelcase ^6.3.0 ^9.0.0
chai ^4.3.10 ^6.2.2
chai-as-promised ^7.1.2 ^8.0.2
find-up 5.0.0 8.0.0
p-map ^4.0.0 ^7.0.4
untildify ^4.0.0 ^6.0.0

Tooling & Build Changes

  • Vite 8 Upgrade: Migrated to Vite 8 with the new Rust-based Rolldown bundler (10-30x faster builds).
  • TypeScript 6.0: Adopted latest type-system features and performance improvements.
  • Strip ANSI: Replaced strip-ansi with Node.js built-in util.stripVTControlCharacters.
  • Test Runner: Replaced vite-node with tsx for TypeScript support in ESM context.

Migration Guide

If you are upgrading to v21 from earlier versions:

1. Environment Check

  • Ensure you meet the new Node.js requirement: ^20.19.0 || ^22.12.0 || >=24.0.0.
  • Update npm to at least 10.0.0.

2. Update Configuration Files

... (truncated)

Changelog

Sourced from npm-check-updates's changelog.

[21.0.0] - 2026-04-14

⚠️ Breaking Changes

This is a major breaking change with significant architectural updates.

ESM Migration & Module System

  • Pure ESM: Converted to pure ESM with dual-build support (ESM/CJS) via Vite 8.
  • Import Syntax: Programmatic usage now requires named imports or namespace imports.
    • Old: import ncu from 'npm-check-updates'
    • New: import * as ncu from 'npm-check-updates' or import { run } from 'npm-check-updates'
  • Node.js Requirements: Now requires ^20.19.0 || ^22.12.0 || >=24.0.0. This is required for native require(esm) support and the Rolldown engine.
  • npm Requirements: Minimum version increased to >=10.0.0.

Configuration Files (.ncurc.js)

  • Files named .ncurc.js that use module.exports will now fail in projects that are not "type": "module".
  • Fix: Rename these files to .ncurc.cjs or convert them to use export default.

Dependency Updates (Pure ESM versions)

Package Old Version New Version
camelcase ^6.3.0 ^9.0.0
chai ^4.3.10 ^6.2.2
chai-as-promised ^7.1.2 ^8.0.2
find-up 5.0.0 8.0.0
p-map ^4.0.0 ^7.0.4
untildify ^4.0.0 ^6.0.0

Tooling & Build Changes

  • Vite 8 Upgrade: Migrated to Vite 8 with the new Rust-based Rolldown bundler (10-30x faster builds).
  • TypeScript 6.0: Adopted latest type-system features and performance improvements.
  • Strip ANSI: Replaced strip-ansi with Node.js built-in util.stripVTControlCharacters.
  • Test Runner: Replaced vite-node with tsx for TypeScript support in ESM context.

Migration Guide

If you are upgrading to v21 from earlier versions:

1. Environment Check

  • Ensure you meet the new Node.js requirement: ^20.19.0 || ^22.12.0 || >=24.0.0.
  • Update npm to at least 10.0.0.

2. Update Configuration Files

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump npm-check-updates from 20.0.0 to 21.0.0 in /site
ae1cd0e 
Bumps [npm-check-updates](https://github.com/raineorshine/npm-check-updates) from 20.0.0 to 21.0.0.
- [Release notes](https://github.com/raineorshine/npm-check-updates/releases)
- [Changelog](https://github.com/raineorshine/npm-check-updates/blob/main/CHANGELOG.md)
- [Commits](raineorshine/npm-check-updates@v20.0.0...v21.0.0)

---
updated-dependencies:
- dependency-name: npm-check-updates
  dependency-version: 21.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 15, 2026 04:31
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Apr 15, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 15, 2026
edited
Loading

Deploy Preview for cerulean-figolla-1f9435 ready!

Name Link
🔨 Latest commit 7631ede
🔍 Latest deploy log https://app.netlify.com/projects/cerulean-figolla-1f9435/deploys/69e036ac222bd000071a5c78
😎 Deploy Preview https://deploy-preview-8757--cerulean-figolla-1f9435.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ae1cd0ed6d

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread site/package-lock.json
"dependencies": {
"bootstrap": "^5.3.0"
"bootstrap": "^5.3.0",
"npm-check-updates": "21.0.0"
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Remove spurious dependency from lockfile root package

site/package.json declares npm-check-updates only under optionalDependencies, but this lockfile change also adds it under the root dependencies map. That entry is unstable: running npm install --package-lock-only in site/ immediately deletes it, so routine dependency updates will keep generating unrelated lockfile churn and make reproducible reviews harder. Keep npm-check-updates only in optionalDependencies in the lockfile root package metadata.

Useful? React with 👍 / 👎.

@zirain zirain merged commit 1baf309 into main Apr 16, 2026
27 checks passed
@zirain zirain deleted the dependabot/npm_and_yarn/site/npm-check-updates-21.0.0 branch April 16, 2026 02:27
skos-ninja pushed a commit to skos-ninja/envoy-gateway that referenced this pull request May 1, 2026
@dependabot @jukie @skos-ninja
build(deps): bump npm-check-updates from 20.0.0 to 21.0.0 in /site (e…
e3e5808 
…nvoyproxy#8757)

Bumps [npm-check-updates](https://github.com/raineorshine/npm-check-updates) from 20.0.0 to 21.0.0.
- [Release notes](https://github.com/raineorshine/npm-check-updates/releases)
- [Changelog](https://github.com/raineorshine/npm-check-updates/blob/main/CHANGELOG.md)
- [Commits](raineorshine/npm-check-updates@v20.0.0...v21.0.0)

---
updated-dependencies:
- dependency-name: npm-check-updates
  dependency-version: 21.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Isaac Wilson <isaac.wilson514@gmail.com>
Signed-off-by: Jake Oliver <jake@truelayer.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@zirain zirain zirain approved these changes

@jukie jukie jukie approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zirain @jukie