Skip to content

fix(deps): update non-major dependencies#767

Merged
leomp12 merged 1 commit into
mainfrom
renovate/many-minor-patch
Jun 8, 2026
Merged

fix(deps): update non-major dependencies#767
leomp12 merged 1 commit into
mainfrom
renovate/many-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@google-cloud/pubsub (source) ^5.3.0^5.3.1 age confidence
@types/react (source) ^18.3.29^18.3.30 age confidence
@typescript-eslint/eslint-plugin (source) ^8.59.4^8.60.1 age confidence
@typescript-eslint/parser (source) ^8.59.4^8.60.1 age confidence
axios (source) ^1.16.1^1.17.0 age confidence
firebase (source, changelog) ^12.13.0^12.14.0 age confidence
nodemailer (source) ^8.0.7^8.0.10 age confidence
semver ^7.8.1^7.8.2 age confidence
turbo (source) ^2.9.14^2.9.16 age confidence

Release Notes

googleapis/google-cloud-node (@​google-cloud/pubsub)

v5.3.1

Bug Fixes
typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.60.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#​12182)
  • eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#​12352)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

Compare Source

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.60.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

axios/axios (axios)

v1.17.0

Compare Source

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#​10901, #​10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#​10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#​6792, #​10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#​10929, #​10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#​10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#​10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#​10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#​10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#​10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#​10956, #​10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#​10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#​10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#​10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#​10907, #​10911, #​10916, #​10927, #​10935, #​10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#​10925, #​10914, #​10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#​10890, #​10889, #​10921, #​10945, #​10905, #​10933, #​10915, #​10887, #​10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#​10871, #​10879, #​10918, #​10919, #​10934, #​10947, #​10954, #​10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

firebase/firebase-js-sdk (firebase)

v12.14.0

Compare Source

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.13.0

Minor Changes

  • f0752a0 #​9800 - Add initializeDeviceModel() method to allow explicit initialization of on-device model in hybrid mode.

  • bd08cae #​9926 - Change "beta" (public preview) tags to "public" (generally available) for all hybrid inference features.

Patch Changes
  • bd2644b #​9956 (fixes #​9938) - Fix a bug that caused ChatSession.sendMessageStream() and TemplateChatSession.sendMessageStream() to send duplicate user turns in the request.

firebase@​12.14.0

Minor Changes

  • 3b337b9 #​9917 - Add new API and deprecate old API for creating and deleting fcm registration

  • f0752a0 #​9800 - Add initializeDeviceModel() method to allow explicit initialization of on-device model in hybrid mode.

  • d5b0f61 #​9913 - Added minimum and maximum FieldValue operations

  • bd08cae #​9926 - Change "beta" (public preview) tags to "public" (generally available) for all hybrid inference features.

Patch Changes

@​firebase/firestore@​4.15.0

Minor Changes
Patch Changes
  • 85f6f4e #​9985 - Improved robustness and logging in query listen stream creation and re-creation

@​firebase/messaging@​0.13.0

Minor Changes
  • 3b337b9 #​9917 - Add new API and deprecate old API for creating and deleting fcm registration
Patch Changes

  • a1a2455 #​9916 - Fix delivery metrics Firelog flushing when BigQuery export is enabled: schedule the first flush immediately (next timer tick) instead of waiting a full LOG_INTERVAL_IN_MS, start processing only when there are queued events (so enabling export with an empty queue does not arm a day-long idle timer that blocks later stageLog flushes), and ensure staging a log starts the service when needed. When export is disabled, clear any queued events and cancel pending flush timers immediately (rather than waiting for the background loop).

  • Updated dependencies [3b337b9]:

  • @​firebase/messaging-interop-types@​0.2.5

@​firebase/app@​0.14.13

Patch Changes
  • Update SDK_VERSION.

@​firebase/app-check@​0.11.4

Patch Changes
  • d675580 #​9987 - Fix a bug where getLimitedUseToken() did not correctly get a limited use token because it did not send the limited_use param.

@​firebase/app-check-compat@​0.4.4

Patch Changes

@​firebase/app-compat@​0.5.13

Patch Changes

@​firebase/auth@​1.13.2

Patch Changes
  • 2697919 #​9845 (fixes #​9732) - Updated _isAvailable() to use retry logic for the initial IndexedDB availability check, preventing incorrect fallbacks to in-memory persistence in environments where transactions may occasionally drop on startup.

@​firebase/auth-compat@​0.6.7

Patch Changes

  • 2697919 #​9845 (fixes #​9732) - Updated _isAvailable() to use retry logic for the initial IndexedDB availability check, preventing incorrect fallbacks to in-memory persistence in environments where transactions may occasionally drop on startup.

  • Updated dependencies [2697919]:

  • @​firebase/auth@​1.13.2

@​firebase/data-connect@​0.7.1

Patch Changes
  • 51e93fc #​9936 - Eliminated the 1-minute delay before closing idle backend connections to save resources.

@​firebase/firestore-compat@​0.4.10

Patch Changes

@​firebase/functions@​0.13.5

Patch Changes

@​firebase/functions-compat@​0.4.5

Patch Changes

@​firebase/messaging-compat@​0.2.27

Patch Changes

@​firebase/messaging-interop-types@​0.2.5

Patch Changes
  • 3b337b9 #​9917 - Add new API and deprecate old API for creating and deleting fcm registration

@​firebase/remote-config@​0.8.4

Patch Changes
  • 4d3f71a #​9981 - Call update experiment when the last running experiment is stopped

@​firebase/remote-config-compat@​0.2.25

Patch Changes
nodemailer/nodemailer (nodemailer)

v8.0.10

Compare Source

Bug Fixes
  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

Compare Source

Bug Fixes
  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#​1820) (5f69497)

v8.0.8

Compare Source

Bug Fixes
  • enforce strict TLS for OAuth2 and Ethereal credential requests (#​1818) (833d6e5)
  • four listener/stream leaks in SMTP transport, connection, pool (#​1817) (850bb91)
npm/node-semver (semver)

v7.8.2

Compare Source

Bug Fixes
vercel/turborepo (turbo)

v2.9.16: Turborepo v2.9.16

Compare Source

What's Changed

Changelog

Full Changelog: vercel/turborepo@v2.9.15...v2.9.16

v2.9.15: Turborepo v2.9.15

Compare Source

What's Changed

Changelog

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 8, 2026
@leomp12 leomp12 merged commit 1d06f62 into main Jun 8, 2026
3 checks passed
@leomp12 leomp12 deleted the renovate/many-minor-patch branch June 8, 2026 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leomp12 leomp12 leomp12 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leomp12