chore(deps): update npm dependencies updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
electron-builder (source)	26.0.* → 26.8.*
jscpd	4.0.* → 4.2.*
release-it	19.0.* → 19.2.*

---

Release Notes

electron-userland/electron-builder (electron-builder)

v26.8.1

Compare Source

Patch Changes

Updated 3 dependencies

4edd695 8940ec6 4edd695 dde4309

• app-builder-lib@26.8.1
• builder-util@26.8.1
• dmg-builder@26.8.1

v26.8.0

Compare Source

Minor Changes

• Feat(win): adding support for latest artifacts for win-codesign tooling to be pulled from electron-builder-binaries #9430 1b39a8e @​mmaietta

Patch Changes

Updated 3 dependencies

cd7c0d9 c18f0eb 769b608 9ba36f9 1b113b7 1b39a8e

• app-builder-lib@26.8.0
• builder-util@26.8.0
• dmg-builder@26.8.0

v26.7.0

Compare Source

Patch Changes

Updated 2 dependencies

bfee115 3fa2d89 ec9e2db aec9157 64b40fe

• app-builder-lib@26.7.0
• dmg-builder@26.7.0

v26.6.0

Compare Source

Patch Changes

Updated 2 dependencies

cf10da8 9b1dbb2 e46b407 88070e9 d56550f

• app-builder-lib@26.6.0
• dmg-builder@26.6.0

v26.5.0

Compare Source

Patch Changes

Updated 2 dependencies

666d85a b1d6e24 6c20eeb 3022f0f 2c11709

• dmg-builder@26.5.0
• app-builder-lib@26.5.0

v26.4.1

Compare Source

Patch Changes

Updated 3 dependencies

cb5b9c6 d38ae8e 1c94529 ef43f42 25b5dd2 c3af390 97e5503

• app-builder-lib@26.4.1
• dmg-builder@26.4.1
• builder-util@26.4.1

v26.4.0

Compare Source

Patch Changes

Updated 2 dependencies

e70da99 b66832d 9110cb4 39ae6a7 78910a9 5f962f9

• app-builder-lib@26.4.0
• dmg-builder@26.4.0

v26.3.6

Compare Source

Patch Changes

Updated 2 dependencies

bdfc76b 693629c

• app-builder-lib@26.3.6
• dmg-builder@26.3.6

v26.3.5

Compare Source

Patch Changes

Updated 2 dependencies

e3f3592 05e0bc7 e043df5

• app-builder-lib@26.3.5
• dmg-builder@26.3.5

v26.3.4

Compare Source

Patch Changes

Updated 3 dependencies

e34be3b 2faee4d ada111e da1d768 4d24ebd b81c253

• app-builder-lib@26.3.4
• builder-util@26.3.4
• dmg-builder@26.3.4

v26.3.3

Compare Source

Patch Changes

Updated 2 dependencies

241c53a

• app-builder-lib@26.3.3
• dmg-builder@26.3.3

v26.3.2

Compare Source

Patch Changes

Updated 2 dependencies

0cd0831 7f7113d 65eecac

• app-builder-lib@26.3.2
• dmg-builder@26.3.2

v26.3.1

Compare Source

Patch Changes

• Fix: install-app-deps missing workspaceRoot for passing projectRootPath into electron/rebuild #9376 45a1683 @​mmaietta

Updated 3 dependencies

ec0a851 2f3e7e1 82c07af 6171472 ef364d3 45a1683 1607820 ed8ea12

• app-builder-lib@26.3.1
• builder-util@26.3.1
• dmg-builder@26.3.1

v26.3.0

Compare Source

Minor Changes

• Feat: support corepack and packageManager field and add related unit tests #9309 b741b72 @​mmaietta

Patch Changes

• Chore: bumping version packages of all packages to trigger Trusted Signing provedance release #9362 030269b @​mmaietta

Updated 4 dependencies

030269b b741b72 d8ad468 811d13d 16c8fa1 2e0837b

• app-builder-lib@26.3.0
• builder-util@26.3.0
• builder-util-runtime@9.5.1
• dmg-builder@26.3.0

v26.2.0

Compare Source

Patch Changes

• Updated dependencies [836a15c6c70abf8582aaa63603e14f77d5fa3f89, 21623e1b037e4509af04e767ca1c1458682b0eba, 6a49f85c69a22844729033f023249975f47a28f1, 0835fbcac0a0cfb0f34355699812cc85db035ad4, d19387174365c85968034149be43d80a39e7335f, b6a34c00c35e42dc279a55d672558ea7badc7fcd, f4d7924a082fbb9113d52782430f82b1f0ffcb52]:
  • app-builder-lib@​26.2.0
  • dmg-builder@​26.2.0

v26.1.0

Compare Source

Patch Changes

• Updated dependencies [9f06a859f9c82b305d0a43c5b6e8c47d1c7451f1, 08773afadfe10911ed1dff084fefe1024c5a74d8, 85cb4d031a060976b2519665b98294bb3c735aa0, e5f5799fbb193a7a8700fcaaf1ab9e79c9c694ce, 38c2085e9a344812d32611d197d1df66d6644b45, c51f96272517c08a09504445fb31e61326e0c381, 193abcf78691b145dd1f406ac5521e88beec0a5c, 6fd391d9e8390c00c8b0674d8ac3a5b7b6f0f19f]:
  • app-builder-lib@​26.1.0
  • builder-util-runtime@​9.5.0
  • dmg-builder@​26.1.0
  • builder-util@​26.1.0

v26.0.20

Compare Source

Patch Changes

• #​9228 d031eeaa Thanks @​choegyumin! - fix: support option to override PublishPolicy in publish command

• #​9227 8f0ad06e Thanks @​choegyumin! - fix: fix argument names mismatch in publish command to make it work

• Updated dependencies [f262a735, 44b28997, 7c7fd6ca, 3735881f, 49c782cb, cf0ac45d, e9251f47, c54a0609, b778686f]:

  • app-builder-lib@​26.0.20
  • builder-util-runtime@​9.4.0
  • builder-util@​26.0.20
  • dmg-builder@​26.0.20

v26.0.19

Compare Source

Patch Changes

• Updated dependencies [6cc5d2ee, 21e4ea23, c9480bc0, 1a6ea016, 35f5f6e5]:
  • app-builder-lib@​26.0.19
  • builder-util-runtime@​9.3.3
  • builder-util@​26.0.19
  • dmg-builder@​26.0.19

v26.0.18

Compare Source

Patch Changes

• Updated dependencies [fc7c5a0d, a2fbc8b6, e02b939b, 61aa8557, 309f1dca]:
  • app-builder-lib@​26.0.18
  • dmg-builder@​26.0.18

v26.0.17

Compare Source

Patch Changes

• Updated dependencies [0b17b351, a6be444c, e56977b5, b960d2fa, 3128991a, 2d014a86, 092d398a, 2c361819, 73696c6d]:
  • app-builder-lib@​26.0.17
  • builder-util@​26.0.17
  • dmg-builder@​26.0.17

v26.0.16

Compare Source

Patch Changes

• #​9117 b62737d8 Thanks @​talentlessguy! - chore(deps): replace is-ci with ci-info

• Updated dependencies [65de8564, b62737d8, 9272cf33, bacc6b44, 59fdaa9f, 9358b00b]:

  • app-builder-lib@​26.0.16
  • builder-util@​26.0.16
  • dmg-builder@​26.0.16

v26.0.15

Compare Source

Patch Changes

• Updated dependencies [312938d8, 6f3aec81, d97e7eb2, 0ce7b90e]:
  • app-builder-lib@​26.0.15
  • dmg-builder@​26.0.15

v26.0.14

Compare Source

Patch Changes

• Updated dependencies [3d65267a, 5545e132, 80fbf5a6, 524fb6e0]:
  • app-builder-lib@​26.0.14
  • dmg-builder@​26.0.14

v26.0.13

Compare Source

Patch Changes

• #​9013 c223866e Thanks @​beyondkmp! - fix: dependency path is undefined

• Updated dependencies [33bd6706, 1397775c, 8bd1a10a, 106640dd, 9fb2895c, c223866e, bff46ec4, a2f7f735]:

  • app-builder-lib@​26.0.13
  • builder-util@​26.0.13
  • dmg-builder@​26.0.13
  • builder-util-runtime@​9.3.2

kucherenko/jscpd (jscpd)

v4.2.3

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

Breaking Changes

• Vue SFC tokenization — .vue files are no longer tokenized as markup. Each block is now dispatched to its own sub-format: <script> → javascript, <script lang="ts"> → typescript, <template> → markup, <style> → css, <style lang="scss"> → scss, <style lang="less"> → less. Clone reports for .vue files now appear under these resolved sub-format names. Any tooling or configuration that relied on .vue clones being reported under markup must be updated.
• --formatsExts users — custom mappings that pointed .vue to markup (e.g. "formatsExts": { "markup": ["vue"] }) will no longer take effect because .vue is handled by the dedicated vue format processor. Remove or update such mappings.

New Features

• Custom tokenizer backend — replaced the prismjs npm package with a self-contained reprism-based grammar engine. ~11.5% faster tokenization on real projects (avg 1126 ms → 997 ms on a 548-file, 223-format scan).
• Cross-format detection — Vue SFC (.vue), Svelte (.svelte), Astro (.astro), and Markdown files are now tokenized per-block/per-section. A <script> block in a .vue file can match a .ts file; a fenced code block in Markdown can match a .py file.
• 223 supported formats — Apex, CFML/ColdFusion, GDScript, Svelte, Astro, and 70+ additional languages added (up from 152). See FORMATS.md.
• Shebang detection — extensionless executable scripts (e.g. /usr/bin/env python3) are auto-detected by their #! shebang line and tokenized in the correct language.
• --store-path — configure a custom directory for the LevelDB cache, eliminating collisions when multiple jscpd processes run in parallel on the same machine.
• --skipComments — shorthand flag for --mode weak, which strips comments before detection.
• --formats-names — map specific filenames (e.g. Makefile, Dockerfile) to a detection format.

Bug Fixes

• Entire-file duplicates silently dropped (@jscpd/core #​728) — RabinKarp flushed the pending clone on a store hit at end-of-file instead of on a miss. Files that are complete copies of each other were undetected. Fixed.
• ReDoS hang on Lisp/Elisp files (@jscpd/tokenizer #​737) — the Lisp string regex /"(?:[^"\\]*|\\.)*"/ could catastrophically backtrack (O(2ⁿ)) on unterminated strings. Replaced with a linear /"(?:[^"\\]|\\[\s\S])*"/ pattern.
• Process crash on malformed package.json (#​739) — readJSONSync threw an unhandled SyntaxError when package.json contained invalid JSON, killing the process. Now emits a warning and continues with an empty config.
• Vue SFC cross-file detection broken — the detector used the file-level format (vue) as the store namespace for all SFC blocks, preventing a <script> block in one .vue file from ever matching a <script> block in another. The namespace now reflects each block's resolved sub-format.
• Vue SFC incorrect column numbers — tokens on the first line of a block carried block-relative column 1 instead of file-absolute column numbers. Fixed in @jscpd/tokenizer.
• 50 dependency security vulnerabilities remediated across the monorepo (Dependabot batches).

Known Limitations

• Malformed SFC blocks (e.g. unclosed tags, invalid attributes) are silently skipped and do not contribute tokens.

---

v4.1.1

Compare Source

v4.1.0

Compare Source

New Features

• AI Reporter — new ai reporter that produces compact, token-efficient clone output specifically designed for feeding results into language models and AI tooling. Use --reporters ai to activate it.
• MCP Server enhancements — the Model Context Protocol server now exposes a jscpd://statistics resource and supports a recheck endpoint so AI agents can trigger a rescan without restarting the process.
• Apex & CFML language support — jscpd can now detect duplicate code in Salesforce Apex and ColdFusion Markup Language (CFML) files (closes #​83, #​619).
• GDScript support — detect copy-paste duplication in Godot Engine GDScript files.
• HTML reporter footer — the HTML report now displays a branded footer with the jscpd version and a sponsor link.
• --noTips flag — suppress the usage-tip messages that appear after a detection run.
• CI: Node.js 22.x / 24.x — continuous integration updated to test against the latest Node.js LTS and current releases.

Performance

• Tokenizer — grammars are now loaded lazily, hot paths are O(n), and the spark-md5 dependency has been removed in favour of a lighter built-in implementation. Startup time and memory usage are noticeably reduced on large codebases.
• Replaced the vendored reprism syntax library with the official prismjs npm package, shrinking the installed footprint.

Bug Fixes

• Restored the correct start.line expectation for weak-mode clone detection.

---

v4.0.9

Compare Source

v4.0.8

Compare Source

v4.0.7

Compare Source

v4.0.6

Compare Source

release-it/release-it (release-it)

v19.2.4

Compare Source

• chore: update dependencies to resolve security vulnerabilities (#​1273) (b45dd1a) - thanks @​Yeom-JinHo!
• Update a few dev deps (cd8acdc)

v19.2.3

Compare Source

• Reuse generated changelog (316dbfa)
• Remove obsolete eslint compat packages/config (f6cc8f3)
• Update remark-preset-webpro and fix broken links (6e6dd4b)

v19.2.2

Compare Source

• Improve getChangelog method (7a56364)

v19.2.1

Compare Source

• Improve commit prompt (b7aca7c)
• Remedy potential edge case in template helper (5c0a6ee)

v19.2.0

Compare Source

• Add option to exit gracefully (e1f825d)
• Update dependencies (424c9f6)
• Auto-format docs (06f41bb)
• fix: add shell mode for npm commands on windows (#​1266) (382e346) - thanks @​julienbenac!
• Feat: Add publishPackageManager config option in NPM plugin to allow using different package manager for publishing (e.g. Bun) (#​1169) (0dafc0b) - thanks @​chrispader!
• Only use --workspaces=false with npm (12bb89c)
• Fix up docs/types a bit (05a5986)
• Format (c9d6ebf)

v19.1.0

Compare Source

• Ignore .npmrc (8ccd060)
• Update lockfile (c4cd2ba)
• Support interactive shell in non-CI mode for 2FA flow (resolve #​1263) (a10b20d)
• Add --workspaces=false to get rid of the null/matches error (14a4907)
• Remove npm config env var warnings (b8c1247)
• doc(readme): add release-it-beautiful-changelog plugin to list of plugins (#​1261) (1b68c21)
• Add 403 to consider resource alive (7969849)

v19.0.6

Compare Source

• Update list of projects using release-it (92b49d3)
• Bump github/codeql-action from 2 to 4 (#​1253) (21309d3) - thanks @​dependabot[bot]!
• Bump actions/setup-node from 5 to 6 (#​1255) (3fbaab1) - thanks @​dependabot[bot]!
• Test in node 24 (7a12b12)
• Upgrade c12 (resolve #​1254) (1f48d03)

---

Configuration

📅 Schedule: (in timezone Europe/Paris)

• Branch creation
  • "before 8am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.