fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@aptre/protobuf-es-lite	^0.5.2 → ^1.0.0					devDependencies	major
@eslint/js (source)	^9.39.2 → ^10.0.0					devDependencies	major
actions/dependency-review-action	v4.8.2 → v4.8.3					action	patch
actions/setup-go	v6.2.0 → v6.3.0					action	minor
esbuild	0.27.2 → 0.27.3					devDependencies	patch
eslint (source)	^9.39.2 → ^10.0.0					devDependencies	major
github.com/aperturerobotics/cli	v1.0.1 → v1.1.0					require	minor
github.com/aperturerobotics/protobuf-go-lite	v0.11.0 → v0.12.2					require	minor
github.com/aperturerobotics/util	v1.32.0 → v1.32.4					require	patch
github/codeql-action	v4.32.0 → v4.32.4					action	patch
go	1.25 → 1.26					uses-with	minor
golang.org/x/mod	v0.32.0 → v0.33.0					require	minor
golang.org/x/tools	v0.41.0 → v0.42.0					require	minor
goreleaser/goreleaser-action	v6 → v7					action	major
playwright (source)	1.58.0 → 1.58.2					devDependencies	patch

---

Release Notes

aperturerobotics/protobuf-es-lite (@​aptre/protobuf-es-lite)

v1.0.1

Compare Source

What's Changed

• chore(deps): update all dependencies to v6 by @​renovate[bot] in #​15

Full Changelog: aperturerobotics/protobuf-es-lite@v0.5.3...v1.0.1

eslint/eslint (@​eslint/js)

v10.0.1

Compare Source

v10.0.0

Compare Source

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#​20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#​20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#​20152) (Pixel998)
• fa31a60 feat!: add name to configs (#​20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#​20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#​20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#​20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#​20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#​20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#​20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#​20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#​20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#​20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#​20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#​20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#​20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#​20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#​20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#​20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#​20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#​20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#​20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#​20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#​20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#​20432) (Milos Djermanovic)
• f0cafe5 feat: rule tester add assertion option requireData (#​20409) (fnx)
• f7ab693 feat: output RuleTester test case failure index (#​19976) (ST-DDT)
• 7cbcbf9 feat: add countThis option to max-params (#​20236) (Gerkin)
• f148a5e feat: add error assertion options (#​20247) (ST-DDT)
• 09e6654 feat: update error loc of require-yield and no-useless-constructor (#​20267) (Tanuj Kanti)

Bug Fixes

• 436b82f fix: update eslint (#​20473) (renovate[bot])
• 1d29d22 fix: detect default this binding in Array.fromAsync callbacks (#​20456) (Francesco Trotta)
• 727451e fix: fix regression of global mode report range in strict rule (#​20462) (ntnyq)
• e80485f fix: remove fake FlatESLint and LegacyESLint exports (#​20460) (Francesco Trotta)
• 9eeff3b fix: update esquery (#​20423) (cryptnix)
• b34b938 fix: use Error.prepareStackTrace to estimate failing test location (#​20436) (Francesco Trotta)
• 51aab53 fix: update eslint (#​20443) (renovate[bot])
• 23490b2 fix: handle space before colon in RuleTester location estimation (#​20433) (Francesco Trotta)
• f244dbf fix: use MessagePlaceholderData type from @eslint/core (#​20348) (루밀LuMir)
• d186f8c fix: update eslint (#​20427) (renovate[bot])
• 2332262 fix: error location should not modify error message in RuleTester (#​20421) (Milos Djermanovic)
• ab99b21 fix: ensure filename is passed as third argument to verifyAndFix() (#​20405) (루밀LuMir)
• 8a60f3b fix: remove ecmaVersion and sourceType from ParserOptions type (#​20415) (Pixel998)
• eafd727 fix: remove TDZ scope type (#​20231) (jaymarvelz)
• 39d1f51 fix: correct Scope typings (#​20404) (sethamus)
• 2bd0f13 fix: update verify and verifyAndFix types (#​20384) (Francesco Trotta)
• ba6ebfa fix: correct typings for loadESLint() and shouldUseFlatConfig() (#​20393) (루밀LuMir)
• e7673ae fix: correct RuleTester typings (#​20105) (Pixel998)
• 53e9522 fix: strict removed formatters check (#​20241) (ntnyq)
• b017f09 fix: correct no-restricted-import messages (#​20374) (Francesco Trotta)

Documentation

• e978dda docs: Update README (GitHub Actions Bot)
• 4cecf83 docs: Update README (GitHub Actions Bot)
• c79f0ab docs: Update README (GitHub Actions Bot)
• 773c052 docs: Update README (GitHub Actions Bot)
• f2962e4 docs: document meta.docs.frozen property (#​20475) (Pixel998)
• 8e94f58 docs: fix broken anchor links from gerund heading updates (#​20449) (Copilot)
• 1495654 docs: Update README (GitHub Actions Bot)
• 0b8ed5c docs: document support for :is selector alias (#​20454) (sethamus)
• 1c4b33f docs: Document policies about ESM-only dependencies (#​20448) (Milos Djermanovic)
• 3e5d38c docs: add missing indentation space in rule example (#​20446) (fnx)
• 63a0c7c docs: Update README (GitHub Actions Bot)
• 65ed0c9 docs: Update README (GitHub Actions Bot)
• b0e4717 docs: [no-await-in-loop] Expand inapplicability (#​20363) (Niklas Hambüchen)
• fca421f docs: Update README (GitHub Actions Bot)
• d925c54 docs: update config syntax in no-lone-blocks (#​20413) (Pixel998)
• 7d5c95f docs: remove redundant sourceType: "module" from rule examples (#​20412) (Pixel998)
• 02e7e71 docs: correct .mts glob pattern in files with extensions example (#​20403) (Ali Essalihi)
• 264b981 docs: Update README (GitHub Actions Bot)
• 5a4324f docs: clarify "local" option of no-unused-vars (#​20385) (Milos Djermanovic)
• e593aa0 docs: improve clarity, grammar, and wording in documentation site README (#​20370) (Aditya)
• 3f5062e docs: Add messages property to rule meta documentation (#​20361) (Sabya Sachi)
• 9e5a5c2 docs: remove Examples headings from rule docs (#​20364) (Milos Djermanovic)
• 194f488 docs: Update README (GitHub Actions Bot)
• 0f5a94a docs: [class-methods-use-this] explain purpose of rule (#​20008) (Kirk Waiblinger)
• df5566f docs: add Options section to all rule docs (#​20296) (sethamus)
• adf7a2b docs: no-unsafe-finally note for generator functions (#​20330) (Tom Pereira)
• ef7028c docs: Update README (GitHub Actions Bot)
• fbae5d1 docs: consistently use "v10.0.0" in migration guide (#​20328) (Pixel998)
• 778aa2d docs: ignoring default file patterns (#​20312) (Tanuj Kanti)
• 4b5dbcd docs: reorder v10 migration guide (#​20315) (Milos Djermanovic)
• 5d84a73 docs: Update README (GitHub Actions Bot)
• 37c8863 docs: fix incorrect anchor link in v10 migration guide (#​20299) (Pixel998)
• 077ff02 docs: add migrate-to-10.0.0 doc (#​20143) (唯然)
• 3822e1b docs: Update README (GitHub Actions Bot)

Build Related

• 9f08712 Build: changelog update for 10.0.0-rc.2 (Jenkins)
• 1e2c449 Build: changelog update for 10.0.0-rc.1 (Jenkins)
• c4c72a8 Build: changelog update for 10.0.0-rc.0 (Jenkins)
• 7e4daf9 Build: changelog update for 10.0.0-beta.0 (Jenkins)
• a126a2a build: add .scss files entry to knip (#​20389) (Francesco Trotta)
• f5c0193 Build: changelog update for 10.0.0-alpha.1 (Jenkins)
• 165326f Build: changelog update for 10.0.0-alpha.0 (Jenkins)

Chores

• 1ece282 chore: ignore /docs/v9.x in link checker (#​20452) (Milos Djermanovic)
• 034e139 ci: add type integration test for @html-eslint/eslint-plugin (#​20345) (sethamus)
• f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#​20466) (Milos Djermanovic)
• afc0681 chore: remove scopeManager.addGlobals patch for typescript-eslint parser (#​20461) (fnx)
• 3e5a173 refactor: use types from @eslint/plugin-kit (#​20435) (Pixel998)
• 11644b1 ci: rename workflows (#​20463) (Milos Djermanovic)
• 2d14173 chore: fix typos in docs and comments (#​20458) (o-m12a)
• 6742f92 test: add endLine/endColumn to invalid test case in no-alert (#​20441) (경하)
• 3e22c82 test: add missing location data to no-template-curly-in-string tests (#​20440) (Haeun Kim)
• b4b3127 chore: package.json update for @​eslint/js release (Jenkins)
• f658419 refactor: remove raw parser option from JS language (#​20416) (Pixel998)
• 2c3efb7 chore: remove category from type test fixtures (#​20417) (Pixel998)
• 36193fd chore: remove category from formatter test fixtures (#​20418) (Pixel998)
• e8d203b chore: add JSX language tag validation to check-rule-examples (#​20414) (Pixel998)
• bc465a1 chore: pin dependencies (#​20397) (renovate[bot])
• 703f0f5 test: replace deprecated rules in linter tests (#​20406) (루밀LuMir)
• ba71baa test: enable strict mode in type tests (#​20398) (루밀LuMir)
• f9c4968 refactor: remove lib/linter/rules.js (#​20399) (Francesco Trotta)
• 6f1c48e chore: updates for v9.39.2 release (Jenkins)
• 54bf0a3 ci: create package manager test (#​20392) (루밀LuMir)
• 3115021 refactor: simplify JSDoc comment detection logic (#​20360) (Pixel998)
• 4345b17 chore: update @eslint-community/regexpp to 4.12.2 (#​20366) (루밀LuMir)
• 772c9ee chore: update dependency @​eslint/eslintrc to ^3.3.3 (#​20359) (renovate[bot])
• 0b14059 chore: package.json update for @​eslint/js release (Jenkins)
• d6e7bf3 ci: bump actions/checkout from 5 to 6 (#​20350) (dependabot[bot])
• 139d456 chore: require mandatory headers in rule docs (#​20347) (Milos Djermanovic)
• 3b0289c chore: remove unused .eslintignore and test fixtures (#​20316) (Pixel998)
• a463e7b chore: update dependency js-yaml to v4 [security] (#​20319) (renovate[bot])
• ebfe905 chore: remove redundant rules from eslint-config-eslint (#​20327) (Milos Djermanovic)
• 88dfdb2 test: add regression tests for message placeholder interpolation (#​20318) (fnx)
• 6ed0f75 chore: skip type checking in eslint-config-eslint (#​20323) (Francesco Trotta)
• 1e2cad5 chore: package.json update for @​eslint/js release (Jenkins)
• 9da2679 chore: update @eslint/* dependencies (#​20321) (Milos Djermanovic)
• 0439794 refactor: use types from @​eslint/core (#​20235) (jaymarvelz)
• cb51ec2 test: cleanup SourceCode#traverse tests (#​20289) (Milos Djermanovic)
• 897a347 chore: remove restriction for type in rule tests (#​20305) (Pixel998)
• d972098 chore: ignore prettier updates in renovate to keep in sync with trunk (#​20304) (Pixel998)
• a086359 chore: remove redundant fast-glob dev-dependency (#​20301) (루밀LuMir)
• 564b302 chore: install prettier as a dev dependency (#​20302) (michael faith)
• 8257b57 refactor: correct regex for eslint-plugin/report-message-format (#​20300) (루밀LuMir)
• e251671 refactor: extract assertions in RuleTester (#​20135) (唯然)
• 2e7f25e chore: add legacy-peer-deps to .npmrc (#​20281) (Milos Djermanovic)
• 39c638a chore: update eslint-config-eslint dependencies for v10 prereleases (#​20278) (Milos Djermanovic)
• 8533b3f chore: update dependency @​eslint/json to ^0.14.0 (#​20288) (renovate[bot])
• 796ddf6 chore: update dependency @​eslint/js to ^9.39.1 (#​20285) (renovate[bot])

actions/dependency-review-action (actions/dependency-review-action)

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in #​1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in #​995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in #​1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in #​1005
• Upgrade glob to address a vulnerability by @​brrygrdn in #​1024
• Bump js-yaml by @​dependabot[bot] in #​1020
• Addressing vulnerabilities by @​Ahmed3lmallah in #​1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in #​1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in #​1053
• Properly truncate long summaries and catch errors by @​juxtin in #​1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in #​931
• Changes for Release 4.8.3 by @​ahpook in #​1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

actions/setup-go (actions/setup-go)

v6.3.0

Compare Source

evanw/esbuild (esbuild)

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

eslint/eslint (eslint)

v10.0.2

Compare Source

v10.0.1

Compare Source

Bug Fixes

• c87d5bd fix: update eslint (#​20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#​20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#​20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#​20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#​20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#​20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#​20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#​20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#​20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#​20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#​20467) (Milos Djermanovic)

v10.0.0

Compare Source

aperturerobotics/cli (github.com/aperturerobotics/cli)

v1.1.0

Compare Source

aperturerobotics/protobuf-go-lite (github.com/aperturerobotics/protobuf-go-lite)

v0.12.2

Compare Source

v0.12.1

Compare Source

v0.12.0

Compare Source

aperturerobotics/util (github.com/aperturerobotics/util)

v1.32.4

Compare Source

v1.32.3

Compare Source

v1.32.2

Compare Source

v1.32.1

Compare Source

github/codeql-action (github/codeql-action)

v4.32.4

Compare Source

• Update default CodeQL bundle version to 2.24.2. #​3493
• Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #​3473
• When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #​3486
• Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #​3485
• Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early acces

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 3 additional dependencies were updated

Details:

Package	Change
github.com/aperturerobotics/common	v0.24.0 -> v0.26.6
github.com/aperturerobotics/json-iterator-lite	v1.0.1-0.20240713111131-be6bf89c3008 -> v1.0.1-0.20251104042408-0c9eb8a3f726
golang.org/x/sys	v0.40.0 -> v0.41.0