Skip to content

fix(deps): update all non-major dependencies#20

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

fix(deps): update all non-major dependencies#20
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@types/node (source) ^25.0.9^25.6.0 age confidence devDependencies minor 25.9.5
dotenv 17.2.317.4.2 age confidence dependencies minor
github.com/caarlos0/env/v11 v11.3.1v11.4.1 age confidence require minor
github.com/go-playground/validator/v10 v10.30.2v10.30.3 age confidence require patch
github.com/ipinfo/go/v2 v2.12.0v2.14.0 age confidence require minor
github.com/jackc/pgx/v5 v5.9.2v5.10.0 age confidence require minor
golang.org/x/time v0.14.0v0.15.0 age confidence require minor
node (source) 24.13.024.18.0 age confidence volta minor

Release Notes

motdotla/dotenv (dotenv)

v17.4.2

Compare Source

Changed
  • Improved skill files - tightened up details (#​1009)

v17.4.1

Compare Source

Changed
  • Change text injecting to injected (#​1005)

v17.4.0

Compare Source

Added
  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)
Changed
  • Tighten up logs: ◇ injecting env (14) from .env (#​1003)

v17.3.1

Compare Source

Changed
  • Fix as2 example command in README and update spanish README

v17.3.0

Compare Source

Added
  • Add a new README section on dotenv’s approach to the agentic future.
Changed
  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

v17.2.4

Compare Source

Changed
  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#​915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
caarlos0/env (github.com/caarlos0/env/v11)

v11.4.1

Compare Source

Changelog

Bug fixes
Documentation updates
Other work

Released with GoReleaser Pro!

v11.4.0

Compare Source

Changelog

New Features
Bug fixes
Documentation updates
Other work

Released with GoReleaser Pro!

go-playground/validator (github.com/go-playground/validator/v10)

v10.30.3

Compare Source

What's Changed

New Contributors

Full Changelog: go-playground/validator@v10.30.2...v10.30.3

ipinfo/go (github.com/ipinfo/go/v2)

v2.14.0

Compare Source

jackc/pgx (github.com/jackc/pgx/v5)

v5.10.0

Compare Source

nodejs/node (node)

v24.18.0: 2026-06-23, Version 24.18.0 'Krypton' (LTS), @​richardlau prepared by @​sxa

Compare Source

Notable Changes
  • [e07e7a31e1] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #​63527
  • [44c8ebcbd6] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #​64004
  • [d3ef4122ee] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #​63597
  • [bb2857b85a] - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan) #​62527
  • [b9d5e87880] - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan) #​62527
  • [ccd756d61e] - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan) #​62183
  • [4c9251fc09] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
  • [8c989ec4a3] - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook) #​63079
  • [3f54c8ba32] - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison) #​63834
Commits

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits
  • [[`9e4d

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone Asia/Jakarta)

  • Branch creation
    • "on saturday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/crypto v0.49.0 -> v0.52.0
golang.org/x/sys v0.42.0 -> v0.45.0
golang.org/x/text v0.35.0 -> v0.37.0

@github-project-automation github-project-automation Bot moved this to Backlog in Go API Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Backlog

Development

Successfully merging this pull request may close these issues.

0 participants