Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

The following dependencies are either deprecated or have replacements available.

Datasource	Package	Replacement PR?
npm	@lerna/collect-updates
npm	@lerna/package
npm	@lerna/package-graph
npm	@lerna/run-topologically
npm	@types/diff
nuget	Microsoft.DotNet.Analyzers.Compatibility

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• Update dependency @xmldom/xmldom to v0.8.13
• Update dependency code-suggester to v4.3.4
• Update dependency diff to v5.2.2
• Update dependency js-yaml to v4.1.1
• Update dependency Microsoft.NETFramework.ReferenceAssemblies to 1.0.3
• Update dependency nock to v13.5.6
• Update dependency semver to v7.6.3
• Update dependency tslib to v2.6.3
• Update dependency xpath to ^0.0.34
• Update dependency yaml to v2.4.5
• Update Node.js to v18.20.8
• Update dependency @xmldom/xmldom to v0.9.10
• Update dependency ajv to v8.18.0
• Update dependency chai to v4.5.0
• Update dependency gts to v5.3.1
• Update dependency jsonpath to v1.3.0
• Update dependency semver to v7.7.4 (semver, @types/semver)
• Update dependency sinon to v16.1.3
• Update dependency tslib to v2.8.1
• Update dependency typescript to v5.9.3
• Update dependency yaml to v2.8.3
• Update pnpm to v9.15.9
• Update actions/checkout action to v6
• Update actions/setup-node action to v6
• Update dependency @google-automations/git-file-utils to v3
• Update dependency @types/chai to v5
• Update dependency @types/diff to v8
• Update dependency c8 to v11
• Update dependency chai to v6
• Update dependency chalk to v5
• Update dependency code-suggester to v5
• Update dependency conventional-changelog-conventionalcommits to v9
• Update dependency conventional-changelog-writer to v8
• Update dependency conventional-commits-filter to v5
• Update dependency cross-env to v10
• Update dependency detect-indent to v7
• Update dependency diff to v9
• Update dependency figures to v6
• Update dependency Google.Cloud.Iam.V1 to v3
• Update dependency Google.LongRunning to v3
• Update dependency gts to v7
• Update dependency http-proxy-agent to v9
• Update dependency https-proxy-agent to v9
• Update dependency mocha to v11
• Update dependency nock to v14
• Update dependency node-fetch to v3
• Update dependency node-html-parser to v7
• Update dependency sinon to v21 (sinon, @types/sinon)
• Update dependency type-fest to v5
• Update dependency typescript to v6
• Update dependency unist-util-visit to v5
• Update dependency yargs to v18
• Update Node.js to v24 (node, @types/node)
• Update pnpm to v10
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update dependency @google-automations/git-file-utils to v1.2.6
• Update dependency @types/node to v18.19.130
• Update dependency @types/node-fetch to v2.6.13
• Update dependency @types/yargs to v17.0.35
• Update dependency ConfigureAwaitChecker.Analyzer to 5.0.0.1
• Update octokit monorepo (patch) (@octokit/graphql, @octokit/request, @octokit/request-error, @octokit/rest)
• Update dependency @types/mocha to v10
• Update dependency ajv-formats to v3
• Update dependency unist-util-visit-parents to v6
• Update octokit monorepo (major) (@octokit/core, @octokit/graphql, @octokit/plugin-retry, @octokit/plugin-throttling, @octokit/request, @octokit/request-error, @octokit/rest, @octokit/types)
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Important

18/18 CVEs have possible Renovate fixes.
See osvVulnerabilityAlerts to allow Renovate to supply fixes.

npm

package.json

@octokit/request

• GHSA-rmvr-2pp2-xj38 (fixed in >= 8.4.1)

@octokit/request-error

• GHSA-xx4v-prfh-6cgc (fixed in >= 5.1.1)

@xmldom/xmldom

• GHSA-wh4c-j3r5-mjhp (fixed in >= 0.8.12)

diff

• GHSA-73rr-hh4g-fpgx (fixed in >= 5.2.2)

js-yaml

• GHSA-mh29-5h37-fv8m (fixed in >= 4.1.1)

jsonpath

• GHSA-6c59-mwgh-r2x6 (fixed in >= 1.2.0)
• GHSA-87r5-mp6g-5w5j (fixed in >= 1.3.0)

yaml

• GHSA-48c2-rrv3-qjmp (fixed in >= 2.8.3)

ajv

• GHSA-2g4f-4pwh-qvx6 (fixed in >= 8.18.0)

pnpm

• GHSA-2phv-j68v-wwqx (fixed in >= 10.27.0)
• GHSA-6pfh-p556-v868 (fixed in >= 10.28.1)
• GHSA-6x96-7vc8-cm3p (fixed in >= 10.28.1)
• GHSA-7vhp-vf5g-r2fw (fixed in >= 10.26.0)
• GHSA-8cc4-rfj6-fhg4 (fixed in >= 10.0.0)
• GHSA-m733-5w8f-5ggw (fixed in >= 10.28.2)
• GHSA-v253-rj99-jwpq (fixed in >= 10.28.2)
• GHSA-vm32-9rqf-rh3r (fixed in >= 9.15.0)
• GHSA-xpqm-wm3m-f34h (fixed in >= 10.28.1)

Detected Dependencies

asdf (1)

.tool-versions (1)

• node 18.20.2 → [Updates: 18.20.8, 24.15.0]

github-actions (2)

.github/workflows/ci.yaml (3)

• actions/checkout v4 → [Updates: v6]
• actions/setup-node v3 → [Updates: v6]
• actions/setup-node v3 → [Updates: v6]

.github/workflows/release.yaml (5)

• actions/checkout v4 → [Updates: v6]
• actions/setup-node v3 → [Updates: v6]
• actions/setup-node v3 → [Updates: v6]
• node 20 → [Updates: 24]
• node 20 → [Updates: 24]

nodenv (1)

.node-version (1)

• node 18.20.2 → [Updates: 18.20.8, 24.15.0]

npm (1)

package.json (71)

• @conventional-commits/parser ^0.4.1
• @google-automations/git-file-utils ^1.2.5 → [Updates: ^1.2.5, ^3.0.0]
• @iarna/toml ^3.0.0
• @lerna/collect-updates ^6.4.1
• @lerna/package ^6.4.1
• @lerna/package-graph ^6.4.1
• @lerna/run-topologically ^6.4.1
• @octokit/core ^4.0.0 → [Updates: ^7.0.0]
• @octokit/graphql ^5.0.0 → [Updates: ^5.0.0, ^9.0.0]
• @octokit/plugin-retry 5.0.5 → [Updates: 8.1.0]
• @octokit/plugin-throttling 6.1.0 → [Updates: 11.0.3]
• @octokit/request ^6.0.0 → [Updates: ^6.0.0, ^10.0.0]
• @octokit/request-error ^3.0.0 → [Updates: ^3.0.0, ^7.0.0]
• @octokit/rest ^19.0.0 → [Updates: ^19.0.0, ^22.0.0]
• @types/npm-package-arg ^6.1.0
• @xmldom/xmldom ^0.8.4 → [Updates: ^0.8.4, ^0.9.0]
• chalk ^4.0.0 → [Updates: ^5.0.0]
• code-suggester ^4.2.0 → [Updates: ^4.2.0, ^5.0.0]
• conventional-changelog-conventionalcommits ^6.0.0 → [Updates: ^9.0.0]
• conventional-changelog-writer ^6.0.0 → [Updates: ^8.0.0]
• conventional-commits-filter ^3.0.0 → [Updates: ^5.0.0]
• detect-indent ^6.1.0 → [Updates: ^7.0.0]
• diff ^5.0.0 → [Updates: ^5.0.0, ^9.0.0]
• figures ^3.0.0 → [Updates: ^6.0.0]
• http-proxy-agent ^5.0.0 → [Updates: ^9.0.0]
• https-proxy-agent ^5.0.1 → [Updates: ^9.0.0]
• js-yaml ^4.0.0 → [Updates: ^4.0.0]
• jsonpath ^1.1.1 → [Updates: ^1.1.1]
• node-fetch ^2.7.0 → [Updates: ^3.0.0]
• node-html-parser ^6.0.0 → [Updates: ^7.0.0]
• parse-github-repo-url ^1.4.1
• semver ^7.0.0 → [Updates: ^7.0.0]
• type-fest ^3.0.0 → [Updates: ^5.0.0]
• typescript ^5.2.2 → [Updates: ^5.2.2, ^6.0.0]
• unist-util-visit ^2.0.3 → [Updates: ^5.0.0]
• unist-util-visit-parents ^3.1.1 → [Updates: ^6.0.0]
• xpath ^0.0.32 → [Updates: ^0.0.34]
• yaml ^2.2.2 → [Updates: ^2.2.2]
• yargs ^17.0.0 → [Updates: ^18.0.0]
• @octokit/types ^9.0.0 → [Updates: ^16.0.0]
• @types/chai ^4.3.6 → [Updates: ^5.0.0]
• @types/diff ^5.0.2 → [Updates: ^8.0.0]
• @types/iarna__toml ^2.0.1
• @types/js-yaml ^4.0.0
• @types/jsonpath ^0.2.0
• @types/lerna__collect-updates ^5.1.0
• @types/lerna__package ^5.1.0
• @types/lerna__package-graph ^5.1.0
• @types/lerna__run-topologically ^5.1.0
• @types/mocha ^9.0.0 → [Updates: ^10.0.0]
• @types/node 18.19.44 → [Updates: 18.19.130, 24.12.2]
• @types/node-fetch ^2.6.4 → [Updates: ^2.6.4]
• @types/semver ^7.0.0 → [Updates: ^7.0.0]
• @types/sinon ^10.0.17 → [Updates: ^21.0.0]
• @types/xmldom ^0.1.31
• @types/yargs ^17.0.0 → [Updates: ^17.0.0]
• ajv ^8.11.0 → [Updates: ^8.11.0]
• ajv-formats ^2.1.1 → [Updates: ^3.0.0]
• c8 ^8.0.0 → [Updates: ^11.0.0]
• chai ^4.3.10 → [Updates: ^4.3.10, ^6.0.0]
• cross-env ^7.0.0 → [Updates: ^10.0.0]
• gts ^5.0.1 → [Updates: ^5.0.1, ^7.0.0]
• mocha ^9.2.2 → [Updates: ^11.0.0]
• nock ^13.0.0 → [Updates: ^13.0.0, ^14.0.0]
• sinon 16.0.0 → [Updates: 16.1.3, 21.1.2]
• snap-shot-it ^7.0.0
• ts-node ^10.9.1
• tslib ^2.6.2 → [Updates: ^2.6.2]
• node >=18.0.0
• pnpm >=9
• pnpm 9.11.0 → [Updates: 9.15.9, 10.33.0]

nuget (3)

test/updaters/fixtures/dotnet/SecurityCenter.V1.csproj (7)

• Microsoft.NETFramework.ReferenceAssemblies 1.0.2 → [Updates: 1.0.3]
• Microsoft.DotNet.Analyzers.Compatibility 0.2.12-alpha
• Grpc.Core [2.41.0, 3.0.0)
• Google.LongRunning [2.3.0, 3.0.0) → [Updates: [2.3.0,3.5.0]]
• Google.Cloud.Iam.V1 [2.3.0, 3.0.0) → [Updates: [2.3.0,3.5.0]]
• Google.Api.Gax.Grpc.GrpcCore [3.6.0, 4.0.0)
• ConfigureAwaitChecker.Analyzer 5.0.0 → [Updates: 5.0.0.1]

test/updaters/fixtures/Foo.csproj (6)

• Microsoft.NETFramework.ReferenceAssemblies 1.0.2 → [Updates: 1.0.3]
• Microsoft.DotNet.Analyzers.Compatibility 0.2.12-alpha
• Grpc.Core [2.38.1, 3.0.0)
• Google.LongRunning [2.3.0, 3.0.0) → [Updates: [2.3.0,3.5.0]]
• Google.Api.Gax.Grpc.GrpcCore [3.5.0, 4.0.0)
• ConfigureAwaitChecker.Analyzer 5.0.0 → [Updates: 5.0.0.1]

test/updaters/fixtures/Prerelease.csproj (6)

• Microsoft.NETFramework.ReferenceAssemblies 1.0.2 → [Updates: 1.0.3]
• Microsoft.DotNet.Analyzers.Compatibility 0.2.12-alpha
• Grpc.Core [2.38.1, 3.0.0)
• Google.LongRunning [2.3.0, 3.0.0) → [Updates: [2.3.0,3.5.0]]
• Google.Api.Gax.Grpc.GrpcCore [3.5.0, 4.0.0)
• ConfigureAwaitChecker.Analyzer 5.0.0 → [Updates: 5.0.0.1]

---

• Check this box to trigger a request for Renovate to run again on this repository