Skip to content

fix(deps): update npm non-major dependencies #3922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update npm non-major dependencies #3922

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 25, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@navikt/aksel-icons (source) 7.35.2 -> 7.36.0 age confidence
@percy/cli (source) 1.31.5 -> 1.31.6 age confidence
@testing-library/react 16.3.0 -> 16.3.1 age confidence
@typescript-eslint/eslint-plugin (source) 8.49.0 -> 8.50.1 age confidence
@typescript-eslint/parser (source) 8.49.0 -> 8.50.1 age confidence
caniuse-lite 1.0.30001760 -> 1.0.30001761 age confidence
cypress (source) 15.7.1 -> 15.8.1 age confidence
esbuild-loader 4.4.0 -> 4.4.1 age confidence
eslint-plugin-testing-library 7.14.0 -> 7.15.3 age confidence
html-react-parser 5.2.10 -> 5.2.11 age confidence
immer 11.0.1 -> 11.1.0 age confidence
react-day-picker (source) 9.12.0 -> 9.13.0 age confidence
typescript-eslint (source) 8.49.0 -> 8.50.1 age confidence
webpack 5.103.0 -> 5.104.1 age confidence
zod (source) 4.2.0 -> 4.2.1 age confidence

Release Notes

navikt/aksel (@​navikt/aksel-icons)

v7.36.0

Compare Source

Patch Changes
  • Icons: Removed 'updated_at'-field from AkselIcon-type. (#​4399)

v7.35.3

Compare Source

percy/cli (@​percy/cli)

v1.31.6

Compare Source

What's Changed

✨ Enhancements
🐛 Bug Fixes
🏗 Maintenance

Full Changelog: percy/cli@v1.31.5...v1.31.6

testing-library/react-testing-library (@​testing-library/react)

v16.3.1

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.50.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unnecessary-type-assertion] correct handling of undefined vs. void (#​11826)
  • eslint-plugin: [method-signature-style] ignore methods that return this (#​11813)
❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.50.0

Compare Source

🚀 Features
  • eslint-plugin: [no-useless-default-assignment] add rule (#​11720)
❤️ Thank You
  • Josh Goldberg ✨
  • Ulrich Stark

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.50.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.50.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

browserslist/caniuse-lite (caniuse-lite)

v1.0.30001761

Compare Source

cypress-io/cypress (cypress)

v15.8.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-8-1

v15.8.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-8-0

privatenumber/esbuild-loader (esbuild-loader)

v4.4.1

Compare Source

Bug Fixes
testing-library/eslint-plugin-testing-library (eslint-plugin-testing-library)

v7.15.3

Compare Source

Bug Fixes

v7.15.2

Compare Source

Bug Fixes

v7.15.1

Compare Source

Bug Fixes

v7.15.0

Compare Source

Features
remarkablemark/html-react-parser (html-react-parser)

v5.2.11

Compare Source

Continuous Integration
  • github: remove npm token and publish with OIDC (ba9692d)
immerjs/immer (immer)

v11.1.0

Compare Source

This feature release adds a new optional "array method overrides" plugin that significantly speeds up array methods when accessing drafts.

Changelog

Performance Improvements

As part of the recent performance optimization work, our benchmarks showed that all Proxy-based immutable update libraries were drastically slower than vanilla JS when calling both mutating and non-mutating array methods. After investigation, it turns out that an array method like arr.filter() causes the Proxy's get trap to trigger for every single item in the array. This in turn forces creation of a new Proxy and internal Immer metadata for every item, even though this was just a read operation and no items were being updated.

This release adds a new enableArrayMethods plugin that will override draft array methods to bypass the draft and directly operate on the underlying wrapped array instance. This significantly speeds up array operations.

When enabled, the plugin overrides these array methods:

  • Mutating: push, pop, shift, unshift, splice, reverse, sort
  • Non-mutating: filter, slice, concat, flat, find, findIndex, findLast, findLastIndex, some, every, indexOf, lastIndexOf, includes, join, toString, toLocaleString

Our benchmarks show that the overridden methods (plus the other perf changes in Immer 10.2 and 11.0) are 50-80% faster than the baseline behavior of Immer 10.1.

The plugin adds about 1.5-2K minified to Immer's bundle size.

It's important to note that the plugin does change the "safe to mutate a draft" semantics of Immer. Any of these methods that receives an array item as a callback argument will not automatically wrap that item in a Proxy!. That means that if you try to mutate an argument in a method such as filter, it will actually mutate the real underlying object, which will cause bugs in your app. This is an intentional design tradeoff. Semantically, all of these methods imply read-only access to array values, so if your code tries to mutate an array item in a callback, that is a bug in your code.

Note that this does not override map, flatMap, forEach, or reduce / reduceRight. Those methods do imply either side effects and potential mutations, or returning arbitrary values. Given that, we determined it was both safest and simplest to keep their behavior as-is.

See the Array Methods Plugin docs page for further details on the behavior of the overridden methods.

What's Changed

gpbl/react-day-picker (react-day-picker)

v9.13.0

Compare Source

This release introduces an experimental noonSafe prop to help deal with historical time zones with second offsets. See https://daypicker.dev/localization/setting-time-zone#noonsafe for more details.

What's Changed
  • feat: add experimental noonSafe prop for timezone offsets by @​gpbl in #​2879

Full Changelog: gpbl/react-day-picker@v9.12.0...v9.13.0

typescript-eslint/typescript-eslint (typescript-eslint)

v8.50.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.50.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

webpack/webpack (webpack)

v5.104.1

Compare Source

Patch Changes
  • 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
  • c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

Compare Source

Minor Changes
  • d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
  • d3dd841: Enhance import.meta.env to support object access.
  • 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
  • 04cd530: Handle more at-rules for CSS modules.
  • cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
  • d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
  • 5983843: Provide a stable runtime function variable __webpack_global__.
  • d3dd841: Improved localIdentName hashing for CSS.
Patch Changes
  • 22c48fb: Added module existence check for informative error message in development mode.
  • 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
  • d3dd841: Support universal lazy compilation.
  • d3dd841: Fixed module library export definitions when multiple runtimes.
  • d3dd841: Fixed CSS nesting and CSS custom properties parsing.
  • d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
  • aab1da9: Fixed bugs for css/global type.
  • d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
  • d3dd841: Handle nested __webpack_require__.
  • 728ddb7: The speed of identifier parsing has been improved.
  • 0f8b31b: Improve types.
  • d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
  • 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
  • d3dd841: Serialize HookWebpackError.
  • d3dd841: Added ability to use built-in properties in dotenv and define plugin.
  • 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
  • d3dd841: Reduce collision for local indent name in CSS.
  • d3dd841: Remove CSS link tags when CSS imports are removed.
colinhacks/zod (zod)

v4.2.1

Compare Source

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added backport-ignore This PR is a new feature and should not be cherry-picked onto release branches kind/dependencies Pull requests that update a dependency file labels Dec 25, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 25, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate bot force-pushed the renovate/npm-minor-patch branch 2 times, most recently from 7f4066c to 14c0baf Compare December 25, 2025 18:06
@renovate renovate bot force-pushed the renovate/npm-minor-patch branch from 14c0baf to 091f453 Compare December 26, 2025 18:42
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 26, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport-ignore This PR is a new feature and should not be cherry-picked onto release branches kind/dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants