chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@changesets/cli (source)	2.27.5 -> 2.27.9					devDependencies	patch
@commercetools-backend/eslint-config-node (source)	22.28.0 -> 22.35.0					devDependencies	minor
@commercetools-frontend/babel-preset-mc-app (source)	22.28.0 -> 22.35.0					devDependencies	minor
@commitlint/cli (source)	19.3.0 -> 19.5.0					devDependencies	minor
@commitlint/config-conventional (source)	19.2.2 -> 19.5.0					devDependencies	minor
@manypkg/cli (source)	0.21.4 -> 0.22.0					devDependencies	minor
@preconstruct/cli (source)	2.8.4 -> 2.8.9					devDependencies	patch
@types/jest (source)	29.5.12 -> 29.5.14					devDependencies	patch
@types/node (source)	20.14.2 -> 20.17.6					devDependencies	minor
changesets/action	v1.4.7 -> v1.4.9					action	patch
eslint (source)	8.57.0 -> 8.57.1					devDependencies	patch
express (source)	4.19.2 -> 4.21.1					devDependencies	minor
husky	9.0.11 -> 9.1.6					devDependencies	minor
jest-runner-eslint	2.2.0 -> 2.2.1					devDependencies	patch
lint-staged	15.2.7 -> 15.2.10					devDependencies	patch
pnpm (source)	9.3.0 -> 9.12.3					packageManager	minor
ts-jest (source)	29.1.5 -> 29.2.5					devDependencies	minor
typescript (source)	5.4.5 -> 5.6.3					devDependencies	minor

---

Release Notes

changesets/changesets (@​changesets/cli)

v2.27.9

Compare Source

Patch Changes

• #​1458 400ab7b Thanks @​benmccann! - Moved @types/semver to devDependencies

• #​1462 689e541 Thanks @​benmccann! - remove outdent dependency

v2.27.8

Compare Source

v2.27.7

Compare Source

Patch Changes

• #​1047 d108fa6 Thanks @​patzick! - Fixed a crash that could occur when depending on a tagged version of another workspace package.

• #​1400 dd6e5bb Thanks @​Andarist! - Fixed a crash that prevented the CLI from running in a scenario when a workspace depends on the root workspace

• Updated dependencies [d108fa6, dd6e5bb, dd6e5bb]:

  • @​changesets/apply-release-plan@​7.0.4
  • @​changesets/config@​3.0.2
  • @​changesets/get-dependents-graph@​2.1.1
  • @​changesets/assemble-release-plan@​6.0.3
  • @​changesets/get-release-plan@​4.0.3

v2.27.6

Compare Source

Patch Changes

• #​1392 f295b3e Thanks @​bluwy! - Replace meow dependency with mri to reduce the number of transitive dependencies

• #​1390 6a3452e Thanks @​bluwy! - Display changeset status --verbose in list form and remove tty-table dependency

commercetools/merchant-center-application-kit (@​commercetools-backend/eslint-config-node)

v22.35.0

Compare Source

v22.34.0

Compare Source

v22.33.0

Compare Source

v22.32.2

Compare Source

v22.32.1

Compare Source

v22.32.0

Compare Source

v22.31.0

Compare Source

v22.30.3

Compare Source

v22.30.2

Compare Source

v22.30.1

Compare Source

v22.30.0

Compare Source

v22.29.0

Compare Source

commercetools/merchant-center-application-kit (@​commercetools-frontend/babel-preset-mc-app)

v22.35.0

Compare Source

v22.34.0

Compare Source

v22.33.0

Compare Source

v22.32.2

Compare Source

v22.32.1

Compare Source

v22.32.0

Compare Source

v22.31.0

Compare Source

v22.30.3

Compare Source

v22.30.2

Compare Source

v22.30.1

Compare Source

v22.30.0

Compare Source

v22.29.0

Compare Source

conventional-changelog/commitlint (@​commitlint/cli)

v19.5.0

Compare Source

Features

• cli: use special errorCode for missing rules/config #​4142 (#​4143) (d7070d8)

19.4.1 (2024-08-28)

Note: Version bump only for package @​commitlint/cli

v19.4.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.4.0

Compare Source

Features

• support command line options from a file (#​4109) (a20e890)
• support linting from the last tag (#​4110) (4b204ec)

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.5.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

19.4.1 (2024-08-28)

Note: Version bump only for package @​commitlint/config-conventional

19.2.2 (2024-04-14)

Note: Version bump only for package @​commitlint/config-conventional

v19.4.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

Thinkmill/manypkg (@​manypkg/cli)

v0.22.0

Compare Source

Minor Changes

• #​231 aeb50f5 Thanks @​VanTanev! - Upgraded package-json, semver and sembear dependencies.

• #​226 2fafd9a Thanks @​VanTanev! - Replace chalk with picocolors

• #​228 1cbdcb9 Thanks @​VanTanev! - Remove the find-up dependency.

• #​231 aeb50f5 Thanks @​VanTanev! - Node.js version requirement raised to >= 18.0.0

• #​224 3c3198a Thanks @​VanTanev! - Replace spawndamnit with tinyexec for fewer dependencies

• #​229 4a835ed Thanks @​VanTanev! - Update validate-npm-package-name to 5.0.1 to remove one transitive dependency.

• #​225 d0f4d92 Thanks @​VanTanev! - Replace fs-extra with native node:fs/promises

preconstruct/preconstruct (@​preconstruct/cli)

v2.8.9

Compare Source

Patch Changes

• #​604 79b6d1c Thanks @​emmatown! - Fix outputting .d.ts files with extension-less imports that are invalid when using the experimental flag typeModule with moduleResolution: "nodenext" and type: "module" in dev and build

v2.8.8

Compare Source

Patch Changes

• #​599 4b920e7 Thanks @​VanTanev! - Remove unnecessary dependency on meow CLI parsing library, as @​preconstruct/cli only takes a single positional argument denoting a preconstruct command.

• #​602 b62bd19 Thanks @​emmatown! - Fix referencing a type from another package in the same preconstruct build that has a .d.ts file at the entrypoint

v2.8.7

Compare Source

Patch Changes

• #​596 022bbc4 Thanks @​emmatown! - Fix Error when using sourcemap for reporting an error: Can't resolve original location of error error caused by changes to @babel/helpers in newer versions of Babel

v2.8.6

Compare Source

Patch Changes

• #​594 9f45824 Thanks @​emmatown! - Add checkTypeDependencies experimental flag

v2.8.5

Compare Source

Patch Changes

• #​592 c05b2a9 Thanks @​emmatown! - Fix generating TypeScript declarations where imports to JSON files are emitted in the .d.ts files

changesets/action (changesets/action)

v1.4.9

Compare Source

Patch Changes

• #​415 57ab80c Thanks @​benmccann! - Improve error message when attempting to publish without publish script defined

v1.4.8

Compare Source

Patch Changes

• #​393 48ab0d2 Thanks @​s0! - Ensure the PR remains open when updated

• #​393 48ab0d2 Thanks @​s0! - Switch to cheaper API for querying existing PRs

eslint/eslint (eslint)

v8.57.1

Compare Source

expressjs/express (express)

v4.21.1

Compare Source

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in https://github.com/expressjs/express/pull/6029
• Release: 4.21.1 by @​UlisesGascon in https://github.com/expressjs/express/pull/6031

Full Changelog: expressjs/express@4.21.0...4.21.1

v4.21.0

Compare Source

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in https://github.com/expressjs/express/pull/5935
• finalhandler@1.3.1 by @​wesleytodd in https://github.com/expressjs/express/pull/5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in https://github.com/expressjs/express/pull/5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in https://github.com/expressjs/express/pull/5946

New Contributors

• @​agadzinski93 made their first contribution in https://github.com/expressjs/express/pull/5946

Full Changelog: expressjs/express@4.20.0...4.21.0

v4.20.0

Compare Source

==========

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

typicode/husky (husky)

v9.1.6

Compare Source

v9.1.5

Compare Source

v9.1.4

Compare Source

v9.1.3

Compare Source

• fix: better handle space in PATH

v9.1.2

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

Super saiyan god dog! It's over 9.0.0!

There's a bug with this release which prevents the deprecation notice to appear and requires to remove #!/usr/bin/env sh and . "$(dirname -- "$0")/_/husky.sh" (which are deprecated by the way). I'll publish a new version to fix that. Sorry about any inconvenience.

What's new

You can now run package commands directly, no need for npx or equivalents.
It makes writing hooks more intuitive and is also slightly faster 🐺⚡️

### .husky/pre-commit
- npx jest
+ jest # ~0.2s faster

A new recipe has been added to the docs. Lint staged files without external dependencies (inspired by Prettier docs). Feel free to modify it.

### .husky/pre-commit
prettier $(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g') --write --ignore-unknown
git update-index --again

For more advanced use cases, see lint-staged.

Fixes

• bunx husky init command
• Workaround for some hooks implementation on Windows 🤷

Deprecations

• Remove #!/usr/bin/env sh and . "$(dirname -- "$0")/_/husky.sh" from your hooks
• Move your code from ~/.huskyrc to .config/husky/init.sh

Support for these will be removed in v10, notices have been added.

Friendly reminder

If Git hooks don't fit your workflow, you can disable Husky globally. Just add export HUSKY=0 to .config/husky/init.sh.

I've seen some confusion about this on X, so just a heads-up!

Sponsoring

Husky is downloaded over 45M times per month and used by ~1.5M projects. If your company wants to sponsor, you can do so here: GitHub Sponsors.

Have a nice summer ☀️ I'm open to new opportunities/consulting so feel free to drop me a message 😉

jest-community/jest-runner-eslint (jest-runner-eslint)

v2.2.1

Compare Source

What's Changed

• Fix reported location by @​thatsmydoing in https://github.com/jest-community/jest-runner-eslint/pull/262

New Contributors

• @​thatsmydoing made their first contribution in https://github.com/jest-community/jest-runner-eslint/pull/262

Full Changelog: jest-community/jest-runner-eslint@v2.2.0...v2.2.1

lint-staged/lint-staged (lint-staged)

v15.2.10

Compare Source

Patch Changes

• #​1471 e3f283b Thanks @​iiroj! - Update minor dependencies, including micromatch@~4.0.8.

v15.2.9

Compare Source

Patch Changes

• #​1463 b69ce2d Thanks @​iiroj! - Set the maximum number of event listeners to the number of tasks. This should silence the console warning MaxListenersExceededWarning: Possible EventEmitter memory leak detected.

v15.2.8

Compare Source

Patch Changes

• f0480f0 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version switched the --show-toplevel flag with --show-cdup, because on Git installed via MSYS2 the former was returning absolute paths that do not work with Node.js child_process. The new flag returns a path relative to the working directory, avoiding the issue.

  The GitHub Actions workflow has been updated to install Git via MSYS2, to ensure better future compatibility; using the default Git binary in the GitHub Actions runner was working correctly even with MSYS2.

pnpm/pnpm (pnpm)

v9.12.3

Compare Source

Patch Changes

• Don't purge node_modules, when typing "n" in the prompt that asks whether to remove node_modules before installation #​8655.
• Fix a bug causing pnpm to infinitely spawn itself when manage-package-manager-versions=true is set and the .tools directory is corrupt.
• Use crypto.hash, when available, for improved performance #​8629.
• Fixed a race condition in temporary file creation in the store by including worker thread ID in filename. Previously, multiple worker threads could attempt to use the same temporary file. Temporary files now include both process ID and thread ID for uniqueness #​8703.
• All commands should read settings from the package.json at the root of the workspace #​8667.
• When manage-package-manager-versions is set to true, errors spawning a self-managed version of pnpm will now be shown (instead of being silent).
• Pass the find command to npm, it is an alias for npm search

v9.12.2

Compare Source

Patch Changes

• When checking whether a file in the store has executable permissions, the new approach checks if at least one of the executable bits (owner, group, and others) is set to 1. Previously, a file was incorrectly considered executable only when all the executable bits were set to 1. This fix ensures that files with any executable permission, regardless of the user class, are now correctly identified as executable #​8546.

v9.12.1

Compare Source

Patch Changes

• pnpm update --latest should not update the automatically installed peer dependencies #​6657.
• pnpm publish should be able to publish from a local tarball #​7950.
• The pnpx command should work correctly on Windows, when pnpm is installed via the standalone installation script #​8608.
• Prevent EBUSY errors caused by creating symlinks in parallel dlx processes #​8604.
• Fix maximum call stack size exceeded error related to circular workspace dependencies #​8599.

v9.12.0

Compare Source

Minor Changes

• Fix peer dependency resolution dead lock #​8570. This change might change some of the keys in the snapshots field inside pnpm-lock.yaml but it should happen very rarely.

• pnpm outdated command supports now a --sort-by=name option for sorting outdated dependencies by package name #​8523.

• Added the ability for overrides to remove dependencies by specifying "-" as the field value #​8572. For example, to remove lodash from the dependencies, use this configuration in package.json:

  {
    "pnpm": {
      "overrides": {
        "lodash": "-"
      }
    }
  }

Patch Changes

• Fixed an issue where pnpm list --json pkg showed "private": false for a private package #​8519.
• Packages with libc that differ from pnpm.supportedArchitectures.libc are not downloaded #​7362.
• Prevent ENOENT errors caused by running store prune in parallel #​8586.
• Add issues alias to pnpm bugs #​8596.

v9.11.0

Compare Source

Minor Changes

• Experimental: added pnpm cache commands for inspecting the metadata cache #​8512.

Patch Changes

• Fix a regression in which pnpm deploy with node-linker=hoisted produces an empty node_modules directory #​6682.
• Don't print a warning when linking packages globally #​4761.
• pnpm deploy should work in workspace with shared-workspace-lockfile=false #​8475.

v9.10.0

Compare Source

Minor Changes

• Support for a new CLI flag, --exclude-peers, added to the list and why commands. When --exclude-peers is used, peer dependencies are not printed in the results, but dependencies of peer dependencies are still scanned #​8506.

• Added a new setting to package.json at pnpm.auditConfig.ignoreGhsas for ignoring vulnerabilities by their GHSA code #​6838.

  For instance:

  {
    "pnpm": {
      "auditConfig": {
        "ignoreGhsas": [
          "GHSA-42xw-2xvc-qx8m",
          "GHSA-4w2v-q235-vp99",
          "GHSA-cph5-m8f7-6c5x",
          "GHSA-vh95-rmgr-6w4m"
        ]
      }
    }
  }

Patch Changes

• Throw an exception if pnpm switches to the same version of itself.
• Reduce memory usage during peer dependencies resolution.

v9.9.0

Compare Source

Minor Changes

• Minor breaking change. This change might result in resolving your peer dependencies slightly differently but we don't expect it to introduce issues.

  We had to optimize how we resolve peer dependencies in order to fix some infinite loops and out-of-memory errors during peer dependencies resolution.

  When a peer dependency is a prod dependency somewhere in the dependency graph (with the same version), pnpm will resolve the peers of that peer dependency in the same way across the subgraph.

  For example, we have react-dom in the peer deps of the form and button packages. card has react-dom and react as regular dependencies and card is a dependency of form.

  These are the direct dependencies of our example project:

  form
  react@16
  react-dom@16
  

  These are the dependencies of card:

  button
  react@17
  react-dom@16
  

  When resolving peers, pnpm will not re-resolve react-dom for card, even though card shadows react@16 from the root with react@17. So, all 3 packages (form, card, and button) will use react-dom@16, which in turn uses react@16. form will use react@16, while card and button will use react@17.

  Before this optimization react-dom@16 was duplicated for the card, so that card and button would use a react-dom@16 instance that uses react@17.

  Before the change:

  form
  -> react-dom@16(react@16)
  -> react@16
  card
  -> react-dom@16(react@17)
  -> react@17
  button
  -> react-dom@16(react@17)
  -> react@17
  

  After the change

  form
  -> react-dom@16(react@16)
  -> react@16
  card
  -> react-dom@16(react@16)
  -> react@17
  button
  -> react-dom@16(react@16)
  -> react@17
  

Patch Changes

• pnpm deploy should write the `n

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: bfd7dbb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[gitstream-cm]

This PR is missing a Jira ticket reference in the title or description.
Please add a Jira ticket reference to the title or description of this PR.

[gitstream-cm]

🥷 Code experts: emmenko

emmenko, tdeekens have most 🧠 knowledge in the files.

See details

package.json

Knowledge based on git-blame:
tdeekens: 35%
emmenko: 34%

pnpm-lock.yaml

Knowledge based on git-blame:
emmenko: 28%

To learn more about /:\ gitStream - Visit our Docs