 d
|
19ee2a8b97
|
Squashed commit of the following:
commit 9e7667f090
Merge: 9df885ceaf ee9f31e9c9
Author: Danila Fominykh <d@m8sh.su>
Date: Mon Jun 8 21:44:41 2026 +0000
merge upstream
commit ee9f31e9c9
Author: Giteabot <teabot@gitea.io>
Date: Mon Jun 8 12:28:45 2026 -0700
chore(deps): update dependency @eslint/json to v2 (#38030)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@eslint/json](https://redirect.github.com/eslint/json) | [`1.2.0` →
`2.0.0`](https://renovatebot.com/diffs/npm/@eslint%2fjson/1.2.0/2.0.0) |
|
|
---
<details>
<summary>eslint/json (@​eslint/json)</summary>
[`v2.0.0`](https://redirect.github.com/eslint/json/blob/HEAD/CHANGELOG.md#200-2026-05-28)
[Compare
Source](https://redirect.github.com/eslint/json/compare/72eb947ec708d1326047977c165670582ce58a26...804ffc4911bf489cea025a829f65ee98c975b7ee)
- add `meta.languages` to JSON rules
([#​238](https://redirect.github.com/eslint/json/issues/238))
- add `meta.languages` to JSON rules
([#​238](https://redirect.github.com/eslint/json/issues/238))
([deff6b4](https://redirect.github.com/eslint/json/commit/deff6b472152ee16d5384fbada25c43ff699b899))
- update eslint
([#​226](https://redirect.github.com/eslint/json/issues/226))
([237148f](https://redirect.github.com/eslint/json/commit/237148ff7692e4b5fa813dd3bb3757eaebf866e9))
- update eslint
([#​228](https://redirect.github.com/eslint/json/issues/228))
([5803df5](https://redirect.github.com/eslint/json/commit/5803df5fd172562e10e76913370a801c55cf61d3))
</details>
---
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
commit 3b1e75764e
Author: bircni <bircni@icloud.com>
Date: Mon Jun 8 21:11:00 2026 +0200
feat(actions): add job summaries (GITHUB_STEP_SUMMARY) (#37500)
- Add GitHub-style Actions **job summaries** support
(`GITHUB_STEP_SUMMARY` / `workflow/SUMMARY.md`) and render them on the
run Summary view.
- Store uploaded summaries internally in the DB (not as downloadable
artifacts).
- Add runtime-token endpoint for runners to upload summaries:
- `PUT
/api/actions_pipeline/_apis/pipelines/workflows/{run_id}/jobs/{job_id}/summary`
- Advertise support to runners via `RunnerService.Declare` response
header:
- `X-Gitea-Actions-Capabilities: job-summary`
- Devtest: extend `/devtest/repo-action-view/...` to include mock
`jobSummaries` for previewing UI rendering.
- New Gitea + old runner: no summary upload → UI shows nothing (no
behavior change)
- New runner + old Gitea: capability not advertised → runner skips
upload (no behavior change)
<img width="2017" height="729"
src="https://github.com/user-attachments/assets/31f8b945-50c4-40e1-9f40-382901a53013"
/>
Fixes #23721
PR on gitea-runner https://gitea.com/gitea/runner/pulls/917
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
commit b1c088e9cf
Author: bircni <bircni@icloud.com>
Date: Mon Jun 8 20:49:06 2026 +0200
enhance(actions): Make Summary UI more beautiful with more infos (#37824)
- Redesign the Actions run summary header to follow GitHub Actions
layout: trigger info on the left, Status / Total duration / Artifacts
columns inline on the right
- Expose trigger user avatar, pull request link, and PR head branch info
from the run view API
- Update the workflow graph header to show the workflow filename (linked
to the run workflow file) and `on: <event>`, while keeping the
jobs/dependencies/success stats line
- Remove the redundant commit/workflow metadata row below the run title;
that information now lives in the summary bar
New:
<img width="1564" height="639"
src="https://github.com/user-attachments/assets/e6bc1623-c5fc-4e97-abc9-fde7f3c6aef9"
/>
Old:
<img width="2038" height="1038"
src="https://github.com/user-attachments/assets/0857f19a-8d3a-4da2-82fd-e9ebeb200062"
/>
Replaces https://github.com/go-gitea/gitea/pull/36721
---------
Co-authored-by: Giteabot <teabot@gitea.io>
commit e01af366e2
Author: Giteabot <teabot@gitea.io>
Date: Mon Jun 8 11:30:55 2026 -0700
fix(deps): update npm dependencies (#38035)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| @​codemirror/autocomplete | [`6.20.2` →
`6.20.3`](https://renovatebot.com/diffs/npm/@codemirror%2fautocomplete/6.20.2/6.20.3)
|
|
|
| [eslint-plugin-vue](https://eslint.vuejs.org)
([source](https://redirect.github.com/vuejs/eslint-plugin-vue)) |
[`10.9.1` →
`10.9.2`](https://renovatebot.com/diffs/npm/eslint-plugin-vue/10.9.1/10.9.2)
|
|
|
---
<details>
<summary>vuejs/eslint-plugin-vue (eslint-plugin-vue)</summary>
[`v10.9.2`](https://redirect.github.com/vuejs/eslint-plugin-vue/blob/HEAD/CHANGELOG.md#1092)
[Compare
Source](https://redirect.github.com/vuejs/eslint-plugin-vue/compare/v10.9.1...v10.9.2)
- Fixed
[`vue/custom-event-name-casing`](https://eslint.vuejs.org/rules/custom-event-name-casing.html)
to check segments of colon-separated event names like `update:foo-bar`
([#​3079](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3079))
- Fixed
[`vue/one-component-per-file`](https://eslint.vuejs.org/rules/one-component-per-file.html)
to not report functions not imported from Vue
([#​3063](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3063))
- Fixed
[`vue/prefer-import-from-vue`](https://eslint.vuejs.org/rules/prefer-import-from-vue.html)
to not report imports/exports of names that are not re-exported by `vue`
([#​3081](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3081))
- Fixed
[`vue/return-in-computed-property`](https://eslint.vuejs.org/rules/return-in-computed-property.html)
and
[`vue/require-render-return`](https://eslint.vuejs.org/rules/require-render-return.html)
to not report exhaustive switch statements when TypeScript type
information is available
([#​3067](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3067))
</details>
---
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
commit d76a974b24
Author: TheFox0x7 <thefox0x7@gmail.com>
Date: Mon Jun 8 20:18:58 2026 +0200
feat(ssh): auto generate additional ssh keys (#33974)
adds capabilities for gitea to generate ecdsa and ed25519 keys by
default
adds cli for built-in ssh key generation helpers
closes: https://github.com/go-gitea/gitea/issues/33783
---------
Co-authored-by: Nicolas <bircni@icloud.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
commit ade76fe838
Author: Nico Schlömer <nschloe@users.noreply.github.com>
Date: Mon Jun 8 19:58:41 2026 +0200
enhance: allow MathML core elements (#38034)
Fixes #36352.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
commit 54916f708e
Author: bircni <bircni@icloud.com>
Date: Mon Jun 8 19:16:22 2026 +0200
feat: Add avatar stacks (#37594)
Parse `Co-authored-by:` trailers from commit messages and surface
contributors as an avatar stack across the commit page, commits list, PR
commits tab, latest-commit row, blame, graph, and dashboard feed.
- Up to 10 visible 20px avatars, GitHub-style overlap (6px first stride,
4px between subsequent), `+N` chip for the rest.
- Label: 1 → name; 2 → `<a> and <b>`; 3+ → `<N> people` opens a Tippy
popup with all participants.
- Names and avatars link to the repo's commits-by-author search; fall
back to profile or `mailto:`.
- Trailer parsing uses `net/mail.ParseAddress`, scans only the trailing
paragraph, filters out the commit's own author/committer.
- Drops the non-standard `Co-committed-by:` emission on squash merge and
web edits.
Devtest: `/devtest/coauthor-avatars`.
Fixes #25521
----
<img width="353" height="277" alt="image"
src="https://github.com/user-attachments/assets/72092ceb-97ca-4b09-9557-0b72d3c5458e"
/>
<img width="533" height="328"
src="https://github.com/user-attachments/assets/11d0c8f8-8b3f-4f2e-9993-879f1c06bcc5"
/>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
commit 9df885ceaf
Merge: 7ddacf0edf 136f7d18aa
Author: Danila Fominykh <d@m8sh.su>
Date: Mon Jun 8 17:05:31 2026 +0000
merge upstream
commit 2a84831400
Author: Giteabot <teabot@gitea.io>
Date: Mon Jun 8 09:53:12 2026 -0700
chore(deps): update astral-sh/setup-uv action to v8.2.0 (#38036)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv) |
action | minor | `v8.1.0` → `v8.2.0` |
---
<details>
<summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary>
[`v8.2.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v8.2.0):
🌈 New inputs `quiet` and `download-from-astral-mirror`
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v8.1.0...v8.2.0)
This release brings two new inputs and a few bug fixes.
Lets talk about the new inputs first.
Pretty simple. It turns of all `info` loggings. Useful if you use this
in a composite action and are not interested in all the details.
In the upcoming releases we will add log groups to fully implement
support for "less noise"
> \[!NOTE]\
> Warnings and errors are always logged.
In some cases you may want to directly use the fallback of checking for
available versions and downloading releases from GitHub instead of using
the astral.sh mirror. Setting `download-from-astral-mirror: false`
allows you to do that.
When using the astral.sh mirror to query available versions and download
releases (done by default) we now stop sending the GitHub token in the
header. The mirror never looked at it but we shouldn't be handing out
that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due
to retries and other faults.
We couldn't pinpoint all rootcauses yet but added more logging for error
cases to track them down.
- fix: report unexpected cache save failures
[@​eifinger](https://redirect.github.com/eifinger)
([#​896](https://redirect.github.com/astral-sh/setup-uv/issues/896))
- fix: report unexpected setup failures
[@​eifinger](https://redirect.github.com/eifinger)
([#​895](https://redirect.github.com/astral-sh/setup-uv/issues/895))
- fix: add timeout to fetch to prevent silent hangs
[@​eifinger-bot](https://redirect.github.com/eifinger-bot)
([#​883](https://redirect.github.com/astral-sh/setup-uv/issues/883))
- Limit GitHub tokens to github.com download URLs
[@​zsol](https://redirect.github.com/zsol)
([#​878](https://redirect.github.com/astral-sh/setup-uv/issues/878))
- increase libuv-workaround timeout to 100ms
[@​eifinger](https://redirect.github.com/eifinger)
([#​880](https://redirect.github.com/astral-sh/setup-uv/issues/880))
- Add quiet input to suppress info-level log output
[@​eifinger](https://redirect.github.com/eifinger)
([#​898](https://redirect.github.com/astral-sh/setup-uv/issues/898))
- feat: add `download-from-astral-mirror` input
[@​eifinger](https://redirect.github.com/eifinger)
([#​897](https://redirect.github.com/astral-sh/setup-uv/issues/897))
- docs: update dependabot rollup biome guidance
[@​eifinger](https://redirect.github.com/eifinger)
([#​902](https://redirect.github.com/astral-sh/setup-uv/issues/902))
- chore: update known checksums for 0.11.18
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​899](https://redirect.github.com/astral-sh/setup-uv/issues/899))
- chore: update known checksums for 0.11.17
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​892](https://redirect.github.com/astral-sh/setup-uv/issues/892))
- chore: update known checksums for 0.11.16
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​889](https://redirect.github.com/astral-sh/setup-uv/issues/889))
- chore: update known checksums for 0.11.15
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​885](https://redirect.github.com/astral-sh/setup-uv/issues/885))
- chore: update known checksums for 0.11.14
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​879](https://redirect.github.com/astral-sh/setup-uv/issues/879))
- chore: update known checksums for 0.11.13
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​877](https://redirect.github.com/astral-sh/setup-uv/issues/877))
- chore: update known checksums for 0.11.12
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​876](https://redirect.github.com/astral-sh/setup-uv/issues/876))
- chore: update known checksums for 0.11.11
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​873](https://redirect.github.com/astral-sh/setup-uv/issues/873))
- chore: update known checksums for 0.11.9/0.11.10
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​871](https://redirect.github.com/astral-sh/setup-uv/issues/871))
- chore: update known checksums for 0.11.8
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​867](https://redirect.github.com/astral-sh/setup-uv/issues/867))
- Bump setup-uv references to v8.1.0 SHA in docs
[@​eifinger](https://redirect.github.com/eifinger)
([#​862](https://redirect.github.com/astral-sh/setup-uv/issues/862))
- Add update-docs.yml workflow
[@​eifinger](https://redirect.github.com/eifinger)
([#​861](https://redirect.github.com/astral-sh/setup-uv/issues/861))
- chore(deps): roll up dependabot updates
[@​eifinger](https://redirect.github.com/eifinger)
([#​903](https://redirect.github.com/astral-sh/setup-uv/issues/903))
- chore(deps): roll up dependabot updates
[@​eifinger](https://redirect.github.com/eifinger)
([#​901](https://redirect.github.com/astral-sh/setup-uv/issues/901))
- chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​900](https://redirect.github.com/astral-sh/setup-uv/issues/900))
- chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​842](https://redirect.github.com/astral-sh/setup-uv/issues/842))
- chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​893](https://redirect.github.com/astral-sh/setup-uv/issues/893))
- chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​891](https://redirect.github.com/astral-sh/setup-uv/issues/891))
- chore(deps): bump release-drafter/release-drafter from 7.2.0 to 7.3.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​884](https://redirect.github.com/astral-sh/setup-uv/issues/884))
- chore(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.5
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​888](https://redirect.github.com/astral-sh/setup-uv/issues/888))
- chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​881](https://redirect.github.com/astral-sh/setup-uv/issues/881))
- chore(deps): bump github/codeql-action from 4.32.2 to 4.35.3
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​875](https://redirect.github.com/astral-sh/setup-uv/issues/875))
- chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​866](https://redirect.github.com/astral-sh/setup-uv/issues/866))
- chore(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​864](https://redirect.github.com/astral-sh/setup-uv/issues/864))
- chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​863](https://redirect.github.com/astral-sh/setup-uv/issues/863))
</details>
---
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
commit 136f7d18aa
Author: wxiaoguang <wxiaoguang@gmail.com>
Date: Mon Jun 8 16:58:42 2026 +0800
fix: api error message (#38031)
Fix various abuses and mistakes
commit 60f66a9bfd
Author: Zettat123 <zettat123@gmail.com>
Date: Mon Jun 8 00:39:06 2026 -0600
enhance(actions): improve reusable workflow `uses` handling and cancellation (#37991)
Follow up #37478
1. #37478 doesn't support absolute URL in `uses`. This PR provides
partial support for URL-style reusable workflow references. A reusable
workflow can now be referenced by an absolute URL, as long as it points
to the local Gitea instance:
```yaml
jobs:
call:
uses: https://your-gitea.example.com/OWNER/REPO/.gitea/workflows/ci.yaml@v1
```
2. Show an error message in the UI for invalid `uses`.
<img width="1600" alt="image"
src="https://github.com/user-attachments/assets/21b34e61-bf10-4af1-b9fd-4ee4e9fde049"
/>
3. Fix reusable caller cancellation issue. A reusable caller's status is
aggregated from its children, so cancellation should processes a
caller's descendants deepest-first.
---------
Signed-off-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: bircni <bircni@icloud.com>
Co-authored-by: Giteabot <teabot@gitea.io>
commit 1e9ea9c8f5
Author: Giteabot <teabot@gitea.io>
Date: Sun Jun 7 23:03:55 2026 -0700
fix(deps): update npm dependencies (#38029)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@primer/octicons](https://primer.style/octicons)
([source](https://redirect.github.com/primer/octicons)) | [`19.27.0` →
`19.28.0`](https://renovatebot.com/diffs/npm/@primer%2focticons/19.27.0/19.28.0)
|
|
|
|
[@typescript-eslint/parser](https://typescript-eslint.io/packages/parser)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser))
| [`8.60.0` →
`8.60.1`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.60.0/8.60.1)
|
|
|
|
[@vitest/eslint-plugin](https://redirect.github.com/vitest-dev/eslint-plugin-vitest)
| [`1.6.18` →
`1.6.19`](https://renovatebot.com/diffs/npm/@vitest%2feslint-plugin/1.6.18/1.6.19)
|
|
|
| [eslint](https://eslint.org)
([source](https://redirect.github.com/eslint/eslint)) | [`10.4.0` →
`10.4.1`](https://renovatebot.com/diffs/npm/eslint/10.4.0/10.4.1) |
|
|
|
[eslint-import-resolver-typescript](https://redirect.github.com/import-js/eslint-import-resolver-typescript)
| [`4.4.4` →
`4.4.5`](https://renovatebot.com/diffs/npm/eslint-import-resolver-typescript/4.4.4/4.4.5)
|
|
|
|
[eslint-plugin-vue-scoped-css](https://future-architect.github.io/eslint-plugin-vue-scoped-css/)
([source](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css))
| [`3.1.0` →
`3.1.1`](https://renovatebot.com/diffs/npm/eslint-plugin-vue-scoped-css/3.1.0/3.1.1)
|
|
|
| [js-yaml](https://redirect.github.com/nodeca/js-yaml) | [`4.1.1` →
`4.2.0`](https://renovatebot.com/diffs/npm/js-yaml/4.1.1/4.2.0) |
|
|
| [pnpm](https://pnpm.io)
([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) |
[`11.4.0` →
`11.5.1`](https://renovatebot.com/diffs/npm/pnpm/11.4.0/11.5.1) |
|
|
|
[rolldown-license-plugin](https://redirect.github.com/silverwind/rolldown-license-plugin)
| [`3.0.8` →
`3.0.9`](https://renovatebot.com/diffs/npm/rolldown-license-plugin/3.0.8/3.0.9)
|
|
|
|
[typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint))
| [`8.60.0` →
`8.60.1`](https://renovatebot.com/diffs/npm/typescript-eslint/8.60.0/8.60.1)
|
|
|
| [updates](https://redirect.github.com/silverwind/updates) | [`17.17.2`
→ `17.17.3`](https://renovatebot.com/diffs/npm/updates/17.17.2/17.17.3)
|
|
|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`8.0.14` →
`8.0.16`](https://renovatebot.com/diffs/npm/vite/8.0.14/8.0.16) |
|
|
| [vitest](https://vitest.dev)
([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest))
| [`4.1.7` →
`4.1.8`](https://renovatebot.com/diffs/npm/vitest/4.1.7/4.1.8) |
|
|
| [vue-tsc](https://redirect.github.com/vuejs/language-tools)
([source](https://redirect.github.com/vuejs/language-tools/tree/HEAD/packages/tsc))
| [`3.3.2` →
`3.3.3`](https://renovatebot.com/diffs/npm/vue-tsc/3.3.2/3.3.3) |
|
|
---
<details>
<summary>primer/octicons (@​primer/octicons)</summary>
[`v19.28.0`](https://redirect.github.com/primer/octicons/blob/HEAD/CHANGELOG.md#19280)
[Compare
Source](https://redirect.github.com/primer/octicons/compare/v19.27.0...v19.28.0)
- [#​1208](https://redirect.github.com/primer/octicons/pull/1208)
[`eddab3ff`](https://redirect.github.com/primer/octicons/commit/eddab3ff19f1450eb1d60c78b1d20c2c4bc3fd15)
Thanks [@​dylanatsmith](https://redirect.github.com/dylanatsmith)!
- Fix vscode icon: update 16px, add 24px, remove 32px and 48px
</details>
<details>
<summary>typescript-eslint/typescript-eslint
(@​typescript-eslint/parser)</summary>
[`v8.60.1`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8601-2026-06-01)
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.60.0...v8.60.1)
This was a version bump only for parser to align it with other projects,
there were no code changes.
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.1)
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning) and
[releases](https://typescript-eslint.io/users/releases) on our website.
</details>
<details>
<summary>vitest-dev/eslint-plugin-vitest
(@​vitest/eslint-plugin)</summary>
[`v1.6.19`](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/releases/tag/v1.6.19)
[Compare
Source](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.18...v1.6.19)
*No significant changes*
GitHub](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.18...v1.6.19)
</details>
<details>
<summary>eslint/eslint (eslint)</summary>
[`v10.4.1`](https://redirect.github.com/eslint/eslint/releases/tag/v10.4.1)
[Compare
Source](https://redirect.github.com/eslint/eslint/compare/v10.4.0...v10.4.1)
-
[`e557467`](https://redirect.github.com/eslint/eslint/commit/e557467db7496220eebcbe2ac5ea6d38c12bb1ec)
fix: update `@eslint/plugin-kit` version to 0.7.2
([#​20930](https://redirect.github.com/eslint/eslint/issues/20930))
(Francesco Trotta)
-
[`d4ce898`](https://redirect.github.com/eslint/eslint/commit/d4ce898796ca22c3b96aa70d3014cb85f4bac1cd)
fix: propagate failures from delegated commands
([#​20917](https://redirect.github.com/eslint/eslint/issues/20917))
(Minh Vu)
-
[`f4f3507`](https://redirect.github.com/eslint/eslint/commit/f4f3507460bc016b5be979c05d2969793f570cbf)
fix: prefer-arrow-callback invalid autofix with newline after `async`
([#​20916](https://redirect.github.com/eslint/eslint/issues/20916))
(kuldeep kumar)
-
[`c5bc78b`](https://redirect.github.com/eslint/eslint/commit/c5bc78b37e08b9054a11f0cc2d81808bb24acb85)
fix: false positive for reference in `finally` block
([#​20655](https://redirect.github.com/eslint/eslint/issues/20655))
(Tanuj Kanti)
-
[`27538c0`](https://redirect.github.com/eslint/eslint/commit/27538c01f5df4e9306f6f4ba867b2dd6307fae59)
fix: add missing CodePath and CodePathSegment types
([#​20853](https://redirect.github.com/eslint/eslint/issues/20853))
(Pixel998)
-
[`61b0add`](https://redirect.github.com/eslint/eslint/commit/61b0add61ffc52665562be7bb96f526690a78b30)
docs: remove deprecated rule from related rules of `max-params`
([#​20921](https://redirect.github.com/eslint/eslint/issues/20921))
(Tanuj Kanti)
-
[`305d5b9`](https://redirect.github.com/eslint/eslint/commit/305d5b91aeac24d36fde42f75625a8f183d4ce43)
docs: remove deprecated rules from related rules section
([#​20911](https://redirect.github.com/eslint/eslint/issues/20911))
(Tanuj Kanti)
-
[`49b0202`](https://redirect.github.com/eslint/eslint/commit/49b0202d01918b8061720d586dffd7c68047090c)
docs: fix `display: none` of ad
([#​20901](https://redirect.github.com/eslint/eslint/issues/20901))
(Tanuj Kanti)
-
[`9067f94`](https://redirect.github.com/eslint/eslint/commit/9067f9492ec998afc5b4f057a477ecf6ebd45e44)
docs: switch build to Node.js 24
([#​20893](https://redirect.github.com/eslint/eslint/issues/20893))
(Milos Djermanovic)
-
[`c91b041`](https://redirect.github.com/eslint/eslint/commit/c91b0417e3420c76807ce1fa2aea76e2de87ab86)
docs: Update README (GitHub Actions Bot)
-
[`e349265`](https://redirect.github.com/eslint/eslint/commit/e349265cb37f3ebc837e178e48a725bb782bd870)
docs: clarify semver strings in rule deprecation objects
([#​20885](https://redirect.github.com/eslint/eslint/issues/20885))
(Milos Djermanovic)
-
[`b0e466b`](https://redirect.github.com/eslint/eslint/commit/b0e466b6ab47bfc7de43d8de0c315d8ee83aa584)
test: add `data` property to invalid tests cases for rules
([#​20924](https://redirect.github.com/eslint/eslint/issues/20924))
(Tanuj Kanti)
-
[`f78838b`](https://redirect.github.com/eslint/eslint/commit/f78838bc4c86d487e1bcc7cede260c4467721c46)
test: add CodePath type coverage
([#​20904](https://redirect.github.com/eslint/eslint/issues/20904))
(Pixel998)
-
[`1daa4bd`](https://redirect.github.com/eslint/eslint/commit/1daa4bd734b79a62e317d0394394a6b38cff49f9)
chore: update `eslint-plugin-eslint-comments` test data to latest commit
([#​20922](https://redirect.github.com/eslint/eslint/issues/20922))
(Francesco Trotta)
-
[`002942c`](https://redirect.github.com/eslint/eslint/commit/002942ce988ea28b78e0a2f3b074081e638b552c)
ci: declare contents:read on update-readme workflow
([#​20919](https://redirect.github.com/eslint/eslint/issues/20919))
(Arpit Jain)
-
[`64bca24`](https://redirect.github.com/eslint/eslint/commit/64bca24e7bed35bc3c864fc625cb2d89eca87d5b)
chore: update ecosystem plugins
([#​20912](https://redirect.github.com/eslint/eslint/issues/20912))
(ESLint Bot)
-
[`6d7c832`](https://redirect.github.com/eslint/eslint/commit/6d7c832950d5e92499d88e504080661f888f8f56)
chore: ignore fflate updates in renovate
([#​20908](https://redirect.github.com/eslint/eslint/issues/20908))
(Pixel998)
-
[`b2c8638`](https://redirect.github.com/eslint/eslint/commit/b2c86382164d87c6203b78d52068cd6a2a6ffe30)
ci: bump pnpm/action-setup from 6.0.7 to 6.0.8
([#​20889](https://redirect.github.com/eslint/eslint/issues/20889))
(dependabot\[bot])
-
[`a9b8d7f`](https://redirect.github.com/eslint/eslint/commit/a9b8d7f74c50211701cfc49710fa541fd91b2aa5)
chore: increase maxBuffer for ecosystem tests
([#​20881](https://redirect.github.com/eslint/eslint/issues/20881))
(sethamus)
-
[`b702ead`](https://redirect.github.com/eslint/eslint/commit/b702ead5e1ed7cb9f28238a454797662efb37396)
chore: update ecosystem update PR settings
([#​20884](https://redirect.github.com/eslint/eslint/issues/20884))
(Pixel998)
-
[`507f60e`](https://redirect.github.com/eslint/eslint/commit/507f60e9a78c9a902bc8759f066ae17a1ea6cd81)
chore: update ecosystem plugins
([#​20882](https://redirect.github.com/eslint/eslint/issues/20882))
(ESLint Bot)
-
[`92f5c5b`](https://redirect.github.com/eslint/eslint/commit/92f5c5bb6bf3a5d167c8ee53a430833410295c6d)
test: add unit test for message-count
([#​20878](https://redirect.github.com/eslint/eslint/issues/20878))
(kuldeep kumar)
-
[`df32108`](https://redirect.github.com/eslint/eslint/commit/df321080af5758b1fa25e4b9a40e26135642dd6e)
chore: add
[@​eslint/markdown](https://redirect.github.com/eslint/markdown)
and typescript-eslint ecosystem tests
([#​20837](https://redirect.github.com/eslint/eslint/issues/20837))
(sethamus)
-
[`327f91d`](https://redirect.github.com/eslint/eslint/commit/327f91d36aa49f2a50ded931d841a16374fd875f)
chore: use includeIgnoreFile internally
([#​20876](https://redirect.github.com/eslint/eslint/issues/20876))
(Kirk Waiblinger)
-
[`f0dc4bd`](https://redirect.github.com/eslint/eslint/commit/f0dc4bd893fb3a9f44e4ddc3ad7063ffb0beacd3)
chore: pin fflate\@​0.8.2
([#​20877](https://redirect.github.com/eslint/eslint/issues/20877))
(Milos Djermanovic)
-
[`0f4bd25`](https://redirect.github.com/eslint/eslint/commit/0f4bd257a67a082b756de746d9e0c4842ab764ca)
ci: run Discord alert for ecosystem test failures
([#​20873](https://redirect.github.com/eslint/eslint/issues/20873))
(Copilot)
</details>
<details>
<summary>import-js/eslint-import-resolver-typescript
(eslint-import-resolver-typescript)</summary>
[`v4.4.5`](https://redirect.github.com/import-js/eslint-import-resolver-typescript/blob/HEAD/CHANGELOG.md#445)
[Compare
Source](https://redirect.github.com/import-js/eslint-import-resolver-typescript/compare/v4.4.4...v4.4.5)
-
[#​473](https://redirect.github.com/import-js/eslint-import-resolver-typescript/pull/473)
[`32c61ab`](https://redirect.github.com/import-js/eslint-import-resolver-typescript/commit/32c61abccf26bd2a2267f2e0e67d82e6f88d149a)
Thanks [@​leey0818](https://redirect.github.com/leey0818)! - fix:
check tsconfig matching before using resolver
</details>
<details>
<summary>future-architect/eslint-plugin-vue-scoped-css
(eslint-plugin-vue-scoped-css)</summary>
[`v3.1.1`](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css/blob/HEAD/CHANGELOG.md#311)
[Compare
Source](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css/compare/v3.1.0...v3.1.1)
- Fix false positives in `vue-scoped-css/require-selector-used-inside`
for selectors that start with ignored pseudo-classes such as
`:has(...)`.
([#​496](https://redirect.github.com/future-architect/eslint-plugin-vue-scoped-css/pull/496))
</details>
<details>
<summary>nodeca/js-yaml (js-yaml)</summary>
[`v4.2.0`](https://redirect.github.com/nodeca/js-yaml/blob/HEAD/CHANGELOG.md#420---2026-06-01)
[Compare
Source](https://redirect.github.com/nodeca/js-yaml/compare/4.1.1...590dbabadd172b099c07654fab2eabec8c7a07b9)
- Added `docs/safety.md` with notes about processing untrusted YAML.
- Added `maxDepth` (100) loader option. Not a problem, but gives a
better
exception instead of RangeError on stack overflow.
- Added `maxMergeSeqLength` (20) loader option. Not a problem after
`merge` fix,
but an additional restriction for safety.
- Added sourcemaps to `dist/` builds.
- Stop resolving numbers with underscores as numeric scalars,
[#​627](https://redirect.github.com/nodeca/js-yaml/issues/627).
- Switched dev toolchains to Vite / neostandard.
- Updated demo.
- Reorganized tests.
- `dist/` files are no longer kept in the repository.
- Fix parsing of properties on the first implicit block mapping key,
[#​62](https://redirect.github.com/nodeca/js-yaml/issues/62).
- Fix trailing whitespace handling when folding flow scalar lines,
[#​307](https://redirect.github.com/nodeca/js-yaml/issues/307).
- Reject top-level block scalars without content indentation,
[#​280](https://redirect.github.com/nodeca/js-yaml/issues/280).
- Ensure numbers survive round-trip,
[#​737](https://redirect.github.com/nodeca/js-yaml/issues/737).
- Fix test coverage for issue
[#​221](https://redirect.github.com/nodeca/js-yaml/issues/221).
- Fix flow scalar trailing whitespace folding,
[#​307](https://redirect.github.com/nodeca/js-yaml/issues/307).
- Fix digits in YAML named tag handles.
- Fix potential DoS via quadratic complexity in merge - deduplicate
repeated
elements (makes sense for malformed files > 10K).
</details>
<details>
<summary>pnpm/pnpm (pnpm)</summary>
[`v11.5.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1151)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.5.0...v11.5.1)
- Improve `pnpm audit` performance by pruning non-vulnerable lockfile
subtrees and stopping path enumeration once vulnerable findings reach
the path cap.
- Avoid crashing when the workspace state cache is partially written or
malformed.
- Set `npm_config_user_agent` for root lifecycle scripts during headless
installs.
- Preserve the `integrity` field of a remote (non-registry) tarball
dependency when its lockfile entry is rebuilt. Re-resolving such a
dependency without re-fetching it (for example via `pnpm update`, or
when another dependency changes) produced a resolution with no integrity
— URL/tarball resolvers only learn the integrity after the tarball is
downloaded — so the previously recorded integrity was dropped, making
later installs fail with `ERR_PNPM_MISSING_TARBALL_INTEGRITY`
[#​12067](https://redirect.github.com/pnpm/pnpm/issues/12067).
- Normalize a string `repository` field into the `{ type, url }` object
form when creating the publish manifest, matching npm's behavior. Some
registries (e.g. Gitea/Codeberg) reject a string `repository` with a 500
Internal Server Error during `pnpm publish`
[#​12099](https://redirect.github.com/pnpm/pnpm/issues/12099).
- Preserve compatible optional peer versions already present in the
lockfile when resolving dependencies.
- Fixed inconsistent resolution of a peer dependency that is shared
through a diamond. When a package peer-depends on both another package
and one of that package's own peer dependencies (for example
`@typescript-eslint/eslint-plugin` peer-depends on both
`@typescript-eslint/parser` and `typescript`, and
`@typescript-eslint/parser` peer-depends on `typescript`), pnpm no
longer reuses a hoisted instance of the shared peer that was resolved
against a different version
[#​12079](https://redirect.github.com/pnpm/pnpm/issues/12079).
[`v11.5.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1150)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.4.0...v11.5.0)
- Added a new `hoistingLimits` setting for `nodeLinker: hoisted`
installs, mirroring yarn's `nmHoistingLimits`. It accepts `none` (the
default — hoist as far as possible), `workspaces` (hoist only as far as
each workspace package), or `dependencies` (hoist only up to each
workspace package's direct dependencies). Originally proposed in
[#​6468](https://redirect.github.com/pnpm/pnpm/pull/6468), closing
[#​6457](https://redirect.github.com/pnpm/pnpm/issues/6457).
- Replaced `enquirer` with `@inquirer/prompts` for all interactive
prompts. Fixes the `update -i` scrolling overflow bug where long choice
lists were clipped in the terminal
[#​6643](https://redirect.github.com/pnpm/pnpm/issues/6643).
**User-facing changes:**
- `pnpm update -i` / `pnpm update -i --latest`: Scrolling now works
correctly when many packages are available; the new library uses
visual-line-aware pagination via `usePagination`
- `pnpm audit --fix -i`: Same scrolling fix for vulnerability selection
- `pnpm approve-builds`: Interactive build approval prompts updated
- `pnpm patch`: Version selection and "apply to all" prompts updated
- `pnpm patch-remove`: Patch removal selection updated
- `pnpm publish`: Branch confirmation prompt updated
- `pnpm login`: Credential prompts updated
- `pnpm run` / `pnpm exec` (with `verifyDepsBeforeRun=prompt`):
Confirmation prompt updated
Vim-style `j`/`k` keys still work for up/down navigation in all
interactive prompts.
**Internal:** The `OtpEnquirer` and `LoginEnquirer` DI interfaces
changed from `{ prompt }` to `{ input }` / `{ input, password }`
respectively. Plugins or custom builds that inject their own enquirer
mock will need to update.
- Staged publishes are now recognized in the trust scale. When a package
version's registry metadata carries an `approver` field, it is treated
as the strongest trust evidence (ranked above trusted publishers and
provenance attestations), since staged publishes require 2FA publish
approvals. This prevents false-positive trust downgrade errors when
moving from a staged publish to a lower trust level
[#​11887](https://redirect.github.com/pnpm/pnpm/issues/11887).
- Fix pnpm hanging during peer resolution when an aliased install pulls
in transitive packages with mutual peer cycles at different depths in
the dependency tree (for example, `pnpm i nuxt@npm:nuxt-nightly@5x`).
Cycles whose members hit the `findHit` cache instead of running their
own `calculateDepPath` are now short-circuited by sibling resolutions at
the level where the cycle is detected, so the cached path promises no
longer deadlock.
[#​11999](https://redirect.github.com/pnpm/pnpm/issues/11999).
- Fix `pnpm dist-tag add` and `pnpm dist-tag rm` against npmjs.org
failing without `--otp` with `[ERR_PNPM_UNAUTHORIZED] You must be logged
in to set dist-tag … "You must provide a one-time pass. Upgrade your
client to npm@latest in order to use 2FA."`. pnpm now sends
`npm-auth-type: web` on dist-tag writes and surfaces the resulting OTP
challenge through the existing browser-based 2FA flow (the same
`withOtpHandling` helper used by `pnpm publish`), so the browser opens,
the user authenticates, and the dist-tag is set on retry. `--otp=<code>`
continues to work via the classic flow.
- Fix `minimumReleaseAgeExclude` handling in npm resolution fast paths
so excluded packages do not get pinned to stale versions. Excludes are
honored consistently during `publishedBy` metadata selection and
cache-mtime shortcuts.
- Fix the `integrity` field being dropped from the lockfile entry of a
remote (non-registry) https-tarball dependency when an unrelated package
is installed afterwards. URL/tarball resolvers do not return an
integrity (it is only known after the tarball is downloaded), so when
such a dependency was reused from the lockfile without being re-fetched,
its integrity was lost. It is now carried over from the existing
resolution. With pnpm's lockfile-integrity hardening, the missing
integrity made subsequent `--frozen-lockfile` installs fail with
`ERR_PNPM_MISSING_TARBALL_INTEGRITY`.
[#​12001](https://redirect.github.com/pnpm/pnpm/issues/12001).
- Skip dependency re-resolution when `pnpm-lock.yaml` is missing but
`node_modules/.pnpm/lock.yaml` exists and still satisfies the manifest.
`pnpm install` now reuses the materialized snapshot to regenerate
`pnpm-lock.yaml` instead of walking the registry to rebuild it from
scratch, turning the cache+node\_modules variation into a near-no-op for
users who deleted the lockfile but kept the install
[#​11993](https://redirect.github.com/pnpm/pnpm/issues/11993).
`--frozen-lockfile` still refuses to proceed when `pnpm-lock.yaml` is
absent — the regenerated lockfile must be committed, so failing loudly
is the correct behavior for CI.
</details>
<details>
<summary>silverwind/rolldown-license-plugin
(rolldown-license-plugin)</summary>
[`v3.0.9`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.9)
[Compare
Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.8...3.0.9)
- update deps (silverwind)
- make: collapse patch/minor/major into one rule (silverwind)
- simplify generateBundle: pair dir+raw, rename shadow, inline
single-use const (silverwind)
- make update a combination target, split out update-js (silverwind)
- add update-actions make target (silverwind)
- remove authorship attribution rule from AGENTS.md (silverwind)
- docs: use defineConfig in README usage example (silverwind)
</details>
<details>
<summary>typescript-eslint/typescript-eslint
(typescript-eslint)</summary>
[`v8.60.1`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8601-2026-06-01)
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.60.0...v8.60.1)
This was a version bump only for typescript-eslint to align it with
other projects, there were no code changes.
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.1)
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning) and
[releases](https://typescript-eslint.io/users/releases) on our website.
</details>
<details>
<summary>silverwind/updates (updates)</summary>
[`v17.17.3`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.3)
[Compare
Source](https://redirect.github.com/silverwind/updates/compare/17.17.2...17.17.3)
- fix prerelease drop in updateVersionRange and scope regex (silverwind)
- fix 1.2.x ranges, docker tag corruption, and per-file cooldown
(silverwind)
- fix go +incompatible, cargo inline-table, and prerelease selection
(silverwind)
- fix --pin range parsing, url tag deps, and -s flag docs (silverwind)
- make update a combination target, split out update-js (silverwind)
- add update-actions make target (silverwind)
- remove authorship attribution rule from AGENTS.md (silverwind)
</details>
<details>
<summary>vitejs/vite (vite)</summary>
[`v8.0.16`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8016-2026-06-01-small)
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v8.0.15...v8.0.16)
- **deps:** reject UNC paths for launch-editor-middleware
([#​22571](https://redirect.github.com/vitejs/vite/issues/22571))
([50b9512](https://redirect.github.com/vitejs/vite/commit/50b951225bbf6151eb84a3ad5a454908ab4a76c9))
- reject windows alternate paths
([#​22572](https://redirect.github.com/vitejs/vite/issues/22572))
([dc245c7](https://redirect.github.com/vitejs/vite/commit/dc245c71e5007ea4d891a025e2d69ac96c736546))
[`v8.0.15`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8015-2026-06-01-small)
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v8.0.14...v8.0.15)
- send 408 on request timeout
([#​22476](https://redirect.github.com/vitejs/vite/issues/22476))
([c85c9ee](https://redirect.github.com/vitejs/vite/commit/c85c9eeb9aaf41f477b48b057146887bd5620797))
- update rolldown to 1.0.3
([#​22538](https://redirect.github.com/vitejs/vite/issues/22538))
([646dbed](https://redirect.github.com/vitejs/vite/commit/646dbedd2870f8ec48df0321177d8aa64bbd1575))
- capitalize error messages and remove spurious space in parse error
([#​22488](https://redirect.github.com/vitejs/vite/issues/22488))
([85a0eff](https://redirect.github.com/vitejs/vite/commit/85a0eff1c82bbb7c99a0fe8e63704316578a40d3))
- **deps:** update all non-major dependencies
([#​22511](https://redirect.github.com/vitejs/vite/issues/22511))
([2686d7d](https://redirect.github.com/vitejs/vite/commit/2686d7d0b722402204d3bcc687a87adea1bcf9fa))
- **dev:** fix html-proxy cache key mismatch for /@​fs/ HTML paths
([#​21762](https://redirect.github.com/vitejs/vite/issues/21762))
([47c4213](https://redirect.github.com/vitejs/vite/commit/47c4213f134f562c41ed7c031e4788510cf7e31e))
- **glob:** error on relative glob in virtual module when no files match
([#​22497](https://redirect.github.com/vitejs/vite/issues/22497))
([5c8e98f](https://redirect.github.com/vitejs/vite/commit/5c8e98f8b584ac5d42f0f9b8580c49792213b13c))
- **optimizer:** close the rolldown bundle when write() rejects
([#​22528](https://redirect.github.com/vitejs/vite/issues/22528))
([e3cfb9d](https://redirect.github.com/vitejs/vite/commit/e3cfb9deecff563550fa1b8abd27656b8b292815))
- **resolve:** provide onWarn for viteResolvePlugin in JS plugin
containers
([#​22509](https://redirect.github.com/vitejs/vite/issues/22509))
([40985f1](https://redirect.github.com/vitejs/vite/commit/40985f1c09b7696e594e6c5695fbc315d2da2c83))
- **deps:** update rolldown-related dependencies
([#​22566](https://redirect.github.com/vitejs/vite/issues/22566))
([3052a67](https://redirect.github.com/vitejs/vite/commit/3052a67d9350f4c5076ab1c222c4a21a589cbcdd))
- correct logic in `collectAllModules` function
([#​22562](https://redirect.github.com/vitejs/vite/issues/22562))
([6978a9c](https://redirect.github.com/vitejs/vite/commit/6978a9ceb942c4f5e211d52b8a1e569f8a65c80c))
</details>
<details>
<summary>vitest-dev/vitest (vitest)</summary>
[`v4.1.8`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v4.1.8)
[Compare
Source](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8)
- **browser**:
- Disable client `cdp` API when `allowWrite/allowExec: false` \[backport
to v4] - by [@​hi-ogawa](https://redirect.github.com/hi-ogawa)
and **Codex** in
[#​10450](https://redirect.github.com/vitest-dev/vitest/issues/10450)
[<samp>(e4067)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e4067b3b1)
- Remove orphaned Playwright route when same module is mocked via
multiple ids \[backport to v4] - by
[@​toxik](https://redirect.github.com/toxik) and
[@​Zelys-DFKH](https://redirect.github.com/Zelys-DFKH) in
[#​10474](https://redirect.github.com/vitest-dev/vitest/issues/10474)
[<samp>(675b4)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/675b4343f)
GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8)
</details>
<details>
<summary>vuejs/language-tools (vue-tsc)</summary>
[`v3.3.3`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#333-2026-05-30)
[Compare
Source](https://redirect.github.com/vuejs/language-tools/compare/v3.3.2...v3.3.3)
- **fix:** prevent grammar scopes leakage in capitalized tags
([#​6073](https://redirect.github.com/vuejs/language-tools/issues/6073))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX)!
- **fix:** preserve TS auto imports behavior in Vue files
([#​6072](https://redirect.github.com/vuejs/language-tools/issues/6072))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX)!
- **fix:** read PR title from env in `auto-version` workflow to prevent
injection
([#​6074](https://redirect.github.com/vuejs/language-tools/issues/6074))
- Thanks to
[@​arpitjain099](https://redirect.github.com/arpitjain099)!
</details>
---
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: bircni <bircni@icloud.com>
commit 6dcae57b54
Author: Giteabot <teabot@gitea.io>
Date: Sun Jun 7 22:40:35 2026 -0700
chore(deps): update action dependencies (#38027)
commit 7ddacf0edf
Merge: e395dcec67 1c289df6eb
Author: Danila Fominykh <d@m8sh.su>
Date: Sun Jun 7 19:30:42 2026 +0000
merge upstream
commit e395dcec67
Author: Danila Fominykh <d@m8sh.su>
Date: Sun Jun 7 19:26:38 2026 +0000
Add roadmap to readme (#2)
Reviewed-on: https://m8sh.su/x/m8sh/pulls/2
commit 1c289df6eb
Author: bircni <bircni@icloud.com>
Date: Sun Jun 7 18:45:20 2026 +0200
enhance: Adjust Workflow Graph styling (#37497)
- Fix workflow dependency graph overflow by making the graph container
scrollable (no more clipped DAGs; addresses #37493).
- Improve Actions job list readability by keeping durations
fixed-width/right-aligned so long times don’t squeeze job names.
- Make workflow graph layout more intuitive by vertically centering
shorter columns to reduce misleading “looks like it depends on”
alignments (addresses #37395).
<img width="966" height="439"
src="https://github.com/user-attachments/assets/c180c5a2-4f56-4287-bcaa-f2735ba72949"
/>
<img width="949" height="559"
src="https://github.com/user-attachments/assets/a383511d-a962-4920-b792-69f556847eff"
/>
Fixes #37493
Fixes #37395
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
commit ea35af1b68
Author: bircni <bircni@icloud.com>
Date: Sun Jun 7 17:30:18 2026 +0200
fix: bound CODEOWNERS regex match time (#38011)
User-supplied CODEOWNERS patterns were compiled without a match timeout,
so a crafted pattern (e.g. (a+)+) against a crafted file path could
backtrack for tens of seconds inside the PR creation transaction and
exhaust the database connection pool. Set MatchTimeout on each compiled
rule; the caller already treats match errors as non-matches.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
2026-06-09 00:47:10 +03:00 |
|