Skip to content

chore(deps): update packages #411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update packages #411

wants to merge 1 commit into from
+1,191 −1,394

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 19, 2025
edited
Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package Change Age Confidence
@eslint/js (source) 9.35.0 -> 9.36.0 age confidence
@humanspeak/svelte-markdown (source) 0.8.11 -> 0.8.12 age confidence
@noble/hashes (source) 2.0.0 -> 2.0.1 age confidence
@prisma/client (source) 6.15.0 -> 6.16.3 age confidence
@sveltejs/adapter-node (source) 5.3.1 -> 5.3.2 age confidence
@sveltejs/kit (source) 2.37.1 -> 2.43.6 age confidence
@sveltejs/vite-plugin-svelte (source) 6.2.0 -> 6.2.1 age confidence
@types/nodemailer (source) 7.0.1 -> 7.0.2 age confidence
eslint-plugin-svelte (source) 3.12.2 -> 3.12.4 age confidence
metascraper (source) 5.49.2 -> 5.49.4 age confidence
openid-client 6.7.1 -> 6.8.1 age confidence
pino (source) 9.9.4 -> 9.12.0 age confidence
prisma (source) 6.15.0 -> 6.16.3 age confidence
sharp (source, changelog) 0.34.3 -> 0.34.4 age confidence
svelte (source) 5.38.8 -> 5.39.7 age confidence
svelte-check 4.3.1 -> 4.3.2 age confidence
typescript (source) 5.9.2 -> 5.9.3 age confidence
typescript-eslint (source) 8.43.0 -> 8.45.0 age confidence
vite (source) 7.1.5 -> 7.1.7 age confidence
zod (source) 4.1.5 -> 4.1.11 age confidence

Release Notes

eslint/eslint (@​eslint/js)

v9.36.0

Compare Source

Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#​20109) (Francesco Trotta)

Bug Fixes

Documentation

  • b73ab12 docs: update examples to use defineConfig (#​20131) (sethamus)
  • 31d9392 docs: fix typos (#​20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#​20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#​19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#​20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#​20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#​20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#​20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#​20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#​20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#​20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#​20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#​20079) (Milos Djermanovic)
humanspeak/svelte-markdown (@​humanspeak/svelte-markdown)

v0.8.12

Compare Source

Changes in this Release
Enhancement: Marked package update

For more details, see the Pull Request

paulmillr/noble-hashes (@​noble/hashes)

v2.0.1

Compare Source

  • .js extension must be used for all modules
    • Old: @noble/hashes/sha3
    • New: @noble/hashes/sha3.js
    • This simplifies working in browsers natively without transpilers
    • This was planned for 2.0.0, but was accidentally left out
  • package.json: specify exported submodules to ensure typescript autocompletion
  • scrypt: Fix error message for maxmem check by @​ChALkeR in #​121
  • scrypt: 4% speed-up by @​ChALkeR in #​122

Full Changelog: paulmillr/noble-hashes@2.0.0...2.0.1

prisma/prisma (@​prisma/client)

v6.16.3

Compare Source

Today, we are issuing a 6.16.3 patch release focused on bug fixes.

🛠 Fixes

  • Prisma Client (prisma-client generator): fixed missing JSON null type definitions (JsonNull, DbNull, AnyNull) in the browser.ts entrypoint. (#​28186)

  • Prisma Migrate: don't add the default schema (namespace) to the generated migrations unless it was specified explicitly in the schema file. This restores the pre-6.13.0 behaviour that was inadvertently changed with enabling multi-schema support by default. Users who rely on database schemas for multi-tenancy can now again use the same migration files for all of their schemas. (prisma/prisma-engines#5614)

  • Prisma Client: enabled negative take with findFirst again. (prisma/prisma-engines#5616 — contributed by @​jay-l-e-e)

  • Prisma Accelerate: aligned the behaviour of the new Rust-free client with Query Engine to handle self-signed certificates consistently and ensure backward compatibility. (#​28134)

  • @prisma/adapter-mariadb: fixed error event listeners leak. (#​28177 — contributed by @​Tiaansu)

⚠️ Known Limitation: JSON null types in browser builds

The fix introduces the missing types, but the singleton instances differ between the client and browser entrypoints of the generated client. This means that values like Prisma.JsonNull imported from browser cannot yet be assigned to fields expected from the client entrypoint, and vice versa. This results in confusing TypeScript errors if you mix them. A follow-up improvement is planned to unify these utility types across entrypoints.

v6.16.2

Compare Source

Today, we are issuing a 6.16.2 patch release.

Bug fixes

  • In Prisma ORM 6.16.0, we've enabled usage of the new engineType = client with Prisma Postgres, but our validation rules permitted invalid combinations of Prisma Postgres URLs and driver adapters. This now produces a clear error message indicating Prisma Postgres URLs and driver adapters are mutually exclusive.
  • In the previous minor release, we've included a change that calls unref() on NodeJS timers to prevent them from keeping the NodeJS event loop active. This change unintentionally affected non-NodeJS runtimes like workerd, where it has resulted in runtime errors. This behavior has been made conditional to prevent these runtime errors.

v6.16.1

Compare Source

Today, we are issuing a 6.16.1 patch release.

Bug fixes
  • In Prisma ORM 6.16.0, the driverAdapters and queryCompiler features were stabilized, but leftover code in the prisma-client-ts generator required them to still be specified in edge runtimes. This has now been fixed, runtimes like workerd and vercel-edge no longer require these preview features.

v6.16.0

Compare Source

Today, we are excited to share the 6.16.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Prisma ORM

This section contains all the updates made in Prisma ORM v6.16.0.

Rust-free ORM and driver adapters are Generally Available

Eight months ago, we published our ORM manifesto with the first hint that we're going to remove the Rust-based query engine from Prisma ORM:

We're addressing this by migrating Prisma's core logic from Rust to TypeScript and redesigning the ORM to make customization and extension easier.

After a lot of hard work and feedback from the community, we're incredibly excited to share that the migration has been completed and you can now use Prisma ORM without its Rust engine in your production apps. 🎉 This is a major milestone in the history of Prisma ORM and comes with a lot of benefits:

  • Reduced bundle size by ~90%
  • Faster queries (check out our latest benchmarks)
  • Lower CPU footprint
  • Less deployment complexity
  • Easier to make open-source contributions

… and overall a much better DX since you don't need to worry about the extra binary in your generated Prisma Client code any more.

While the Rust-free ORM will become the default in Prisma ORM v7 soon, for now you still need to opt-into using it:

  1. Configure the generator block in your Prisma schema: 
    generator client {
  provider   = "prisma-client" // (or "prisma-client-js") 
  output     = "../src/generated/prisma"
  engineType = "client"
}
    Note: If you tried the Rust-free ORM before, you can now also drop the queryCompiler and driverAdapter feature flags from the previewFeatures array. And if you used binaryTargets, you can also get rid of these.
  2. Install the driver adapter for your database, e.g. to use pg for PostgreSQL: 
    npm install @​prisma/adapter-pg
  3. Finally, you can instantiate PrismaClient using the PrismaPg driver adapter as follows: 
    import { PrismaClient } from './generated/prisma'
import { PrismaPg } from '@​prisma/adapter-pg'

const adapter = new PrismaPg({ connectionString: env.DATABASE_URL })
const prisma = new PrismaClient({ adapter })

// ... send queries using `prisma` like before

📚 To learn more and see instructions for all other supported databases, check out the documentation.

The Rust-free version of Prisma ORM has been thoroughly tested with the prisma-client generator (see below), not with prisma-client-js. Use the old generator at your discretion.

New ESM-first prisma-client generator is Generally Available

Another major milestone has been achieved in this release: The new, flexible and ESM-first prisma-client generator is ready for production too. Here's a quick overview of its main benefits:

  • No more magic generation into node_modules; generated code is fully under control by the developer
  • ESM-compatible by default
  • Flexible configuration for specific runtimes (Node.js, Deno, Bun, Cloudflare, …)
generator client {
  // Required
  provider = "prisma-client"
  output   = "../src/generated/prisma"

  // Optional
  engineType             = "client"
  runtime                = "nodejs"
  moduleFormat           = "esm"
  generatedFileExtension = "ts"
  importFileExtension    = "ts"
}

In addition to making it production-ready, we also made some changes to the prisma-client generator:

  • removed Prisma.validator; you can use TypeScript native satisfies keyword instead
  • created a new ./generared/prisma/browser entrypoint for importing types in browser environments

If you want to try out the new generator with your favorite framework, check out one of our ready-to-run examples (e.g. for Next.js, Nuxt or React Router).

📚 Learn more in the docs.

Type check performance optimizations

Runtime performance is not the only performance category that matters. In fact, when it comes to DX, type checking performance is equally important: if your TypeScript types become too complex and the compiler needs to do too much work (e.g. inferring types), it may slow down your editor, lead to laggy auto-completion or prevent jump-to-definition from working.

We've worked with TypeScript expert David Blass to find ways for improving the type checking performance in Prisma ORM and created benchmarks comparing the type checking performance with Drizzle.

You can read about the results here: Why Prisma ORM Checks Types Faster Than Drizzle

Deprecating the postgresqlExtensions Preview feature

We're deprecating the postgresqlExtensions Preview feature. Note that this doesn't mean that you can't use extensions with Prisma ORM any more. Instead of setting the Preview feature, you can install extensions manually with a customized migration via the --create-only flag:

npx prisma migrate dev --name add-extension --create-only

You can then install an extension with plain SQL in the newly created, empty migration file:

CREATE EXTENSION IF NOT EXISTS "pgcrypto";
Prisma Postgres

Prisma Postgres is our fully managed Postgres service designed with the same philosophy of great DX that has guided Prisma for close to a decade. With this release we are introducing the following improvements:

Manage OAuth apps in Prisma Console

In Prisma Console, you can now manage all of the 3rd party applications that you've granted access to perform actions on behalf of yourself in your Prisma Console account. Find the 🧩 Integrations tab in the sidenav to see which applications currently have access.

Rust-free Prisma ORM with Prisma Accelerate and Prisma Postgres

With this release, the Rust-free Prisma ORM (Query Compiler) can now be used together with Prisma Postgres and also Prisma Accelerate. This means you can take advantage of connection pooling and caching while using the new TypeScript-based ORM architecture.

To enable it, update your Prisma schema:

generator client {
  provider   = "prisma-client"
  output     = "../src/generated/prisma"
  engineType = "client"
}

We'd love for you to try this out and share your feedback as we prepare for General Availability. Please open an issue on GitHub if you encounter any problems or have suggestions.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

sveltejs/kit (@​sveltejs/adapter-node)

v5.3.2

Compare Source

Patch Changes
sveltejs/kit (@​sveltejs/kit)

v2.43.6

Compare Source

Patch Changes

  • fix: ensure cache key is consistent between client/server (#​14563)

  • fix: keep resolve relative to initial base during prerender (#​14533)

  • fix: avoid including HEAD twice when an unhandled HTTP method is used in a request to a +server handler that has both a GET handler and a HEAD handler (#​14564)

  • fix: smoothscroll to deep link (#​14569)

v2.43.5

Compare Source

Patch Changes
  • fix: fall back to non-relative resolution when calling resolve(...) outside an event context (#​14532)

v2.43.4

Compare Source

Patch Changes
  • fix: Webcontainer AsyncLocalStorage workaround (#​14526)

v2.43.3

Compare Source

Patch Changes

  • fix: Webcontainer AsyncLocalStorage workaround (#​14521)

  • fix: include the value of form submitters on form remote functions (#​14475)

v2.43.2

Compare Source

Patch Changes

  • fix: ensure rendering starts off synchronously (#​14517)

  • fix: keep serialized remote data alive until navigation (#​14508)

v2.43.1

Compare Source

Patch Changes
  • fix: consistently use bare import for internals (#​14506)

v2.43.0

Compare Source

Minor Changes
Patch Changes

  • fix: ensure __SVELTEKIT_PAYLOAD__.data is accessed safely (#​14491)

  • fix: create separate cache entries for non-exported remote function queries (#​14499)

v2.42.2

Compare Source

Patch Changes

  • fix: prevent loops in postbuild analysis phase (#​14450)

  • fix: handle nested object fields in form data (#​14469)

  • fix: robustify form helper types (#​14463)

  • fix: avoid running the init hook during builds if there's nothing to prerender (#​14464)

  • fix: ensure SSR rendering gets request store context (#​14476)

v2.42.1

Compare Source

Patch Changes
  • fix: ensure environment setup is in its own chunk (#​14441)

v2.42.0

Compare Source

Minor Changes

  • feat: enhance remote form functions with schema support, input and issues properties (#​14383)

  • breaking: remote form functions get passed a parsed POJO instead of a FormData object now (#​14383)

v2.41.0

Compare Source

Minor Changes
  • feat: add %sveltekit.version% to app.html (#​12132)
Patch Changes

  • fix: allow remote functions to return custom types serialized with transport hooks (#​14435)

  • fix: fulfil beforeNavigate complete when redirected (#​12896)

v2.40.0

Compare Source

Minor Changes
  • feat: include event property on popstate/link/form navigation (#​14307)
Patch Changes

  • fix: respect replaceState/keepFocus/noScroll when a navigation results in a redirect (#​14424)

  • fix: invalidate preload cache when invalidateAll is true (#​14420)

v2.39.1

Compare Source

Patch Changes
  • fix: more robust remote function code transformation (#​14418)

v2.39.0

Compare Source

Minor Changes
  • feat: lazy discovery of remote functions (#​14293)
Patch Changes

  • fix: layout load data not serialized on error page (#​14395)

  • fix: fail prerendering when remote function fails (#​14365)

  • fix: treat handle hook redirect as part of remote function call as json redirect (#​14362)

v2.38.1

Compare Source

Patch Changes

  • fix: enable redirects from queries (#​14400)

  • fix: remove empty nodes from serialized server load data (#​14404)

  • fix: allow commands from within endpoints (#​14343)

v2.38.0

Compare Source

Minor Changes
  • feat: add new remote function query.batch (#​14272)
sveltejs/vite-plugin-svelte (@​sveltejs/vite-plugin-svelte)

v6.2.1

Compare Source

Patch Changes

  • fix: remove unscopable global styles warning (#​1223)

  • Remove automatic configuration for rolldownOptions.optimization.inlineConst because latest version of rolldown-vite has it enabled by default. (#​1225)

sveltejs/eslint-plugin-svelte (eslint-plugin-svelte)

v3.12.4

Compare Source

Patch Changes

  • #​1322 1e06290 Thanks @​marekdedic! - fix(no-navigation-without-resolve): properly detecting absolute and fragment URLs in variables

  • #​1355 d8df1e8 Thanks @​InkedCat! - fix: properly support Windows in no-unused-props rule
    fix: properly support Windows in valid-style-parse rule
    fix: properly support Windows in no-unnecessary-condition rule

  • #​1344 03a93f4 Thanks @​ota-meshi! - fix: preventing infinite loops in multiple rules

v3.12.3

Compare Source

Patch Changes
microlinkhq/metascraper (metascraper)

v5.49.4

Compare Source

Bug Fixes
panva/openid-client (openid-client)

v6.8.1

Compare Source

Refactor
  • workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Compare Source

Features
  • respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)
Documentation
  • remove mention of Edge Runtime from the readme (2e41ad5)
pinojs/pino (pino)

v9.12.0

Compare Source

What's Changed

New Contributors

Full Changelog: pinojs/pino@v9.11.0...v9.12.0

v9.11.0

Compare Source

What's Changed

New Contributors

Full Changelog: pinojs/pino@v9.10.0...v9.11.0

v9.10.0

Compare Source

What's Changed

New Contributors

Full Changelog: pinojs/pino@v9.9.5...v9.10.0

v9.9.5

Compare Source

What's Changed

Full Changelog: pinojs/pino@v9.9.4...v9.9.5

lovell/sharp (sharp)

v0.34.4

Compare Source

  • Upgrade to libvips v8.17.2 for upstream bug fixes.

  • Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

  • Ensure autoOrient occurs before non-90 angle rotation.
    #​4425

  • Ensure autoOrient removes existing metadata after shrink-on-load.
    #​4431

  • TypeScript: Ensure KernelEnum includes linear.
    #​4441
    @​BayanBennett

  • Ensure unlimited flag is passed upstream when reading TIFF images.
    #​4446

  • Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
    #​4451

  • Add sharp-libvips rpath for yarn v5 support.
    #​4452
    @​arcanis

sveltejs/svelte (svelte)

v5.39.7

Compare Source

Patch Changes

  • chore: simplify batch logic (#​16847)

  • fix: rebase pending batches when other batches are committed (#​16866)

  • fix: wrap async children in $$renderer.async (#​16862)

  • fix: silence label warning for buttons and anchor tags with title attributes (#​16872)

  • fix: coerce nullish <title> to empty string (#​16863)

v5.39.6

Compare Source

Patch Changes

  • fix: depend on reads of deriveds created within reaction (async mode) (#​16823)

  • fix: SSR regression of processing attributes of <select> and <option> (#​16821)

  • fix: async class: + spread attributes were compiled into sync server-side code (#​16834)

  • fix: ensure tick resolves within a macrotask (#​16825)

v5.39.5

Compare Source

Patch Changes

  • fix: allow {@&#8203;html await ...} and snippets with async content on the server (#​16817)

  • fix: use nginx SSI-compatible comments for $props.id() (#​16820)

v5.39.4

Compare Source

Patch Changes
  • fix: restore hydration state after await in <script> (#​16806)

v5.39.3

Compare Source

Patch Changes

v5.39.2

Compare Source

Patch Changes

  • fix: preserve SSR context when block expressions contain await (#​16791)

  • chore: bump some devDependencies (#​16787)

v5.39.1

Compare Source

Patch Changes

  • fix: issue state_proxy_unmount warning when unmounting a state proxy (#​16747)

  • fix: add then to class component render output (#​16783)

v5.39.0

Compare Source

Minor Changes
Patch Changes
  • fix: correctly SSR hidden="until-found" (#​16773)

v5.38.10

Compare Source

Patch Changes
  • fix: flush effects scheduled during boundary's pending phase (#​16738)

v5.38.9

Compare Source

Patch Changes

  • chore: generate CSS hash using the filename (#​16740)

  • fix: correctly analyze <object.property> components (#​16711)

  • fix: clean up scheduling system (#​16741)

  • fix: transform input defaults from spread (#​16481)

  • fix: don't destroy contents of svelte:boundary unless the boundary is an error boundary (#​16746)

sveltejs/language-tools (svelte-check)

v4.3.2

Compare Source

Patch Changes

  • perf: tweak some snapshot hot paths (#​2852)

  • perf: more precise module cache invalidation (#​2853)

  • fix: properly handle runes={false} in <svelte:options> (#​2847)

See https://github.com/sveltejs/language-tools/releases

microsoft/TypeScript (typescript)

v5.9.3

Compare Source

typescript-eslint/typescript-eslint (typescript-eslint)

v8.45.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.44.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

[v8.44.0](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-esli

Configuration

📅 Schedule: Branch creation - "before 9am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/packages branch 14 times, most recently from c4b1f59 to fe7c301 Compare September 25, 2025 16:59
@renovate renovate bot changed the title fix(deps): update packages chore(deps): update packages Sep 25, 2025
@renovate renovate bot force-pushed the renovate/packages branch 14 times, most recently from 9f6bc52 to bb512f2 Compare October 2, 2025 10:13
@renovate renovate bot force-pushed the renovate/packages branch from bb512f2 to 0f9da91 Compare October 3, 2025 13:50
@renovate renovate bot force-pushed the renovate/packages branch 3 times, most recently from cf570f2 to 5920e34 Compare October 5, 2025 16:27
@renovate renovate bot force-pushed the renovate/packages branch from 5920e34 to 6ceb62d Compare October 6, 2025 01:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants