Skip to content

fix(deps): update npm dependencies updates#166

Open
renovate[bot] wants to merge 1 commit into
developfrom
renovate/npm-dependencies-updates
Open

fix(deps): update npm dependencies updates#166
renovate[bot] wants to merge 1 commit into
developfrom
renovate/npm-dependencies-updates

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Oct 27, 2025
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@eslint/js (source) 9.37.09.39.4 age confidence
@quasar/app-vite (source) 2.4.02.6.0 age confidence
@quasar/extras (source) 1.17.01.18.0 age confidence
autoprefixer 10.4.2110.5.0 age confidence
cypress (source) 15.5.*15.15.* age confidence
dotenv 17.2.*17.4.* age confidence
eslint (source) 9.37.09.39.4 age confidence
eslint-plugin-vue (source) 10.5.010.9.1 age confidence
globals 16.4.016.5.0 age confidence
jscpd 4.0.*4.2.* age confidence
prettier (source) 3.6.23.8.3 age confidence
quasar (source) 2.18.52.19.3 age confidence
release-it 19.0.*19.2.* age confidence
vite-plugin-checker ^0.10.3^0.13.0 age confidence
vue (source) 3.5.203.5.34 age confidence
vue-eslint-parser 10.2.010.4.0 age confidence
vue-router (source) 4.5.14.6.4 age confidence

Release Notes

eslint/eslint (@​eslint/js)

v9.39.4

Compare Source

v9.39.3

Compare Source

Bug Fixes

  • 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

v9.39.2

Compare Source

v9.39.1

Compare Source

v9.39.0

Compare Source

v9.38.0

Compare Source

Features
  • ce40f74 feat: update complexity rule to only highlight function header (#​20048) (Atul Nair)
  • e37e590 feat: correct no-loss-of-precision false positives with e notation (#​20187) (Francesco Trotta)
Bug Fixes
  • 50c3dfd fix: improve type support for isolated dependencies in pnpm (#​20201) (Francesco Trotta)
  • a1f06a3 fix: correct SourceCode typings (#​20114) (Pixel998)
Documentation
  • 462675a docs: improve web accessibility by hiding non-semantic character (#​20205) (루밀LuMir)
  • c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#​20203) (루밀LuMir)
  • b39e71a docs: Update README (GitHub Actions Bot)
  • cd39983 docs: move custom-formatters type descriptions to nodejs-api (#​20190) (Percy Ma)
Chores
quasarframework/quasar (@​quasar/app-vite)

v2.6.0

Compare Source

Breaking

We're sorry for this, but you need to lookup {*path} and replace it with * in your /src-ssr folder. This is due to reverting back to Express v4, otherwise SSR with non-express server gets broken.

Changes
  • feat(app-vite): support for Capacitor v8
  • feat(app-vite): remove now obsolete temporary fix for Vue flags
  • feat(app-vite): drop the build.sourcemap conversion to "inline"; allow all possible values
  • feat(app-vite): decouple q/extras types from the UI package (requires q/extras v1.18+)
  • fix(app-vite): replace mentions of useBridge with correct createBridge
  • fix(app-vite): logger > warn() pill
  • fix(app-vite): revert back to Express v4 due to SSR breaking with non-express server
  • fix(app-vite): "inspect" cmd failing for SSR config
  • fix(app-vite): correctly watch for changes on all quasar.config > framework props
  • chore(app-vite): remove unused PWA dev quasar.config diff (pwaFilenames)
Donations

Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

v2.5.4

Compare Source

Changes

  • fix(app-vite): fix analyze option (fix: #​18263)
  • fix(app-vite): downgrade isbinaryfile to v5.0.2 from v6 to avoid node v24 requirement (fix: #​18264)
  • fix(app-vite): correctly check min node version

Donations

Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

v2.5.3

Compare Source

Fixes

  • fix(Screen): fallback to documentElement when scrollElement is missing (jest) #​12318 (#​12320)

Donations

Quasar Framework is an open-source MIT licensed project that has been made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider:

v2.5.2

Compare Source

Fixes

  • fix(QTree): correctly handle node clickability for node > selectable: false (but expandable) #​8327
  • fix(Screen): change screen dimensions formula for mobiles #​12311 (#​12314)

Donations

Quasar Framework is an open-source MIT licensed project that has been made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider:

v2.5.1

Compare Source

Changes

  • fix(app-vite): browser target type in BuildTargetOptions (#​18248)

Donations

Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

v2.5.0

Compare Source

Important!

We have upgraded to Vite 8, so you might want to check its release notes. Unless you have tampered with advanced rollupOptions (now rolldownOptions) settings, you can safely upgrade. 99.9% of the users won't be affected by this, which is why we have released this as a minor version of q/app-vite.

Also, in order to fully support Vite 8, we are forced to bump up the minimum Node.js version to v22. Since the latest LTS is 24 (as of writing these lines), most you have probably upgraded from Node.js v20 anyway.

We highly recommend updating the build target in your /quasar.config file:

build: {
  target: {
    browser: 'baseline-widely-available',
    node: 'node22'
  }

Changes

  • feat(app-vite): security patches
  • feat(app-vite): Vite 8 support
  • feat(app-vite): support for @​electron/packager v19
  • feat(app-vite): Express v5 support (and forward compat for catch-all route)
  • feat(app-vite): upgrade deps
  • feat(render-ssr-error): upgrade to vite 8
  • fix(app-vite): PWA dev error on index.html

Donations

Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

v2.4.1

Compare Source

Changes
  • feat(app-vite;app-webpack): vue-router v5 support (#​18222)
  • feat(app-vite): Add --silent option to prepare command (#​18213)
  • fix(app-vite): improve pnpm monorepo support for capacitor (#​18218)
  • fix(config): update electron-builder config outdated link (#​18225)
Donations

Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

postcss/autoprefixer (autoprefixer)

v10.5.0

Compare Source

  • Added mask-position-x and mask-position-y support (by @​toporek).

v10.4.27

Compare Source

  • Removed development key from package.json.

v10.4.26

Compare Source

  • Reduced package size.

v10.4.25

Compare Source

  • Fixed broken gradients on CSS Custom Properties (by @​serger777).

v10.4.24

Compare Source

  • Made Autoprefixer a little faster (by @​Cherry).

v10.4.23

Compare Source

v10.4.22

Compare Source

  • Fixed stretch prefixes on new Can I Use database.
  • Updated fraction.js.
cypress-io/cypress (cypress)

v15.15.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-15-0

v15.14.2

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-14-2

v15.14.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-14-1

v15.14.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-14-0

v15.13.1

Compare Source

v15.13.0

Compare Source

v15.12.0

Compare Source

v15.11.0

Compare Source

v15.10.0

Compare Source

v15.9.0

Compare Source

v15.8.2

Compare Source

v15.8.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-8-1

v15.8.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-8-0

v15.7.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-7-1

v15.7.0

Compare Source

v15.6.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-6-0

motdotla/dotenv (dotenv)

v17.4.2

Compare Source

v17.4.1

Compare Source

v17.4.0

Compare Source

v17.3.1

Compare Source

Changed
  • Fix as2 example command in README and update spanish README

v17.3.0

Compare Source

Added
  • Add a new README section on dotenv’s approach to the agentic future.
Changed
  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

v17.2.4

Compare Source

Changed
  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#​915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

Documentation

Chores

v9.39.3

Compare Source

Bug Fixes

  • 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

v9.39.2

Compare Source

v9.39.1

Compare Source

v9.39.0

Compare Source

v9.38.0

Compare Source

Features

  • ce40f74 feat: update complexity rule to only highlight function header (#​20048) (Atul Nair)
  • e37e590 feat: correct no-loss-of-precision false positives with e notation (#​20187) (Francesco Trotta)

Bug Fixes

  • 50c3dfd fix: improve type support for isolated dependencies in pnpm (#​20201) (Francesco Trotta)
  • a1f06a3 fix: correct SourceCode typings (#​20114) (Pixel998)

Documentation

  • 462675a docs: improve web accessibility by hiding non-semantic character (#​20205) (루밀LuMir)
  • c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#​20203) (루밀LuMir)
  • b39e71a docs: Update README (GitHub Actions Bot)
  • cd39983 docs: move custom-formatters type descriptions to nodejs-api (#​20190) (Percy Ma)

Chores

vuejs/eslint-plugin-vue (eslint-plugin-vue)

v10.9.1

Compare Source

Patch Changes

v10.9.0

Compare Source

Minor Changes
Patch Changes

v10.8.0

Compare Source

Minor Changes
Patch Changes

v10.7.0

Compare Source

Minor Changes
Patch Changes
  • Fixed false positives in vue/define-props-destructuring rule when imported types are passed to defineProps (#​2995)
  • Updated Vue 3 export names resources: added DirectiveModifiers (#​2996)
  • Updated Vue 3 export names resources: added nodeOps and patchProp (#​2986)

v10.6.2

Compare Source

Patch Changes

v10.6.1

Compare Source

Patch Changes

v10.6.0

Compare Source

Minor Changes
Patch Changes

v10.5.1

Compare Source

Patch Changes
sindresorhus/globals (globals)

v16.5.0

Compare Source

kucherenko/jscpd (jscpd)

v4.2.3

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

Breaking Changes
  • Vue SFC tokenization.vue files are no longer tokenized as markup. Each block is now dispatched to its own sub-format: <script>javascript, <script lang="ts">typescript, <template>markup, <style>css, <style lang="scss">scss, <style lang="less">less. Clone reports for .vue files now appear under these resolved sub-format names. Any tooling or configuration that relied on .vue clones being reported under markup must be updated.
  • --formatsExts users — custom mappings that pointed .vue to markup (e.g. "formatsExts": { "markup": ["vue"] }) will no longer take effect because .vue is handled by the dedicated vue format processor. Remove or update such mappings.
New Features
  • Custom tokenizer backend — replaced the prismjs npm package with a self-contained reprism-based grammar engine. ~11.5% faster tokenization on real projects (avg 1126 ms → 997 ms on a 548-file, 223-format scan).
  • Cross-format detection — Vue SFC (.vue), Svelte (.svelte), Astro (.astro), and Markdown files are now tokenized per-block/per-section. A <script> block in a .vue file can match a .ts file; a fenced code block in Markdown can match a .py file.
  • 223 supported formats — Apex, CFML/ColdFusion, GDScript, Svelte, Astro, and 70+ additional languages added (up from 152). See FORMATS.md.
  • Shebang detection — extensionless executable scripts (e.g. /usr/bin/env python3) are auto-detected by their #! shebang line and tokenized in the correct language.
  • --store-path — configure a custom directory for the LevelDB cache, eliminating collisions when multiple jscpd processes run in parallel on the same machine.
  • --skipComments — shorthand flag for --mode weak, which strips comments before detection.
  • --formats-names — map specific filenames (e.g. Makefile, Dockerfile) to a detection format.
Bug Fixes
  • Entire-file duplicates silently dropped (@jscpd/core #​728) — RabinKarp flushed the pending clone on a store hit at end-of-file instead of on a miss. Files that are complete copies of each other were undetected. Fixed.
  • ReDoS hang on Lisp/Elisp files (@jscpd/tokenizer #​737) — the Lisp string regex /"(?:[^"\\]*|\\.)*"/ could catastrophically backtrack (O(2ⁿ)) on unterminated strings. Replaced with a linear /"(?:[^"\\]|\\[\s\S])*"/ pattern.
  • Process crash on malformed package.json (#​739) — readJSONSync threw an unhandled SyntaxError when package.json contained invalid JSON, killing the process. Now emits a warning and continues with an empty config.
  • Vue SFC cross-file detection broken — the detector used the file-level format (vue) as the store namespace for all SFC blocks, preventing a <script> block in one .vue file from ever matching a <script> block in another. The namespace now reflects each block's resolved sub-format.
  • Vue SFC incorrect column numbers — tokens on the first line of a block carried block-relative column 1 instead of file-absolute column numbers. Fixed in @jscpd/tokenizer.
  • 50 dependency security vulnerabilities remediated across the monorepo (Dependabot batches).
Known Limitations
  • Malformed SFC blocks (e.g. unclosed tags, invalid attributes) are silently skipped and do not contribute tokens.

v4.1.1

Compare Source

v4.1.0

Compare Source

New Features
  • AI Reporter — new ai reporter that produces compact, token-efficient clone output specifically designed for feeding results into language models and AI tooling. Use --reporters ai to activate it.
  • MCP Server enhancements — the Model Context Protocol server now exposes a jscpd://statistics resource and supports a recheck endpoint so AI agents can trigger a rescan without restarting the process.
  • Apex & CFML language support — jscpd can now detect duplicate code in Salesforce Apex and ColdFusion Markup Language (CFML) files (closes #​83, #​619).
  • GDScript support — detect copy-paste duplication in Godot Engine GDScript files.
  • HTML reporter footer — the HTML report now displays a branded footer with the jscpd version and a sponsor link.
  • --noTips flag — suppress the usage-tip messages that appear after a detection run.
  • CI: Node.js 22.x / 24.x — continuous integration updated to test against the latest Node.js LTS and current releases.
Performance
  • Tokenizer — grammars are now loaded lazily, hot paths are O(n), and the spark-md5 dependency has been removed in favour of a lighter built-in implementation. Startup time and memory usage are noticeably reduced on large codebases.
  • Replaced the vendored reprism syntax library with the official prismjs npm package, shrinking the installed footprint.
Bug Fixes
  • Restored the correct start.line expectation for weak-mode clone detection.

v4.0.9

Compare Source

v4.0.8

Compare Source

v4.0.7

Compare Source

v4.0.6

Compare Source

prettier/prettier (prettier)

v3.8.3

Compare Source

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

diff

🔗 Release note

v3.7.4

Compare Source

diff

LWC: Avoid quote around interpolations ([#​18383](https://redirect.github.com/prettier/prettier/pull/1

Note

PR body was truncated to here.

Configuration

📅 Schedule: (in timezone Europe/Paris)

  • Branch creation
    • "before 8am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 7 times, most recently from ae5655e to 8454cb9 Compare November 7, 2025 09:54
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 2 times, most recently from 304ac73 to 205ac73 Compare November 13, 2025 21:51
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 4 times, most recently from 4e2701d to 08f1366 Compare November 24, 2025 08:45
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 7 times, most recently from 2e8c9d2 to 9ac5330 Compare December 3, 2025 04:30
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 3 times, most recently from fcad73e to 3984e43 Compare December 8, 2025 15:15
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 5 times, most recently from cf29e23 to 7073b62 Compare December 16, 2025 23:59
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 2 times, most recently from 8d63793 to 7ce5724 Compare December 18, 2025 18:15
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 3 times, most recently from d1eaf8d to b2b841a Compare January 23, 2026 19:40
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 5 times, most recently from 47da60b to 9fcc205 Compare February 5, 2026 21:42
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 6 times, most recently from ec3aa2a to 31ab29e Compare February 14, 2026 04:49
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 3 times, most recently from f322d25 to 81a9e0a Compare February 24, 2026 10:10
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 2 times, most recently from 1e3ede2 to 7aeb48a Compare March 3, 2026 00:52
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 3 times, most recently from 8ce1b3e to 660d9fb Compare March 9, 2026 13:15
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 4 times, most recently from eec62ff to f56b1e4 Compare March 17, 2026 14:05
@renovate renovate Bot force-pushed the renovate/npm-dependencies-updates branch 3 times, most recently from fea4615 to 449eab1 Compare March 24, 2026 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants