Skip to content

Bump the mostly-harmless group across 1 directory with 5 updates#309

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/mostly-harmless-db9b65c3d1
Open

Bump the mostly-harmless group across 1 directory with 5 updates#309
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/mostly-harmless-db9b65c3d1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the mostly-harmless group with 5 updates in the / directory:

Package From To
@bufbuild/buf 1.64.0 1.70.0
@types/node 25.1.0 25.9.1
tsx 4.21.0 4.22.4
typescript 5.9.3 6.0.3
fflate 0.8.2 0.8.3

Updates @bufbuild/buf from 1.64.0 to 1.70.0

Release notes

Sourced from @​bufbuild/buf's releases.

v1.70.0

  • Add LSP completion for buf.gen.yaml, buf.yaml, and buf.policy.yaml files.
  • Fix LSP textDocument/documentSymbol marking every symbol as deprecated.
  • Add error for when a dependency is added to buf.yaml and is missing from buf.lock.
  • Update the PROTOVALIDATE lint rule support checking NaN in const, in, not_in, gt, gte, lt and lte rules for float and double fields.
  • Update the PROTOVALIDATE lint rule support to check (buf.validate.message).oneof rules and make sure they are well-formed and valid.

v1.69.0

  • Increase check plugin WASM memory limits to 1GiB.
  • Fix LSP stale diagnostics persisting after a file is closed or deleted.
  • Fix handling of unprefixed newlines in block comments.
  • Add LSP code lenses for buf.gen.yaml files: "Run buf generate" and "Check for plugin updates".
  • Add LSP warnings for lint.ignore and breaking.ignore paths in buf.yaml that do not match any file in the workspace.

v1.68.4

  • Fix duplicated extension tags across imports from compiler.

v1.68.3

  • Fix buf format error handling for edition 2024.

v1.68.2

  • Fix build failures for modules with a vendored descriptor.proto.
  • Fix LSP incorrectly reporting "edition '2024' not yet fully supported" errors.
  • Fix CEL compilation error messages in buf lint to use the structured error API instead of parsing cel-go's text output.
  • Add --debug-address flag to buf lsp serve to provide debug and profile support.

v1.68.1

  • Revert the use of the new compiler report format and properly ungate Editions 2024 features.
  • Fix absolute imports (leading-dot) marked unused in diagnostics.

v1.68.0

This release ports buf to our new Protobuf compiler, already used to power the Buf LSP. It uses a query-driven frontend and a new AST and intermediate representation, designed from the ground up to bring several improvements:

  • Better diagnostics. The new compiler produces rich, structured diagnostic reports with precise source locations. It also catches issues that protoc misses, such as duplicate repeated modifiers.
  • Editions 2024 support. Full support for Protobuf Editions 2024.
  • Faster and more memory efficient. Designed for large workspaces, the new compiler uses less memory and compiles faster than the previous implementation.

This is a seamless upgrade for buf users: no changes are required, the output has been automatically updated to a new, richer diagnostics report.

  • Use new compiler for build process and support Editions 2024 features.
  • Add LSP document links for buf.yaml deps, buf.gen.yaml remote plugins and input modules, buf.policy.yaml name and BSR plugins, and buf.lock dep names, making each a clickable link to its BSR page.
  • Add LSP code lenses for buf.yaml files to update all dependencies (buf.dep.updateAll) or check for available updates (buf.dep.checkUpdates).
  • Improve shell completions for buf flags with fixed value sets and file/directory arguments.
  • Add buf curl URL path shell completions (service and method names) via server reflection, --schema, or the local buf module.
  • Add support for Edition 2024 syntax to buf format.
  • Fix buf generate --clean deleting files from nested plugin output directories.

... (truncated)

Changelog

Sourced from @​bufbuild/buf's changelog.

[v1.70.0] - 2026-05-25

  • Add LSP completion for buf.gen.yaml, buf.yaml, and buf.policy.yaml files.
  • Fix LSP textDocument/documentSymbol marking every symbol as deprecated.
  • Add error for when a dependency is added to buf.yaml and is missing from buf.lock.
  • Update the PROTOVALIDATE lint rule support checking NaN in const, in, not_in, gt, gte, lt and lte rules for float and double fields.
  • Update the PROTOVALIDATE lint rule support to check (buf.validate.message).oneof rules and make sure they are well-formed and valid.

[v1.69.0] - 2026-04-29

  • Increase check plugin WASM memory limits to 1GiB.
  • Fix LSP stale diagnostics persisting after a file is closed or deleted.
  • Fix handling of unprefixed newlines in block comments.
  • Add LSP code lenses for buf.gen.yaml files: "Run buf generate" and "Check for plugin updates".
  • Add LSP warnings for lint.ignore and breaking.ignore paths in buf.yaml that do not match any file in the workspace.

[v1.68.4] - 2026-04-22

  • Fix duplicated extension tags across imports from compiler.

[v1.68.3] - 2026-04-20

  • Fix buf format error handling for edition 2024.

[v1.68.2] - 2026-04-17

  • Fix build failures for modules with a vendored descriptor.proto.
  • Fix LSP incorrectly reporting "edition '2024' not yet fully supported" errors.
  • Fix CEL compilation error messages in buf lint to use the structured error API instead of parsing cel-go's text output.
  • Add --debug-address flag to buf lsp serve to provide debug and profile support.

[v1.68.1] - 2026-04-14

  • Revert the use of the new compiler report format and properly ungate Editions 2024 features.
  • Fix absolute imports (leading-dot) marked unused in diagnostics.

[v1.68.0] - 2026-04-14

  • Use new compiler for build process and support Editions 2024 features.
  • Add LSP document links for buf.yaml deps, buf.gen.yaml remote plugins and input modules, buf.policy.yaml name and BSR plugins, and buf.lock dep names, making each a clickable link to its BSR page.
  • Add LSP code lenses for buf.yaml files to update all dependencies (buf.dep.updateAll) or check for available updates (buf.dep.checkUpdates).
  • Improve shell completions for buf flags with fixed value sets and file/directory arguments.
  • Add buf curl URL path shell completions (service and method names) via server reflection, --schema, or the local buf module.
  • Add support for Edition 2024 syntax to buf format.
  • Fix buf generate --clean deleting files from nested plugin output directories.

[v1.67.0] - 2026-04-01

... (truncated)

Commits

Updates @types/node from 25.1.0 to 25.9.1

Commits

Updates tsx from 4.21.0 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

  • resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

This release is also available on:

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

  • decode typed loader source (dce02fc)
  • preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

  • preserve CJS JSON require in ESM hooks (35b700b)
  • preserve named exports from CommonJS TypeScript (11de737)
  • support module.exports require(esm) interop (cf8f199)

This release is also available on:

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

  • resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

... (truncated)

Commits
  • 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
  • dce02fc fix: decode typed loader source
  • 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
  • 69455cf test: cover package exports for ambiguous ESM reexports
  • 35b700b fix: preserve CJS JSON require in ESM hooks
  • ef807db chore: update testing dependencies
  • 3917090 test: document compatibility test taxonomy
  • de8113f refactor: centralize Node capability facts
  • c1f62db test: consolidate tsconfig path edge coverage
  • 4e08174 test: consolidate loader hook coverage
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.


Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Updates fflate from 0.8.2 to 0.8.3

Release notes

Sourced from fflate's releases.

v0.8.3

  • Fix buffer over-read for Zip64 extra fields
  • Support sync flushes (Z_SYNC_FLUSH in zlib)
    • Allows for immediate decompression of all pushed bytes
    • Enables DEFLATE stream concatenation
  • Fix zip/zipSync when using cross-realm Uint8Array
  • Improve Zip64 support for streamed or undersized archives
  • Update performance estimates in README
  • Fix typings for TypeScript v5.7+
  • Reduce memory consumption after compression stream completion
Changelog

Sourced from fflate's changelog.

0.8.3

  • Fix buffer over-read for Zip64 extra fields
  • Support sync flushes (Z_SYNC_FLUSH in zlib)
    • Allows for immediate decompression of all pushed bytes
    • Enables DEFLATE stream concatenation
  • Fix zip/zipSync when using cross-realm Uint8Array
  • Improve Zip64 support for streamed or undersized archives
  • Update performance estimates in README
  • Fix typings for TypeScript v5.7+
  • Reduce memory consumption after compression stream completion
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the mostly-harmless group across 1 directory with 5 updates
8a33c42 
Bumps the mostly-harmless group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@bufbuild/buf](https://github.com/bufbuild/buf) | `1.64.0` | `1.70.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.1.0` | `25.9.1` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [fflate](https://github.com/101arrowz/fflate) | `0.8.2` | `0.8.3` |



Updates `@bufbuild/buf` from 1.64.0 to 1.70.0
- [Release notes](https://github.com/bufbuild/buf/releases)
- [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md)
- [Commits](bufbuild/buf@v1.64.0...v1.70.0)

Updates `@types/node` from 25.1.0 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `tsx` from 4.21.0 to 4.22.4
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.22.4)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `fflate` from 0.8.2 to 0.8.3
- [Release notes](https://github.com/101arrowz/fflate/releases)
- [Changelog](https://github.com/101arrowz/fflate/blob/master/CHANGELOG.md)
- [Commits](101arrowz/fflate@v0.8.2...v0.8.3)

---
updated-dependencies:
- dependency-name: "@bufbuild/buf"
  dependency-version: 1.70.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: mostly-harmless
- dependency-name: "@types/node"
  dependency-version: 25.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: mostly-harmless
- dependency-name: tsx
  dependency-version: 4.22.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: mostly-harmless
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: mostly-harmless
- dependency-name: fflate
  dependency-version: 0.8.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: mostly-harmless
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants