Skip to content

chore(deps): update all non-major dependencies#2909

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#2909
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@types/node (source) 24.13.224.13.3 age confidence devDependencies patch
charm.land/bubbles/v2 v2.1.0v2.1.1 age confidence require patch
charm.land/bubbletea/v2 v2.0.7v2.0.8 age confidence require patch
charm.land/lipgloss/v2 v2.0.4v2.0.5 age confidence require patch
cloud.google.com/go/auth v0.20.0v0.21.0 age confidence indirect minor
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.33.0v1.34.0 age confidence indirect minor
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.57.0v0.58.0 age confidence indirect minor
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.57.0v0.58.0 age confidence indirect minor
github.com/aws/aws-sdk-go-v2 v1.42.0v1.42.1 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.13v1.7.14 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/config v1.32.26v1.32.29 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/credentials v1.19.25v1.19.28 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29v1.18.30 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29v1.4.30 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.29v2.7.30 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.30v1.4.31 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.12v1.13.13 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.22v1.9.23 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.29v1.13.30 age confidence indirect patch
github.com/aws/aws-sdk-go-v2/service/s3 v1.104.1v1.105.0 age confidence indirect minor
github.com/aws/aws-sdk-go-v2/service/signin v1.2.1v1.4.0 age confidence indirect minor
github.com/aws/aws-sdk-go-v2/service/sso v1.31.4v1.32.0 age confidence indirect minor
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.7v1.37.0 age confidence indirect minor
github.com/aws/aws-sdk-go-v2/service/sts v1.43.4v1.44.0 age confidence indirect minor
github.com/charmbracelet/ultraviolet f39628cf5a850f age confidence indirect digest
github.com/dlclark/regexp2/v2 v2.2.2v2.3.0 age confidence indirect minor
github.com/googleapis/enterprise-certificate-proxy v0.3.17v0.3.18 age confidence indirect patch
github.com/googleapis/gax-go/v2 v2.22.0v2.23.0 age confidence indirect minor
github.com/klauspost/compress v1.18.7v1.19.0 age confidence indirect minor
github.com/planetscale/vtprotobuf ba978878ae5a48 indirect digest
go 1.26.41.26.5 age confidence patch
golang.org/x/crypto v0.53.0v0.54.0 age confidence indirect minor
golang.org/x/exp c48552f9ea1abe age confidence indirect digest
golang.org/x/net v0.56.0v0.57.0 age confidence indirect minor
golang.org/x/sync v0.21.0v0.22.0 age confidence require minor
golang.org/x/sys v0.46.0v0.47.0 age confidence indirect minor
golang.org/x/term v0.44.0v0.45.0 age confidence require minor
golang.org/x/text v0.38.0v0.40.0 age confidence indirect minor
golang/govulncheck-action v1.0.4v1.1.0 age confidence action minor
google.golang.org/api v0.287.0v0.288.0 age confidence indirect minor
google.golang.org/genproto 925bb5df0a9213 age confidence indirect digest
google.golang.org/genproto/googleapis/api 925bb5df0a9213 age confidence indirect digest
google.golang.org/genproto/googleapis/rpc 925bb5df0a9213 age confidence indirect digest
mvdan.cc/sh/moreinterp 19def062255122 require digest
netlify-cli 26.1.026.2.0 age confidence devDependencies minor
pnpm (source) 11.9.0+sha512.bd682d5d03fe525ef7c9fd6780c6884d1e756ac4c9c9fe00c538782824310dcf90e3ddc4f53835f06dfaebd5085e41855e0bcbb3b60de2ac5bbab89e5036f03b11.11.0 age confidence packageManager minor
pnpm (source) 11.9.011.11.0 age confidence minor
prettier (source) 3.9.43.9.5 age confidence devDependencies patch

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

charmbracelet/bubbles (charm.land/bubbles/v2)

v2.1.1

Compare Source

Lil’ Textarea Fix

This is a tiny patch to fix a bug in textarea where the prompt character could be missing styling on empty lines. That’s all for now!

Thanks for using Bubbles,
Charm 🌞

Changelog

Fixed
Docs

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

charmbracelet/bubbletea (charm.land/bubbletea/v2)

v2.0.8

Compare Source

Graphemes, schmraphemes

No terminal can render emojis perfectly, but we can try. This release improves some very specific edge cases around emoji rendering. Enjoy!

Changelog

  • db569ad: fix(deps): bump ultraviolet for emoji-related rendering improvements

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

charmbracelet/lipgloss (charm.land/lipgloss/v2)

v2.0.5

Compare Source

Changelog


The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

googleapis/google-cloud-go (cloud.google.com/go/auth)

v0.21.0

Compare Source

  • bigquery:

    • Add OpenCensus tracing.
  • firestore:

    • BREAKING CHANGE: If a document does not exist, return a DocumentSnapshot
      whose Exists method returns false. DocumentRef.Get and Transaction.Get
      return the non-nil DocumentSnapshot in addition to a NotFound error.
      DocumentRef.GetAll and Transaction.GetAll return a non-nil
      DocumentSnapshot instead of nil.
    • Add DocumentIterator.Stop. Call Stop whenever you are done with a
      DocumentIterator.
    • Added Query.Snapshots and DocumentRef.Snapshots, which provide realtime
      notification of updates. See https://cloud.google.com/firestore/docs/query-data/listen.
    • Canceling an RPC now always returns a grpc.Status with codes.Canceled.
  • spanner:

    • Add CommitTimestamp, which supports inserting the commit timestamp of a
      transaction into a column.
aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.42.1

Compare Source

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/acm: v1.37.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/aiops: v1.6.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/appflow: v1.50.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/appsync: v1.51.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/athena: v1.55.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/autoscaling: v1.58.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/b2bi: v1.0.0-preview.79
    • Feature: Updated APIs to support custom validation rules.
  • github.com/aws/aws-sdk-go-v2/service/bedrock: v1.45.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/bedrockagent: v1.50.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/bedrockdataautomation: v1.9.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/bedrockdataautomationruntime: v1.7.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/braket: v1.37.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/chatbot: v1.14.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines: v1.26.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging: v1.31.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/cloudcontrol: v1.28.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/cloudformation: v1.65.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/cloudsearch: v1.31.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/cloudtraildata: v1.16.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/cloudwatchevents: v1.32.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.57.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/codeartifact: v1.38.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/codegurusecurity: v1.16.3
    • Documentation: Documentation update to notify users of the discontinuation of Amazon CodeGuru Security.
  • github.com/aws/aws-sdk-go-v2/service/codestarnotifications: v1.31.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/connectparticipant: v1.34.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/controltower: v1.26.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/costandusagereportservice: v1.33.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/datazone: v1.39.0
    • Feature: Releasing the following features - Asset classification that lets users use restricted terms for classifying assets if they have the right permissions. Also adding a new enum value "Moving" to project status.
  • github.com/aws/aws-sdk-go-v2/service/dax: v1.28.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/devicefarm: v1.35.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/devopsguru: v1.39.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/directconnect: v1.37.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/docdbelastic: v1.19.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/ec2: v1.246.0
    • Feature: Added IPv6 support for AWS Client VPN.
  • github.com/aws/aws-sdk-go-v2/service/eks: v1.72.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/emrcontainers: v1.39.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/finspacedata: v1.33.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/forecast: v1.41.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/fsx: v1.61.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/groundstation: v1.37.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/health: v1.34.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/iotdataplane: v1.32.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/iotfleethub: v1.29.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/iotsitewise: v1.51.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/kendra: v1.60.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/keyspaces: v1.23.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/kinesisanalytics: v1.30.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/kinesisvideoarchivedmedia: v1.32.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/lambda: v1.77.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/lexmodelsv2: v1.56.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/lexruntimeservice: v1.29.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/licensemanager: v1.36.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/lookoutequipment: v1.35.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/mailmanager: v1.17.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/marketplacecatalog: v1.36.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/mediaconvert: v1.82.0
    • Feature: This release adds support for input rendition selection for HLS input, adds new Share API to enable sharing jobs with AWS Support for support investigations, and adds INCLUDE_AS_TS to iFrameOnlyManifest setting for HLS outputs.
  • github.com/aws/aws-sdk-go-v2/service/mediapackagevod: v1.39.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/mediastore: v1.29.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/migrationhubstrategy: v1.26.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/odb: v1.4.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/opensearchserverless: v1.25.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/opsworkscm: v1.32.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/outposts: v1.56.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/pcaconnectorad: v1.15.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/personalizeruntime: v1.32.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/qbusiness: v1.33.0
    • Feature: The Amazon Q Business GetDocumentContent operation now supports retrieval of the extracted text content in JSON format.
  • github.com/aws/aws-sdk-go-v2/service/redshiftserverless: v1.31.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/repostspace: v1.14.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/resiliencehub: v1.34.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi: v1.30.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/sagemakeredge: v1.30.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/sagemakerfeaturestoreruntime: v1.34.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/sagemakerruntime: v1.37.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/serverlessapplicationrepository: v1.29.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/servicecatalog: v1.38.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/sfn: v1.39.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/shield: v1.34.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/snowball: v1.35.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/sqs: v1.42.1
    • Documentation: Documentation update for Amazon SQS Supports Large Payload Message feature
  • github.com/aws/aws-sdk-go-v2/service/ssoadmin: v1.35.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/storagegateway: v1.42.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/support: v1.31.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/supportapp: v1.18.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/taxsettings: v1.16.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/timestreaminfluxdb: v1.16.0
    • Feature: Add MAINTENANCE status for DbInstance and DbCluster
  • github.com/aws/aws-sdk-go-v2/service/transcribe: v1.52.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/transcribestreaming: v1.31.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/translate: v1.33.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/wellarchitected: v1.39.0
    • Feature: Remove incorrect endpoint tests
  • github.com/aws/aws-sdk-go-v2/service/workspacesthinclient: v1.20.0
    • Feature: Remove incorrect endpoint tests
dlclark/regexp2 (github.com/dlclark/regexp2/v2)

v2.3.0

Compare Source

googleapis/enterprise-certificate-proxy (github.com/googleapis/enterprise-certificate-proxy)

v0.3.18

Compare Source

googleapis/gax-go (github.com/googleapis/gax-go/v2)

v2.23.0

Compare Source

Features
  • v2: add http.response.status_code to TransportTelemetryData (#​513) (7d5554f)
Bug Fixes
klauspost/compress (github.com/klauspost/compress)

v1.19.0

Compare Source

What's Changed

New Contributors

Full Changelog: klauspost/compress@v1.18.6...v1.19.0

golang/go (go)

v1.26.5

Compare Source

golang/govulncheck-action (golang/govulncheck-action)

v1.1.0

Compare Source

Full Changelog: golang/govulncheck-action@v1.0.4...v1.1.0

googleapis/google-api-go-client (google.golang.org/api)

v0.288.0

Compare Source

Features

v0.287.1

Compare Source

Documentation
netlify/cli (netlify-cli)

v26.2.0

Compare Source

Features
Bug Fixes
pnpm/pnpm (pnpm)

v11.11.0

Compare Source

Minor Changes
  • 508b8c2: Added the pnpm access command for managing package access and visibility on the registry, supporting listing packages and collaborators, getting and setting package status and MFA requirements, and granting or revoking team access.
Patch Changes
  • c70e33e: Allow allowBuilds entries for git-hosted packages to match by repository URL without pinning the resolved commit hash. This lets trusted git repositories keep running their build scripts after branch updates without approving each new commit, while package-name-only rules still do not approve git-hosted artifacts.
  • 3067e4f: Reduced peak memory usage during cold-cache dependency resolution. The metadata fetch is memoized for the whole resolution phase, and it was retaining each package's raw registry response body (used only to mirror the response to disk) for that entire time. The memoized cache now holds a body-less copy, so the raw body only lives as long as the call that writes the disk mirror. On large graphs that fetch full metadata (e.g. with minimumReleaseAge or trustPolicy enabled) this cuts peak RSS by roughly 30%, back in line with pnpm 10. The resolved lockfile is unchanged.
  • 51300fd: Prevent a crafted pnpm-lock.yaml from writing package content outside the virtual store. A dependency path key whose name reconstructs to a path-traversal sequence (e.g. ../../../tmp/x@1.0.0) is now rejected by the isolated (virtual-store) linker and the Plug'n'Play resolver map, matching the containment already applied to the hoisted linker. Under the global virtual store, a traversal in the version-derived path segment (e.g. a snapshot version: "../../x") is now rejected at formatGlobalVirtualStorePath, the single point every global-virtual-store slot path funnels through — closing the same escape in the isolated linker, the resolver's dependency-graph builder, and the config-dependency installer.
  • f8058eb: Reject symlinked pnpm-lock.yaml files when reading or writing the env lockfile document.
  • 9318a11: Allow registries and namedRegistries to be configured in the global config.yaml file.
  • 51300fd: Fixed a path traversal vulnerability where a dependency whose manifest name was a scoped path traversal (e.g. @x/../../../<path>) could be written outside node_modules to an attacker-controlled location during pnpm install, even with --ignore-scripts. The isolated linker now validates the package name before using it as a directory name, matching the existing protection in the hoisted linker.
  • 14332f0: Fail instead of silently removing an optional dependency's locked entries from pnpm-lock.yaml when the registry cannot resolve it. Previously, when registry metadata lacked a version that the lockfile already pinned (for example, a mirror that had not synced a recent release yet), pnpm install and pnpm dedupe silently dropped the optional dependency's entries — emptying maps such as the platform binaries of @napi-rs/canvas — so the lockfile differed between machines and frozen installs on other hosts had nothing to link #​12853.
  • fecfe83: Fixed peer dependency resolution with autoInstallPeers when a workspace package depends on a version of a package that a transitive dependency's self-contained closure also provides for itself. The peer providers that are attached to the root project for reuse are no longer peer-resolved a second time in the root context, so packages inside such a closure no longer get their peers bound to the root project's incompatible version #​4993.
  • 5a4daec: ${...} environment-variable placeholders in the httpProxy, httpsProxy, noProxy, proxy, and noproxy settings are no longer expanded when these settings come from a project's pnpm-workspace.yaml. They now receive the same protection already applied to registry, namedRegistries, and pnprServer.
  • d1da02e: pnpm publish no longer prints credentials when the target registry is configured with inline user:pass@ credentials (e.g. registry=https://user:pass@example.com/). They are now redacted both from the "publishing to registry" line and from the OIDC (trusted publishing) failure messages.
  • dcfc611: pnpm self-update now honors trustPolicy=no-downgrade. It resolves the target pnpm version against full registry metadata, so it refuses to switch to a version whose supply-chain trust evidence is weaker than an earlier-published one, the same way a regular install does.
  • a8ad82d: Register the pn alias in generated shell completion scripts.
  • 25bd5c3: Fixed standalone installer downgrades from pnpm v12 to v11.
  • 23996e9: pnpm runtime set <name> <version> now validates its arguments: the name must be node, deno, or bun, and the version must not contain a comma. Previously these were interpolated straight into a pnpm add selector, where an unsupported name or a comma (e.g. node 22,is-positive) could be misread as a list of packages or a local directory and install unintended packages or bins.

v11.10.0

Compare Source

Minor Changes
  • e2e3c81: Added the issues command as an alias of bugs, so pnpm issues opens the package's bug tracker URL in the browser.

  • 8491f8e: Added the prefix command which prints the current package prefix directory (or global prefix directory if -g / --global is used).

  • 3425e80: Added an _auth setting for configuring registry authentication as a single structured (URL-keyed) value. It can be set in the global pnpm config (config.yaml) or, for CI, via the pnpm_config__auth environment variable. The env form sidesteps the GitHub Actions / bash / zsh limitation that broke the existing pnpm_config_//host/:_authToken=… form (env var names containing /, :, or . are silently dropped). Closes [#​12314](ht

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added area: dependencies Changes related to dependency files. lang: go Pull requests that update Go code. lang: javascript Pull requests that update Javascript code. labels Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 13 times, most recently from 39011ed to f0caa2f Compare July 9, 2026 17:56
@renovate

renovate Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.25.10 -> 1.26.4
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.30 -> v1.19.31

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 140eb61 to 297025f Compare July 10, 2026 13:14
@renovate renovate Bot added the area: github actions Pull requests that update GitHub Actions code label Jul 10, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 297025f to b9056fe Compare July 10, 2026 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: dependencies Changes related to dependency files. area: github actions Pull requests that update GitHub Actions code lang: go Pull requests that update Go code. lang: javascript Pull requests that update Javascript code.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants