Update all non-major dependencies

[cnap-tech-renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
@modelcontextprotocol/sdk (source)	devDependencies	minor	1.27.1 → 1.29.0
hono (source)	devDependencies	patch	4.12.5 → 4.12.25
isolated-vm	devDependencies	minor	6.0.2 → 6.1.2
oxlint (source)	devDependencies	minor	1.51.0 → 1.69.0
tsx (source)	devDependencies	minor	4.21.0 → 4.22.4
vitest (source)	devDependencies	patch	4.1.7 → 4.1.8
zod (source)	devDependencies	minor	4.3.6 → 4.4.3

---

Release Notes

modelcontextprotocol/typescript-sdk (@​modelcontextprotocol/sdk)

v1.29.0

Compare Source

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #​1577) by @​felixweinberger in #​1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in #​1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in #​1575
• Add typings exports by @​tdraier in #​1623
• v1.x npm audit fix by @​KKonstantinov in #​1780
• v1.x #​1623 follow up -add missing types to package.json by @​KKonstantinov in #​1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in #​1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in #​1640
• chore: bump version to 1.29.0 by @​felixweinberger in #​1820

New Contributors

• @​tdraier made their first contribution in #​1623
• @​jnMetaCode made their first contribution in #​1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

Compare Source

What's Changed

• feat: use scopes_supported from resource metadata by default (fixes #​580) by @​antogyn in #​757
• [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @​pcarleton in #​1611
• fix: reject plain JSON Schema objects passed as inputSchema by @​tiluckdave in #​1596
• fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @​pcarleton in #​1462
• fix(server/auth): RFC 8252 loopback port relaxation by @​poteat in #​1738
• chore: bump version to 1.28.0 by @​felixweinberger in #​1746

New Contributors

• @​antogyn made their first contribution in #​757
• @​tiluckdave made their first contribution in #​1596
• @​poteat made their first contribution in #​1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

honojs/hono (hono)

v4.12.25

Compare Source

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@​Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

v4.12.24

Compare Source

What's Changed

• docs(contribution): simplifyAI Usage Policy by @​yusukebe in #​4972
• chore: remove @​types/glob by @​rtritto in #​4978
• fix(bearer-auth): mention verifyToken in missing-options error message by @​tan7vir in #​4987
• refactor(language): Test/improve tests on languages middleware by @​iNeoO in #​4980
• fix(utils/ipaddr): expand "::" to eight zero groups by @​youcefzemmar in #​4973
• fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @​Mohammad-Faiz-Cloud-Engineer in #​4982
• refactor(timing): Test/add test for middleware timing by @​iNeoO in #​4991
• fix(utils/ipaddr): render the unspecified address binary as "::" by @​sarathfrancis90 in #​4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

Compare Source

What's Changed

• fix(serve-static): normalize all backslashes in file paths, not just the first in #​4962
• feat(context): export the Context class publicly by @​BlankParticle in #​4543
• docs(contribution): add AI Usage Policy by @​yusukebe in #​4970
• feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @​na-trium-144 in #​4961
• fix(utils/ipaddr): do not compress a single 0 group to :: by @​yusukebe in #​4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

Compare Source

What's Changed

• chore: update vitest to v4 and cleanups by @​BlankParticle in #​4952
• fix(mime): specify charset parameter per MIME type instead of mechanical detection by @​renatograsso10 in #​4912
• fix(compress): respect Accept-Encoding when encoding option is set by @​LeSingh1 in #​4951
• fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @​ATOM00blue in #​4955
• feat: add msgpack as a compressible content type by @​na-trium-144 in #​4957

New Contributors

• @​renatograsso10 made their first contribution in #​4912
• @​LeSingh1 made their first contribution in #​4951
• @​ATOM00blue made their first contribution in #​4955
• @​na-trium-144 made their first contribution in #​4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Compare Source

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474

---

Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

v4.12.20

Compare Source

What's Changed

• fix(route): preserve the base path of the mounted route() app by @​usualoma in #​4942
• fix(jsx): widen jsx and jsxFn children to Child[] by @​ashunar0 in #​4947

New Contributors

• @​ashunar0 made their first contribution in #​4947

Full Changelog: honojs/hono@v4.12.19...v4.12.20

v4.12.19

Compare Source

What's Changed

• ci: pin GitHub Actions to SHAs by @​yusukebe in #​4932
• fix(serveStatic): make options parameter optional in all adapters by @​mixelburg in #​4934
• fix(cookie): return the first cookie when there are multiple cookies with the same name by @​usualoma in #​4922
• feat(bearer-auth): make bearerAuth generic for typed context in verifyToken by @​justinnais in #​4913
• feat(cache): key cache entries by configured vary headers by @​usualoma in #​4915
• feat(request): add bytes() by @​yusukebe in #​4921
• fix(stream): upgrade @hono/node-server to v2 and fix abort handling by @​yusukebe in #​4940

New Contributors

• @​justinnais made their first contribution in #​4913

Full Changelog: honojs/hono@v4.12.18...v4.12.19

v4.12.18

Compare Source

Security fixes

This release includes fixes for the following security issues:

Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Affects: Cache Middleware. Fixes missing cache-skip handling for Vary: Authorization and Vary: Cookie, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm

CSS Declaration Injection via Style Object Values in JSX SSR

Affects: hono/jsx. Fixes a missing CSS-context escape for style object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p

Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Affects: hono/utils/jwt. Fixes improper validation of exp, nbf, and iat claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36

---

Users who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.

v4.12.17

Compare Source

What's Changed

• fix(jsx): normalize SVG attributes on the root element by @​kfly8 in #​4893
• fix(ssg): add atom+xml and rss+xml to defaultExtensionMap by @​yuintei in #​4899
• fix(cors): make origin optional in CORSOptions by @​truffle-dev in #​4905
• fix(types): propagate middleware response types to app.on overloads by @​T4ko0522 in #​4906

New Contributors

• @​kfly8 made their first contribution in #​4893
• @​truffle-dev made their first contribution in #​4905

Full Changelog: honojs/hono@v4.12.16...v4.12.17

v4.12.16

Compare Source

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

v4.12.15

Compare Source

What's Changed

• fix(jwt): support single-line PEM keys by @​hiendv in #​4889

New Contributors

• @​hiendv made their first contribution in #​4889

Full Changelog: honojs/hono@v4.12.14...v4.12.15

v4.12.14

Compare Source

Security fixes

This release includes fixes for the following security issues:

Improper handling of JSX attribute names in hono/jsx SSR

Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375

Other changes

• fix(aws-lambda): handle invalid header names in request processing (#​4883) fa2c74f

v4.12.13

Compare Source

What's Changed

• fix(types): infer response type from last handler in app.on 9-/10-handler overloads by @​T4ko0522 in #​4865
• feat(trailing-slash): add skip option by @​yusukebe in #​4862
• feat(cache): add onCacheNotAvailable option by @​yusukebe in #​4876

New Contributors

• @​T4ko0522 made their first contribution in #​4865

Full Changelog: honojs/hono@v4.12.12...v4.12.13

v4.12.12

Compare Source

Security fixes

This release includes fixes for the following security issues:

Middleware bypass via repeated slashes in serveStatic

Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (//) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c

Path traversal in toSSG() allows writing files outside the output directory

Affects: toSSG() for Static Site Generation. Fixes a path traversal issue where crafted ssgParams values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx

Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g

Missing validation of cookie name on write path in setCookie()

Affects: setCookie(), serialize(), and serializeSigned() from hono/cookie. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm

Non-breaking space prefix bypass in cookie name handling in getCookie()

Affects: getCookie() from hono/cookie. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4

---

Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.

v4.12.11

Compare Source

What's Changed

• feat(css): add classNameSlug option to createCssContext by @​flow-pie in #​4834

New Contributors

• @​flow-pie made their first contribution in #​4834

Full Changelog: honojs/hono@v4.12.10...v4.12.11

v4.12.10

Compare Source

What's Changed

• test(router): fix Simple capturing group test by @​yusukebe in #​4838
• docs: fix impaired -> inspired typo in benchmark READMEs by @​Abhi3975 in #​4843
• fix(jsx/dom): apply select value after children are rendered by @​usualoma in #​4847
• fix(compress): convert strong ETag to weak ETag when compressing by @​usualoma in #​4848
• docs(ip-restriction): add clear JSDoc examples and param types by @​VISHNU7KASIREDDY in #​4851

New Contributors

• @​Abhi3975 made their first contribution in #​4843
• @​VISHNU7KASIREDDY made their first contribution in #​4851

Full Changelog: honojs/hono@v4.12.9...v4.12.10

v4.12.9

Compare Source

What's Changed

• fix(request): remove parseBody from bodyCache to prevent TypeError by @​yusukebe in #​4807
• feat(client): add PickResponseByStatusCode type by @​yusukebe in #​4791
• fix(ssg): pass SSG_CONTEXT to forGetInfoURLRequest by @​yuintei in #​4810
• fix(service-worker): make fire() fallback behavior consistent with handle() by @​yusukebe in #​4821
• fix(cors): reflect request origin when credentials is true with wildcard by @​ctonneslan in #​4813

New Contributors

• @​yuintei made their first contribution in #​4810
• @​ctonneslan made their first contribution in #​4813

Full Changelog: honojs/hono@v4.12.8...v4.12.9

v4.12.8

Compare Source

What's Changed

• fix(utils/mime): Normalize input extension to lowercase before MIME check by @​TheEssem in #​4800
• fix(bearer-auth): escape regex metacharacters in bearer auth prefix option by @​otoneko1102 in #​4750

New Contributors

• @​TheEssem made their first contribution in #​4800

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Compare Source

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

---

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

Compare Source

What's Changed

• fix(accept): replace regex split to mitigate ReDoS by @​EdamAme-x in #​4758
• fix(jsx): align link hoisting and dedupe with React 19 by @​usualoma in #​4792
• chore(builld): tsconfig project references by @​BarryThePenguin in #​4797
• chore: add tsconfig.spec.json by @​yusukebe in #​4798
• feat(jsx-renderer): support function-based options by @​3w36zj6 in #​4780
• fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @​t0waxx in #​4782

New Contributors

• @​t0waxx made their first contribution in #​4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

laverdet/isolated-vm (isolated-vm)

v6.1.2

Compare Source

v6.1.1

Compare Source

v6.1.0

Compare Source

oxc-project/oxc (oxlint)

v1.69.0

Compare Source

🚀 Features

• e805174 linter: Add schema for jest/vitest/max-expects (#​23105) (Sysix)
• 7850577 linter: Add schema for jest/vitest/expect-expect (#​23104) (Sysix)
• 75f641a linter: Add schema for jest/vitest/consistent-test-it (#​23103) (Sysix)
• 5125f89 linter/unicorn: Support no-null checkArguments option (#​23098) (camc314)
• b8b9797 linter: Add schema for import-max-dependencies (#​23096) (Sysix)
• 65cb47a linter/eslint: Support no-unused-expressions ignoreDirectives option (#​23097) (camc314)
• f6c36d5 linter: Add schema for import/prefer-default-export (#​23091) (Sysix)
• 0d4a5d1 linter: Add schema for eslint/sort-vars (#​23090) (Sysix)
• fdb5bf5 linter: Add schema for eslint/radix (#​23082) (Sysix)
• 05b4dcf linter: Add schema for eslint/prefer-const (#​23081) (Sysix)
• 5a06c4d linter/vue: Implement next-tick-style rule (#​23041) (Alex Peshkov)
• e38a36a linter: Add schema for eslint/operator-assignment (#​23080) (Sysix)
• 907cee7 linter: Add schema for eslint/no-warning-comments (#​23075) (Sysix)
• 9470bb2 linter: Add schema for eslint/no-unused-vars (#​23073) (Sysix)
• 234b5cf linter: Add schema for eslint/no-shadow (#​23072) (Sysix)
• de0dd8b linter: Add schema for eslint/no-restricted-exports (#​23020) (Sysix)
• faa3e0d linter: Add schema for eslint/no-param-reassign (#​23018) (Sysix)
• dbc9c27 linter: Add schema for eslint/no-magic-numbers (#​23017) (Sysix)
• 38d3569 linter: Add schema for eslint/no-inner-declarations (#​23016) (Sysix)
• 008fa41 linter: Add schema for eslint/no-constant-condition (#​22991) (Sysix)
• ca44623 linter: Add schema for eslint/no-empty-function (#​22988) (Sysix)
• 43eb04d linter: Add schema for eslint/id-match (#​22987) (Sysix)
• a800f27 linter: Add schema for eslint/capitalized-comments (#​22984) (Sysix)
• 96e2d32 linter: Add schema for eslint/id-length (#​22963) (Sysix)
• 545493f linter: Add schema for eslint/complexity (#​22960) (Sysix)
• 5f0b558 linter: Add schema for eslint/class-methods-use-this (#​22959) (Sysix)
• 719b720 linter: Add schema for simple rule configurations (#​22948) (Sysix)
• fd00966 linter: Add right schema for eslint/max-* rules (#​22923) (Sysix)
• 1226d78 linter: Fill schema with rule configurations (#​22907) (Sysix)
• 8f423c1 linter/vue: Implement require-direct-export rule (#​17623) (yefan)
• 78e915b linter/vue: Implement no-reserved-props rule (#​22914) (bab)
• 0f200a9 linter/vue: Implement require-prop-types rule (#​22083) (Alex Peshkov)
• 5da9da9 linter/vue: Implement no-reserved-keys rule (#​21780) (bab)
• 75e14a8 linter/vue: Implement prop-name-casing rule (#​22892) (bab)

🐛 Bug Fixes

• 0383e61 linter: Fix schema for rules without a config (#​22946) (Sysix)

📚 Documentation

• dadafe3 oxlint, oxfmt: Mention migrate skills in npm READMEs (#​22965) (Boshen)

v1.68.0

Compare Source

🚀 Features

• e4b1f46 linter/typescript: Implement method-signature-style rule (#​22679) (Mikhail Baev)
• bc462ca linter/vue: Implement no-reserved-component-names rule (#​22741) (bab)
• ef9e751 linter/vue: Implement component-definition-name-casing rule (#​22818) (bab)
• d67f51a linter/vue: Implement require-prop-type-constructor rule (#​22708) (bab)
• 8422e8b linter/jsdoc: Implement require-yields-description rule (#​22805) (Mikhail Baev)
• fe93f97 linter/eslint: Implement prefer-named-capture-group rule (#​22759) (Sebastian Poxhofer)

v1.67.0

Compare Source

🚀 Features

• b84941e linter/vue: Implement no-expose-after-await rule (#​22675) (bab)
• 98b98c1 linter/vue: Implement no-computed-properties-in-data rule (#​22674) (bab)
• 2d4c919 oxlint: Support vite-plus/resolveConfig for vite.config.ts (#​22456) (leaysgur)
• 2a60012 linter/vue: Implement require-render-return rule (#​22613) (bab)
• 9f227fd linter/vue: Implement no-deprecated-props-default-this rule (#​21892) (bab)
• 87f065e linter/vue: Implement return-in-emits-validator rule (#​21935) (bab)
• ea0380c linter/unicorn: Implement import-style rule (#​22173) (Hao Chen)
• dde40fe linter/vue: Implement no-watch-after-await rule (#​22006) (bab)
• a735eb0 linter/vue: Implement valid-next-tick rule (#​22531) (bab)
• 6dc615d linter/vue: Implement no-shared-component-data rule (#​21842) (bab)
• a656418 linter/vue: Implement valid-define-options rule (#​22107) (bab)
• bb6f1b2 linter/vue: Implement require-slots-as-functions rule (#​22244) (bab)
• 5fa4774 linter/n: Implement callback-return rule (#​22470) (Mikhail Baev)

v1.66.0

Compare Source

🚀 Features

• 0440b0f linter/eslint: Implement id-match rule (#​22379) (Vladislav Sayapin)
• 65bf119 linter: Implement react no-object-type-as-default-prop (#​22481) (uhyo)
• 2a6ddce linter/eslint: Implement no-implied-eval rule (#​22391) (Vladislav Sayapin)
• 625758a linter/vitest: Implement padding-around-after-all-blocks rule (#​21788) (kapobajza)
• 37680b0 linter: Implement react no-unstable-nested-components (#​22248) (Jovi De Croock)
• d8d9c74 linter: Implement import/newline-after-import rule (#​19142) (Ryuya Yanagi)

v1.65.0

Compare Source

🚀 Features

• 5478fb5 linter/jsdoc: Implement require-throws-description rule (#​22386) (Mikhail Baev)
• c73225e linter/eslint: Implement prefer-arrow-callback rule (#​22312) (박천(Cheon Park))
• de82b59 linter: Add support for eslint-plugin-jsx-a11y-x (#​22356) (mehm8128)
• f44b6c8 linter: Fill schemas DummyRuleMap with built-in rules (#​22288) (Sysix)

v1.64.0

Compare Source

🚀 Features

• fbb8f22 linter: Support ignores in overrides (#​22148) (camc314)

🐛 Bug Fixes

• 25b7017 linter: Undocument override ignores option (#​22213) (camc314)

v1.63.0

Compare Source

📚 Documentation

• cacbc4a linter: Fix jest settings docs. (#​22127) (connorshea)

v1.62.0

Compare Source

🚀 Features

• 348f46c linter: Add respectEslintDisableDirectives option (#​21384) (Christian Vuerings)

🐛 Bug Fixes

• 8c425db linter: Allow string for jest version in config schema (#​21649) (camc314)

v1.61.1

Compare Source

v1.61.0

Compare Source

🚀 Features

• 38d8090 linter/jest: Implemented jest version settings in config file. (#​21522) (Said Atrahouch)

v1.60.0

Compare Source

📚 Documentation

• cfd8a4f linter: Don't rely on old eslint doc for available globals (#​21334) (Nicolas Le Cam)

v1.59.0

Compare Source

🐛 Bug Fixes

• dd2df87 npm: Export package.json for oxlint and oxfmt (#​20784) (kazuya kawaguchi)

v1.58.0

Compare Source

🚀 Features

• 16516de linter: Enhance types for DummyRule (#​20751) (camc314)

📚 Documentation

• be3dcc1 linter: Add note about node version + custom TS plugin (#​19381) (camc314)

v1.57.0

Compare Source

v1.56.0

Compare Source

v1.55.0

Compare Source

🐛 Bug Fixes

• bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#​20273) (leaysgur)

📚 Documentation

• f339f10 linter/plugins: Promote JS plugins to alpha status (#​20281) (overlookmotel)

v1.54.0

Compare Source

📚 Documentation

• 0c7da4f linter: Fix extra closing brace in example config. (#​20253) (connorshea)

v1.53.0

Compare Source

v1.52.0

Compare Source

🚀 Features

• 61bf388 linter: Add options.reportUnusedDisableDirectives to config file (#​19799) (Peter Wagenet)
• 2919313 linter: Introduce denyWarnings config options (#​19926) (camc314)
• a607119 linter: Introduce maxWarnings config option (#​19777) (camc314)

📚 Documentation

• 6c0e0b5 linter: Add oxlint.config.ts to the config docs. (#​19941) (connorshea)
• 160e423 linter: Add a note that the typeAware and typeCheck options require oxlint-tsgolint (#​19940) (connorshea)

privatenumber/tsx (tsx)

v4.22.4

Compare Source

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#​803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.3

Compare Source

Bug Fixes

• decode typed loader source (dce02fc)
• preserve entrypoint with Typ

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.