chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@types/node (source)	^20.9.3 → ^20.19.37
@types/semver (source)	^7.5.6 → ^7.7.1
@xmldom/xmldom	^0.8.10 → ^0.9.9
ConfigureAwaitChecker.Analyzer	5.0.0 → 5.0.0.1
Finbuckle.MultiTenant (source)	6.11.1 → 6.13.1
Microsoft.NETFramework.ReferenceAssemblies (source)	1.0.2 → 1.0.3
chalk	^5.3.0 → ^5.6.2
changelogen	^0.5.5 → ^0.6.2
defu	^6.1.3 → ^6.1.4
detect-indent	^7.0.1 → ^7.0.2
dotenv	^16.3.1 → ^16.6.1
eslint (source)	8.54.0 → 8.57.1
globby	^14.0.0 → ^14.1.0
js-yaml	^4.1.0 → ^4.1.1
jsonpath	1.1.1 → 1.3.0
knip (source)	^2.41.5 → ^2.43.0
pathe	^1.1.1 → ^1.1.2
prettier (source)	3.1.0 → 3.8.1
release-it	^17.0.0 → ^17.11.0
rimraf	^5.0.5 → ^5.0.10
semver	^7.5.4 → ^7.7.4
shelljs	^0.8.5 → ^0.10.0
typescript (source)	^5.3.2 → ^5.9.3
xpath	^0.0.33 → ^0.0.34

---

Release Notes

xmldom/xmldom (@​xmldom/xmldom)

v0.9.9

Compare Source

Added

• implement ParentNode.children getter #960 / #410

Fixed

• Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp
• Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp
• correctly traverse ancestor chain in Node.contains #931

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Chore

• updated dependencies

Thank you,
@​stevenobiajulu,
@​yoshi389111,
@​thesmartshadow,
for your contributions

v0.9.8

Compare Source

Fixed

• fix: replace \u2029 as part of normalizeLineEndings #839 / #838
• perf: speed up line detection #847 / #838

Chore

• updated dependencies
• drop jazzer and rxjs devDependencies #845

Thank you,
@​kboshold,
@​Ponynjaa,
for your contributions.

v0.9.7

Compare Source

Added

• Implementation of hasAttributes #804

Fixed

• locator is now true even when other options are being used for the DOMParser #802 / #803
• allow case-insensitive DOCTYPE in HTML #817 / #819

Performance

• simplify DOM.compareDocumentPosition #805

Chore

• updated devDependencies

Thank you,
@​zorkow,
@​Ponynjaa,
@​WesselKroos,
for your contributions.

v0.9.6

Compare Source

Fixed

• lower error level for unicode replacement character #790 / #794 / #797

Chore

• updated devDependencies
• migrate renovate config #792

Thank you, @​eglitise, for your contributions.

v0.9.5

Compare Source

Fixed

• fix: re-index childNodes on insertBefore #763 / #766

Thank you,
@​mureinik,
for your contributions.

v0.9.4

Compare Source

Fixed

• restore performance for large amount of child nodes #748 / #760
• types: correct error handler level to warning (#​759) #754 / #759

Docs

• test: verify BOM handling #758

Thank you,
@​luffynando,
@​mattiasw,
@​JoinerDev,
for your contributions.

v0.9.3

Compare Source

Fixed

• restore more Node and ProcessingInstruction types #725 / #726
• getElements* methods return LiveNodeList<Element> #731 / #734
• Add more missing Node props #728, triggered by unclosed #724

Docs

• Update supported runtimes in readme (NodeJS >= 14.6 and other ES5 compatible runtimes)

Chore

• updates devDependencies

Thank you,
@​Ponynjaa,
@​ayZagen,
@​sserdyuk,
@​wydengyre,
@​mykola-mokhnach,
@​benkroeger,
for your contributions.

v0.9.2

Compare Source

Feature

• add Element.getElementsByClassName #722

Fixed

• add missing types for Document.documentElement and Element.tagName #721 #720

Thank you, @​censujiang, @​Mathias-S, for your contributions

v0.9.1

Compare Source

Fixed

• DOMParser.parseFromString requires mimeType as second argument #713
• correct spelling of isHTMLMimeType in type definition #715 / #712
• sync types with exports #717 / #285 / #695

Other

• minimum tested node version is 14 #710

Thank you, @​krystofwoldrich, @​marvinruder, @​amacneil, @​defunctzombie,
@​tjhorner, @​danon, for your contributions

v0.9.0

Compare Source

• Discussion
• Summary on dev.to

Features

• feat: expose all DOM level 2 element prototypes #637 / #40
• feat: add iterator function to NodeList and NamedNodeMap #634 / #633

Fixed

• parse empty/whitspace only doctype internal subset #692
• avoid prototype clash in namespace prefix #554
• report fatalError when doctype is inside elements #550

Other

• test: add fuzz target and regression tests #556
• chore: improve .gitignore and provide .envrc.template #697
• chore: Apply security best practices #546
• ci: check test coverage in PRs #524
• docs: add missing commas to readme #566
• docs: click to copy install command in readme #644
• docs: enhance jsdoc comments #511

Thank you, @​kboshold, @​edi9999, @​apupier,
@​shunkica, @​homer0, @​jhauga,
@​UdayKharatmol, for your contributions

v0.8.12

Compare Source

Fixed

• preserve trailing whitespace in ProcessingInstruction data #962 / #42
• Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp
• Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you,
@​thesmartshadow,
@​stevenobiajulu,
for your contributions

v0.8.11

Compare Source

Fixed

• update ownerDocument when moving nodes between documents #933 / #932

Thank you, @​shunkica, for your contributions

Finbuckle/Finbuckle.MultiTenant (Finbuckle.MultiTenant)

v6.13.1

Bug Fixes

• update dependency to protect against CVE-2024-21319 (#​781) (c5e0c8a)

v6.13.0

Features

• .net8.0 LTS release support (#​770) (d7f08f9)

Bug Fixes

• OnTenantNotResolved not called correctly (#​729) (a26081c), closes #​628

v6.12.0

Features

• AdjustIndex preserves existing filter (#​711) (affb66f)
• net8.0 (#​712) (a137dae)

chalk/chalk (chalk)

v5.6.2

Compare Source

• Fix vulnerability in 5.6.1, see: #​656

v5.6.0

Compare Source

• Make WezTerm terminal use true color a8f5bf7

---

v5.5.0

Compare Source

• Make Ghostty terminal use true color (#​653) 79ee2d3

---

v5.4.1

Compare Source

• Fix navigator not defined ReferenceError (#​642) 4ebb62d

v5.4.0

Compare Source

• Update CIRCLECI environments to return level 3 color support f838120

unjs/changelogen (changelogen)

v0.6.2

Compare Source

compare changes

🩹 Fixes

• cli: Accept hideAuthorEmail arg (#​275)

📖 Documentation

• Add note about version number interpretation (#​272)

🌊 Types

• config.types accept boolean value (#​278)

🏡 Chore

• readme: Fix typo (#​270)
• Update deps (037ac74)

❤️ Contributors

• Philipp Kief (@​PKief)
• Pooya Parsa (@​pi0)
• Azat S. (@​azat-io)
• Adarsh DK <adarsh.dk24012@​gmail.com>
• B. Jonson (@​who-jonson)

v0.6.1

Compare Source

compare changes

🩹 Fixes

• Pass cwd in more places before running commands (#​266)

🏡 Chore

• Update deps (f728b52)
• Update tsconfig (e5dced7)

✅ Tests

• Update snapshot (ec2618f)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Daniel Roe (@​danielroe)

v0.6.0

Compare Source

compare changes

🚀 Enhancements

• Update jiti to v2 (6e85d32)
• Add check for breaking changes in commit body (#​228)
• Hide author email address via flag (#​247)
• Add noAuthors option (#​183)

🩹 Fixes

• Use https proto for author's github link (#​225)
• Use https proto for author's github link in tests (#​226)
• Release version regex supporting pre versions (#​259)
• Use correct compare changes URL for Bitbucket (#​257)
• Use tag template for version title and compare change link (#​255)
• Render usernames in github changelog (#​265)

💅 Refactors

• Use consola for colors (49e0401)
• Use confbox for yaml parsing (19e940c)

📦 Build

• ⚠️ Esm-only dist (4a22de6)

🏡 Chore

• Lint (031cfd6)
• Update deps (b184f23)
• Update ci (8662c4e)
• Update esm-only deps (0d5e31d)

✅ Tests

• Add tests for parsing co-authors from commit body (#​229)

⚠️ Breaking Changes

• ⚠️ Esm-only dist (4a22de6)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Klein Petr (@​kleinpetr)
• Jasper Zonneveld (@​JaZo)
• Thorsten Seyschab (@​toddeTV)
• Philipp Kief (@​PKief)
• Jan-Henrik Damaschke jdamaschke@outlook.de
• Damian Głowala (@​DamianGlowala)

v0.5.7

Compare Source

compare changes

🩹 Fixes

• bump: Avoid using + for canary suffix (#​224)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.5.6

Compare Source

compare changes

🚀 Enhancements

• Add option to sign git tags (#​117)
• git: Support parse git messages that have prefix emoji (#​146)

🩹 Fixes

• github: Use bearer token (#​180)
• Handle repo name with multiple segments (#​219)
• Lowercase scope when filtering (#​199)

💅 Refactors

• Replace execa with execSync (#​222)
• Use human readable date for canary versions (#​223)
• Update execCommand (68127be)

🏡 Chore

• Apply automated lint fixes (72c407f)
• Update ci (bcb16cb)
• Update non major deps (7f714c9)
• Update to eslint v9 (fd40be9)
• Apply automated lint fixes (673255b)
• Update deps (3cfbe27)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Klein Petr (@​kleinpetr)
• Wan Chiu (@​wan54)
• Jianqi Pan (@​Jannchie)
• Vasily Kuzin exer7um@gmail.com
• Daniel Roe (@​danielroe)

unjs/defu (defu)

v6.1.4

Compare Source

compare changes

🩹 Fixes

• Merge objects with Module type (#​121)

💅 Refactors

• Move isPlainObject to _utils to allow testing (e922a16)
• Make isPlainObject logic more readable (e458b63)

📖 Documentation

• Fix typo (#​116)

🏡 Chore

• release: V6.1.3 (3834ca1)
• Update deps and lint (e5a48d3)
• Enable skipLipCheck for type tests (7c7a9a4)

✅ Tests

• Improve tests for isPlainObject (b24a213)

❤️ Contributors

• Alexander Lichter (@​manniL)
• Pooya Parsa (@​pi0)
• Yu Le is.yuler@gmail.com

sindresorhus/detect-indent (detect-indent)

v7.0.2

Compare Source

• Fix multi-line comment indent detection 8c39c07

---

motdotla/dotenv (dotenv)

v16.6.1

Compare Source

Changed

• Default quiet to true – hiding the runtime log message (#​874)
• NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
• And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@​dotenvx/dotenvx').config().

v16.6.0

Compare Source

Added

• Default log helpful message [dotenv@16.6.0] injecting env (1) from .env (#​870)
• Use { quiet: true } to suppress
• Aligns dotenv more closely with dotenvx.

v16.5.0

Compare Source

Added

• 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

• Remove _log method. Use _debug #​862

v16.4.7

Compare Source

Changed

• Ignore .tap folder when publishing. (oops, sorry about that everyone. - @​motdotla) #​848

v16.4.6

Compare Source

Changed

• Clean up stale dev dependencies #​847
• Various README updates clarifying usage and alternative solutions using dotenvx

v16.4.5

Compare Source

Changed

• 🐞 Fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #​814

v16.4.4

Compare Source

Changed

• 🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #​812

v16.4.3

Compare Source

Changed

• 🐞 Fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #​814

v16.4.2

Compare Source

Changed

• Changed funding link in package.json to dotenvx.com

v16.4.1

Compare Source

• Patch support for array as path option #​797

v16.4.0

Compare Source

• Add error.code to error messages around .env.vault decryption handling #​795
• Add ability to find .env.vault file when filename(s) passed as an array #​784

v16.3.2

Compare Source

Added

• Add debug message when no encoding set #​735

Changed

• Fix output typing for populate #​792
• Use subarray instead of slice #​793

eslint/eslint (eslint)

v8.57.1

Compare Source

Bug Fixes

• a19072f fix: add logic to handle fixTypes in the lintText() method (#​18900) (Francesco Trotta)
• 04c7188 fix: Don't lint same file multiple times (#​18899) (Francesco Trotta)
• 87ec3c4 fix: do not throw when defining a global named __defineSetter__ (#​18898) (Francesco Trotta)
• 60a1267 fix: Provide helpful error message for nullish configs (#​18889) (Milos Djermanovic)
• a0dea8e fix: allow name in global ignores, fix --no-ignore for non-global (#​18875) (Milos Djermanovic)
• 3836bb4 fix: do not crash on error in fs.walk filter (#​18886) (Milos Djermanovic)
• 2dec349 fix: skip processor code blocks that match only universal patterns (#​18880) (Milos Djermanovic)

Documentation

• 6a5add4 docs: v8.x Add EOL banner (#​18744) (Amaresh S M)
• b034575 docs: v8.x add version support page to the dropdown (#​18731) (Amaresh S M)
• 760ef7d docs: v8.x add version support page in the side navbar (#​18740) (Amaresh S M)
• 428b7ea docs: Add Powered by Algolia label to the search (#​18658) (Amaresh S M)
• c68c07f docs: version selectors synchronization (#​18265) (Milos Djermanovic)

Build Related

• 35d366a build: Support updates to previous major versions (#​18870) (Milos Djermanovic)

Chores

• 140ec45 chore: upgrade @​eslint/js@​8.57.1 (#​18913) (Milos Djermanovic)
• bcdfc04 chore: package.json update for @​eslint/js release (Jenkins)
• 3f6ce8d chore: pin vite-plugin-commonjs@​0.10.1 (#​18910) (Milos Djermanovic)
• 9f07549 chore: ignore /docs/v8.x in link checker (#​18660) (Milos Djermanovic)

v8.57.0

Compare Source

Features

• 1120b9b feat: Add loadESLint() API method for v8 (#​18098) (Nicholas C. Zakas)
• dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#​18066) (Nitin Kumar)

Bug Fixes

• 2196d97 fix: handle absolute file paths in FlatRuleTester (#​18064) (Nitin Kumar)
• 69dd1d1 fix: Ensure config keys are printed for config errors (#​18067) (Nitin Kumar)
• 9852a31 fix: deep merge behavior in flat config (#​18065) (Nitin Kumar)
• 4c7e9b0 fix: allow circular references in config (#​18056) (Milos Djermanovic)

Documentation

• 84922d0 docs: Show prerelease version in dropdown (#​18139) (Nicholas C. Zakas)
• 5b8c363 docs: Switch to Ethical Ads (#​18117) (Milos Djermanovic)
• 77dbfd9 docs: show NEXT in version selectors (#​18052) (Milos Djermanovic)

Chores

• 1813aec chore: upgrade @​eslint/js@​8.57.0 (#​18143) (Milos Djermanovic)
• 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
• f4a1fe2 test: add more tests for ignoring files and directories (#​18068) (Nitin Kumar)
• 42c0aef ci: Enable CI for v8.x branch (#​18047) (Milos Djermanovic)

v8.56.0

Compare Source

Features

• 0dd9704 feat: Support custom severity when reporting unused disable directives (#​17212) (Bryan Mishkin)
• 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#​17818) (Arka Pratim Chaudhuri)

Bug Fixes

• 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#​17846) (Francesco Trotta)
• 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#​17812) (Bryan Mishkin)

Documentation

• 9007719 docs: update link in ways-to-extend.md (#​17839) (Amel SELMANE)
• 3a22236 docs: Update README (GitHub Actions Bot)
• 54c3ca6 docs: fix migration-guide example (#​17829) (Tanuj Kanti)
• 4391b71 docs: check config comments in rule examples (#​17815) (Francesco Trotta)
• fd28363 docs: remove mention about ESLint stylistic rules in readme (#​17810) (Zwyx)
• 48ed5a6 docs: Update README (GitHub Actions Bot)

Chores

• ba6af85 chore: upgrade @​eslint/js@​8.56.0 (#​17864) (Milos Djermanovic)
• 60a531a chore: package.json update for @​eslint/js release (Jenkins)
• ba87a06 chore: update dependency markdownlint to ^0.32.0 (#​17783) (renovate[bot])
• 9271d10 chore: add GitHub issue template for docs issues (#​17845) (Josh Goldberg ✨)
• 70a686b chore: Convert rule tests to FlatRuleTester (#​17819) (Nicholas C. Zakas)
• f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#​17837) (唯然)
• 905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#​17838) (唯然)
• 4d7c3ce chore: update eslint-plugin-n v16.4.0 (#​17836) (唯然)
• fd0c60c ci: unpin Node.js 21.2.0 (#​17821) (Francesco Trotta)

v8.55.0

Compare Source

Features

• 8c9e6c1 feat: importNamePattern option in no-restricted-imports (#​17721) (Tanuj Kanti)

Documentation

• 83ece2a docs: fix typo --rules -> --rule (#​17806) (OKURA Masafumi)
• fffca5c docs: remove "Open in Playground" buttons for removed rules (#​17791) (Francesco Trotta)
• a6d9442 docs: fix correct/incorrect examples of rules (#​17789) (Tanuj Kanti)
• 383e999 docs: update and fix examples for no-unused-vars (#​17788) (Tanuj Kanti)
• 5a8efd5 docs: add specific stylistic rule for each deprecated rule (#​17778) (Etienne)

Chores

• eb8950c chore: upgrade @​eslint/js@​8.55.0 (#​17811) (Milos Djermanovic)
• 93df384 chore: package.json update for @​eslint/js release (Jenkins)
• fe4b954 chore: upgrade @​eslint/eslintrc@​2.1.4 (#​17799) (Milos Djermanovic)
• bd8911d ci: pin Node.js 21.2.0 (#​17809) (Milos Djermanovic)
• b29a16b chore: fix several cli tests to run in the intended flat config mode (#​17797) (Milos Djermanovic)
• de165c1 chore: remove unused config-extends fixtures (#​17781) (Milos Djermanovic)
• d4304b8 chore: remove formatting/stylistic rules from new rule templates (#​17780) (Francesco Trotta)
• 21024fe chore: check rule examples for syntax errors (#​17718) (Francesco Trotta)

sindresorhus/globby (globby)

v14.1.0

Compare Source

• Expor

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.