chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	1.8.2 -> 1.9.4			devDependencies	minor
@biomejs/biome (source)	1.8.2 -> 1.9.4				minor
@types/chai (source)	^4.3.16 -> ^4.3.20			devDependencies	patch
@types/mocha (source)	^10.0.7 -> ^10.0.10			devDependencies	patch
@types/node (source)	^20.14.8 -> ^20.19.11			devDependencies	minor
@types/sinon (source)	^17.0.3 -> ^17.0.4			devDependencies	patch
@types/vscode (source)	^1.90.0 -> ^1.103.0			devDependencies	minor
@vscode/test-electron	^2.4.0 -> ^2.5.2			devDependencies	minor
ecto_sql (source)	~> 3.11 -> ~> 3.13			prod	minor
gettext (source)	~> 0.24 -> ~> 0.26			prod	minor
glob	^10.4.2 -> ^10.4.5			devDependencies	patch
husky	^9.0.11 -> ^9.1.7			devDependencies	minor
lint-staged	^15.2.7 -> ^15.5.2			devDependencies	minor
mocha (source)	^10.4.0 -> ^10.8.2			devDependencies	minor
node (source)	20.15.0 -> 20.19.4				minor
phoenix (source)	~> 1.7.14 -> ~> 1.8.0			prod	minor
phoenix_live_reload (source)	~> 1.5 -> ~> 1.6			dev	minor
pnpm (source)	9.4.0 -> 9.15.9			packageManager	minor
postgrex (source)	>= 0.18.0 -> >= 0.21.1			prod	minor
sinon (source)	^18.0.0 -> ^18.0.1			devDependencies	patch
typescript (source)	^5.5.2 -> ^5.9.2			devDependencies	minor
vscode	^1.90.2 -> ^1.103.2			engines	minor

---

Release Notes

biomejs/biome (@​biomejs/biome)

v1.9.4

Compare Source

v1.9.3

Compare Source

v1.9.2

Compare Source

v1.9.1

Compare Source

v1.9.0

Compare Source

v1.8.3

Compare Source

Microsoft/vscode-test (@​vscode/test-electron)

v2.5.2

Compare Source

• Fix install issue on various platforms

v2.5.1

Compare Source

• Allow downloading server versions

v2.4.1

Compare Source

• Throw a typed TestRunFailedError on failure instead of a string.

elixir-ecto/ecto_sql (ecto_sql)

v3.13.2

Compare Source

Enhancements

• [sandbox] Allow passing through opts in Ecto.Adapters.SQL.Sandbox.allow/4 calls
• [sql] Add support for ON DELETE SET DEFAULT

Bug fixes

• [postgres] Fix nested array generated time columns

v3.13.1

Compare Source

Bug fixes

• [postgres] Fix nested array generated columns

v3.13.0

Compare Source

Enhancements

• [Ecto.Migration] Add support for index directions
• [sql] Support :log_stacktrace_mfa for filtering or modifying stacktrace-derived info in query logs
• [mysql] Support arrays using JSON for MariaDB
• [mysql] Allow to specify :prepare per operation
• [postgres] Add support for collations in Postgres
• [postgres] Allow source fields in json_extract_path

v3.12.1

Compare Source

Enhancements

• [sql] Support :pool_count option

v3.12.0

Compare Source

Enhancements

• [Ecto.Migration] Add Ecto.Migration.remove_if_exists/1
• [Ecto.Migrator] Warn for migration files that end in .ex
• [sql] Support for subqueries in order_bys and group_bys
• [mysql] Add check constraints for MySQL
• [postgres] Add native bitstring support to Postgres
• [postgres] Add support for :duration type
• [postgres] Add :plan explain option for Postgres
• [tds] Allow passing %Tds.Parameter structs as params for named parameter usage in query

Bug fix

• [mysql] Type cast of integers in MySQL should use signed integers

v3.11.3

Compare Source

Enhancements

• [mysql] Relax myxql dependency

v3.11.2

Compare Source

Enhancements

• [postgres] Relax postgrex dependency

v3.11.1

Compare Source

Enhancements

• [Ecto.Migration] Add :generated option to columns
• [Ecto.Migration] Add index storage parameters (via :options) for Postgres

Bug fixes

• [Ecto.Migration] Support :prefix on index rename
• [Ecto.Migrator] Stop runner if migration fails

elixir-gettext/gettext (gettext)

v0.26.2

Compare Source

• Introduces warning if plural messages are defined with the same singular
  message and conflicting plural messages.
• Improves performance by striping not required metadata when compiling the
  Gettext backend.

v0.26.1

Compare Source

• Address backwards incompatible changes in previous release

v0.26.0

Compare Source

This release changes the way you use Gettext. We're not crazy: it does so because doing so makes it a lot faster to compile projects that use Gettext.
The changes you have to make to your code are minimal, and the old behavior is deprecated so that you will be guided on how to update.

The reason for this change is that it removes compile-time dependencies from modules that used to import a Gettext backend. In applications such as Phoenix applications, where every view and controller imports the Gettext backend, this change means a lot less compilation when you make translation changes!

Here's the new API. Now, instead of defining a Gettext backend (use Gettext) and then importing that to use its macros, you need to:

1. Define a Gettext backend with use Gettext.Backend
2. Import and use its macros with use Gettext, backend: MyApp.Gettext.

Before and After

Before this release, code using Gettext used to look something like this:

defmodule MyApp.Gettext do
  use Gettext, otp_app: :my_app
end

defmodule MyAppWeb.Controller do
  import MyApp.Gettext
end

This creates a compile-time dependency for every module that imports the Gettext backend.

With this release, the above turns into:

defmodule MyApp.Gettext do
  use Gettext.Backend, otp_app: :my_app
end

defmodule MyAppWeb.Controller do
  use Gettext, backend: MyApp.Gettext
end

We are also updating Phoenix generators to use the new API.

If you update Gettext and still use use Gettext, otp_app: :my_app to define a backend, Gettext will emit a warning now.

Migration with Igniter

If your project is using igniter, you can run
mix igniter.update_gettext
to automatically migrate to the new API.

Detailed Changelog

This is a detailed list of the new things introduced in this release:

• Add Gettext.Macros, which contains all the macros you know and love (*gettext). It also contains *gettext_with_backend variants to explicitly pass a backend at compile time and keep extraction working.
• Document lgettext/5 and lngettext/7 callbacks in Gettext.Backend. These get generated in every Gettext backend.
• Add the Gettext.domain/0 type.

v0.25.0

Compare Source

• Run merging for mix gettext.extract's POT files even if they are unchanged.
  • Allow Expo 1.0+.

isaacs/node-glob (glob)

v10.4.5

Compare Source

v10.4.4

Compare Source

v10.4.3

Compare Source

typicode/husky (husky)

v9.1.7

Compare Source

What's Changed

• fix: add husky label to deprecated warning by @​smackfu in https://github.com/typicode/husky/pull/1538

New Contributors

• @​smackfu made their first contribution in https://github.com/typicode/husky/pull/1538

Full Changelog: typicode/husky@v9.1.6...v9.1.7

v9.1.6

Compare Source

What's Changed

• Fix issue where example pre-commit file is generated incorrectly by @​dexmlee in https://github.com/typicode/husky/pull/1519

New Contributors

• @​OlegKipchatov made their first contribution in https://github.com/typicode/husky/pull/1495
• @​Byron2016 made their first contribution in https://github.com/typicode/husky/pull/1499
• @​dexmlee made their first contribution in https://github.com/typicode/husky/pull/1519

Full Changelog: typicode/husky@v9.1.5...v9.1.6

v9.1.5

Compare Source

What's Changed

• fixes #​1494, support pre-merge-commit hook by @​RainMeoCat in https://github.com/typicode/husky/pull/1497

New Contributors

• @​RainMeoCat made their first contribution in https://github.com/typicode/husky/pull/1497

Full Changelog: typicode/husky@v9.1.4...v9.1.5

v9.1.4

Compare Source

• Improve deprecation notice

v9.1.3

Compare Source

• fix: better handle space in PATH

v9.1.2

Compare Source

Show a message instead of automatically removing deprecated code.

This only concerns projects that still have the following code in their hooks:

- #!/usr/bin/env sh # <- This is deprecated, remove it
- . "$(dirname -- "$0")/_/husky.sh"  # <- This is deprecated, remove it

### Rest of your hook code

Hooks with these lines will fail in v10.0.0

v9.1.1

Compare Source

Super saiyan god dog! It's over 9.0.0!

What's new

You can now run package commands directly, no need for npx or equivalents.
It makes writing hooks more intuitive and is also slightly faster 🐺⚡️

### .husky/pre-commit
- npx jest
+ jest # ~0.2s faster

A new recipe has been added to the docs. Lint staged files without external dependencies (inspired by Prettier docs). Feel free to modify it.

### .husky/pre-commit
prettier $(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g') --write --ignore-unknown
git update-index --again

For more advanced use cases, see lint-staged.

Fixes

• bunx husky init command
• Workaround for some hooks implementation on Windows

Deprecations

• #!/usr/bin/env sh and . "$(dirname -- "$0")/_/husky.sh" are deprecated. husky command will automatically remove them, no action required.
• If you're having code in ~/.huskyrc please move it to .config/husky/init.sh

Support for these will be removed in v10.

Friendly reminder

If Git hooks don't fit your workflow, you can disable Husky globally. Just add export HUSKY=0 to .config/husky/init.sh.

I've seen some confusion about this on X, so just a heads-up!

Sponsoring

Husky is downloaded over 45M times per month and used by ~1.5M projects. If your company wants to sponsor, you can do so here: GitHub Sponsors.

Have a nice summer ☀️ I'm open to new opportunities/consulting so feel free to drop me a message 😉

v9.1.0

Compare Source

lint-staged/lint-staged (lint-staged)

v15.5.2

Compare Source

Patch Changes

• #​1544 5561321 Thanks @​YimingIsCOLD! - Correctly handle colon (:) characters in staged filenames.

v15.5.1

Compare Source

Patch Changes

• #​1533 5d53534 Thanks @​iiroj! - Improve listing of staged files so that lint-staged doesn't crash when encountering an uninitialized submodule. This should result in less errors like:

  ✖ Failed to get staged files!
  

v15.5.0

Compare Source

Minor Changes

• #​1526 630af5f Thanks @​iiroj! - Lint-staged no longer resets to the original state when preventing an empty git commit. This happens when your configured tasks reset all the staged changes, typically when trying to commit formatting changes which conflict with your linter setup like ESLint or Prettier.

Example with Prettier

By default Prettier prefers double quotes.

Previously

1. Stage file.js with only double quotes " changed to '
2. Run git commit -am "I don't like double quotes"
3. Lint-staged runs prettier --write file.js, converting all the ' back to "
4. Because there are now no changes, lint-staged fails, cancels the commit, and resets back to the original state
5. Commit was not done, original state is restored and single quotes ' are staged

Now

1. Stage file.js with only double-quotes " changed to '
2. Run git commit -am "I don't like double quotes"
3. Lint-staged runs prettier --write file.js, converting all the ' back to "
4. Because there are now no changes, lint-staged fails and cancels the commit
5. Commit was not done, and there are no staged changes

v15.4.3

Compare Source

Patch Changes

• #​1512 cbfed1d Thanks @​tarik02! - Adjust TypeScript types for the default export so that it can be used as a value without error TS2693.

v15.4.2

Compare Source

Patch Changes

• #​1509 8827ebf Thanks @​iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.

v15.4.1

Compare Source

Patch Changes

• #​1504 1c7a45e Thanks @​iiroj! - Default TypeScript config filenames match JS equivalents.

• #​1504 9cc18c9 Thanks @​iiroj! - Add missing conditional exports syntax for TypeScript types.

v15.4.0

Compare Source

Minor Changes

• #​1500 a8ec1dd Thanks @​iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files:

  /**
   * @​filename: lint-staged.config.js
   * @​type {import('lint-staged').Configuration}
   */
  export default {
    '*': 'prettier --write',
  }

  It's also possible to use the .ts file extension for the configuration if your Node.js version supports it. The --experimental-strip-types flag was introduced in Node.js v22.6.0 and unflagged in v23.6.0, enabling Node.js to execute TypeScript files without additional configuration.

  export NODE_OPTIONS="--experimental-strip-types"
  
  npx lint-staged --config lint-staged.config.ts

Patch Changes

• #​1501 9b79364 Thanks @​iiroj! - Handle possible failures when logging user shell for debug info.

v15.3.0

Compare Source

Minor Changes

• #​1495 e69da9e Thanks @​iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues.

• #​1493 fa0fe98 Thanks @​iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing.

  For example:

  % npx lint-staged
  ✔ Backed up original state in git stash (20addf8)
  ✔ Running tasks for staged files...
  ✔ Applying modifications from tasks...
  ✔ Cleaning up temporary files...
  

  where the backup can be seen with git show 20addf8, or git stash list:

  % git stash list
  stash@{0}: lint-staged automatic backup (20addf8)
  

v15.2.11

Compare Source

Patch Changes

• #​1484 bcfe309 Thanks @​wormsik! - Escape paths containing spaces when using the "shell" option.

• #​1487 7dd8caa Thanks @​iiroj! - Do not treat submodule root paths as "staged files". This caused lint-staged to fail to a Git error when only updating the revision of a submodule.

v15.2.10

Compare Source

Patch Changes

• #​1471 e3f283b Thanks @​iiroj! - Update minor dependencies, including micromatch@~4.0.8.

v15.2.9

Compare Source

Patch Changes

• #​1463 b69ce2d Thanks @​iiroj! - Set the maximum number of event listeners to the number of tasks. This should silence the console warning MaxListenersExceededWarning: Possible EventEmitter memory leak detected.

v15.2.8

Compare Source

Patch Changes

• f0480f0 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version switched the --show-toplevel flag with --show-cdup, because on Git installed via MSYS2 the former was returning absolute paths that do not work with Node.js child_process. The new flag returns a path relative to the working directory, avoiding the issue.

  The GitHub Actions workflow has been updated to install Git via MSYS2, to ensure better future compatibility; using the default Git binary in the GitHub Actions runner was working correctly even with MSYS2.

mochajs/mocha (mocha)

v10.8.2

Compare Source

🩹 Fixes

• support errors with circular dependencies in object values with --parallel (#​5212) (ba0fefe)
• test link in html reporter (#​5224) (f054acc)

📚 Documentation

• indicate 'exports' interface does not work in browsers (#​5181) (14e640e)

🧹 Chores

• fix docs builds by re-adding eleventy and ignoring gitignore again (#​5240) (881e3b0)

🤖 Automation

• deps: bump the github-actions group with 1 update (#​5132) (e536ab2)

v10.8.1

Compare Source

🩹 Fixes

• handle case of invalid package.json with no explicit config (#​5198) (f72bc17)
• Typos on mochajs.org (#​5237) (d8ca270)
• use accurate test links in HTML reporter (#​5228) (68803b6)

v10.8.0

Compare Source

🌟 Features

• highlight browser failures (#​5222) (8ff4845)

🩹 Fixes

• remove :is() from mocha.css to support older browsers (#​5225) (#​5227) (0a24b58)

📚 Documentation

• add SECURITY.md pointing to Tidelift (#​5210) (bd7e63a)
• adopt Collective Funds Guidelines 0.1 (#​5199) (2b03d86)
• update README, LICENSE and fix outdated (#​5197) (1203e0e)

🧹 Chores

• fix npm scripts on windows (#​5219) (1173da0)
• remove trailing whitespace in SECURITY.md (7563e59)

v10.7.3

Compare Source

🩹 Fixes

• make release-please build work (#​5194) (afd66ef)

v10.7.0

Compare Source

🎉 Enhancements

• #​4771 feat: add option to not fail on failing test suite (@​ilgonmic)

v10.6.1

Compare Source

🐛 Fixes

• #​3825 fix: do not exit when only unref'd timer is present in test code (@​boneskull)
• #​5040 fix: support canonical module (@​JacobLey)

v10.6.0

Compare Source

🎉 Enhancements

• #​5150 feat: allow ^ versions for character encoding packages (@​JoshuaKGoldberg)
• #​5151 feat: allow ^ versions for file matching packages (@​JoshuaKGoldberg)
• #​5152 feat: allow ^ versions for yargs packages (@​JoshuaKGoldberg)
• #​5153 feat: allow ^ versions for data serialization packages (@​JoshuaKGoldberg)
• #​5154 feat: allow ^ versions for miscellaneous packages (@​JoshuaKGoldberg)

v10.5.2

Compare Source

🐛 Fixes

• #​5032 fix: better tracking of seen objects in error serialization (@​sam-super)

v10.5.1

Compare Source

🐛 Fixes

• #​5086 fix: Add error handling for nonexistent file case with --file option (@​khoaHyh)

v10.5.0

Compare Source

🎉 Enhancements

• #​5015 feat: use <progress> and <svg> for browser progress indicator instead of <canvas> (@​yourWaifu)
• #​5143 feat: allow using any 3.x chokidar dependencies (@​simhnna)
• #​4835 feat: add MOCHA_OPTIONS env variable (@​icholy)

🐛 Fixes

• #​5107 fix: include stack in browser uncaught error reporting (@​JoshuaKGoldberg)

🔩 Other

• #​5110 chore: switch two-column list styles to be opt-in (@​marjys)
• #​5135 chore: fix some typos in comments (@​StevenMia)
• #​5130 chore: rename 'master' to 'main' in docs and tooling (@​JoshuaKGoldberg)

nodejs/node (node)

v20.19.4

Compare Source

v20.19.3

Compare Source

v20.19.2

Compare Source

v20.19.1

Compare Source

v20.19.0: 2025-03-13, Version 20.19.0 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

require(esm) is now enabled by default

Support for loading native ES modules using require() had been available on v20.x under the command line flag --experimental-require-module, and available by default on v22.x and v23.x. In this release, it is now no longer behind a flag on v20.x.

This feature has been tested on v23.x and v22.x, and we are looking for user feedback from v20.x to make more final tweaks before fully stabilizing it. When the Node.js instance encounters a native ES module in require() somewhere outside node_modules for the first time, it will emit an experimental warning unless require() comes from a path that contains node_modules. If there happens to be any regressions caused by this feature, users can report it to the Node.js issue tracker. Meanwhile this feature can also be disabled using --no-experimental-require-module as a workaround.

With this feature enabled, Node.js will no longer throw ERR_REQUIRE_ESM if require() is used to load a ES module. It can, however, throw ERR_REQUIRE_ASYNC_MODULE if the ES module being loaded or its dependencies contain top-level await. When the ES module is loaded successfully by require(), the returned object will either be a ES module namespace object similar to what's returned by import(), or what gets exported as "module.exports" in the ES module.

Users can check process.features.require_module to see whether require(esm) is enabled in the current Node.js instance. For packages, the "module-sync" exports condition can be used as a way to detect require(esm) support in the current Node.js instance and allow both require() and import to load the same native ES module. See the documentation for more details about this feature.

Contributed by Joyee Cheung in #​55085

Module syntax detection is now enabled by default

Module syntax detection (the --experimental-detect-module flag) is now
enabled by default. Use --no-experimental-detect-module to disable it if
needed.

Syntax detection attempts to run ambiguous files as CommonJS, and if the module
fails to parse as CommonJS due to ES module syntax, Node.js tries again and runs
the file as an ES module.
Ambiguous files are those with a .js or no extension, where the nearest parent
package.json has no "type" field (either "type": "module" or
"type": "commonjs").
Syntax detection should have no performance impact on CommonJS modules, but it
incurs a slight performance penalty for ES modules; add "type": "module" to
the nearest parent package.json file to eliminate the performance cost.
A use case unlocked by this feature is the ability to use ES module syntax in
extensionless scripts with no nearby package.json.

Thanks to Geoffrey Booth for making this work on #​53619.

Other Notable Changes

• [285bb4ee14] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [73b5c16684] - (SEMVER-MINOR) worker: add postMessageToThread (Paolo Insogna) #​53682
• [de313b2336] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
• [4fba01911d] - (SEMVER-MINOR) process: add process.features.require_module (Joyee Cheung) #​55241
• [df8a045afe] - (SEMVER-MINOR) module: implement the "module-sync" exports condition (Joyee Cheung) #​54648
• [f9dc1eaef5] - (SEMVER-MINOR) module: add __esModule to require()'d ESM (Joyee Cheung) #​52166

Commits

• [d84be843e3] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #​56556
• [d8eaf5b9b8] - build: fix compatibility with V8's depot_tools (Richard Lau) #​57330
• [1ee4bf9690] - build: test macos-13 on GitHub actions (Michaël Zasso) #​56307
• [1cc8d69882] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #​56275
• [52f1f7e22b] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #​56106
• [5ef3c3c996] - crypto: add missing return value check (Michael Dawson) #​56615
• [285bb4ee14] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [46ceb9dc1c] - deps: update timezone to 2025a (Node.js GitHub Bot) #​56876
• [d4ca38fe8e] - deps: macro ENODATA is deprecated in libc++ (Cheng) #​56698
• [15214e6508] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #​56567
• [1e44f5d84b] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #​56388
• [b92ff7be38] - deps: update googletest to 7d76a23 (Node.js GitHub Bot) #​56387
• [e1b71a81a9] - deps: update googletest to e54519b (Node.js GitHub Bot) #​56370
• [c0d45e7f38] - deps: update simdutf to 5.7.0 (Node.js GitHub Bot) #​56332
• [d69107f5a8] - deps: update icu to 76.1 (Node.js GitHub Bot) #​55551
• [5c9a397699] - deps: V8: backport 9ab4059 (Lu Yahan) #​56781
• [8342233f6d] - deps: upd

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

---

• Branch has one or more failed status checks