Update packages (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@google-cloud/datastore	8.7.0 -> 9.1.0					dependencies	major
@rollup/plugin-commonjs (source)	25.0.8 -> 26.0.1					devDependencies	major
archiver	6.0.2 -> 7.0.1					devDependencies	major
codemirror	5.65.17 -> 6.0.1					devDependencies	major
css-loader	6.11.0 -> 7.1.2					devDependencies	major
css-minimizer-webpack-plugin	6.0.0 -> 7.0.0					devDependencies	major
del	6.1.1 -> 7.1.0					devDependencies	major
eslint (source)	8.57.0 -> 9.10.0					devDependencies	major
fetch-mock (source)	9.11.0 -> 11.1.4					devDependencies	major
gulp (source)	4.0.2 -> 5.0.0					devDependencies	major
helmet-csp (source)	3.4.0 -> 4.0.0					dependencies	major
husky	7.0.4 -> 9.1.6					devDependencies	major
linkifyjs (source)	2.1.9 -> 4.1.3					dependencies	major
lru-cache	6.0.0 -> 11.0.1					dependencies	major
marked (source)	2.1.3 -> 14.1.2					devDependencies	major
node (source)	18.x -> 20.x					engines	major
node	18-alpine -> 20-alpine					final	major
node-fetch	2.7.0 -> 3.3.2					dependencies	major
p-queue	6.6.2 -> 8.0.1					dependencies	major
sass-loader	14.2.1 -> 16.0.2					devDependencies	major
supertest	6.3.4 -> 7.0.0					devDependencies	major
uuid	9.0.1 -> 10.0.0					dependencies	major
webpack-build-notifier	2.3.0 -> 3.1.0					devDependencies	major

---

Release Notes

googleapis/nodejs-datastore (@​google-cloud/datastore)

v9.1.0

Compare Source

Features

• New transaction feature (#​1239) (cdd2ee9)

Bug Fixes

• deps: Update dependency sinon to v18 (#​1250) (b7ff5c8)

v9.0.0

Compare Source

⚠ BREAKING CHANGES

• An existing method UpdateVehicleLocation is removed from service VehicleService (#​1248)

Features

• Query profiling feature (#​1221) (414dec4)

Bug Fixes

• An existing method UpdateVehicleLocation is removed from service VehicleService (#​1248) (ba79118)
• Read time should be used for transaction reads (#​1171) (73a0a39)

rollup/plugins (@​rollup/plugin-commonjs)

v26.0.1

2024-06-05

Bugfixes

• fix: correct import of glob (04a15b5)

v26.0.0

2024-06-05

Breaking Changes

• chore!: bump glob's version (#​1695)

archiverjs/node-archiver (archiver)

v7.0.1

Compare Source

What’s changed

Maintenance

• Add test for stream-like sources @​ctalkington (#​745)

Dependency updates

• Update dependency clsx to v2 @​renovate (#​694)
• Update react monorepo to v17 (major) @​renovate (#​703)
• Update docusaurus monorepo to v3 (major) @​renovate (#​739)
• Update dependency @​mdx-js/react to v3 @​renovate (#​737)
• Update react monorepo to v18 (major) @​renovate (#​704)
• Update dependency yauzl to v3.1.2 @​renovate (#​741)
• Lock file maintenance @​renovate (#​740)
• Update dependency zip-stream to v6.0.1 @​renovate (#​747)
• Update dependency archiver-utils to v5.0.2 @​renovate (#​746)
• Lock file maintenance @​renovate (#​748)

v7.0.0

Compare Source

What’s changed

Breaking changes

• Drop support for node v12 @​ctalkington (#​735)

Dependency updates

• Update dependency tar-stream to v3.1.7 @​renovate (#​731)
• Update dependency buffer-crc32 to v1 @​renovate (#​732)
• Update dependency zip-stream to v6 @​renovate (#​734)
• Update dependency archiver-utils to v5 @​renovate (#​730)
• Update docusaurus monorepo to v2.4.3 @​renovate (#​713)
• Update dependency rimraf to v5 @​renovate (#​693)
• Update dependency mocha to v10 @​renovate (#​692)
• Update dependency readable-stream to v4 @​renovate (#​695)
• Update dependency yauzl to v3 @​renovate (#​733)
• Lock file maintenance @​renovate (#​736)

codemirror/basic-setup (codemirror)

v6.0.1

Compare Source

Bug fixes

Work around limitations in tree-shaking software that prevented basicSetup from being removed when unused.

v6.0.0

Compare Source

Breaking changes

Change the package name from @codemirror/example-setup to just codemirror.

The package no longer exports EditorState (since that is no longer necessary to set up a basic editor).

New features

The new minimalSetup export provides a minimal set of editor extensions.

v5.65.18

Compare Source

webpack-contrib/css-loader (css-loader)

v7.1.2

Compare Source

v7.1.1

Compare Source

v7.1.0

Compare Source

Features

• added the getJSON option to output CSS modules mapping (#​1577) (af834b4)

v7.0.0

Compare Source

⚠ BREAKING CHANGES

• The modules.namedExport option is true by default if you enable the esModule option

Migration guide:

Before:

import style from "./style.css";

console.log(style.myClass);

After:

import * as style from "./style.css";

console.log(style.myClass);

• The modules.exportLocalsConvention has the value as-is when the modules.namedExport option is true and you don't specify a value
• Minimum supported webpack version is 5.27.0
• Minimum supported Node.js version is 18.12.0

Features

• The modules.namedExports option works fine with any modules.exportLocalsConvention values (f96a110)
• Added dashed variants for the modules.exportLocalsConvention options (40e1668)

webpack-contrib/css-minimizer-webpack-plugin (css-minimizer-webpack-plugin)

v7.0.0

Compare Source

⚠ BREAKING CHANGES

• update cssnano to 7.0 (#​263) (a252ce9)

sindresorhus/del (del)

v7.1.0

Compare Source

• Add path to onProgress event (#​155) f5d31e6

v7.0.0

Compare Source

Breaking

• Require Node.js 14 (#​143) 106d7d8
• This package is now pure ESM. Please read this.
• Moved from a default export to named exports:
  • require('del') → import {deleteAsync} from 'del'
  • require('del').sync → import {deleteSync} from 'del'

eslint/eslint (eslint)

v9.10.0

Compare Source

v9.9.1

Compare Source

v9.9.0

Compare Source

Features

• 41d0206 feat: Add support for TS config files (#​18134) (Arya Emami)
• 3a4eaf9 feat: add suggestion to require-await to remove async keyword (#​18716) (Dave)

Documentation

• 9fe068c docs: how to author plugins with configs that extend other configs (#​18753) (Alec Gibson)
• 48117b2 docs: add version support page in the side navbar (#​18738) (Amaresh S M)
• fec2951 docs: add version support page to the dropdown (#​18730) (Amaresh S M)
• 38a0661 docs: Fix typo (#​18735) (Zaina Al Habash)
• 3c32a9e docs: Update yarn command for creating ESLint config (#​18739) (Temitope Ogunleye)
• f9ac978 docs: Update README (GitHub Actions Bot)

Chores

• 461b2c3 chore: upgrade to @eslint/js@9.9.0 (#​18765) (Francesco Trotta)
• 59dba1b chore: package.json update for @​eslint/js release (Jenkins)
• fea8563 chore: update dependency @​eslint/core to ^0.3.0 (#​18724) (renovate[bot])
• aac191e chore: update dependency @​eslint/json to ^0.3.0 (#​18760) (renovate[bot])
• b97fa05 chore: update wdio dependencies for more stable tests (#​18759) (Christian Bromann)

v9.8.0

Compare Source

v9.7.0

Compare Source

Features

• 7bd9839 feat: add support for es2025 duplicate named capturing groups (#​18630) (Yosuke Ota)
• 1381394 feat: add regex option in no-restricted-imports (#​18622) (Nitin Kumar)

Bug Fixes

• 14e9f81 fix: destructuring in catch clause in no-unused-vars (#​18636) (Francesco Trotta)

Documentation

• 9f416db docs: Add Powered by Algolia label to the search. (#​18633) (Amaresh S M)
• c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#​18649) (Milos Djermanovic)
• 6e79ac7 docs: loadESLint does not support option cwd (#​18641) (Francesco Trotta)

Chores

• 793b718 chore: upgrade @​eslint/js@​9.7.0 (#​18680) (Francesco Trotta)
• 7ed6f9a chore: package.json update for @​eslint/js release (Jenkins)
• 7bcda76 refactor: Add type references (#​18652) (Nicholas C. Zakas)
• 51bf57c chore: add tech sponsors through actions (#​18624) (Strek)
• 6320732 refactor: don't use parent property in NodeEventGenerator (#​18653) (Milos Djermanovic)
• 9e6d640 refactor: move "Parsing error" prefix adding to Linter (#​18650) (Milos Djermanovic)

v9.6.0

Compare Source

v9.5.0

Compare Source

v9.4.0

Compare Source

v9.3.0

Compare Source

v9.2.0

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

v9.0.0

Compare Source

v8.57.1

Compare Source

wheresrhys/fetch-mock (fetch-mock)

v11.1.4

Compare Source

Documentation Changes

• another occurrence of the cheatsheet ref (875e4f6)
• fix link to cheatsheet (33e75b1)

v11.1.3

Compare Source

Bug Fixes

• add missing metadata to package.json files (4ab78b9)

v11.1.1

Compare Source

Bug Fixes

• roll back to glob-to-regexp (b114124)

v11.1.0

Compare Source

Features

• remove debug mode from fetch-mock (89890b6)

v11.0.2

Compare Source

Bug Fixes

• add license file to each package (9b36f89)

v11.0.1

Compare Source

Bug Fixes

• fixes importimng into .mts files (98ad40e)

v11.0.0

Compare Source

⚠ BREAKING CHANGES

• force fetch-mock major release

Bug Fixes

• force fetch-mock major release (1b31416)

v10.1.1

Compare Source

Bug Fixes

• change module system declaratuions to avoid top level type: module (ed00140)

v10.1.0

Compare Source

Features

• wip: replace dequal, glob-to-regexp and bump path-to-regexp (d8d8b25)

Bug Fixes

• failing tests (65ef567)
• replace path-to-regexp with regexparam (4bf3e32)
• wildcard import (ff9fee6)

v10.0.8

Compare Source

Miscellaneous

• rename fetch-mock-legacy directory to fetch-mock (95fd761)
• test release please again (3a9eb12)
• release 10.0.8 (7bbbf49)
• remove legacy prepublish step (3100e5a)

v10.0.7: Make type definitions compatible with ESM and CommonJs

Compare Source

v10.0.6: Fix type definitions

Compare Source

v10.0.5: Fix exports

Compare Source

v10.0.4: Simple API for naming routes

Compare Source

e.g. .mock('/path', 200, 'my-name')

v10.0.3: Remove custom aborterror implementation

Compare Source

v10.0.2: Support matching data URLs

Compare Source

v10.0.1: Small fixes to types

Compare Source

v10.0.0: ESM and native fetch

Compare Source

A major rewrite to use ESM modules and default to using native fetch in all environments

Other than that the API remains unchanged

gulpjs/gulp (gulp)

v5.0.0

Compare Source

We've tried to provide a high-level changelog for gulp v5 below, but it
doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down
into all changes that were made.

⚠ BREAKING CHANGES

• Drop support for Node.js <10.13
• Default stream encoding to UTF-8
• Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
• Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
• All globs and paths are normalized to unix-like filepaths
• Only allow JS variants for .gulp.* config files
• Removed support for alpha releases of v4 from gulp-cli
• Removed the --verify flag
• Renamed the --require flag to --preload to avoid conflicting with Node.js flags
• Removed many legacy and deprecated loaders
• Upgrade to chokidar v3
• Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
• Stop using process.umask() to make directories, instead falling back to Node's default mode
• Throw on non-function, non-string option coercers
• Drop support of Node.js snake_case flags
• Use a Symbol for attaching the gulplog namespace to the store
• Use a Symbol for attaching the gulplog store to the global
• Use sha256 to hash the v8flags cache into a filename

Features

• Streamlined the dependency tree
• Switch all streams implementation to Streamx
• Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
• Implement translation support for all CLI messages and all messages passing through gulplog
• Allow users to customize or remove the timestamp from their logs
• Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
• Added support for gulpile.cjs and gulpfile.mjs
• Add support for swc, esbuild, sucrase, and mdx loaders
• Provide an ESM export (#​2760) (b00de68)
• Support sourcemap handling on streaming Vinyl contents
• Support extends syntax for .gulp.* config file
• Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

• Resolve bugs related to symlinks on various platforms
• Resolved some reported ReDoS CVEs and improved performance in glob-parent
• Rework errors surfaced when encountering files or symlinks when trying to create directories
• Ensure watch allows japanese characters in globs (72668c6)
• Ensure watch does not trigger on negated globs (72668c6)
• Improve handling of BOM at the beginning of a stream
• Properly handle function coercer in array of option coercers
• Fork to-absolute-glob to:
  • Check negative patterns before trimming
  • Ensure glob-like characters are escaped in cwd & root options
  • Resolve ../ at the beginning of globs

Miscellaneous Chores

• Remove lazystream dependency
• Updated various stream test suites to test against Node.js core stream, readable-stream, and streamx
• Normalize repository, dropping node <10.13 support (#​2758) (72668c6)

Individual Changelogs

We created and maintain various projects that gulp depends upon. You can find their changelogs linked below:

• undertaker
• vinyl-fs
• glob-stream
• gulp-cli
• interpret
• glob-parent
• glob-watcher
• vinyl
• fs-mkdirp-stream
• lead
• vinyl-sourcemap
• to-through
• resolve-options
• remove-bom-stream
• value-or-function
• now-and-later
• @​gulpjs/to-absolute-glob
• fined
• mute-stdout
• semver-greatest-satisfied-range
• flagged-respawn
• rechoir
• gulplog
• glogg
• @​gulpjs/messages
• sparkles
• liftoff
• v8flags
• bach
• undertaker-registry
• async-settle
• last-run
• async-done
• replace-homedir

helmetjs/helmet (helmet-csp)

v4.0.0

Compare Source

See the Helmet 4 upgrade guide for help upgrading from Helmet 3.

Added

• helmet.contentSecurityPolicy:
  • If no default-src directive is supplied, an error is thrown
  • Directive lists can be any iterable, not just arrays

Changed

• This package no longer has dependencies. This should have no effect on end users, other than speeding up installation time.
• helmet.contentSecurityPolicy:
  • There is now a default set of directives if none are supplied
  • Duplicate keys now throw an error. See helmetjs/csp#73
  • This middleware is more lenient, allowing more directive names or values
• helmet.xssFilter now disables the buggy XSS filter by default. See #​230

Removed

• Dropped support for old Node versions. Node 10+ is now required
• helmet.featurePolicy. If you still need it, use the feature-policy package on npm.
• helmet.hpkp. If you still need it, use the hpkp package on npm.
• helmet.noCache. If you still need it, use the nocache package on npm.
• helmet.contentSecurityPolicy:
  • Removed browser sniffing (including the browserSniff and disableAndroid parameters). See helmetjs/csp#97
  • Removed conditional support. This includes directive functions and support for a function as the reportOnly. Read this if you need help.
  • Removed a lot of checks—you should be checking your CSP with a different tool
  • Removed support for legacy headers (and therefore the setAllHeaders parameter). Read this if you need help.
  • Removed the loose option
  • Removed support for functions as directive values. You must supply an iterable of strings
• helmet.frameguard:
  • Dropped support for the ALLOW-FROM action. Read more here.
• helmet.hidePoweredBy no longer accepts arguments. See this article to see how to replicate the removed behavior. See #​224.
• helmet.hsts:
  • Dropped support for includeSubdomains with a lowercase D. See #​231
  • Dropped support for setIf. Read this if you need help. See #​232
• helmet.xssFilter no longer accepts options. Read "How to disable blocking with X-XSS-Protection" and "How to enable the report directive with X-XSS-Protection" if you need the legacy behavior.

typicode/husky (husky)

v9.1.6

Compare Source

v9.1.5

Compare Source

v9.1.4

[Compare Source](https://redi

---

Configuration

📅 Schedule: Branch creation - "after 4am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @babel/eslint-parser@7.23.10
npm ERR! Found: eslint@9.2.0
npm ERR! node_modules/eslint
npm ERR!   dev eslint@"9.2.0" from the root project
npm ERR!   peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/eslint-utils@4.4.0
npm ERR!   node_modules/@eslint-community/eslint-utils
npm ERR!     @eslint-community/eslint-utils@"^4.2.0" from eslint@9.2.0
npm ERR!   3 more (eslint-config-google, eslint-config-prettier, eslint-plugin-prettier)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer eslint@"^7.5.0 || ^8.0.0" from @babel/eslint-parser@7.23.10
npm ERR! node_modules/@babel/eslint-parser
npm ERR!   dev @babel/eslint-parser@"7.23.10" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: eslint@8.57.0
npm ERR! node_modules/eslint
npm ERR!   peer eslint@"^7.5.0 || ^8.0.0" from @babel/eslint-parser@7.23.10
npm ERR!   node_modules/@babel/eslint-parser
npm ERR!     dev @babel/eslint-parser@"7.23.10" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-05-07T12_58_42_174Z-debug-0.log