Skip to content

fix(deps): update all non-major dependencies #432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #432

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 8, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@commencis/commitlint-config (source) 2.0.02.1.0 age confidence
@commencis/eslint-config (source) 2.4.02.5.0 age confidence
@commencis/eslint-plugin (source) 2.0.02.1.0 age confidence
@commencis/lint-staged-config (source) 2.0.02.1.0 age confidence
@commencis/prettier-config (source) 2.1.02.2.0 age confidence
@commencis/stylelint-config (source) 2.5.02.6.0 age confidence
@reduxjs/toolkit (source) 2.11.12.11.2 age confidence
@storybook/addon-a11y (source) 10.1.610.1.11 age confidence
@storybook/addon-docs (source) 10.1.610.1.11 age confidence
@storybook/addon-links (source) 10.1.610.1.11 age confidence
@storybook/react-vite (source) 10.1.610.1.11 age confidence
@testing-library/react 16.3.016.3.1 age confidence
@types/node (source) 24.10.224.10.4 age confidence
@vitest/coverage-v8 (source) 4.0.154.0.16 age confidence
commitlint (source) 20.2.020.3.0 age confidence
eslint (source) 9.39.19.39.2 age confidence
i18next (source) 25.7.225.7.4 age confidence
jsdom 27.3.027.4.0 age confidence
msw (source) 2.12.42.12.7 age confidence
react (source) 19.2.119.2.3 age confidence
react-dom (source) 19.2.119.2.3 age confidence
react-hook-form (source) 7.68.07.70.0 age confidence
react-i18next 16.4.116.5.1 age confidence
react-router (source) 7.10.17.12.0 age confidence
sass-embedded 1.95.11.97.2 age confidence
vite (source) 7.2.77.3.1 age confidence
vitest (source) 4.0.154.0.16 age confidence
zod (source) 4.1.134.3.5 age confidence

Release Notes

Commencis/js-toolkit (@​commencis/commitlint-config)

v2.1.0

Minor Changes
  • chore: update minor dependencies, node to v24.12 and pnpm to v10.25 (#​408)
Commencis/js-toolkit (@​commencis/eslint-config)

v2.5.0

Minor Changes
  • chore: update minor dependencies, node to v24.12 and pnpm to v10.25 (#​408)
Commencis/js-toolkit (@​commencis/eslint-plugin)

v2.1.0

Minor Changes
  • chore: update minor dependencies, node to v24.12 and pnpm to v10.25 (#​408)
Commencis/js-toolkit (@​commencis/lint-staged-config)

v2.1.0

Compare Source

Minor Changes
  • chore: update minor dependencies, node to v24.12 and pnpm to v10.25 (#​408)
Commencis/js-toolkit (@​commencis/prettier-config)

v2.2.0

Minor Changes
  • chore: update minor dependencies, node to v24.12 and pnpm to v10.25 (#​408)
Commencis/js-toolkit (@​commencis/stylelint-config)

v2.6.0

Minor Changes
  • chore: update minor dependencies, node to v24.12 and pnpm to v10.25 (#​408)
reduxjs/redux-toolkit (@​reduxjs/toolkit)

v2.11.2

Compare Source

storybookjs/storybook (@​storybook/addon-a11y)

v10.1.11

Compare Source

v10.1.10

Compare Source

v10.1.9

Compare Source

v10.1.8

Compare Source

v10.1.7

Compare Source

testing-library/react-testing-library (@​testing-library/react)

v16.3.1

Compare Source

vitest-dev/vitest (@​vitest/coverage-v8)

v4.0.16

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
conventional-changelog/commitlint (commitlint)

v20.3.0

Compare Source

Note: Version bump only for package commitlint

eslint/eslint (eslint)

v9.39.2

Compare Source

i18next/i18next (i18next)

v25.7.4

Compare Source

  • fix: Interpolation breaks when cloning an instance 2376

v25.7.3

Compare Source

jsdom/jsdom (jsdom)

v27.4.0

Compare Source

  • Added TextEncoder and TextDecoder.
  • Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
  • Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
  • Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.
mswjs/msw (msw)

v2.12.7

Compare Source

v2.12.7 (2025-12-27)

Bug Fixes

v2.12.6

Compare Source

v2.12.6 (2025-12-26)

Bug Fixes

v2.12.5

Compare Source

v2.12.5 (2025-12-26)

Bug Fixes
facebook/react (react)

v19.2.3: 19.2.3 (December 11th, 2025)

Compare Source

React Server Components

v19.2.2: 19.2.2 (December 11th, 2025)

Compare Source

React Server Components
react-hook-form/react-hook-form (react-hook-form)

v7.70.0

Compare Source

v7.69.0: 🎄 Version 7.69.0

Compare Source

📏 feat: align API with useWatch (#​13192)
🤦🏻‍♂️ chore: update @​deprecated names prop on (#​13198)
🏥 chore: safely call function methods on elements (#​13190)
🪖 chore: cve-2025-67779 (#​13196)
🪖 chore: cve-2025-55184 & cve-2025-55183 (#​13194)
🪖 chore: CVE-2025-55182 Critical RCE vulnerabilty (#​13175)
🔬 test: add regression tests for #​12837 and #​13136 (#​13187)
🐞 fix(reset): preserve isValid state when keepIsValid option is used (#​13173)
🐞 fix: ensure each createFormControl.subscribe subscription listens only to the changes it subscribes to (#​12968)
🐞 fix(validation): batch isValidating state updates with validation result (#​13181)
🐞 fix(createFormControl): resolve race condition between setError and setFocus (#​13138) (#​13169)
🧿 fix control prop type (#​13189)
🔔 chore: clean cloneObject logic (#​13179)

thanks to @​PierreCrb, @​a28689604, @​AnuragM7666, @​ap0nia, @​dusan233 & @​hlongc

i18next/react-i18next (react-i18next)

v16.5.1

Compare Source

v16.5.0

Compare Source

  • Add configuration option transDefaultProps to set default props for the Trans component (e.g. tOptions, shouldUnescape, values) 1895
remix-run/react-router (react-router)

v7.12.0

Compare Source

Minor Changes
  • Add additional layer of CSRF protection by rejecting submissions to UI routes from external origins. If you need to permit access to specific external origins, you can specify them in the react-router.config.ts config allowedActionOrigins field. (#​14708)
Patch Changes

  • Fix generatePath when used with suffixed params (i.e., "/books/:id.json") (#​14269)

  • Export UNSAFE_createMemoryHistory and UNSAFE_createHashHistory alongside UNSAFE_createBrowserHistory for consistency. These are not intended to be used for new apps but intended to help apps usiong unstable_HistoryRouter migrate from v6->v7 so they can adopt the newer APIs. (#​14663)

  • Escape HTML in scroll restoration keys (#​14705)

  • Validate redirect locations (#​14706)

  • [UNSTABLE] Pass <Scripts nonce> value through to the underlying importmap script tag when using future.unstable_subResourceIntegrity (#​14675)

  • [UNSTABLE] Add a new future.unstable_trailingSlashAwareDataRequests flag to provide consistent behavior of request.pathname inside middleware, loader, and action functions on document and data requests when a trailing slash is present in the browser URL. (#​14644)

    Currently, your HTTP and request pathnames would be as follows for /a/b/c and /a/b/c/

    URL /a/b/c HTTP pathname request pathname`
    Document /a/b/c /a/b/c
    Data /a/b/c.data /a/b/c
    URL /a/b/c/ HTTP pathname request pathname`
    Document /a/b/c/ /a/b/c/
    Data /a/b/c.data /a/b/c ⚠️

    With this flag enabled, these pathnames will be made consistent though a new _.data format for client-side .data requests:

    URL /a/b/c HTTP pathname request pathname`
    Document /a/b/c /a/b/c
    Data /a/b/c.data /a/b/c
    URL /a/b/c/ HTTP pathname request pathname`
    Document /a/b/c/ /a/b/c/
    Data /a/b/c/_.data ⬅️ /a/b/c/

    This a bug fix but we are putting it behind an opt-in flag because it has the potential to be a "breaking bug fix" if you are relying on the URL format for any other application or caching logic.

    Enabling this flag also changes the format of client side .data requests from /_root.data to /_.data when navigating to / to align with the new format. This does not impact the request pathname which is still / in all cases.

  • Preserve clientLoader.hydrate=true when using <HydratedRouter unstable_instrumentations> (#​14674)

v7.11.0

Compare Source

Minor Changes
  • Stabilize <HydratedRouter onError>/<RouterProvider onError> (#​14546)
Patch Changes

  • add support for throwing redirect Response's at RSC render time (#​14596)

  • Support for throwing data() and Response from server component render phase. Response body is not serialized as async work is not allowed as error encoding phase. If you wish to transmit data to the boundary, throw data() instead. (#​14632)

  • Fix unstable_useTransitions prop on <Router> component to permit omission for backewards compatibility (#​14646)

  • routeRSCServerRequest replace fetchServer with serverResponse (#​14597)

  • [UNSTABLE] Add a new unstable_defaultShouldRevalidate flag to various APIs to allow opt-ing out of standard revalidation behaviors. (#​14542)

    If active routes include a shouldRevalidate function, then your value will be passed as defaultShouldRevalidate in those function so that the route always has the final revalidation determination.

    • <Form method="post" unstable_defaultShouldRevalidate={false}>
    • submit(data, { method: "post", unstable_defaultShouldRevalidate: false })
    • <fetcher.Form method="post" unstable_defaultShouldRevalidate={false}>
    • fetcher.submit(data, { method: "post", unstable_defaultShouldRevalidate: false })

    This is also available on non-submission APIs that may trigger revalidations due to changing search params:

    • <Link to="/" unstable_defaultShouldRevalidate={false}>
    • navigate("/?foo=bar", { unstable_defaultShouldRevalidate: false })
    • setSearchParams(params, { unstable_defaultShouldRevalidate: false })

  • Allow redirects to be returned from client side middleware (#​14598)

  • Handle dataStrategy implementations that return insufficient result sets by adding errors for routes without any available result (#​14627)

sass/embedded-host-node (sass-embedded)

v1.97.2

Compare Source

  • Additional fixes for implicit configuration when nested imports are involved.

v1.97.1

Compare Source

  • Fix a bug with the new CSS-style if() syntax where values would be evaluated
    even if their conditions didn't match.

v1.97.0

Compare Source

  • Add support for the display-p3-linear color space.

v1.96.0

Compare Source

  • Allow numbers with complex units (more than one numerator unit or more than
    zero denominator units) to be emitted to CSS. These are now emitted as
    calc() expressions, which now support complex units in plain CSS.
vitejs/vite (vite)

v7.3.1

Compare Source

Please refer to CHANGELOG.md for details.

v7.3.0

Compare Source

Please refer to CHANGELOG.md for details.

colinhacks/zod (zod)

v4.3.5

Compare Source

Commits:

v4.3.4

Compare Source

Commits:

v4.3.3

Compare Source

v4.3.2

Compare Source

v4.3.1

Compare Source

Commits:

  • 0fe8840 allow non-overwriting extends with refinements. 4.3.1

v4.3.0

Compare Source

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

z.fromJSONSchema()

Convert JSON Schema to Zod (#​5534, #​5586)

You can now convert JSON Schema definitions directly into Zod schemas. This function supports JSON Schema "draft-2020-12", "draft-7", "draft-4", and OpenAPI 3.0.

import * as z from "zod";

const schema = z.fromJSONSchema({
  type: "object",
  properties: {
    name: { type: "string", minLength: 1 },
    age: { type: "integer", minimum: 0 },
  },
  required: ["name"],
});

schema.parse({ name: "Alice", age: 30 }); // ✅

The API should be considered experimental. There are no guarantees of 1:1 "round-trip soundness": MySchema > z.toJSONSchema() > z.fromJSONSchema(). There are several features of Zod that don't exist in JSON Schema and vice versa, which makes this virtually impossible.

Features supported:

  • All primitive types (string, number, integer, boolean, null, object, array)
  • String formats (email, uri, uuid, date-time, date, time, ipv4, ipv6, and more)
  • Composition (anyOf, oneOf, allOf)
  • Object constraints (additionalProperties, patternProperties, propertyNames)
  • Array constraints (prefixItems, items, minItems, maxItems)
  • $ref for local references and circular schemas
  • Custom metadata is preserved

z.xor() — exclusive union (#​5534)

A new exclusive union type that requires exactly one option to match. Unlike z.union() which passes if any option matches, z.xor() fails if zero or more than one option matches.

const schema = z.xor([z.string(), z.number()]);

schema.parse("hello"); // ✅
schema.parse(42);      // ✅
schema.parse(true);    // ❌ zero matches

When converted to JSON Schema, z.xor() produces oneOf instead of anyOf.

z.looseRecord() — partial record validation (#​5534)

A new record variant that only validates keys matching the key schema, passing through non-matching keys unchanged. This is used to represent patternProperties in JSON Schema.

const schema = z.looseRecord(z.string().regex(/^S_/), z.string());

schema.parse({ S_name: "John", other: 123 });
// ✅ { S_name: "John", other: 123 }
// only S_name is validated, "other" passes through

.exactOptional() — strict optional properties (#​5589)

A new wrapper that makes a property key-optional (can be omitted) but does not accept undefined as an explicit value.

const schema = z.object({
  a: z.string().optional(),      // accepts `undefined`
  b: z.string().exactOptional(), // does not accept `undefined`
});

schema.parse({});                  // ✅
schema.parse({ a: undefined });    // ✅
schema.parse({ b: undefined });    // ❌

This makes it possible to accurately represent the full spectrum of optionality expressible using exactOptionalPropertyTypes.

.apply()

A utility method for applying arbitrary transformations to a schema, enabling cleaner schema composition. (#​5463)

const setCommonChecks = <T extends z.ZodNumber>(schema: T) => {
  return schema.min(0).max(100);
};

const schema = z.number().apply(setCommonChecks).nullable();

.brand() cardinality

The .brand() method now accepts a second argument to control whether the brand applies to input, output, or both. Closes #​4764, #​4836.

// output only (default)
z.string().brand<"UserId">();           // output is branded (default)
z.string().brand<"UserId", "out">();    // output is branded
z.string().brand<"UserId", "in">();     // input is branded
z.string().brand<"UserId", "inout">();  // both are branded

Type predicates on .refine() (#​5575)

The .refine() method now supports type predicates to narrow the output type:

const schema = z.string().refine((s): s is "a" => s === "a");

type Input = z.input<typeof schema>;   // string
type Output = z.output<typeof schema>; // "a"

ZodMap methods: min, max, nonempty, size (#​5316)

ZodMap now has parity with ZodSet and ZodArray:

const schema = z.map(z.string(), z.number())
  .min(1)
  .max(10)
  .nonempty();

schema.size; // access the size constraint

.with() alias for .check() (359c0db)

A new .with() method has been added as a more readable alias for .check(). Over time, more APIs have been added that don't qualify as "checks". The new method provides a readable alternative that doesn't muddy semantics.

z.string().with(
  z.minLength(5),
  z.toLowerCase()
);

// equivalent to:
z.string().check(
  z.minLength(5),
  z.trim(),
  z.toLowerCase()
);
z.slugify() transform

Transform strings into URL-friendly slugs. Works great with .with():

// Zod
z.string().slugify().parse("Hello World");           // "hello-world"

// Zod Mini
// using .with() for explicit check composition
z.string().with(z.slugify()).parse("Hello World");   // "hello-world"

z.meta() and z.describe() in Zod Mini (947b4eb)

Zod Mini now exports z.meta() and z.describe() as top-level functions for adding metadata to schemas:

import * as z from "zod/mini";

// add description
const schema = z.string().with(
  z.describe("A user's name"),
);

// add arbitrary metadata
const schema2 = z.number().with(
  z.meta({ deprecated: true })
);

New locales

import * as z from "zod";
import { uz } from "zod/locales";

z.config(uz());





Bug fixes

All of these changes fix soundness issues in Zod. As with any bug fix there's some chance of breakage if you were intentionally or unintentionally relying on this unsound behavior.

⚠️ .pick() and .omit() disallowed on object schemas containing refinements (#​5317)

Using .pick() or .omit() on object schemas with refinements now throws an error. Previously, this would silently drop the refinements, leading to unexpected behavior.

const schema = z.object({
  password: z.string(),
  confirmPassword: z.string(),
}).refine(data => data.password === data.confirmPassword);

schema.pick({ password: true });
// 4.2: refinement silently dropped ⚠️
// 4.3: throws error ❌

Migration: The easiest way to migrate is to create a new schema using the shape of the old one.

const newSchema = z.object(schema.shape).pick({ ... })
⚠️ .extend() disallowed on refined schemas (#​5317)

Similarly, .extend() now throws on schemas with refinements. Use .safeExtend() if you need to extend refined schemas.

const schema = z.object({ a: z.string() }).refine(/* ... */);

// 4.2: refinement silently dropped ⚠️
// 4.3: throws error ✅
schema.extend({ b: z.number() });
// error: object schemas containing refinements cannot be extended. use `.safeExtend()` instead.
⚠️ Stricter object masking methods (#​5581)

Object masking methods (.pick(), .omit()) now validate that the keys provided actually exist in the schema:

const schema = z.object({ a: z.string() });

// 4.3: throws error for unrecognized keys
schema.pick({ nonexistent: true });
// error: unrecognized key: "nonexistent"

Additional changes

  • Fixed JSON Schema generation for z.iso.time with minute precision (#​5557)
  • Fixed error details for tuples with extraneous elements (#​5555)
  • Fixed includes method params typing to accept string | $ZodCheckIncludesParams (#​5556)
  • Fixed numeric formats error messages to be inclusive (#​5485)
  • Fixed implementAsync inferred type to always be a promise (#​5476)
  • Tightened E.164 regex to require a non-zero leading digit and 7–15 digits total (#​5524)
  • Fixed Dutch (nl) error strings (#​5529)
  • Convert Date instances to numbers in minimum/maximum checks (#​5351)
  • Improved numeric keys handling in z.record() (#​5585)
  • Lazy initialization of ~standard schema property (#​5363)
  • Functions marked as @__NO_SIDE_EFFECTS__ for better tree-shaking (#​5475)
  • Improved metadata tracking across child-parent relationships (#​5578)
  • Improved locale translation approach (#​5584)
  • Dropped id uniqueness enforcement at registry level (#​5574)

v4.2.1

Compare Source

v4.2.0

Compare Source

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()
const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};

const schema = z.fromJSONSchema(jsonSchema);
Implement z.xor()
const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match
Implement z.looseRecord()
const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

Configuration

📅 Schedule: Branch creation - Between 07:00 AM and 09:59 AM, only on Monday ( * 7-9 * * 1 ) in timezone Europe/Istanbul, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner December 8, 2025 06:15
@changeset-bot
Copy link

changeset-bot bot commented Dec 8, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 2f752cb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 714de3d to 29bbe2a Compare December 10, 2025 13:42
@renovate renovate bot changed the title fix(deps): update all non-major dependencies fix(deps): update all non-major dependencies - autoclosed Dec 10, 2025
@renovate renovate bot closed this Dec 10, 2025
@renovate renovate bot deleted the renovate/all-minor-patch branch December 10, 2025 18:00
@renovate renovate bot changed the title fix(deps): update all non-major dependencies - autoclosed fix(deps): update all non-major dependencies Dec 15, 2025
@renovate renovate bot reopened this Dec 15, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 12 times, most recently from 166078f to 36d4273 Compare December 20, 2025 02:39
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 250ed90 to 104e555 Compare December 31, 2025 20:39
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from d98f16c to dc707d0 Compare January 7, 2026 18:11
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from dc707d0 to 2f752cb Compare January 7, 2026 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant