Skip to content

chore(deps): update all non-major dependencies#124

Merged
renovate[bot] merged 1 commit into
mainfrom
renovate/all-minor-patch
Jun 29, 2026
Merged

chore(deps): update all non-major dependencies#124
renovate[bot] merged 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@ai-sdk/anthropic (source) 3.0.853.0.87 age confidence dependencies patch 3.0.89 (+1)
@ai-sdk/google (source) 3.0.833.0.84 age confidence dependencies patch 3.0.86 (+1)
@ai-sdk/openai (source) 3.0.733.0.75 age confidence dependencies patch 3.0.77 (+1)
@commitlint/cli (source) 21.0.221.1.0 age confidence devDependencies minor
@commitlint/config-conventional (source) 21.0.221.1.0 age confidence devDependencies minor
@harperfast/skills (source) 1.10.11.10.7 age confidence dependencies patch 1.10.8
ai (source) 6.0.2086.0.211 age confidence dependencies patch 6.0.214 (+2)
harper (source) 5.1.65.1.14 age confidence devDependencies patch
hono (source) 4.12.264.12.27 age confidence devDependencies patch
node (source) 24.17.024.18.0 age confidence minor
oxlint (source) 1.70.01.71.0 age confidence devDependencies minor
puppeteer (source) 25.1.025.2.1 age confidence optionalDependencies minor

Release Notes

vercel/ai (@​ai-sdk/anthropic)

v3.0.87

Compare Source

Patch Changes

v3.0.86

Compare Source

Patch Changes
  • 6086c60: fix(anthropic): reorder assistant content b/w client and provider tool use
conventional-changelog/commitlint (@​commitlint/cli)

v21.1.0

Compare Source

Features

21.0.2 (2026-05-29)

Bug Fixes

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v21.1.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

21.0.2 (2026-05-29)

Note: Version bump only for package @​commitlint/config-conventional

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/config-conventional

HarperFast/skills (@​harperfast/skills)

v1.10.7

Compare Source

v1.10.6

Compare Source

v1.10.5

Compare Source

v1.10.4

Compare Source

v1.10.3

Compare Source

Bug Fixes
  • use brace syntax for related-record select in defining-relationships (#​49) (431c937)

v1.10.2

Compare Source

harperfast/harper (harper)

v5.1.14

Compare Source

What's Changed

  • chore: bump version to v5.1.13 (sync with RC-branch release)
  • fix(blob): mark a retriable source-stream write-abort PENDING (503) instead of incomplete (500) (harper-pro#481) (#​1480)
  • fix(replication): skip keyed audit-dedup lookup for versions older than transaction-log retention (#​1486)
  • fix(blob): progress-gate the source-idle watchdog so a stalled paused receive recovers (#​1492)
  • chore(deps): Update rocksdb-js to 2.3.0
  • feat(replication): add replication_copyTimeout config param
  • test(integration): address review feedback on scale suite
  • test(integration): add scale correctness suite (#​1192)
  • Merge pull request #​1479 from HarperFast/kris/copy-apply-snapshot-core
  • feat(replication): apply bulk base-copy frames as snapshots without audit entries
  • Merge pull request #​1478 from HarperFast/safe-mode-notify-log
  • Merge pull request #​1477 from HarperFast/docs/clarify-runtime-globals-and-symlink
  • chore: drop accidentally committed node_modules symlink
  • fix(migration): feed only record shape to the structure observer
  • chore: format + lint (drop unused import, accurate test comments)
  • fix(migration): persist canonical classic structures so v5 workers don't fork
  • test(encoder): reproduce v4→v5 migration structure-id fork + reload recovery
  • Log a notify message at startup when HARPER_SAFE_MODE is set
  • docs: clarify that tables/databases are live process-wide singletons
  • feat(resources): support parameterised paths in Resource exports (#​602) (#​1460)
  • Fix deploy packaging an empty component when installed under a node_modules path (#​1466)

Full Changelog: HarperFast/harper@v5.1.12...v5.1.14

v5.1.13

Compare Source

What's Changed

  • Merge harper #​1479: Apply bulk base-copy frames as snapshots without audit entries
  • Merge harper #​1478: Log notify message at startup when HARPER_SAFE_MODE is set
  • Merge harper #​1477: docs: clarify that tables/databases are live process-wide singletons
  • feat(replication): apply bulk base-copy frames as snapshots without audit entries
  • chore: drop accidentally committed node_modules symlink
  • fix(migration): feed only record shape to the structure observer
  • chore: format + lint (drop unused import, accurate test comments)
  • fix(migration): persist canonical classic structures so v5 workers don't fork
  • test(encoder): reproduce v4→v5 migration structure-id fork + reload recovery
  • Log a notify message at startup when HARPER_SAFE_MODE is set
  • docs: clarify that tables/databases are live process-wide singletons
  • feat(resources): support parameterised paths in Resource exports (#​602) (#​1460)
  • Fix deploy packaging an empty component when installed under a node_modules path (#​1466)
  • fix(blob): wrap entry.value decode in decodeFromDatabase in findIncompleteBlobRefs
  • test(blob): add unit tests for isBlobComplete and findIncompleteBlobRefs
  • chore: format blob.test.js
  • test(blob): fix startPreCommitBlobsForRecord.complete() assertion for already-saving blobs
  • feat(blob): add findIncompleteBlobRefs generator and isBlobComplete for repair sweep

Full Changelog: HarperFast/harper@v5.1.12...v5.1.13

v5.1.12

Compare Source

What's Changed

  • fix: use getSync for system-table point reads (RocksDB MaybePromise)

Full Changelog: HarperFast/harper@v5.1.11...v5.1.12

v5.1.11

Compare Source

What's Changed

  • feat(blob): add findIncompleteBlobRefs and isBlobComplete for repair sweep (#​1387)

Full Changelog: HarperFast/harper@v5.1.10...v5.1.11

v5.1.10

Compare Source

What's Changed

  • fix(deps): update alasql
  • refactor(componentLoader): reuse resolvedFolder for the once-per-component key
  • fix: invoke startOnMainThread at most once per component
  • feat(mcp): complete the MCP v1 protocol surface (#​1349) (#​1404)

Full Changelog: HarperFast/harper@v5.1.9...v5.1.10

v5.1.9

Compare Source

What's Changed

  • Merge pull request #​1444 from HarperFast/fix/blob-receive-idle-watchdog
  • fix(test): eliminate race in Txn Expiration flaky test
  • Merge branch 'main' into fix/blob-receive-idle-watchdog
  • fix(blob): bound the stream() incomplete-content wait so a truncated blob can't spin a worker at 100% CPU (#​1454) (#​1456)
  • style(blob): prettier — drop stray blank line in opt-in test block (#​1444 format check)
  • fix(blob): make source-idle watchdog opt-in (per-stream arm), not default-on (#​1458)
  • fix(blob): narrow stream type to Readable, drop redundant casts (review)
  • Clarify upgrade migration log: show the data→software transition and migration purpose (#​1452)
  • fix(blob): default the source-stream idle watchdog ON (120s)
  • fix(blob): re-arm idle timer on pipeline backpressure, remove data listener on finish (review)
  • chore: prettier --write
  • fix(blob): idle watchdog on writeBlobWithStream source to unwedge stalled replication receives

Full Changelog: HarperFast/harper@v5.1.8...v5.1.9

v5.1.8

Compare Source

What's Changed

  • fix(jobs): exclude job worker ports from schema-change broadcasts (#​1428)
  • Overlap HTTP worker restarts to eliminate connection-refused gap (#​1417) (#​1432)
  • test: promote 15 single-node QA-campaign regression anchors (#​1427)
  • fix(deploy): restore CLI deploy compatibility with pre-5.1 servers (#​1447)

Full Changelog: HarperFast/harper@v5.1.7...v5.1.8

v5.1.7

Compare Source

What's Changed

  • test(tls): stabilize cert hot-reload test under CI overlayfs (inotify drop) (#​1439)
  • fix(blob): validate reads/replication against descriptor size and bound read waits (#​1424, #​1423) (#​1425)
  • fix: keep the operations API off the app http ports (#​1420) (#​1431)
  • Detect operationsApi/http port collisions during config validation (#​1430)
  • chore(deps): bump @​harperfast/integration-testing to ^0.6.2
  • docs(AGENTS): prefer plain assert over node:assert/strict
  • test(cooling): use waitFor instead of fixed sleep for recurring-pass assertion
  • Reconcile commit() type for rocksdb-js 2.2.0 coordinated-retry sentinel
  • Update lockfile for rocksdb-js 2.2.0
  • Guard against non-numeric cooling interval (NaN busy loop)
  • Document main-thread-vs-worker choice for periodic maintenance
  • Periodically cool transaction-log mmaps for memory reclamation

Full Changelog: HarperFast/harper@v5.1.6...v5.1.7

honojs/hono (hono)

v4.12.27

Compare Source

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

nodejs/node (node)

v24.18.0: 2026-06-23, Version 24.18.0 'Krypton' (LTS), @​richardlau prepared by @​sxa

Compare Source

Notable Changes
  • [e07e7a31e1] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #​63527
  • [44c8ebcbd6] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #​64004
  • [d3ef4122ee] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #​63597
  • [bb2857b85a] - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan) #​62527
  • [b9d5e87880] - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan) #​62527
  • [ccd756d61e] - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan) #​62183
  • [4c9251fc09] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
  • [8c989ec4a3] - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook) #​63079
  • [3f54c8ba32] - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison) #​63834
Commits

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "before 9am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot merged commit 7ea5062 into main Jun 29, 2026
5 checks passed
@renovate renovate Bot deleted the renovate/all-minor-patch branch June 29, 2026 13:46
@github-actions

Copy link
Copy Markdown

🎉 This PR is included in version 0.16.22 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants