Skip to content

chore(deps): update all non-major dependencies #164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): update all non-major dependencies #164

wants to merge 1 commit into from
+75 −194

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 4, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@stacksjs/bumpx ^0.1.84 -> ^0.2.4 age adoption passing confidence devDependencies minor
@stacksjs/logsmith ^0.1.18 -> ^0.2.1 age adoption passing confidence devDependencies minor
@types/bun (source) ^1.2.23 -> ^1.3.3 age adoption passing confidence devDependencies minor
actions/checkout v5.0.0 -> v5.0.1 age adoption passing confidence action patch
buddy-bot ^0.9.7 -> ^0.9.12 age adoption passing confidence devDependencies patch
bun-git-hooks ^0.2.19 -> ^0.3.1 age adoption passing confidence devDependencies minor
bun-plugin-dtsx (source) ^0.21.12 -> ^0.21.17 age adoption passing confidence devDependencies patch
bunfig ^0.15.0 -> ^0.15.6 age adoption passing confidence devDependencies patch
node-forge ^1.3.1 -> ^1.3.3 age adoption passing confidence devDependencies patch
shivammathur/setup-php 2.35.5 -> 2.36.0 age adoption passing confidence action minor
stacksjs/action-releaser v1.1.0 -> v1.2.7 age adoption passing confidence action minor
vite (source) ^7.1.7 -> ^7.2.6 age adoption passing confidence peerDependencies minor
vite (source) ^7.1.7 -> ^7.2.6 age adoption passing confidence devDependencies minor

Release Notes

stacksjs/bumpx (@​stacksjs/bumpx)

v0.2.4

Compare Source

No significant changes

    View changes on GitHub

v0.2.3

Compare Source

   🚀 Features
    View changes on GitHub

v0.2.2

Compare Source

No significant changes

    View changes on GitHub

v0.2.1

Compare Source

No significant changes

    View changes on GitHub

v0.2.0

Compare Source

No significant changes

    View changes on GitHub

v0.1.86

Compare Source

No significant changes

    View changes on GitHub

v0.1.85

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
stacksjs/logsmith (@​stacksjs/logsmith)

v0.2.1

Compare Source

No significant changes

    View changes on GitHub

v0.2.0

Compare Source

No significant changes

    View changes on GitHub
actions/checkout (actions/checkout)

v5.0.1

Compare Source

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

stacksjs/buddy-bot (buddy-bot)

v0.9.12

Compare Source

v0.9.11

Compare Source

Compare changes

🚀 Features
🧹 Chores
📄 Miscellaneous
Contributors
  • Chris <chrisbreuer93@​gmail.com>
  • cab-mikee <mike.cabz32@​gmail.com>
  • glennmichael123 gtorregosa@gmail.com
  • renovate[bot] <29139614+renovate[bot]@​users.noreply.github.com>

v0.9.9

Compare Source

v0.9.8

Compare Source

stacksjs/bun-git-hooks (bun-git-hooks)

v0.3.1

Compare Source

No significant changes

    View changes on GitHub

v0.3.0

Compare Source

No significant changes

    View changes on GitHub
stacksjs/bunfig (bunfig)

v0.15.6

Compare Source

No significant changes

    View changes on GitHub

v0.15.5

Compare Source

No significant changes

    View changes on GitHub

v0.15.4

Compare Source

No significant changes

    View changes on GitHub

v0.15.3

Compare Source

No significant changes

    View changes on GitHub

v0.15.2

Compare Source

No significant changes

    View changes on GitHub

v0.15.1

Compare Source

No significant changes

    View changes on GitHub
digitalbazaar/forge (node-forge)

v1.3.3

Compare Source

Fixed
  • [pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX issues
    introduced in 1.3.2.

v1.3.2

Compare Source

Security
  • HIGH: ASN.1 Validator Desynchronization
    • An Interpretation Conflict (CWE-436) vulnerability in node-forge versions
      1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1
      structures to desynchronize schema validations, yielding a semantic
      divergence that may bypass downstream cryptographic verifications and
      security decisions.
    • Reported by Hunter Wodzenski.
    • CVE ID: CVE-2025-12816
    • GHSA ID: GHSA-5gfm-wpxj-wjgq
  • HIGH: ASN.1 Unbounded Recursion
    • An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions
      1.3.1 and below enables remote, unauthenticated attackers to craft deep
      ASN.1 structures that trigger unbounded recursive parsing. This leads to a
      Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER
      inputs.
    • Reported by Hunter Wodzenski.
    • CVE ID: CVE-2025-66031
    • GHSA ID: GHSA-554w-wpv2-vw27
  • MODERATE: ASN.1 OID Integer Truncation
    • An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1
      and below enables remote, unauthenticated attackers to craft ASN.1
      structures containing OIDs with oversized arcs. These arcs may be decoded
      as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the
      bypass of downstream OID-based security decisions.
    • Reported by Hunter Wodzenski.
    • CVE ID: CVE-2025-66030
    • GHSA ID: GHSA-65ch-62r8-g69g
Fixed
  • [asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC
    verification bypass due to missing macData enforcement and improper
    asn1.validate routine.
  • [asn1] Add fromDer() max recursion depth check.
    • Add a asn1.maxDepth global configurable maximum depth of 256.
    • Add a asn1.fromDer() per-call maxDepth option.
    • NOTE: The default maximum is assumed to be higher than needed for valid
      data. If this assumption is false then this could be a breaking change.
      Please file an issue if there are use cases that need a higher maximum.
    • NOTE: The per-call maxDepth parameter has not been exposed up through
      all of the API stack due to the complexities involved. Please file an issue
      if there are use cases that require this instead of changing the default
      maximum.
  • [asn1] Improve OID handling.
    • Error on parsed OID values larger than 2**32 - 1.
    • Error on DER OID values larger than 2**53 - 1 .
shivammathur/setup-php (shivammathur/setup-php)

v2.36.0

Compare Source

Changelog
  • Added support for PHP 8.5 stable release.
- name: Setup PHP 8.5 (stable) uses: shivammathur/setup-php@v2 with: php-version: '8.5'
  • Added support for PHP 8.6.0-dev. Specifying 8.6 in the php-version input should now set up a nightly build from the master branch of php-src. (#​1002)
- name: Setup PHP 8.6.0-dev uses: shivammathur/setup-php@v2 with: php-version: '8.6'
  • Added support for pdo_ibm and ibm_db2 extensions.
- name: Setup PHP with pdo_ibm and ibm_db2 extensions uses: shivammathur/setup-php@v2 with: php-version: '8.5' extensions: pdo_ibm, ibm_db2
  • Added support to install blackfire extension on PHP 8.5.
- name: Setup PHP with blackfire extension uses: shivammathur/setup-php@v2 with: php-version: '8.5' extensions: blackfire
  • Improved support to detect the required libraries when building from source for common extensions. For example installing gnupg from source would install the required libgpgme library automatically. (#​1021)
- name: Setup PHP with amqp extension uses: shivammathur/setup-php@v2 with: php-version: '8.5' extensions: gnupg-1.5.4
  • Improved support for symfony-cli. It should now correctly set up the requested version. (#​1008)
- name: Setup PHP with symfony-cli uses: shivammathur/setup-php@v2 with: php-version: '8.5' tools: symfony-cli:5.16.0

  • Improved support for relay extension. Also added support to install the nightly version of the extension. (#​1011, #​1012)

  • Improved installing PHP on macOS. Also fixed installing PHP on macos-15-intel GitHub runner. (#​1029)

  • Improved support for deb822 format sources files on Linux. It should now set up the sources files in deb822 format on Ubuntu 24.04, Debian 13, and newer. It would automatically switch the format as well for the repositories added by the action to the new format when supported. (#​1027)

  • Improved support for installing pdo_oci. (#​1028)

  • Fixed installing gearman extension for PHP 5.6 and 7.0 on Linux.

  • Fixed an edge case in tools setup to fall back to the latest version. (#​1024)

  • Fixed support to build extensions with uppercase names from PECL. (#​1017)

  • Fixed warning on redis setup on macOS after formula rename. (shivammathur/homebrew-extensions#5413)

  • Fixed fallback link for composer setup. (#​1025)

  • Updated the link for flex documentation in README. (#​1020)

  • Updated Node.js dependencies.

Thanks @​shyim, @​tillkruss, and @​nicolas-grekas for the contributions 🎉

Thanks @​JetBrainsOfficial and @​cachewerk for the sponsorship ❤️

For the complete list of changes, please refer to the Full Changelog

Follow for updates

setup-php reddit setup-php twitter setup-php status

stacksjs/action-releaser (stacksjs/action-releaser)

v1.2.7

Compare Source

v1.2.6

Compare Source

Compare changes

🐛 Bug Fixes
  • include dist directory in git for GitHub Actions (b6da289)
🧹 Chores
Contributors
  • Chris <chrisbreuer93@​gmail.com>

v1.2.5

Compare Source

Compare changes

🐛 Bug Fixes
  • use local action in release workflow (9c930e1)
🧹 Chores
Contributors
  • Chris <chrisbreuer93@​gmail.com>

v1.2.4

Compare Source

v1.2.3

Compare Source

v1.2.2

Compare Source

v1.2.1

Compare Source

v1.2.0

Compare Source

vitejs/vite (vite)

v7.2.6

Compare Source

7.2.6 (2025-12-01)

v7.2.4

Compare Source

Bug Fixes

v7.2.3

Compare Source

Bug Fixes
Performance Improvements
Miscellaneous Chores

v7.2.2

Compare Source

Bug Fixes

v7.2.1

Compare Source

Bug Fixes
Code Refactoring

v7.2.0

Compare Source

Bug Fixes
  • css: fallback to sass when sass-embedded platform binary is missing (#​21002) (b1fd616)
  • module-runner: make getBuiltins response JSON serializable (#​21029) (ad5b3bf)
  • types: add undefined to optional properties for exactOptionalProperties type compatibility (#​21040) (2833c55)
Miscellaneous Chores

v7.1.12

Compare Source

Please refer to CHANGELOG.md for details.

v7.1.11

Compare Source

Bug Fixes
Miscellaneous Chores
Code Refactoring
Build System

v7.1.10

Compare Source

Bug Fixes
Documentation
Miscellaneous Chores

v7.1.9

Compare Source

Reverts

v7.1.8

Compare Source

Bug Fixes
Documentation
Miscellaneous Chores

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.
@netlify
Copy link

netlify bot commented Dec 4, 2025
edited
Loading

Deploy Preview for tlsx failed. Why did it fail? →

Name Link
🔨 Latest commit 84a7095
🔍 Latest deploy log https://app.netlify.com/projects/tlsx/deploys/6931c24bb913020008d8ffc1
@chrisbbreuer
Copy link
Member

chrisbbreuer commented Dec 4, 2025

🤖 Auto-closing obsolete PR

This PR was automatically closed because the dependency files it references are no longer present in the project.

Removed files:

  • [Age](https://docs.renovatebot.com/merge-confidence/)
  • ![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@stacksjs%2fbumpx/0.1.84/0.2.4?slim=true)
  • [@stacksjs/logsmith](https://redirect.github.com/stacksjs/logsmith)
  • ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@stacksjs%2flogsmith/0.1.18/0.2.1?slim=true)
  • [^1.2.23->^1.3.3](https://renovatebot.com/diffs/npm/@types%2fbun/1.2.23/1.3.3)
  • ![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fcheckout/v5.0.1?slim=true)
  • ![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/buddy-bot/0.9.12?slim=true)
  • ![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/bun-git-hooks/0.2.19/0.3.1?slim=true)
  • [bun-plugin-dtsx](https://redirect.github.com/stacksjs/dtsx/tree/main/packages/bun-plugin#readme) ([source](https://redirect.github.com/stacksjs/dtsx))
  • ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/bun-plugin-dtsx/0.21.12/0.21.17?slim=true)
  • [^0.15.0->^0.15.6](https://renovatebot.com/diffs/npm/bunfig/0.15.0/0.15.6)
  • ![age](https://developer.mend.io/api/mc/badges/age/npm/node-forge/1.3.3?slim=true)
  • ![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/shivammathur%2fsetup-php/2.36.0?slim=true)
  • ![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/stacksjs%2faction-releaser/v1.1.0/v1.2.7?slim=true)
  • [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
  • ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/7.1.7/7.2.6?slim=true)
  • [^7.1.7->^7.2.6](https://renovatebot.com/diffs/npm/vite/7.1.7/7.2.6)

If this was closed in error, please reopen the PR and update the dependency files accordingly.
@github-actions github-actions bot deleted the renovate/all-minor-patch branch December 4, 2025 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies minor

2 participants

@chrisbbreuer