Skip to content

[master] Michijs Dependabot changes #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[master] Michijs Dependabot changes #71

wants to merge 1 commit into from

Conversation

@michijs-dependabot
Copy link
Contributor

@michijs-dependabot michijs-dependabot bot commented Oct 20, 2025

Updated Packages

@michijs-dependabot
Copy link
Contributor Author

michijs-dependabot bot commented Oct 20, 2025

Bump typescript from 5.9.2 to 5.9.3

Changelog:
Sourced from releases. 
        ### v5.9.3Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

  • npm

          ### v5.9.2Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

Commit history:
  • 2dce0c Intentionally regress one buggy declaration output to an older version (#62163)
  • 0d9b9b 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#62164)

    Co-authored-by: Jake Bailey <5341706+jakebailey@​users.noreply.redirect.github.com>

  • bdb641 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#62424)

    Co-authored-by: Mateusz Burzyński <mateuszburzynski@​gmail.com>

  • 042433 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)

    Co-authored-by: Jake Bailey <5341706+jakebailey@​users.noreply.redirect.github.com>

  • a131ca 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#62426)

    Co-authored-by: Greggman <github@​greggman.com>

  • 8428ca 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#62440)

    Co-authored-by: Sheetal Nandi <shkamat@​microsoft.com>

  • c63de1 Bump version to 5.9.3 and LKG

@michijs-dependabot
Copy link
Contributor Author

michijs-dependabot bot commented Oct 20, 2025

Bump bun from 1.2.21 to 1.3.0

Changelog:
Sourced from releases. 
        ### bun-v1.3.0

Read the blog post

Group 77

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3:

bun upgrade
        ### bun-v1.2.23To install Bun v1.2.23

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.2.23:

bun upgrade

Read Bun v1.2.23's release notes on Bun's blog

Thanks to 16 contributors!

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.2.22:

bun upgrade

Read Bun v1.2.22's release notes on Bun's blog

Thanks to 14 contributors!

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.2.21:

bun upgrade

Read Bun v1.2.21's release notes on Bun's blog

Thanks to 23 contributors!

Commit history:
  • de4a5a fix(bundler): `import.meta.url` and esm wrapper fixes (#23803)

    What does this PR do?

    Fixes printing import.meta.url and others with --bytecode. Fixes
    #14954.

    Fixes printing __toESM when output module format is CJS and input
    module format is ESM.

    The key change is that __toESM's isNodeMode parameter now depends on
    the input module type (whether the importing file uses ESM syntax
    like import/export) rather than the output format. This matches
    Node.js ESM behavior where importing CommonJS from .mjs files always
    wraps the entire module.exports object as the default export, ignoring
    __esModule markers.

    How did you verify your code works?

    Added comprehensive test suite in test/bundler/bundler_cjs.test.ts
    with 23 tests covering:

    Core Behaviors:

    • ✅ Files using import syntax always get isNodeMode=1, which
      ignores __esModule markers and wraps the entire CJS module as
      default
    • ✅ This matches Node.js ESM semantics for importing CJS from .mjs
      files
    • ✅ Different CJS export patterns (exports.x, module.exports = ...,
      functions, primitives)
    • ✅ Named, default, and namespace (import *) imports
    • ✅ Different targets (node, browser, bun) - all behave the same
    • ✅ Different output formats (esm, cjs) - format doesn't affect the
      behavior
    • .mjs files re-exporting from .cjs
    • ✅ Deep re-export chains
    • ✅ Edge cases (non-boolean __esModule, __esModule=false, etc.)

    Test Results:

    • With this PR's changes: All 23 tests pass ✅
    • Without this PR (system bun): 22 pass, 1 fails (the one testing
      that __esModule is ignored with import syntax + CJS format)

    The failing test with system bun demonstrates the bug being fixed:
    currently, format=cjs with import syntax still respects __esModule,
    but it should ignore it (matching Node.js behavior).

    Co-authored-by: Jarred Sumner <jarred@​jarredsumner.com>
    Co-authored-by: Claude Bot <claude-bot@​bun.sh>

  • f91235 Update process.test.js
  • acefbe Format + bump runtime transpiler cache version
  • 4a0699 Port SocketConfig to bindings generator (#23755)

    (For internal tracking: fixes STAB-1471, STAB-1472, STAB-1473,
    STAB-1474, STAB-1475, STAB-1476, STAB-1480, STAB-1481)

    Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@​users.noreply.redirect.github.com>
    Co-authored-by: Jarred Sumner <jarred@​jarredsumner.com>

  • 74faec Deflake test/js/bun/http/req-url-leak.test.ts
  • abb82a Deflake test/js/bun/io/bun-write.test.js
  • 47af6e Deflake test/regression/issue/21311.test.ts
  • 0cb41b Move process.title test
  • b86796 Remove unused EventLoopTimer.Arm return type (#23765)

    Summary

    The EventLoopTimer.Arm result from EventLoopTimer.fire() was being
    ignored at both call sites. This PR removes the unused return type and
    simplifies the code.

    Changes

    • Changed EventLoopTimer.fire() to return void instead of Arm
    • Updated all 15 timer callback functions to return void
    • Removed the Arm type definition
    • Simplified the drainTimers() loop that was ignoring the return value
    • Updated both call sites in Timer.zig

    Details

    The .rearm functionality was unused - timers that need to reschedule
    themselves (like DNS resolver) handle this by calling
    addTimer()/update() directly rather than relying on the return
    value.

    This change removes:

    • The Arm union enum type (3 lines)
    • All return .disarm and return .{ .rearm = ... } statements
    • The switch statement in drainTimers() that did nothing with the
      return value

    Net result: -58 lines of dead code removed.

    Testing

    • Bun builds successfully with bun bd

    🤖 Generated with Claude Code

    Co-authored-by: Claude Bot <claude-bot@​bun.sh>
    Co-authored-by: Claude <noreply@​anthropic.com>

  • 0b89a4 Fix INSPECT_MAX_BYTES ESM export (#23799)

    What does this PR do?

    How did you verify your code works?

    Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@​users.noreply.redirect.github.com>
    Co-authored-by: Claude Bot <claude-bot@​bun.sh>
    Co-authored-by: Claude <noreply@​anthropic.com>

  • 8e34ec Fix IP address retrieval in server response (#23813)

    What does this PR do?

    Fix, response example - requestIP return object.

    image


    image

    Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@​users.noreply.redirect.github.com>

  • 2ebf6c Fix bounds check in Buffer writeBigInt64/writeBigUInt64 methods (#23781)

    Summary

    Fixed an unsigned integer underflow in the bounds check for
    writeBigInt64LE, writeBigInt64BE, writeBigUInt64LE, and
    writeBigUInt64BE methods.

    Problem

    When byteLength < 8, the bounds check offset > byteLength - 8 would
    cause unsigned integer underflow (since both are size_t), resulting in
    a large positive number that would pass the check. This allowed
    out-of-bounds writes and caused ASAN use-after-poison errors.

    Reproduction:

    const buf = Buffer.from("Hello World");
const slice = buf.slice(0, 5);
slice.writeBigUInt64BE(4096n, 10000); // ASAN error!

    Solution

    Added an explicit byteLength < 8 check before the subtraction to
    prevent the underflow. The fix is applied to all four functions:

    • writeBigInt64LE (src/bun.js/bindings/JSBuffer.cpp:2464)
    • writeBigInt64BE (src/bun.js/bindings/JSBuffer.cpp:2504)
    • writeBigUInt64LE (src/bun.js/bindings/JSBuffer.cpp:2543)
    • writeBigUInt64BE (src/bun.js/bindings/JSBuffer.cpp:2582)

    Test plan

    • Added comprehensive regression tests covering all edge cases
    • Verified the original reproduction case now throws a proper RangeError
      instead of crashing
    • All tests pass

    🤖 Generated with Claude Code

    Co-authored-by: Claude Bot <claude-bot@​bun.sh>
    Co-authored-by: Claude <noreply@​anthropic.com>
    Co-authored-by: Jarred Sumner <jarred@​jarredsumner.com>

  • 6ee9da Fix URLSearchParams.toJSON() assertion failure with numeric string keys (#23785)

    Summary

    Fixes an assertion failure that occurred when URLSearchParams.toJSON()
    was called with numeric string keys.

    The Problem

    When using numeric string keys (e.g., "39208", "0", "100"),
    calling toJSON() would trigger:

    ASSERTION FAILED: !parseIndex(propertyName)
cache/webkit-6d0f3aac0b817cc0/include/JavaScriptCore/JSObjectInlines.h:444

    Reproduction:

    const params = new URLSearchParams();
params.set("39208", "updated");
params.toJSON(); // crashes

    Root Cause

    The getInternalProperties function in JSURLSearchParams.cpp was
    using putDirect() to add properties to the result object. However,
    putDirect() cannot be used with property names that can be parsed as
    array indices - JSC expects such properties to use indexed storage
    instead.

    The Fix

    • Replace putDirect() with putDirectMayBeIndex(), which
      automatically handles both regular properties and numeric indices
    • Replace getDirect() with get() to properly retrieve values for
      both types of properties

    Test Plan

    Added comprehensive tests to test/js/web/html/URLSearchParams.test.ts:

    • ✅ Single numeric string keys
    • ✅ Multiple numeric keys
    • ✅ Mixed numeric and non-numeric keys
    • ✅ Duplicate numeric keys
    • ✅ Extra arguments (original crash case)

    All tests pass, and the original crash no longer occurs.

    🤖 Generated with Claude Code

    Co-authored-by: Claude Bot <claude-bot@​bun.sh>
    Co-authored-by: Claude <noreply@​anthropic.com>
    Co-authored-by: Jarred Sumner <jarred@​jarredsumner.com>

  • 6a52fd Update bundler_splitting.test.ts
  • e9e9ca Enable minify.keepNames in JS builtins
  • bd15fc Enable minify.keepNames in JS builtins
  • f702ae Fix panic when setting process.title with UTF-16 characters (#23783)
  • 0a92d6 Deflake test/js/bun/spawn/spawn-pipe-leak.test.ts
  • d6cfb5 Deflake bundler_splitting.test.ts
  • d9a867 fix(23621): RedisClient Invalid URL (#23714)

    What does this PR do?

    Fixes #23621.

    Note that the quality of this code is quite low, but since Redis is
    getting a rewrite, this is a stop-gap. The tests are what really matters
    here.

    This whole PR is claude.

    How did you verify your code works?

    CI.

    Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@​users.noreply.redirect.github.com>

  • 1abfc0 fix: panic when overriding Set/Map size property with non-numeric value (#23787)

    Summary

    Fixes a panic that occurred when console.log() tried to format a Set
    or Map instance with a non-numeric size property.

    Issue

    When a Set or Map subclass overrides the size property with a
    non-numeric value (like a constructor function, string, or other
    object), calling console.log() on the instance would trigger a panic:

    class C1 extends Set {
    constructor() {
        super();
        Object.defineProperty(this, "size", {
            writable: true,
            enumerable: true,
            value: Set
        });
        console.log(this); // panic!
    }
}
new C1();

    Root Cause

    In src/bun.js/ConsoleObject.zig, the Map and Set formatting code
    called toInt32() directly on the size property value. This function
    asserts that the value is not a Cell (objects/functions), causing a
    panic when size was overridden with non-numeric values.

    Solution

    Changed both Map and Set formatting to use coerce(i32, globalThis)
    instead of toInt32(). This properly handles non-numeric values using
    JavaScript's standard type coercion rules and propagates any coercion
    errors appropriately.

    Test Plan

    Added regression tests to test/js/bun/util/inspect.test.js that verify
    Set and Map instances with overridden non-numeric size properties can
    be inspected without panicking.

    🤖 Generated with Claude Code

    Co-authored-by: Claude Bot <claude-bot@​bun.sh>
    Co-authored-by: Claude <noreply@​anthropic.com>

  • 28f0e5 Fix Headers.append() assertion with numeric string property names (#23782)
  • a7816c Preserve original types in PosixStat
  • 4142f8 Fix unnecessary reinterpret_casts from JSGlobalObject to Zig::GlobalObject (#23387)

    (For internal tracking: fixes STAB-1384)

  • 134341 Remove duplicate 'linked' option from sourcemap (#23737)

    Bun bundler documentation duplicated the "linked" type for sourcemap.

    What does this PR do?

    Fix documentation mistake.

    How did you verify your code works?

    No code changes have been made.

  • 642d04 Add --pass-with-no-tests flag to test runner (#23424)

    Summary

    This PR adds support for the --pass-with-no-tests CLI flag to the test
    runner, addressing issue #20814.

    With the latest v1.2.8 release, the test runner now fails when no tests
    match a filter. While this is useful for agentic coding workflows, there
    are legitimate cases where the previous behavior is preferred, such as
    in monorepos where a standard test file pattern is used as a filter but
    not all packages contain tests.

    This flag makes the test runner behave like Jest and Vitest, exiting
    with code 0 when no tests are found.

    Changes

    • Added --pass-with-no-tests flag to CLI arguments in
      src/cli/Arguments.zig
    • Added pass_with_no_tests field to TestOptions struct in
      src/cli.zig
    • Updated test runner logic in src/cli/test_command.zig to respect the
      flag
    • Added comprehensive tests in
      test/cli/test/pass-with-no-tests.test.ts

    Test Plan

    All new tests pass:

    • --pass-with-no-tests exits with 0 when no test files found
    • --pass-with-no-tests exits with 0 when filters match no tests
    • ✅ Without flag, still exits with 1 when no tests found (preserves
      existing behavior)
    • --pass-with-no-tests still fails when actual tests fail

    Closes #20814

    🤖 Generated with Claude Code

    Co-authored-by: Claude Bot <claude-bot@​bun.sh>
    Co-authored-by: Claude <noreply@​anthropic.com>
    Co-authored-by: pfg <pfg@​pfg.pw>

  • fadce1 cpp: address an ErrorCode todo (#23679)
  • 40b9a9 fix(fetch) Reduce memory usage (#23697)

    What does this PR do?

    reduce memory usage when streaming (this should be a temporary solution
    until owned_and_done is fixed)

    How did you verify your code works?

    Added a test that should not be flaky in CI

    Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@​users.noreply.redirect.github.com>

  • 81c453 Make JSValue.asCell more efficient (#23386)

    Avoid calling into C++ in jsc.JSValue.asCell.

    (For internal tracking: fixes ENG-20820)

    Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@​users.noreply.redirect.github.com>

  • 1f48dc 'vi' was missing from bun test globals (#23674)

    // a.test.ts
console.log(vi);
// $> bun test ./a.test.ts
// before: not defined
// after: defined

    https://redirect.github.com/oven-sh/bun/issues/1825#issuecomment-3094507154

@michijs-dependabot
Copy link
Contributor Author

michijs-dependabot bot commented Oct 20, 2025

Bump mermaid from 11.10.1 to 11.12.0

Changelog:
Sourced from releases. 
        ### mermaid@&ZeroWidthSpace;11.12.0### Minor Changes

Patch Changes

  • #6950 a957908 Thanks @​shubhamparikh2704! - chore: Fix mindmap rendering in docs and apply tidytree layout

  • #6826 1d36810 Thanks @​darshanr0107! - fix: Ensure edge label color is applied when using classDef with edge IDs

  • #6945 d318f1a Thanks @​darshanr0107! - fix: Resolve gantt chart crash due to invalid array length

  • #6918 cfe9238 Thanks @​shubhamparikh2704! - chore: revert marked dependency from ^15.0.7 to ^16.0.0

    • Reverted marked package version to ^16.0.0 for better compatibility

    • This is a dependency update that maintains API compatibility

    • All tests pass with the updated version

      ### @&ZeroWidthSpace;mermaid-js/tiny@&ZeroWidthSpace;11.12.0### Minor Changes

  • #6921 764b315 Thanks @​quilicicf! - feat: Add IDs in architecture diagrams

Patch Changes

  • #6950 a957908 Thanks @​shubhamparikh2704! - chore: Fix mindmap rendering in docs and apply tidytree layout

  • #6826 1d36810 Thanks @​darshanr0107! - fix: Ensure edge label color is applied when using classDef with edge IDs

  • #6945 d318f1a Thanks @​darshanr0107! - fix: Resolve gantt chart crash due to invalid array length

  • #6918 cfe9238 Thanks @​shubhamparikh2704! - chore: revert marked dependency from ^15.0.7 to ^16.0.0

    • Reverted marked package version to ^16.0.0 for better compatibility

    • This is a dependency update that maintains API compatibility

    • All tests pass with the updated version

      ### @&ZeroWidthSpace;mermaid-js/tiny@&ZeroWidthSpace;11.11.0### Minor Changes

  • #6704 012530e Thanks @​omkarht! - feat: Added support for new participant types (actor, boundary, control, entity, database, collections, queue) in sequenceDiagram.

  • #6802 c8e5027 Thanks @​darshanr0107! - feat: Update mindmap rendering to support multiple layouts, improved edge intersections, and new shapes

Patch Changes

Commit history:
  • 3d768f Merge pull request #6975 from ilovelinux/fix/6974-ilovelinux-fix-classdiagram-example

    Fix classDiagram example

  • 18f51e Merge pull request #6843 from saurabhg772244/saurabh/fix-edge-animation-for-hand-dranw-shapes

    Fixed edge animation for hand drawn shapes

  • 2bb57b Merge pull request #6989 from mermaid-js/subgraph-td-direction

    6338: allow direction TD inside subgraphs

  • a6276d Merge pull request #7055 from mermaid-js/sequence-diagram-participant-name-parsing

    6853: prevent browser freeze caused by invalid participant name in sequenceDiagram

  • ac411a Fix class diagram example
  • d80a63 Merge pull request #6023 from yari-dewalt/fix_lollipop_stroke

    Fix: Delete 'stroke: black' from lollipop marker so it matches themes and edge paths

  • 7a869c Merge pull request #6026 from yari-dewalt/bug/5669_class-diagram-fix-namespace-themes

    Fix: Class diagram namespaces black lines, not responding to theme variables

  • 44e8cb Merge branch 'develop' into bug/5669_class-diagram-fix-namespace-themes
  • efe38b Merge branch 'develop' into fix_lollipop_stroke
  • 6fecb9 fix: failing argos
    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>
  • 69b338 fix: formatting issues

    Co-authored-by: omkarht <omkar@​mermaidchart.com>

  • fa15ce chore: added changeset

    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>

  • 6d0650 fix: handle participant names with spaces correctly in sequenceDiagram

    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>

  • c728d8 Merge pull request #7054 from mermaid-js/fix/update-argos-ci-version

    fix: update @​argos-ci/cypress to version 6.1.3

  • 99f17b fix: update @​argos-ci/cypress to version 6.1.3
  • c1c14e Merge pull request #7019 from mermaid-js/tmp-mindmap-elk

    mindmap breaking issue in ELK layout

  • 8b3057 fix: guard nodeDb[node.id] against undefined

    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>

  • 717d3b Merge pull request #6984 from mermaid-js/fix/er-diagram-syntax-error-special-chars

    fix(er-diagram): handle syntax errors for special characters in node names

  • 2f8d9b Merge pull request #6789 from mermaid-js/6638-sequence-diagram-additional-messages

    6638:sequence diagram additional messages

  • ace036 chore: add changeset
    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>
  • b98362 Fix for reference issue affecting mindmaps
  • 7effdc Merge pull request #6997 from mermaid-js/ci/enable-codeql-for-github-actions

    ci(codeql): enable CodeQL for GitHub Actions

  • 6e6751 ci(codeql): enable CodeQL for GitHub Actions

    Support for scanning GitHub Actions was added in 2024-12-17, see
    https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview/

  • 1a9d45 fix: allow direction TD inside subgraphs

    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>

  • 09b74f chore: added changeset

    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>

  • 880da2 test: add tests for handling special characters and numeric entity names

    on-behalf-of: @​Mermaid-Chart <hello@​mermaidchart.com>

  • 381912 Merge branch 'develop' into fix/er-diagram-syntax-error-special-chars
  • b75dcb Merge branch 'develop' into 6638-sequence-diagram-additional-messages
  • 4c1e17 fix(er-diagram): handle syntax errors for special characters in node names
  • d5c4ef Merge pull request #6972 from mermaid-js/renovate/patch-all-patch

    fix(deps): update all patch dependencies (patch)

@michijs-dependabot michijs-dependabot bot deleted the michijs-dependabot branch October 27, 2025 01:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant