Update dependency upgrades - non-major

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@types/node (source)	25.0.9 → 25.0.10
algoliasearch (source)	5.46.3 → 5.47.0
cheerio (source)	1.1.2 → 1.2.0
eslint-config-upleveled	9.4.2 → 9.4.6
pnpm (source)	10.28.0+sha512.05df71d1421f21399e053fde567cea34d446fa02c76571441bfc1c7956e98e363088982d940465fd34480d4d90a0668bc12362f8aa88000a64e83d0b0e47be48 → 10.28.2
prettier (source)	3.8.0 → 3.8.1
top-user-agents (source)	2.1.90 → 2.1.92
typescript-eslint (source)	8.53.0 → 8.54.0
vitest (source)	4.0.17 → 4.0.18

---

Release Notes

algolia/algoliasearch-client-javascript (algoliasearch)

v5.47.0

Compare Source

• f9ac3a711 feat(specs): introduce multifeed composition behavior for beta release (#​5828) by @​gavinwade12

v5.46.4

Compare Source

• f02ab6fa0 chore: agentic config prep (#​5825) by @​Fluf22

cheeriojs/cheerio (cheerio)

v1.2.0

Compare Source

What's Changed

• .val() now supports button values by @​kaioduarte in #​4175
• .find() now properly scopes :scope selectors by @​T0nd0Tara in #​4967
• The isHtml utility now runtime-validates input types by @​Mallikarjun-0 in #​4523

New Contributors

• @​noritaka1166 made their first contribution in #​4740
• @​kaioduarte made their first contribution in #​4175
• @​Mallikarjun-0 made their first contribution in #​4523
• @​T0nd0Tara made their first contribution in #​4967

Full Changelog: cheeriojs/cheerio@v1.1.2...v1.2.0

upleveled/eslint-config-upleveled (eslint-config-upleveled)

v9.4.6

Compare Source

• Improve message dd2defa
• Remove unused flags 6a52d75
• Merge compilerOptions.paths from project tsconfig.json (#​388) 6b3f8dd
• Upgrade ESLint config in tests f7c29b9

---

v9.4.5

Compare Source

• Switch to modern typescript-eslint config 25c85ad
• Update dependency upgrades - non-major (#​595) 1483d67
• Update dependency next to v16.1.5 [SECURITY] (#​594) 3a06c37

---

v9.4.4

Compare Source

• Update nextjs monorepo to v16 (#​572) df28b5d
• Update dependency stylelint to v17 (#​593) a2e5c4b
• Upgrade tests 36fa4f4

---

v9.4.3

Compare Source

• Update dependency node to v24.13.0 (#​592) df8aa2d
• Update dependency upgrades - non-major (#​591) 27667a4
• Update dependency globals to v17 (#​589) f1346fa
• Update dependency upgrades - non-major (#​590) 11d4b8f
• Update dependency upgrades - non-major (#​588) fc69c4f
• Update dependency upgrades - non-major (#​587) 6663064
• Update dependency upgrades - non-major (#​586) e4ceb0f
• Update dependency @​eslint/compat to v2 (#​576) fa5c2a4
• Add trustPolicyExclude entry for semver@​6.3.1 f2d1e3c
• Update dependency @​types/node to v25 (#​584) ae0a836
• Upgrade to js-yaml@​4.1.1 to address security vulnerability d795d1c
• Configure pnpm blockExoticSubdeps and trustPolicy: 'no-downgrade' 0d58db7
• Update dependency upgrades - non-major (#​581) 9f1c8d3
• Update dependency next to v15.5.9 [SECURITY] (#​585) 57cd884
• Update dependency next to v15.5.8 [SECURITY] (#​583) b82ee1a
• Update dependency node to v24.12.0 (#​580) 3556c8c
• Update dependency upgrades - non-major (#​579) 163d153
• Update dependency next to v15.5.7 [SECURITY] (#​578) 51ed01d
• Update dependency upgrades - non-major (#​577) dcb6e8e
• Update actions/checkout action to v6 (#​574) d1e6479
• Update dependency upgrades - non-major (#​573) 8242764
• Update dependency eslint-plugin-unicorn to v62 (#​571) f031182
• Update dependency upgrades - non-major (#​570) aa3f4ee
• Update dependency node to v24.11.1 (#​569) f2c826f
• Update dependency upgrades - non-major (#​565) bf076ba
• Update dependency node to v24.11.0 (#​566) d25404c
• Update dependency eslint-plugin-react-hooks to v7 (#​560) 677b4c0
• Update dependency node to v24 (#​564) 9457d57
• Update dependency upgrades - non-major (#​563) d8ba6a6
• Update actions/setup-node action to v6 (#​562) 0b013e4
• Update dependency upgrades - non-major (#​561) 9e4c47b
• Upgrade tests f851ac7
• Update dependency upgrades - non-major (#​559) 1af250d

pnpm/pnpm (pnpm)

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

v10.28.1

Compare Source

prettier/prettier (prettier)

v3.8.1

Compare Source

microlinkhq/top-user-agents (top-user-agents)

v2.1.92

Compare Source

v2.1.91

Compare Source

typescript-eslint/typescript-eslint (typescript-eslint)

v8.54.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.53.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (vitest)

v4.0.18

Compare Source

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in #​9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in #​9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in #​9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in #​9472 (22543)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - "after 4pm on thursday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	typescript-eslint@​8.53.0 ⏵ 8.54.0				+1
	eslint-config-upleveled@​9.4.2 ⏵ 9.4.6			+1
	top-user-agents@​2.1.90 ⏵ 2.1.92
	vitest@​4.0.17 ⏵ 4.0.18	+1		+1	+1
	@​types/​node@​25.0.9 ⏵ 25.0.10	+1		+1
	cheerio@​1.1.2 ⏵ 1.2.0	+1
	prettier@​3.8.0 ⏵ 3.8.1			+1	-1
	algoliasearch@​5.46.3 ⏵ 5.47.0				-1

View full report