fix(deps): update all non-major dependencies by renovate[bot] · Pull Request #4351 · amir20/dozzle

renovate · 2026-01-16T14:43:54Z

This PR contains the following updates:

Package	Change	Type	Update
@duckdb/duckdb-wasm	`1.33.1-dev16.0` → `1.33.1-dev18.0`	dependencies	patch
@iconify-json/carbon	`^1.2.16` → `^1.2.18`	dependencies	patch
@iconify-json/octicon	`^1.2.19` → `^1.2.20`	dependencies	patch
@types/node (source)	`^25.0.6` → `^25.0.9`	devDependencies	patch
bumpp	`^10.3.2` → `^10.4.0`	devDependencies	minor
github.com/go-chi/chi/v5	`v5.2.3` → `v5.2.4`	require	patch
github.com/puzpuzpuz/xsync/v4	`v4.2.0` → `v4.3.0`	require	minor
go (source)	`1.25.5` → `1.25.6`	golang	patch
go	`1.25.5` → `1.25.6`	uses-with	patch
golang.org/x/crypto	`v0.46.0` → `v0.47.0`	require	minor
node	`24.12.0` → `24.13.0`	uses-with	minor
node	`24.12.0-alpine` → `24.13.0-alpine`	stage	minor
prettier (source)	`^3.7.4` → `^3.8.0`	devDependencies	minor
vitest (source)	`^4.0.16` → `^4.0.17`	devDependencies	patch

Release Notes

duckdb/duckdb-wasm (@duckdb/duckdb-wasm)

`v1.33.1-dev18.0`

Compare Source

`v1.33.1-dev17.0`

Compare Source

antfu-collective/bumpp (bumpp)

`v10.4.0`

Compare Source

No significant changes

View changes on GitHub

go-chi/chi (github.com/go-chi/chi/v5)

`v5.2.4`

Compare Source

puzpuzpuz/xsync (github.com/puzpuzpuz/xsync/v4)

`v4.3.0`

Compare Source

Add iterator function Map.All #181
Make shrink resize lock-free on target buckets #180

All is similar to Range, but returns an iter.Seq2, so is compatible with Go 1.23+ iterators. All of the same caveats and behavior from Range apply to All.

m := xsync.NewMap[string, int]()
for i := range 100 {
  m.Store(strconv.Itoa(i), i)
}

// Will print all of the map entries
for key, val := range m.All() {
  fmt.Printf("m[%q] = %q\n")
}

Kudos to @llxisdsh and @moskyb for making this release happen.

golang/go (go)

`v1.25.6`

actions/go-versions (go)

`v1.25.6`: 1.25.6

Compare Source

Go 1.25.6

actions/node-versions (node)

`v24.13.0`: 24.13.0

Compare Source

Node.js 24.13.0

nodejs/node (node)

`v24.13.0`: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

(CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
(CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
lib,permission:
(CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
src:
(CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
src,lib:
(CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
tls:
(CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

[2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997
[3e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #61283
[4ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
[89adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
[7302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
[ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
[20075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
[20591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

prettier/prettier (prettier)

`v3.8.0`

Compare Source

diff

🔗 Release note

vitest-dev/vitest (vitest)

`v4.0.17`

Compare Source

🚀 Features

Support openTelemetry for browser mode - by @hi-ogawa in #9180 (1ec3a)
Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation - by @Copilot, hi-ogawa and @hi-ogawa in #9295 (876cb)

🐞 Bug Fixes

Improve asymmetric matcher diff readability by unwrapping container matchers - by @Copilot, sheremet-va, hi-ogawa and @hi-ogawa in #9330 (b2ec7)
Improve runner error when importing outside of test context - by @sheremet-va in #9335 (2dd3d)
Replace crypto.randomUUID to allow insecure environments (fix #9… - by @plusgut in #9339 and #9 (e6a3f)
Handle null options in addEventHandler #9371 - by @ThibautMarechal in #9372 and #9371 (40841)
Typo in browser.provider error - by @deammer in #9394 (4b67f)
browser:
- Fix process.env and import.meta.env defines in inline project - by @hi-ogawa in #9239 (b70c9)
- Fix upload File instance - by @hi-ogawa in #9294 (b6778)
- Fix invalid project token for artifacts assets - by @hi-ogawa in #9321 (caa7d)
- Log ErrorEvent.message when unhandled ErrorEvent.error is null - by @hi-ogawa in #9322 (5d84e)
- Support fileParallelism on an instance - by @sheremet-va in #9328 (15006)
coverage:
- Remove unnecessary istanbul-lib-source-maps usage - by @AriPerkkio in #9344 (b0940)
- Apply patch from istanbuljs/istanbuljs#837 - by @AriPerkkio and sapphi-red in #9413 and #837 (e05ce)
fsModuleCache:
- Don't store importers in cache - by @sheremet-va in #9422 (75136)
- Add importers alongside importedModules - by @sheremet-va in #9423 (59f92)
mocker:
- Fix mock transform with class - by @hi-ogawa in #9421 (d390e)
pool:
- Validate environment options when reusing the worker - by @sheremet-va in #9349 (a8a88)
- Handle worker start failures gracefully - by @AriPerkkio in #9337 (200da)
reporter:
- Report test module if it failed to run - by @sheremet-va in #9272 (c7888)
runner:
- Respect nested test.only within describe.only - by @Ujjwaljain16 in #9021 and #9213 (55d5d)
typecheck:
- Improve error message when tsc outputs help text - by @Ujjwaljain16 in #9214 (7b10a)
ui:
- Detect gzip by magic numbers instead of Content-Type header in html reporter - by @Copilot, hi-ogawa and @hi-ogawa in #9278 (dd033)
webdriverio:
- Fall back to WebDriver Classic #9244 - by @JustasMonkev in #9373 and #9244 (c23dd)

View changes on GitHub

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2026-01-16T14:43:56Z

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

4 additional dependencies were updated

Details:

Package	Change
`golang.org/x/net`	`v0.47.0` -> `v0.48.0`
`golang.org/x/sys`	`v0.39.0` -> `v0.40.0`
`golang.org/x/term`	`v0.38.0` -> `v0.39.0`
`golang.org/x/text`	`v0.32.0` -> `v0.33.0`

claude · 2026-01-16T14:45:52Z

PR Review: Dependency Updates

Ultra-brief mode: Automated Renovate PR updating dependencies - looks safe to merge.

Critical Items

Node.js security update: v24.13.0 includes 6 CVE fixes (TLS, buffer, async_hooks). Critical security update.
Go version bump: 1.25.5 → 1.25.6 (patch update)

Dependencies Updated

Go:

chi router v5.2.3 → v5.2.4
xsync v4.2.0 → v4.3.0 (adds iterator support)
golang.org/x/crypto v0.46.0 → v0.47.0
Standard lib updates (net, sys, term, text)

Node.js:

DuckDB WASM: 1.33.1-dev16.0 → dev18.0
Iconify: carbon, octicon (icon set updates)
prettier: 3.7.4 → 3.8.0 (minor)
vitest: 4.0.16 → 4.0.17 (bug fixes)
bumpp: 10.3.2 → 10.4.0 (minor)

Assessment

✅ All patch/minor version updates
✅ xsync v4.3.0 adds Map.All iterator - backward compatible
✅ Node.js security patches essential
✅ No breaking changes expected
✅ Standard Renovate PR pattern

Recommendation: Approve once CI passes.

fix(deps): update all non-major dependencies

f7f07d4

renovate bot enabled auto-merge (squash) January 16, 2026 14:43

renovate bot merged commit 9c529af into master Jan 16, 2026
12 checks passed

renovate bot deleted the renovate/all-minor-patch branch January 16, 2026 14:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update all non-major dependencies#4351

fix(deps): update all non-major dependencies#4351
renovate[bot] merged 1 commit intomasterfrom
renovate/all-minor-patch

renovate bot commented Jan 16, 2026

Uh oh!

renovate bot commented Jan 16, 2026

Uh oh!

claude bot commented Jan 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

renovate bot commented Jan 16, 2026

Release Notes

v1.25.6: 1.25.6

v24.13.0: 24.13.0

v24.13.0: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @​marco-ippolito

Notable Changes

Commits

🚀 Features

🐞 Bug Fixes

Configuration

Uh oh!

renovate bot commented Jan 16, 2026

ℹ️ Artifact update notice

File name: go.mod

Uh oh!

claude bot commented Jan 16, 2026

PR Review: Dependency Updates

Critical Items

Dependencies Updated

Assessment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v1.25.6`: 1.25.6

`v24.13.0`: 24.13.0

`v24.13.0`: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @marco-ippolito