chore(deps): update all non-major dependencies

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@apollo/server (source)	4.12.0 -> 4.12.2			devDependencies	patch
@changesets/cli (source)	2.29.2 -> 2.29.7			devDependencies	patch
cspell (source)	8.19.2 -> 8.19.4			devDependencies	patch
node (source)	20.19.1 -> 20.19.5			volta	patch
npm (source)	10.9.2 -> 10.9.4			volta	patch
prettier (source)	3.5.3 -> 3.6.2			devDependencies	minor
ts-jest (source)	29.3.2 -> 29.4.4			devDependencies	minor
typescript (source)	5.8.3 -> 5.9.3			devDependencies	minor

---

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

• #​8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

changesets/changesets (@​changesets/cli)

v2.29.7

Compare Source

Patch Changes

• Updated dependencies [957f24e]:
  • @​changesets/apply-release-plan@​7.0.13

v2.29.6

Compare Source

Patch Changes

• #​1712 a3563b0 Thanks @​benmccann! - Switch to maintained fork of external-editor

v2.29.5

Compare Source

Patch Changes

• #​1693 6352819 Thanks @​Andarist! - Fixed an issue with workspace:^ and workspace:~ dependency ranges not being semantically treated as, respectively, ^CURRENT_VERSION and ~CURRENT_VERSION. This led to dependent packages being, at times, bumped too often when their dependencies with those ranges were bumped.

• Updated dependencies [6352819]:

  • @​changesets/assemble-release-plan@​6.0.9
  • @​changesets/get-release-plan@​4.0.13

v2.29.4

Compare Source

Patch Changes

• #​1668 65d6632 Thanks @​Andarist! - Fixed a crash in pre mode when trying to version private packages when tagging for private package is disabled

• Updated dependencies [65d6632]:

  • @​changesets/assemble-release-plan@​6.0.8
  • @​changesets/get-release-plan@​4.0.12

v2.29.3

Compare Source

Patch Changes

• #​1589 de8bebc Thanks @​remorses, @​vzt7! - Fixed a crash in prerelease mode when a package misses the version field in its package.json

• #​1619 c1e8a78 Thanks @​manucorporat! - Support ../ in publishConfig.directory when publishing packages

• Updated dependencies [de8bebc]:

  • @​changesets/assemble-release-plan@​6.0.7
  • @​changesets/get-release-plan@​4.0.11

streetsidesoftware/cspell (cspell)

v8.19.4

Compare Source

Note: Version bump only for package cspell

v8.19.3

Compare Source

Note: Version bump only for package cspell

nodejs/node (node)

v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241

Commits

• [ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #​58270
• [c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #​58171
• [d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #​58867
• [84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #​58213
• [068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #​58942
• [edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #​57498
• [0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #​58628
• [1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #​57768
• [0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #​56655
• [a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #​57180
• [43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #​56855
• [91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #​58566
• [b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #​58711
• [ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #​57382
• [142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #​58712
• [fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #​58144
• [c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #​57386
• [cded8e7e77] - dns: fix parse memory leaky (theanarkh) #​58973
• [182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #​58404
• [621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #​57449
• [b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #​57426
• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #​58911
• [38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #​57318
• [d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #​57309
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [8c3bc156ed] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #​57073
• [e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #​56835
• [e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #​57219
• [026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #​57183
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241
• [ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #​57076
• [1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #​52607
• [b73a1356ce] - doc: add module namespace object links (Dario Piotrowicz) #​57093
• [09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #​57092
• [2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #​57090
• [cd8259cb4e] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #​57046
• [7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #​57091
• [14fcfc242b] - doc: add a note about require('../common') in testing documentation (Aditi) #​56953
• [bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #​57028
• [acd4d7f269] - doc: improve documentation on argument validation (Aditi) #​56954
• [4cd6b3ca73] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #​57015
• [01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #​57004
• [77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #​56907
• [77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #​56539
• [73e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #​55947
• [9a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #​55791
• [04d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #​58982
• [959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [8757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #​58877
• [6fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #​58477
• [9991788e4a] - http: coerce content-length to number (Marco Ippolito) #​57458
• [ff5cf8a428] - http2: fix check for frame->hd.type (hanguanqiang) #​57644
• [2f333b6c51] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #​56299
• [cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #​56299
• [faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #​57177
• [a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #​58916
• [b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #​58551
• [2c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #​58550
• [4095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #​58108
• [631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​58456
• [7d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #​58110
• [1558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #​58106
• [e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #​58356
• [1b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #​58111
• [2b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #​58107
• [833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #​57966
• [c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #​57718
• [9046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #​57717
• [46388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #​57715
• [d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #​57714
• [47004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #​57713
• [4abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #​57503
• [45e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #​57537
• [d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #​57483
• [704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #​57443
• [3f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #​57257
• [7e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #​57253
• [8d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) #​57292
• [cc2abb5d17] - meta: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (dependabot[bot]) #​57259
• [4fad2b8758] - meta: bump actions/cache from 4.2.0 to 4.2.2 (dependabot[bot]) #​57256
• [5f5bb8b986] - meta: bump actions/upload-artifact from 4.6.0 to 4.6.1 (dependabot[bot]) #​57255
• [e949359a56] - meta: bump actions/setup-python from 5.3.0 to 5.4.0 (dependabot[bot]) #​56867
• [d3c5ad7510] - meta: bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (dependabot[bot]) #​56866
• [56decfe2d1] - meta: bump codecov/codecov-action from 5.0.7 to 5.3.1 (dependabot[bot]) #​56864
• [52e518444d] - meta: bump actions/cache from 4.1.2 to 4.2.0 (dependabot[bot]) #​56862
• [9cac93d9c3] - meta: bump actions/stale from 9.0.0 to 9.1.0 (dependabot[bot]) #​56860
• [ecf4252f7c] - meta: update last name for jkrems (Jan Martin) #​57006
• [e8beaaaedf] - meta: bump actions/upload-artifact from 4.4.3 to 4.6.0 (dependabot[bot]) #​56861
• [5462c257f8] - meta: bump actions/setup-node from 4.1.0 to 4.2.0 (dependabot[bot]) #​56868
• [89c37891a0] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​56889
• [2a0175c291] - meta: add @​nodejs/url as codeowner (Chengzhong Wu) #​56783
• [c12aae1e78] - meta: bump github/codeql-action from 3.28.18 to 3.29.2 (dependabot[bot]) #​58922
• [4ef09990f1] - meta: bump github/codeql-action from 3.28.16 to 3.28.18 (dependabot[bot]) #​58552
• [889654eb2c] - meta: bump github/codeql-action from 3.28.11 to 3.28.16 (dependabot[bot]) #​58112
• [091e5c1bb9] - meta: bump github/codeql-action from 3.28.10 to 3.28.13 (dependabot[bot]) #​57716
• [01415153de] - meta: bump github/codeql-action from 3.28.8 to 3.28.10 (dependabot[bot]) #​57254
• [72ea8aac34] - meta: bump github/codeql-action from 3.27.5 to 3.28.8 (dependabot[bot]) #​56859
• [99a271e588] - meta: bump step-security/harden-runner from 2.12.0 to 2.12.2 (dependabot[bot]) #​58923
• [b4c4c02490] - meta: bump step-security/harden-runner from 2.11.0 to 2.12.0 (dependabot[bot]) #​58109
• [5361bb9157] - meta: bump step-security/harden-runner from 2.10.4 to 2.11.0 (dependabot[bot]) #​57258
• [28e33acf30] - meta: bump step-security/harden-runner from 2.10.2 to 2.10.4 (dependabot[bot]) #​56863
• [fad773cede] - module: throw error when re-runing errored module jobs (Joyee Cheung) #​58957
• [2531185423] - module: allow cycles in require() in the CJS handling in ESM loader (Joyee Cheung) #​58598
• [ed43b69689] - module: clarify cjs global-like error on ModuleJobSync (Carlos Espa) #​56491
• [6e02db1b12] - module: handle instantiated async module jobs in require(esm) (Joyee Cheung) #​58067
• [badba50d30] - module: fix incorrect formatting in require(esm) cycle error message (haykam821) #​57453
• [939ecf8906] - module: handle cached linked async jobs in require(esm) (Joyee Cheung) #​57187
• [ba7f8a0353] - module: improve error message from asynchronicity in require(esm) (Joyee Cheung) #​57126
• [c1e7fa2586] - module: handle .mjs in .js handler in CommonJS (Joyee Cheung) #​55590
• [41f3dfd21b] - module: fix require.resolve() crash on non-string paths (Aditi) #​56942
• [043dcdd628] - os: fix GetInterfaceAddresses memory lieaky (theanarkh) #​58940
• [9b74e9bfd9] - permission: ignore internalModuleStat on module loading (Rafael Gonzaga) #​55797
• [611a147b45] - readline: fix unresolved promise on abortion (Daniel Venable) #​54030
• [f891ae3421] - repl: avoid deprecated require.extensions in tab completion (baki gul) #​58653
• [7ba44290bf] - repl: fix tab completion not working with computer string properties (Dario Piotrowicz) #​58709
• [eb842048b2] - src: do not format single string argument for THROW_ERR_* (Joyee Cheung) #​57126
• [4f004937ec] - src: fixup errorhandling more in various places (James M Snell) #​57852
• [5daa7fe2e2] - src: fix module buffer allocation (X-BW) #​57738
• [586b1be11b] - src: fix build when using shared simdutf (Antoine du Hamel) #​58407
• [563e61f012] - src: fix possible dereference of null pointer (Eusgor) #​58459
• [cbec07ea0b] - src: fix FIPS init error handling (Tobias Nießen) #​58379
• [80fb80e71b] - src: fix -Wunreachable-code in src/node_api.cc (Shelley Vohr) #​58901
• [5e97719860] - test: skip test-http-imports on macos (Marco Ippolito) #​59745
• [69c43bdfcc] - test: fix internet/test-dns (Michaël Zasso) #​59660
• [6fd58e0338] - tools: update coverage GitHub Actions to fixed version (Rich Trott) #​59512
• [eb7bbce73e] - tools: disable failing coverage jobs (Antoine du Hamel) #​58770
• [65b1669936] - util: fix formatting of objects with built-in Symbol.toPrimitive (Shima Ryuhei) #​57832
• [8a29f13bec] - util: fix parseEnv incorrectly splitting multiple ‘=‘ in value (HEESEUNG) #​57421
• [077d5020c4] - v8: fix missing callback in heap utils destroy (Ruben Bridgewater) #​58846
• [34ae9f8b18] - vm: import call should return a promise in the current context (Chengzhong Wu) #​58309
• [0dd3a8d6d1] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #​58902
• [1b83a2bd2d] - zlib: remove mentions of unexposed Z_TREES constant (Jimmy Leung) #​58371
• [9dc9604502] - zlib: fix pointer alignment (jhofstee) #​57727

v20.19.4

Compare Source

v20.19.3

Compare Source

v20.19.2

Compare Source

npm/cli (npm)

v10.9.4

Compare Source

v10.9.3

Compare Source

Bug Fixes

• 7cff878 #​8343 powershell: use Invoke-Expression to pass args (#​8343) (@​alexsch01)
• 78dc057 #​8378 stop working around bug fixed in [email protected] (@​TrevorBurnham)
• e510f14 #​8248 docs: 'pacakge' -> 'package' (#​8248) (@​t3hmrman)

Dependencies

• c38ec84 #​8378 [email protected]
• 72564c5 #​8378 [email protected]
• 20fa199 #​8378 [email protected]
• 48c193a #​8378 [email protected]
• 00fccfb #​8378 [email protected]
• 5ab8aac #​8378 [email protected]
• 224c69e #​8378 [email protected]
• 1e41678 #​8378 [email protected]
• e9cf30e #​8378 [email protected]
• 2bedf25 #​8378 [email protected]
• a795ee0 #​8378 [email protected]
• 8ed043c #​8378 [email protected]
• 74518d0 #​8378 [email protected]
• cc7dcfc #​8378 [email protected]
• 13aea40 #​8378 [email protected]
• 9c81599 #​8378 [email protected]
• b59097f #​8378 [email protected]
• 8b29435 #​8378 [email protected]
• 4c8e170 #​8378 [email protected]
• 9bb94a3 #​8378 [email protected]
• a1dbb0b #​8378 [email protected]
• 0a5f2ff #​8378 [email protected]
• 7912c9c #​8378 [email protected]
• 19028b8 #​8378 [email protected]
• fd26776 #​8378 [email protected]
• dbb23ab #​8378 [email protected]
• 92feb9b #​8378 @sigstore/[email protected]
• 4fd7174 #​8378 @sigstore/[email protected]
• b327bc2 #​8378 @npmcli/[email protected]
• 04e7e1c #​8378 @npmcli/[email protected].
• 90d2aab #​8378 @npmcli/[email protected]
• 2e47537 #​8378 @npmcli/[email protected]
• a5eb5dd #​8378 @npmcli/[email protected]

Chores

• 15e545b #​8384 @npmcli/[email protected] (#​8384) (@​wraithgar)
• fb5a9f2 #​8378 @npmcli/[email protected] (@​wraithgar)
• 19da79a #​8378 dev dependency updates (@​wraithgar)
• workspace: @npmcli/[email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]

prettier/prettier (prettier)

v3.6.2

Compare Source

diff

Markdown: Add missing blank line around code block (#​17675 by @​fisker)

<!-- Input -->
1. Some text, and code block below, with newline after code block

   ```yaml
   ---
   foo: bar
   ```

   1. Another
   2. List

<!-- Prettier 3.6.1 -->
1. Some text, and code block below, with newline after code block

   ```yaml
   ---
   foo: bar
   ```
   1. Another
   2. List

<!-- Prettier 3.6.2 -->
1. Some text, and code block below, with newline after code block

   ```yaml
   ---
   foo: bar
   ```

   1. Another
   2. List

v3.6.1

Compare Source

diff

TypeScript: Allow const without initializer (#​17650, #​17654 by @​fisker)

// Input
export const version: string;

// Prettier 3.6.0 (--parser=babel-ts)
SyntaxError: Unexpected token (1:21)
> 1 | export const version: string;
    |                     ^

// Prettier 3.6.0 (--parser=oxc-ts)
SyntaxError: Missing initializer in const declaration (1:14)
> 1 | export const version: string;
    |              ^^^^^^^^^^^^^^^

// Prettier 3.6.1
export const version: string;

Miscellaneous: Avoid closing files multiple times (#​17665 by @​43081j)

When reading a file to infer the interpreter from a shebang, we use the
n-readlines library to read the first line in order to get the shebang.

This library closes files when it reaches EOF, and we later try close the same
files again. We now close files only if n-readlines did not already close
them.

v3.6.0

Compare Source

diff

🔗 Release Notes

kulshekhar/ts-jest (ts-jest)

v29.4.4

Compare Source

Bug Fixes

• revert 29.4.3 changes (25cb706), closes #​5049

v29.4.3

Compare Source

Bug Fixes

• introduce transpilation option to replace isolatedModules option (#​5044) (5868761), closes #​5013 #​4859

v29.4.2

Compare Source

v29.4.1

Compare Source

v29.4.0

Compare Source

Features

• feat: support Jest 30 (84e093e)

v29.3.4

Compare Source

Bug Fixes

• fix: fix TsJestTransformerOptions type (3b11e29), closes #​4247
• fix(cli): fix wrong path for preset creator fns (249eb2c)
• fix(config): disable rewriteRelativeImportExtensions always (9b1f472), closes #​4855

v29.3.3

Compare Source

Bug Fixes

• fix(cli): init config with preset creator functions ([cdd3039](https://redirect.g

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.