Search code, repositories, users, issues, pull requests...

Note: Version bump only for package @commitlint/cli

`v20.5.2`

Note: Version bump only for package @commitlint/cli

`v20.5.0`

Bug Fixes

cli: validate that --cwd directory exists before execution (#4658) (cf80f75), closes #4595

20.4.4 (2026-03-12)

Note: Version bump only for package @commitlint/cli

20.4.3 (2026-03-03)

Bug Fixes

footer parser does not escape special chars for regex #4560 (#4634) (8ff7c7f)

20.4.2 (2026-02-19)

Note: Version bump only for package @commitlint/cli

20.4.1 (2026-02-02)

Note: Version bump only for package @commitlint/cli

`v20.4.4`

Note: Version bump only for package @commitlint/cli

`v20.4.3`

Bug Fixes

footer parser does not escape special chars for regex #4560 (#4634) (8ff7c7f)

`v20.4.2`

Note: Version bump only for package @commitlint/cli

`v20.4.1`

Note: Version bump only for package @commitlint/cli

`v20.4.0`

Features

upgrade conventional commit packages #4082 (#4597) (3aaf0a6)

20.3.1 (2026-01-08)

Note: Version bump only for package @commitlint/cli

conventional-changelog/commitlint (@commitlint/config-conventional)

`v20.5.3`

Note: Version bump only for package @commitlint/config-conventional

`v20.5.0`

Note: Version bump only for package @commitlint/config-conventional

20.4.4 (2026-03-12)

Note: Version bump only for package @commitlint/config-conventional

20.4.3 (2026-03-03)

Bug Fixes

footer parser does not escape special chars for regex #4560 (#4634) (8ff7c7f)

20.4.2 (2026-02-19)

Note: Version bump only for package @commitlint/config-conventional

20.4.1 (2026-02-02)

Note: Version bump only for package @commitlint/config-conventional

`v20.4.4`

Note: Version bump only for package @commitlint/config-conventional

`v20.4.3`

Bug Fixes

footer parser does not escape special chars for regex #4560 (#4634) (8ff7c7f)

`v20.4.2`

Note: Version bump only for package @commitlint/config-conventional

`v20.4.1`

Note: Version bump only for package @commitlint/config-conventional

`v20.4.0`

Features

upgrade conventional commit packages #4082 (#4597) (3aaf0a6)

20.3.1 (2026-01-08)

Note: Version bump only for package @commitlint/config-conventional

favware/cliff-jumper (@favware/cliff-jumper)

`v6.1.0`

🐛 Bug Fixes

deps: Update dependency smol-toml to ^1.6.1 (bc7a346) (#303)
deps: Update all non-major dependencies (dfce8f5) (#296)
deps: Update all non-major dependencies (d859ac9) (#293)
deps: Update all non-major dependencies (eaac1d2) (#292)
deps: Update all non-major dependencies (c929553) (#291)
deps: Update dependency smol-toml to ^1.6.0 (f9e7661) (#287)
deps: Update dependency git-cliff to ^2.11.0 (d7fa532) (#286)
deps: Update all non-major dependencies (236dc82) (#283)
deps: Update all non-major dependencies (e595c59) (#280)
deps: Update all non-major dependencies (fb55e53) (#277)
deps: Update all non-major dependencies (026d30a) (#275)
deps: Update all non-major dependencies (7f22325) (#274)
deps: Update all non-major dependencies (c216d79) (#270)
deps: Update all non-major dependencies (2ffd637) (#269)
deps: Update all non-major dependencies (5ad8486) (#268)
deps: Update all non-major dependencies (ad3837d) (#260)
deps: Update all non-major dependencies (b274e80) (#259)
deps: Update all non-major dependencies (b565a7b) (#257)
deps: Update all non-major dependencies (88192c5) (#256)
deps: Update all non-major dependencies (9ee2fe8) (#255)
deps: Update all non-major dependencies (31e2532) (#251)
deps: Update octokit monorepo (33182ae) (#252)
deps: Update dependency commander to v14 (fcab80c) (#250)
deps: Update all non-major dependencies (9ab2eb3) (#249)
deps: Update all non-major dependencies (fa29541) (#247)
deps: Update all non-major dependencies (91c8e32) (#246)
deps: Update all non-major dependencies (f483841) (#242)
deps: Update dependency conventional-recommended-bump to v11 (5958382) (#238)
deps: Update all non-major dependencies (be692db) (#236)
deps: Update all non-major dependencies (60d8186) (#232)
deps: Update all non-major dependencies (fbc3065) (#231)
deps: Update all non-major dependencies (7330784) (#230)
deps: Update dependency @octokit/plugin-retry to ^7.1.3 (c582989) (#227)

🚀 Features

Add github-base-url option to publish to GHES and GHEC (51cbf49)

imranbarbhuiya/esbuild-plugins-node-modules-polyfill (esbuild-plugins-node-modules-polyfill)

`v1.8.2`

🐛 Bug Fixes

Widen esbuild peer dep to allow 0.28.x (2e4636b)

`v1.8.1`

🐛 Bug Fixes

Remove husky as it slows down commit (996ace4)

`v1.8.0`

🚀 Features

Add support for custom polyfill overrides (#351) (ce593aa)

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

`v5.5.6`

Patch Changes

#791 b5c96a3 Thanks @JounQin! - chore: bump all (dev)Dependencies

`v5.5.5`

Patch Changes

#772 7264ed0 Thanks @BPScott! - Bump prettier-linter-helpers dependency to v1.0.1
#776 77651a3 Thanks @aswils! - fix: bump synckit for yarn PnP ESM issue

lint-staged/lint-staged (lint-staged)

`v16.4.0`

Minor Changes

#1739 687fc90 Thanks @hyperz111! - Replace micromatch with picomatch to reduce dependencies.

`v16.3.4`

Patch Changes

#1742 9d6e827 Thanks @iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

`v16.3.3`

Patch Changes

#1740 0109e8d Thanks @iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

`v16.3.2`

Patch Changes

#1735 2adaf6c Thanks @iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

`v16.3.1`

Patch Changes

#1729 cd5d762 Thanks @iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

`v16.3.0`

Minor Changes

#1698 feda37a Thanks @iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.
#1699 1346d16 Thanks @iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

#1726 87467aa Thanks @iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

lodash/lodash (lodash)

`v4.18.1`

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See #6167 (comment)

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

`v4.18.0`

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

Add security notice for _.template in threat model and API docs (#6099)
Document lower > upper behavior in _.random (#6115)
Fix quotes in _.compact jsdoc (#6090)

`lodash.*` modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

`v4.17.23`

prettier/prettier (prettier)

`v3.8.4`

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a

  - b

- c

  - d

<!-- Prettier 3.8.3 -->
- a
  - b
- c
  - d

<!-- Prettier 3.8.4 -->
- a

  - b

- c

  - d

`v3.8.3`

SCSS: Prevent trailing comma in `if()` function (#18471 by @kovsu)

// Input
$value: if(sass(false): 1; else: -1);

// Prettier 3.8.2
$value: if(
  sass(false): 1; else: -1,
);

// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

`v3.8.2`

Angular: Support Angular v21.2 (#18722, #19034 by @fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@&#8203;switch (foo) {
  @&#8203;case (1) {}
  @&#8203;default never;
}

<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @&#8203; character, you should use the "&#&#8203;64;" HTML entity instead. (3:3)

<!-- Prettier 3.8.2 -->
@&#8203;switch (foo) {
  @&#8203;case (1) {}
  @&#8203;default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@&#8203;let fn = (a) =>        a?    1:2;

{{ fn ( a         instanceof b)}}

<!-- Prettier 3.8.1 -->
@&#8203;let fn = (a) =>        a?    1:2;

{{ fn ( a         instanceof b)}}

<!-- Prettier 3.8.2 -->
@&#8203;let fn = (a) => (a ? 1 : 2);

{{ fn(a instanceof b) }}

`v3.8.1`

Include available `printers` in plugin type declarations (#18706 by @porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";

// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any

// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

`v3.8.0`

🔗 Release Notes

davidmyersdev/vite-plugin-node-polyfills (vite-plugin-node-polyfills)

`v0.28.0`

Normalize trailing slashes (fix for Vite 8)
Run unit tests against Vite 8 & Vitest 4 in CI
Update @playwright/test

`v0.27.0`

Use inject plugin instead of esbuild.banner (thanks to @sapphi-red)

`v0.26.0`

Add support for Vite v8 (thanks to @sapphi-red)

`v0.25.0`

Update node-stdlib-browser dependency (thanks to @miguel-nascimento)
Add support for Vite 8 beta (thanks to @sapphi-red)

yarnpkg/berry (yarn)

`v4.17.0`: v4.17.0

What's Changed

Adds support for package map generation by @arcanis in #7184
fix: add catalog settings to yarnrc schema by @cyphercodes in #7179
docs: clarify background job exit codes by @StantonMatt in #7167
fix: explain peer-default dependencies in why by @StantonMatt in #7168
Docs: fix npmMinimalAgeGate default by @clemyan in #7181
feat(plugin-npm): allow npmMinimalAgeGate per npmScope by @erlandasz in #7156

New Contributors

@cyphercodes made their first contribution in #7179
@StantonMatt made their first contribution in #7167
@erlandasz made their first contribution in #7156

Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.16.0...@yarnpkg/cli/4.17.0

`v4.16.0`: v4.16.0

What's Changed

PnP: Include Node 22.22.3 in fstat workaround by @junjuny0227 in #7141
Implements yarn npm stage by @arcanis in #7147
fix: Stop using EBADF workaround for Node 24.16.0+ by @MJDSys in #7152
Bumps eslint-plugin-arca by @arcanis in #7163
Enables staged publishing by @arcanis in #7164
feat: Add editor SDK support for oxc (oxfmt & oxlint) by @slainless in #7078
docs: fix npmMinimalAgeGate default value. by @ryanfox1985 in #7125

New Contributors

@junjuny0227 made their first contribution in #7141
@MJDSys made their first contribution in #7152
@slainless made their first contribution in #7078
@ryanfox1985 made their first contribution in #7125

Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.15.0...@yarnpkg/cli/4.16.0

`v4.15.0`: v4.15.0

What's Changed

Fix Next.JS e2e test by @brandonbothell in #7115
perf(plugin-nm): cache install state across workspaces by @sophiebits in #7126
fix(patch) Correctly handle Unicode paths by @liuxingbaoyu in #7123
fix(plugin-npm-cli): enable OIDC publish on CircleCI by @joshuayoes in #7122
fix(core): ignore legacy YARN_IGNORE_SCRIPTS env var by @KimHyeongRae0 in #7120
fix: Reject dependency names with leading/trailing whitespace (fixes duplicate installs) by @muskaanshraogi in #7124
feat(plugin-pnpm): make pnpm install concurrency configurable by @lennartschoch in #7118
PnP: Stop using EDABF solution for Node 26.1.0+ by @clemyan in #7133
Makes npmMinimalAgeGate: 1d the default by @arcanis in #7135

New Contributors

@brandonbothell made their first contribution in #7115
@sophiebits made their first contribution in #7126
@liuxingbaoyu made their first contribution in #7123
@joshuayoes made their first contribution in #7122
@KimHyeongRae0 made their first contribution in #7120
@muskaanshraogi made their first contribution in #7124
@lennartschoch made their first contribution in #7118

Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.14.1...@yarnpkg/cli/4.15.0

`v4.14.1`: v4.14.1

What's Changed

fix: Widen EBADF fstat version gate to include Node 24.15+ by @rfoel in #7104

New Contributors

@rfoel made their first contribution in #7104

Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.14.0...@yarnpkg/cli/4.14.1

`v4.14.0`: v4.14.0

What's Changed

Add Re-release workflow to republish artifacts from a specific commit SHA by @Copilot in #7079
fix: Node 25.7+ EBADF by reading CJS source of zip files by @NormalGaussian in #7070
PnP: Fix watch mode for files required under PnP by @clemyan in #7077
feat(plugin-npm): support OIDC auth for CircleCI by @blimmer in #7075
Makes enableScripts: false the default by @arcanis in #7089
Makes the exec: protocol respect enableScripts by @arcanis in #7090
Adds approvedGitRepositories by @arcanis in #7091
Fix: Names the Experimental ESM support warning by @NormalGaussian in #7069
feat(why): allow specifying a version or range by @remypar5 in #6992

New Contributors

@Copilot made their first contribution in #7079
@NormalGaussian made their first contribution in #7070
@remypar5 made their first contribution in #6992

Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.13.0...@yarnpkg/cli/4.14.0

`v4.13.0`: v4.13.0

What's Changed

docs(constraints): add missing @typedef alias for Context by @erickzhao in #6989
Fixes the /<name>/<version> format by @arcanis in #6993
fix(fslib): handle float timestamps in convertToBigIntStats by @nelsondude in #6988
Fixes foreach order when --topological isnt set by @arcanis in #6997
CI: Select node version to run CI against automatically by @clemyan in #7032
chore(deps): upgrade tar to v7 by @mhassan1 in #7038
fix: npm run audit also on patched packages by @tommasini in #7042
feat: display registry URL when publishing packages by @KyeongJooni in #7020
Core: Enhance environment variable expansion in configuration by @clemyan in #7033
Add --mode option to upgrade-interactive command by @ipanasenko in #7050
Add c/r/l bulk selection shortcuts to upgrade-interactive by @ipanasenko in #7051
feat(core): Export InstallOptions type by @WooWan in #7027
fix: throw explicit error when all semver-matching versions are quarantined by @ff1451 in #7056
fix(plugin-essentials): handle null on latest version retrieval by @Xstoudi in #7003

New Contributors

@erickzhao made their first contribution in #6989
@nelsondude made their first contribution in #6988
@tommasini made their first contribution in #7042
@KyeongJooni made their first contribution in #7020
@ipanasenko made their first contribution in #7050
@ff1451 made their first contribution in #7056
@Xstoudi made their first contribution in #7003

Full Changelog: https://github.com/yarnpkg/berry/compare/@yarnpkg/cli/4.12.0...@yarnpkg/cli/4.13.0

Configuration

📅 Schedule: (UTC)

Branch creation
- "before 12pm on Sunday"
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

sonarqubecloud · 2026-04-30T10:02:34Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

sonarqubecloud · 2026-05-12T09:16:11Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

sonarqubecloud · 2026-06-11T19:57:24Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

sonarqubecloud · 2026-06-15T09:10:49Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

sonarqubecloud · 2026-06-24T09:00:14Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code