Update npm dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
eslint-plugin-oxlint	1.69.0 → 1.70.0			devDependencies	minor
eslint-plugin-react-dom (source)	5.9.0 → 5.9.1			devDependencies	patch
eslint-plugin-react-jsx (source)	5.9.0 → 5.9.1			devDependencies	patch
eslint-plugin-react-naming-convention (source)	5.9.0 → 5.9.1			devDependencies	patch
eslint-plugin-react-x (source)	5.9.0 → 5.9.1			devDependencies	patch
node (source)	26.3.0 → 26.3.1				patch
oxlint (source)	1.69.0 → 1.70.0			devDependencies	minor
pnpm (source)	11.7.0 → 11.8.0				minor
typescript-eslint (source)	8.61.0 → 8.61.1			devDependencies	patch

---

Release Notes

oxc-project/eslint-plugin-oxlint (eslint-plugin-oxlint)

v1.70.0

Compare Source

No significant changes

    View changes on GitHub

Rel1cx/eslint-react (eslint-plugin-react-dom)

v5.9.1

Compare Source

📝 Documentation

• Updated rule patterns and feature system documentation (#​1875).
• Refined naming convention rule docs for context-name, id-name, and ref-name (#​1873).
• Updated the example comment in the react-x/unsupported-syntax docs.
• Removed the ast.unwrap example from the kit package docs.
• Fixed a typo in a warning callout description.

🏗️ Internal

• Bumped actions/checkout to v7.0.0 (#​1874).
• Moved getHumanReadableKind from the ast package into the specific rules that use it.
• Moved the iterator callback position map for react-x/no-missing-key into lib.ts.
• Updated dprint line width to 160 and reformatted the codebase.
• Updated eslint to ^10.5.0 and bumped miscellaneous dependencies.
• Updated the dprint JSON plugin to v0.22.0.
• Updated the baseline and DocsPage styling, and pruned pnpm workspace excludes.

Full Changelog: Rel1cx/eslint-react@v5.9.0...v5.9.1

nodejs/node (node)

v26.3.1: 2026-06-18, Version 26.3.1 (Current), @​aduh95

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
• (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
• (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
• (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
• (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
• (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
• (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
• (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
• (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
• (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
• (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) – Low

Commits

• [98fbc89211] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878
• [110840f2c7] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890
• [8d36d522b2] - deps: update undici to 8.5.0 (Node.js GitHub Bot) #​63903
• [2e6d03993a] - deps: update undici to 8.4.0 (Node.js GitHub Bot) #​63779
• [5a17d5b07a] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [362725d4e5] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [bd1214ab01] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868
• [bc0b53813e] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846
• [87d847bc70] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855
• [9308084fcb] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867
• [a67dd46891] - (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) nodejs-private/node-private#885
• [7057c3f16c] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873
• [6bc17a6b51] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870
• [c8668beff8] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854
• [d1be630415] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854
• [a14c158bb3] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857
• [ebda73470d] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869

oxc-project/oxc (oxlint)

v1.70.0

Compare Source

🚀 Features

• 2e8bda4 linter/vue: Implement no-dupe-keys rule (#​23350) (bab)
• 1490a0a linter/react: Implement react-compiler rule (#​23202) (Boshen)
• dd560ae linter/unicorn: Implement no-array-fill-with-reference-type rule (#​23397) (Mikhail Baev)
• af36c2f linter: Add schema for react/jsx-curly-brace-presence (#​23400) (WaterWhisperer)
• 47d34a3 linter: Add schema for react/jsx-handler-names (#​23393) (WaterWhisperer)
• f4250d0 linter: Add schema for unicorn/import-style (#​23386) (WaterWhisperer)
• 30c74ce linter: Add schema for jsx_a11y/no-noninteractive-element-to-interactive-role (#​23384) (Sysix)
• cfbe8dc linter: Add schema for jsx_a11y/no-interactive-element-to-noninteractive-role (#​23382) (WaterWhisperer)
• d15b7ff linter: Add schema for typescript/no-restricted-types (#​23381) (WaterWhisperer)
• 028a811 linter: Add schema for jsx-a11y/media-has-caption (#​23377) (Sysix)
• b3b1038 linter: Add schema for jsx-a11y/label-has-associated-control (#​23376) (Sysix)
• 7ada6b2 linter: Add schema for jsx_a11y/no-distracting-elements (#​23379) (WaterWhisperer)
• ee3dd49 linter: Add schema for jsx-a11y/img-redundant-alt (#​23374) (Sysix)
• df5f8dd linter: Add short descriptions to most lint rules. (#​23365) (Connor Shea)
• e3fd735 linter: Add schema for jsx_a11y/alt-text (#​23369) (Sysix)
• 0f2fff4 linter: Add schema for react/exhaustive-deps (#​23372) (Mikhail Baev)
• e3e4e10 linter: Add schema for react_perf/jsx-no-new-object-as-prop (#​23368) (Mikhail Baev)
• 9366d44 linter: Add schema for unicorn/prefer-at (#​23366) (WaterWhisperer)
• f57b55d linter: Add schema for typescript/array-type (#​23355) (Sysix)
• 0dcf912 linter: Add schema for typescript/ban-ts-comment (#​23354) (Sysix)
• 51fa83e linter: Add schema for react/no-did-update-set-state (#​23357) (Mikhail Baev)
• 59db0bd linter: Add schema for consistent-generic-constructors (#​23353) (Sysix)
• c4775c0 linter: Add schema for typescript/consistent-type-assertions (#​23349) (Sysix)
• 6e516f7 linter: Add schema for typescript/consistent-type-imports (#​23348) (Sysix)
• 012134d linter: Add schema for react/jsx-no-target-blank (#​23345) (WaterWhisperer)
• 0806aae linter: Add schema for jsx_a11y/no-noninteractive-tabindex (#​23337) (Mikhail Baev)
• 0708b5a linter: Add schema for react/jsx-filename-extension (#​23315) (Mikhail Baev)
• 150bce1 linter: Add schema for typescript/no-empty-object-type (#​23309) (Sysix)
• f9e36f1 linter: Add schema for typescript/no-duplicate-type-constituents (#​23308) (Sysix)
• 937accf linter: Add schema for typescript/no-invalid-void-type (#​23307) (Sysix)
• 3e042b9 linter: Add schema for typescript/no-misused-promises (#​23306) (Sysix)
• da212d1 linter: Add schema for typescript/no-unnecessary-condition (#​23305) (Sysix)
• f8f0d38 linter: Add schema for typescript/parameter-properties (#​23304) (Sysix)
• 2275fc7 linter: Add schema for typescript/prefer-nullish-coalescing (#​23302) (Sysix)
• d353858 linter: Add schema for typescript/prefer-string-starts-ends-with (#​23301) (Sysix)
• 03060f5 linter: Add schema for typescript/triple-slash-reference (#​23300) (Sysix)
• 6619cee linter: Add schema for promise/param-names (#​23298) (Sysix)
• 8bf108e linter: Add schema for promise/catch-or-return (#​23297) (Sysix)
• 48158d0 linter: Add schema for vitest/consistent-each-for (#​23294) (Sysix)
• 7e74c98 linter: Add schema for vitest/consistent-test-filename (#​23293) (Sysix)
• ff94d4a linter: Add schema for vitest/consistent-vitest-vi (#​23292) (Sysix)
• 2409a10 linter: Add schema for vitest/prefer-import-in-mock (#​23291) (Sysix)
• 3d782b7 linter: Add schema for react/no-unstable-nested-components (#​23287) (Mikhail Baev)
• 0a0bc2f linter/jsx-a11y: Add allowedRedundantRoles option to no-redundant-roles (#​22820) (bab)
• 80758a5 linter/vue: Implement no-side-effects-in-computed-properties rule (#​23282) (bab)
• e3869ac linter: Add schema for react/no-object-type-as-default-prop (#​23279) (Mikhail Baev)
• 4480609 linter: Add schema for react/jsx-props-no-spreading (#​23276) (Mikhail Baev)
• 08d68a5 linter/react: Implement jsx-no-literals rule (#​23145) (kapobajza)
• 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)
• bdb723c linter/unicorn: Implement prefer-single-call rule (#​23235) (Yuzhe Shi)
• 31543ed linter: Add schema for vue/define-props-destructuring (#​23252) (Sysix)
• 21b6c3d linter: Add schema for oxc/no-async-endpoint-handlers (#​23251) (Sysix)
• e77ff81 linter: Add schema for unicorn/prefer-object-from-entries (#​23249) (Mikhail Baev)
• bcac2d6 linter: Add schema for jest/vitest/no-restricted-matchers (#​23247) (Sysix)
• 539f036 linter: Add schema for jest/vitest/no-restricted-*-methods (#​23246) (Sysix)
• dd1b927 linter/vue: Implement require-default-prop rule (#​22951) (bab)
• 3f018e7 linter: Add schema for unicorn/no-instanceof-builtins (#​23225) (Mikhail Baev)
• e0d0f78 linter: Verify promise/no-callback-in-promise schema (#​23141) (beanscg)
• 123d4f4 linter: Add schema for jest/vitest/valid-expect (#​23185) (Sysix)
• 46c8a21 linter: Add schema for jest/vitest/require-top-level-describe (#​23184) (Sysix)
• 41465cf linter: Add schema for jest/vitest/prefer-snapshot-hint (#​23183) (Sysix)
• d068b9b linter: Add schema for jest/vitest/prefer-expect-assertions (#​23181) (Sysix)
• 064a1ee linter: Add schema for jest/prefer-ending-with-an-expect (#​23180) (Sysix)
• d046797 linter: Add schema for jest/vitest/no-standalone-expect (#​23179) (Sysix)
• 137b9a6 linter: Add schema for jest/vitest/no-large-snapshots (#​23178) (Sysix)
• 0f3e4a5 linter: Add schema for jest/vitest/no-hooks (#​23177) (Sysix)
• cd0b384 linter: Add schema for unicorn/explicit-length-check (#​23155) (Mikhail Baev)
• 01b74c4 linter: Add schema for jest/no-deprecated-functions (#​23136) (Sysix)
• 9d6a387 linter: Add schema for unicorn/catch-error-name (#​23137) (Mikhail Baev)
• 0da8efa linter: Add schema for jest/vitest/max-nested-describe (#​23131) (Sysix)
• d71c9fd linter: Add schema for eslint/no-use-before-define (#​23129) (Sysix)

🐛 Bug Fixes

• 26ddac6 linter: Avoid config schema generation for jsx_a11y/no-noninteractive-element-interactions (#​23385) (Sysix)
• 40556ad linter: Parse jsx-a11y/control-has-associated-label config with DefaultRuleConfig (#​23373) (Sysix)
• 71e9648 linter: Expose no-noninteractive-element-interactions schema (#​23283) (camc314)
• 6c86d1c linter/react-perf: Correct nativeAllowList all schema (#​23229) (camc314)
• 4dd52de linter/react-perf: Re-generate stale snapshots (#​23228) (camc314)
• 8f3db61 linter: Allow options for eslint/capitalized-comments (#​23139) (Sysix)

⚡ Performance

• f09707e linter: jest/no-deprecated-functions store config version as usize (#​23138) (Sysix)

📚 Documentation

• f682e25 linter: Remove manually written options doc for eslint/prefer-arrow-callback (#​23438) (Mikhail Baev)
• 64c942c linter: Remove manually written options doc for eslint/no-sequences (#​23420) (Mikhail Baev)
• 14abf32 linter/react-perf: Use autogenerated docs (#​23227) (camc314)

pnpm/pnpm (pnpm)

v11.8.0

Compare Source

Minor Changes

• c112b61: Added a --dry-run option to pnpm install. It runs a full dependency resolution and reports what an install would change, but writes nothing to disk (no lockfile, no node_modules) and always exits with code 0. This mirrors the preview semantics of npm install --dry-run #​7340.

• 179ebc4: pnpm run --no-bail now exits with a non-zero exit code when any of the executed scripts fail, while still running every matched script to completion. This makes the exit-code behavior of --no-bail consistent between recursive and non-recursive runs (recursive runs already failed at the end). Previously, a non-recursive pnpm run --no-bail always exited with code 0, even when a script failed #​8013.

• 0474a9c: Added support for generating Node.js package maps at node_modules/.package-map.json during isolated and hoisted installs. Added the node-experimental-package-map setting to inject the generated map into pnpm-managed Node.js script environments, and the node-package-map-type setting to choose between standard and loose package maps.

• dcededc: pnpm sbom now marks components reachable only through devDependencies with CycloneDX scope: "excluded" and the cdx:npm:package:development property. The excluded scope documents "component usage for test and other non-runtime purposes", which matches the semantics of a devDependency; the property is the CycloneDX npm-taxonomy marker emitted by @cyclonedx/cyclonedx-npm, so both modern (scope) and existing (property) consumers are covered. Components reachable at runtime (including installed optionalDependencies) omit scope and default to required.

• 1495cb0: Added per-package SBOM generation with --out and --split flags. Use --out out/%s.cdx.json to write one SBOM per workspace package to individual files, or --split for NDJSON output to stdout. When --filter selects a single package, the SBOM root component now uses that package's metadata. Workspace inter-dependencies (workspace: protocol) and their transitive dependencies are included. Author, repository, and license fall back to the root manifest when the package doesn't define them.

• 293921a: feat(view): support searching project manifest upward when package name is omitted

  When running pnpm view without a package name, the command now searches
  upward for the nearest project manifest (package.json, package.yaml, or package.json5) and uses its name field.
  If the manifest exists but lacks a name field, an error is thrown.

  This change also replaces the find-up dependency with empathic for
  improved performance and consistency across workspace tools.

Patch Changes

• 29ab905: Fixed pnpm update overriding the version range policy of a named catalog whose name parses as a version (e.g. catalog:express4-21). The catalog: reference carries no pinning of its own, so the prefix from the catalog entry (such as ~) is now preserved instead of being widened to ^ #​10321.

• bee4bf4: Security: validate config dependency names and versions from the env lockfile (pnpm-lock.yaml) before using them to build filesystem paths. A committed lockfile with a traversal-shaped configDependencies name (such as ../../PWNED) or version (such as ../../../PWNED) could previously cause pnpm install to create symlinks or write package files outside node_modules/.pnpm-config and the store. Names must now be valid npm package names and versions must be exact semver versions; the same validation is applied to optional subdependencies of config dependencies, and to the legacy workspace-manifest format before any lockfile is written. See GHSA-qrv3-253h-g69c.

• 96bdd57: Fix link: workspace protocol switching to file: after pnpm rm is run from inside a workspace package whose target workspace dependency has its own dependencies, when injectWorkspacePackages: true is set. Follow-up to #​10575, which fixed the same symptom for workspace packages without dependencies.

• 302a2f7: No longer warn about using both packageManager and devEngines.packageManager when the two fields pin the same package manager at the same version with the same integrity hash (e.g. both pnpm@11.5.1+sha512.…). Previously the hash was stripped from the legacy packageManager field but not from devEngines.packageManager, so even identical specifications looked like a mismatch #​12028.

  The warning still fires on any genuine divergence, and several cases now state the specific reason instead of a single generic message: a different package manager, a different version, or contradictory integrity hashes for the same version.

• 3f0fb21: Fixed the progress line showing leftover characters from external processes that write to the terminal between progress updates (e.g. an SSH passphrase prompt would leave a fragment like added 0sa':). The interactive reporter now redraws each frame in place, erasing to the end of the display before reprinting, so any such remnants are cleared #​12350.

• 564619f: Fixed pnpm approve-builds reporting "no packages awaiting approval" when a build-script dependency whose approval was revoked (e.g. after git stash drops the allowBuilds from pnpm-workspace.yaml) is re-added. The revoked packages are now correctly recorded in .modules.yaml so approve-builds can find them. #​12221

• 3d1fd20: Skip the redundant "target bin directory already contains an exe called node" warning on Windows when the existing node.exe already matches the target (same hard link or identical content) pnpm/pnpm#12203.

• 1b02b47: Fix macOS Gatekeeper blocking native binaries (.node, .dylib, .so) by removing the com.apple.quarantine extended attribute after importing them from the store.

  When pnpm imports files from its content-addressable store into node_modules, macOS preserves extended attributes, including com.apple.quarantine. If this xattr is present on a store blob (e.g. it was first written under a Gatekeeper-enabled app such as a Git client), it propagates to node_modules, and Gatekeeper blocks the native binary from loading even though pnpm already verified the file's integrity against the lockfile.

  After importing a package, pnpm now strips com.apple.quarantine from its native binaries, matching Homebrew's behaviour of dropping quarantine from verified downloads. The cleanup is macOS-only, runs in a single batched xattr call per package, is restricted to native binaries (other files are untouched), and is non-fatal (it logs a warning on unexpected errors).

  Fixes #​11056

• 61969fb: Fix pnpm install with optimisticRepeatInstall incorrectly reporting Already up to date when pnpm-lock.yaml changed but project manifests did not. This affected workflows such as checking out or restoring only the lockfile #​12100.

  Also fixes checkDepsStatus to use the correct lockfile path when useGitBranchLockfile is enabled, so the optimistic fast-path and lockfile modification detection work with pnpm-lock.<branch>.yaml files instead of always stat'ing pnpm-lock.yaml. Merge-conflict detection now reads the resolved lockfile name as well, and with mergeGitBranchLockfiles enabled every pnpm-lock.*.yaml is scanned for modifications and conflicts. The git branch is now resolved by reading .git/HEAD directly (no process spawn) and uses the workspace directory rather than process.cwd().

• 5c12968: Fix recursive updates of transitive dependencies when the update command mixes transitive dependency patterns with direct dependency selectors. For example, pnpm up -r "@​babel/core" uuid now updates matching transitive @babel/core dependencies even when uuid is a direct dependency selector #​12103.

• 9d79ba1: Register the pnpm update --no-save flag in the CLI help and option parser.

• 0474a9c: Fixed pnpm import for Yarn v2 lockfiles when js-yaml v4 is installed.

• 9e0c375: Fixed pnpm install repeatedly prompting to remove and reinstall node_modules in a workspace package when enableGlobalVirtualStore is enabled. The post-install build step recorded a per-project node_modules/.pnpm virtual store directory in node_modules/.modules.yaml, overwriting the global <storeDir>/links value the install step had written. The next install then detected a virtual-store mismatch (ERR_PNPM_UNEXPECTED_VIRTUAL_STORE). The build step now derives the same global virtual store directory as the install step #​12307.

• 223d060: Document the --cpu, --os and --libc flags in the output of pnpm install --help. These flags were already supported but were only documented on the website #​12359.

• e85aea2: Avoid reading README.md from disk when publishing if the publish manifest already provides a readme field. The README is now only read lazily, inside createExportableManifest, when it is actually needed.

• 3188ae7: Fixed pnpm peers check to accept loose peer dependency ranges such as >=3.16.0 || >=4.0.0- when the installed peer version satisfies the range #​12149.

• 531f2a3: Fixed pnpm update rewriting a workspace: dependency that points at a local path (e.g. workspace:../packages/foo/dist) into a normalized link: or version-range specifier. Such specifiers are now preserved verbatim when the workspace protocol is preserved #​3902.

• fe66535: Fixed a lockfile non-convergence bug where an incremental install kept a duplicate transitive dependency that a fresh install would not produce. When a package is reused from the lockfile, its child edges are taken verbatim and bypass the preferred-versions walk, so a transitive dependency could stay pinned to an older version even after a direct dependency resolved to a higher version that satisfies the same range. The resolver now refreshes such a stale pin to the higher direct-dependency version during resolution — so the older version is never resolved or fetched, and the incremental result converges to the fresh one.

• 6d35338: pnpm install detects changes inside local file dependencies again. The optimistic repeat-install fast path only tracks manifest and lockfile modification times, so edits inside a local dependency's directory (or a repacked local tarball) were reported as "Already up to date". Projects with local file dependencies (file: and bare local path or tarball specifiers, declared directly or through pnpm.overrides) now always run a full install, which refetches those dependencies, matching pnpm v10 behavior #​11795.

• 4ca9247: Preserve the existing Node.js runtime version prefix when resolving node@runtime:<range> to a concrete version.

• 30c7590: Create shorter CAFS temporary package directories to leave room for lifecycle scripts that create IPC socket paths under TMPDIR.

• 13815ad: Reporter output (warnings, progress) for pnpm store and pnpm config subcommands now goes to stderr instead of stdout. This fixes scripts that capture their stdout (e.g. PNPM_STORE=$(pnpm store path), pnpm config list --json | jq) from getting warnings mixed into the result.

• 1c05876: Avoid relinking unchanged child dependencies and remove stale child links during warm installs.

• 817f99d: Fixed lockfile churn where a package's transitivePeerDependencies could be dropped (and shift between packages) when the package participates in a dependency cycle. A cycle re-entry resolves against truncated children, so it must not be cached as "pure"; otherwise sibling occurrences of the same package short-circuit and lose transitive peers depending on traversal order #​5108.

• eba03e0: Fix pnpm install reporting "Already up to date" after a catalog entry in pnpm-workspace.yaml was reverted to a previous version. After an update modified a catalog, the workspace state cache stored the pre-update catalog versions, so reverting the entry back to its original version was not detected as an outdated state #​12418.

• 3b54d79: pnpm update now keeps lockfile overrides that resolve through a catalog in sync with the catalog. Previously, when an override referenced a catalog (e.g. overrides: { foo: 'catalog:' }) and pnpm update bumped that catalog entry, the lockfile's catalogs advanced while the resolved overrides kept the old version. The resulting lockfile was internally inconsistent, so a later pnpm install --frozen-lockfile failed with ERR_PNPM_LOCKFILE_CONFIG_MISMATCH.

• 9d0a300: Fixed pnpm version --recursive so it honors the workspace selection. In recursive mode the version bump now applies to the packages resolved from the workspace filter (selectedProjectsGraph), matching the behavior of pnpm publish --recursive, instead of always bumping every workspace package #​11348.

typescript-eslint/typescript-eslint (typescript-eslint)

v8.61.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.