chore(deps): update dependency vite to v7.1.11 [security]#1296
Merged
renovate[bot] merged 1 commit intomainfrom Oct 21, 2025
Merged
chore(deps): update dependency vite to v7.1.11 [security]#1296renovate[bot] merged 1 commit intomainfrom
renovate[bot] merged 1 commit intomainfrom
Conversation
simonknittel
added a commit
to simonknittel/sam
that referenced
this pull request
Jan 27, 2026
This PR contains the following updates: | Package | Change | Age | Confidence | Type | Update | Pending | |---|---|---|---|---|---|---| | [@aws-sdk/client-dynamodb](https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-dynamodb) ([source](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-dynamodb)) | [`3.968.0` -> `3.971.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-dynamodb/3.968.0/3.971.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `3.975.0` (+2) | | [@aws-sdk/client-eventbridge](https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-eventbridge) ([source](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-eventbridge)) | [`3.968.0` -> `3.971.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-eventbridge/3.968.0/3.971.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `3.975.0` (+2) | | [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.968.0` -> `3.971.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.968.0/3.971.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `3.975.0` (+2) | | [@aws-sdk/client-ssm](https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-ssm) ([source](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ssm)) | [`3.968.0` -> `3.971.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-ssm/3.968.0/3.971.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `3.975.0` (+2) | | [@aws-sdk/s3-request-presigner](https://github.com/aws/aws-sdk-js-v3/tree/main/packages/s3-request-presigner) ([source](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/s3-request-presigner)) | [`3.968.0` -> `3.971.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fs3-request-presigner/3.968.0/3.971.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `3.975.0` (+2) | | [@paralleldrive/cuid2](https://github.com/ericelliott/cuid2) | [`3.0.6` -> `3.1.0`](https://renovatebot.com/diffs/npm/@paralleldrive%2fcuid2/3.0.6/3.1.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | `3.3.0` (+1) | | [@tanstack/eslint-plugin-query](https://tanstack.com/query) ([source](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query)) | [`5.91.2` -> `5.91.3`](https://renovatebot.com/diffs/npm/@tanstack%2feslint-plugin-query/5.91.2/5.91.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [@tanstack/react-query](https://tanstack.com/query) ([source](https://github.com/TanStack/query/tree/HEAD/packages/react-query)) | [`5.90.16` -> `5.90.19`](https://renovatebot.com/diffs/npm/@tanstack%2freact-query/5.90.16/5.90.19) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | `5.90.20` | | [@types/aws-lambda](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/aws-lambda) ([source](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/aws-lambda)) | [`8.10.159` -> `8.10.160`](https://renovatebot.com/diffs/npm/@types%2faws-lambda/8.10.159/8.10.160) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`22.19.6` -> `22.19.7`](https://renovatebot.com/diffs/npm/@types%2fnode/22.19.6/22.19.7) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | | [@typescript-eslint/eslint-plugin](https://typescript-eslint.io/packages/eslint-plugin) ([source](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin)) | [`8.53.0` -> `8.53.1`](https://renovatebot.com/diffs/npm/@typescript-eslint%2feslint-plugin/8.53.0/8.53.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | `8.54.0` | | [@typescript-eslint/parser](https://typescript-eslint.io/packages/parser) ([source](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)) | [`8.53.0` -> `8.53.1`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.53.0/8.53.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | `8.54.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `v6.1.0` -> `v6.2.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | minor | | | [eslint-config-next](https://nextjs.org/docs/app/api-reference/config/eslint) ([source](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)) | [`16.1.1` -> `16.1.4`](https://renovatebot.com/diffs/npm/eslint-config-next/16.1.1/16.1.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | `16.1.5` | | [next](https://nextjs.org) ([source](https://github.com/vercel/next.js)) | [`16.1.1` -> `16.1.4`](https://renovatebot.com/diffs/npm/next/16.1.1/16.1.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | `16.1.5` | | [node](https://github.com/nodejs/node) | `22.21.1-bookworm` -> `22.22.0-bookworm` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | final | minor | | | [oven-sh/setup-bun](https://github.com/oven-sh/setup-bun) | `v2.1.0` -> `v2.1.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | | [prettier](https://prettier.io) ([source](https://github.com/prettier/prettier)) | [`3.7.4` -> `3.8.0`](https://renovatebot.com/diffs/npm/prettier/3.7.4/3.8.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | `3.8.1` | | [react-error-boundary](https://react-error-boundary-lib.vercel.app/) ([source](https://github.com/bvaughn/react-error-boundary)) | [`6.0.3` -> `6.1.0`](https://renovatebot.com/diffs/npm/react-error-boundary/6.0.3/6.1.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | | [react-hotkeys-hook](https://react-hotkeys-hook.vercel.app/) ([source](https://github.com/JohannesKlauss/react-keymap-hook)) | [`5.2.1` -> `5.2.3`](https://renovatebot.com/diffs/npm/react-hotkeys-hook/5.2.1/5.2.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | patch | | --- ### Release Notes <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-dynamodb)</summary> ### [`v3.971.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-dynamodb/CHANGELOG.md#39710-2026-01-16) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.970.0...v3.971.0) **Note:** Version bump only for package [@​aws-sdk/client-dynamodb](https://github.com/aws-sdk/client-dynamodb) ### [`v3.970.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-dynamodb/CHANGELOG.md#39700-2026-01-15) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.969.0...v3.970.0) **Note:** Version bump only for package [@​aws-sdk/client-dynamodb](https://github.com/aws-sdk/client-dynamodb) ### [`v3.969.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-dynamodb/CHANGELOG.md#39690-2026-01-14) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.968.0...v3.969.0) **Note:** Version bump only for package [@​aws-sdk/client-dynamodb](https://github.com/aws-sdk/client-dynamodb) </details> <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-eventbridge)</summary> ### [`v3.971.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-eventbridge/CHANGELOG.md#39710-2026-01-16) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.970.0...v3.971.0) **Note:** Version bump only for package [@​aws-sdk/client-eventbridge](https://github.com/aws-sdk/client-eventbridge) ### [`v3.970.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-eventbridge/CHANGELOG.md#39700-2026-01-15) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.969.0...v3.970.0) **Note:** Version bump only for package [@​aws-sdk/client-eventbridge](https://github.com/aws-sdk/client-eventbridge) ### [`v3.969.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-eventbridge/CHANGELOG.md#39690-2026-01-14) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.968.0...v3.969.0) **Note:** Version bump only for package [@​aws-sdk/client-eventbridge](https://github.com/aws-sdk/client-eventbridge) </details> <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary> ### [`v3.971.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#39710-2026-01-16) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.970.0...v3.971.0) **Note:** Version bump only for package [@​aws-sdk/client-s3](https://github.com/aws-sdk/client-s3) ### [`v3.970.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#39700-2026-01-15) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.969.0...v3.970.0) **Note:** Version bump only for package [@​aws-sdk/client-s3](https://github.com/aws-sdk/client-s3) ### [`v3.969.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#39690-2026-01-14) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.968.0...v3.969.0) **Note:** Version bump only for package [@​aws-sdk/client-s3](https://github.com/aws-sdk/client-s3) </details> <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-ssm)</summary> ### [`v3.971.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-ssm/CHANGELOG.md#39710-2026-01-16) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.970.0...v3.971.0) **Note:** Version bump only for package [@​aws-sdk/client-ssm](https://github.com/aws-sdk/client-ssm) ### [`v3.970.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-ssm/CHANGELOG.md#39700-2026-01-15) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.969.0...v3.970.0) **Note:** Version bump only for package [@​aws-sdk/client-ssm](https://github.com/aws-sdk/client-ssm) ### [`v3.969.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-ssm/CHANGELOG.md#39690-2026-01-14) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.968.0...v3.969.0) **Note:** Version bump only for package [@​aws-sdk/client-ssm](https://github.com/aws-sdk/client-ssm) </details> <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/s3-request-presigner)</summary> ### [`v3.971.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/packages/s3-request-presigner/CHANGELOG.md#39710-2026-01-16) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.970.0...v3.971.0) **Note:** Version bump only for package [@​aws-sdk/s3-request-presigner](https://github.com/aws-sdk/s3-request-presigner) ### [`v3.970.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/packages/s3-request-presigner/CHANGELOG.md#39700-2026-01-15) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.969.0...v3.970.0) **Note:** Version bump only for package [@​aws-sdk/s3-request-presigner](https://github.com/aws-sdk/s3-request-presigner) ### [`v3.969.0`](https://github.com/aws/aws-sdk-js-v3/blob/HEAD/packages/s3-request-presigner/CHANGELOG.md#39690-2026-01-14) [Compare Source](https://github.com/aws/aws-sdk-js-v3/compare/v3.968.0...v3.969.0) **Note:** Version bump only for package [@​aws-sdk/s3-request-presigner](https://github.com/aws-sdk/s3-request-presigner) </details> <details> <summary>ericelliott/cuid2 (@​paralleldrive/cuid2)</summary> ### [`v3.1.0`](https://github.com/ericelliott/cuid2/compare/v3.0.6...499df75f294e0af2d79ca64f7d896df75857364c) [Compare Source](https://github.com/ericelliott/cuid2/compare/v3.0.6...499df75f294e0af2d79ca64f7d896df75857364c) </details> <details> <summary>TanStack/query (@​tanstack/eslint-plugin-query)</summary> ### [`v5.91.3`](https://github.com/TanStack/query/blob/HEAD/packages/eslint-plugin-query/CHANGELOG.md#5913) [Compare Source](https://github.com/TanStack/query/compare/@tanstack/eslint-plugin-query@5.91.2...@tanstack/eslint-plugin-query@5.91.3) ##### Patch Changes - exhaustive-deps rule fixed for vue files ([#​10011](https://github.com/TanStack/query/pull/10011)) </details> <details> <summary>TanStack/query (@​tanstack/react-query)</summary> ### [`v5.90.19`](https://github.com/TanStack/query/blob/HEAD/packages/react-query/CHANGELOG.md#59019) [Compare Source](https://github.com/TanStack/query/compare/@tanstack/react-query@5.90.18...@tanstack/react-query@5.90.19) ##### Patch Changes - Updated dependencies \[[`53fc74e`](https://github.com/TanStack/query/commit/53fc74ebb16730bd3317f039a69c6821386bae93)]: - [@​tanstack/query-core](https://github.com/tanstack/query-core)@​5.90.19 ### [`v5.90.18`](https://github.com/TanStack/query/blob/HEAD/packages/react-query/CHANGELOG.md#59018) [Compare Source](https://github.com/TanStack/query/compare/@tanstack/react-query@5.90.17...@tanstack/react-query@5.90.18) ##### Patch Changes - Updated dependencies \[[`dea1614`](https://github.com/TanStack/query/commit/dea1614aaad5c572cf43cea54b64ac09dc4d5b41)]: - [@​tanstack/query-core](https://github.com/tanstack/query-core)@​5.90.18 ### [`v5.90.17`](https://github.com/TanStack/query/blob/HEAD/packages/react-query/CHANGELOG.md#59017) [Compare Source](https://github.com/TanStack/query/compare/@tanstack/react-query@5.90.16...@tanstack/react-query@5.90.17) ##### Patch Changes - Updated dependencies \[[`269351b`](https://github.com/TanStack/query/commit/269351b8ce4b4846da3d320ac5b850ee6aada0d6)]: - [@​tanstack/query-core](https://github.com/tanstack/query-core)@​5.90.17 </details> <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)</summary> ### [`v8.53.1`](https://github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#8531-2026-01-19) [Compare Source](https://github.com/typescript-eslint/typescript-eslint/compare/v8.53.0...v8.53.1) ##### 🩹 Fixes - **utils:** make RuleCreator root defaultOptions optional ([#​11956](https://github.com/typescript-eslint/typescript-eslint/pull/11956)) - **eslint-plugin:** \[consistent-indexed-object-style] skip fixer if interface is a default export ([#​11951](https://github.com/typescript-eslint/typescript-eslint/pull/11951)) ##### ❤️ Thank You - Cameron - Yukihiro Hasegawa [@​y-hsgw](https://github.com/y-hsgw) You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/parser)</summary> ### [`v8.53.1`](https://github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8531-2026-01-19) [Compare Source](https://github.com/typescript-eslint/typescript-eslint/compare/v8.53.0...v8.53.1) This was a version bump only for parser to align it with other projects, there were no code changes. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v6.2.0`](https://github.com/actions/setup-node/releases/tag/v6.2.0) [Compare Source](https://github.com/actions/setup-node/compare/v6.1.0...v6.2.0) ##### What's Changed ##### Documentation - Documentation update related to absence of Lockfile by [@​mahabaleshwars](https://github.com/mahabaleshwars) in [#​1454](https://github.com/actions/setup-node/pull/1454) - Correct mirror option typos by [@​MikeMcC399](https://github.com/MikeMcC399) in [#​1442](https://github.com/actions/setup-node/pull/1442) - Readme update on checkout version v6 by [@​deining](https://github.com/deining) in [#​1446](https://github.com/actions/setup-node/pull/1446) - Readme typo fixes [@​munyari](https://github.com/munyari) in [#​1226](https://github.com/actions/setup-node/pull/1226) - Advanced document update on checkout version v6 by [@​aparnajyothi-y](https://github.com/aparnajyothi-y) in [#​1468](https://github.com/actions/setup-node/pull/1468) ##### Dependency updates: - Upgrade [@​actions/cache](https://github.com/actions/cache) to v5.0.1 by [@​salmanmkc](https://github.com/salmanmkc) in [#​1449](https://github.com/actions/setup-node/pull/1449) ##### New Contributors - [@​mahabaleshwars](https://github.com/mahabaleshwars) made their first contribution in [#​1454](https://github.com/actions/setup-node/pull/1454) - [@​MikeMcC399](https://github.com/MikeMcC399) made their first contribution in [#​1442](https://github.com/actions/setup-node/pull/1442) - [@​deining](https://github.com/deining) made their first contribution in [#​1446](https://github.com/actions/setup-node/pull/1446) - [@​munyari](https://github.com/munyari) made their first contribution in [#​1226](https://github.com/actions/setup-node/pull/1226) **Full Changelog**: <actions/setup-node@v6...v6.2.0> </details> <details> <summary>vercel/next.js (eslint-config-next)</summary> ### [`v16.1.4`](https://github.com/vercel/next.js/releases/tag/v16.1.4) [Compare Source](https://github.com/vercel/next.js/compare/v16.1.3...v16.1.4) > \[!NOTE] > This release is backporting bug fixes. It does **not** include all pending features/changes on canary. ##### Core Changes - Only filter next config if experimental flag is enabled ([#​88733](https://github.com/vercel/next.js/issues/88733)) ##### Credits Huge thanks to [@​mischnic](https://github.com/mischnic) for helping! ### [`v16.1.3`](https://github.com/vercel/next.js/releases/tag/v16.1.3) [Compare Source](https://github.com/vercel/next.js/compare/v16.1.2...v16.1.3) > \[!NOTE] > This release is backporting bug fixes. It does **not** include all pending features/changes on canary. ##### Core Changes - Fix linked list bug in LRU deleteFromLru ([#​88652](https://github.com/vercel/next.js/issues/88652)) - Fix relative same host redirects in node middleware ([#​88253](https://github.com/vercel/next.js/issues/88253)) ##### Credits Huge thanks to [@​acdlite](https://github.com/acdlite) and [@​ijjk](https://github.com/ijjk) for helping! ### [`v16.1.2`](https://github.com/vercel/next.js/releases/tag/v16.1.2) [Compare Source](https://github.com/vercel/next.js/compare/v16.1.1...v16.1.2) > \[!NOTE] > This release is backporting bug fixes. It does **not** include all pending features/changes on canary. ##### Core Changes - Turbopack: Update to swc\_core v50.2.3 ([#​87841](https://github.com/vercel/next.js/issues/87841)) ([#​88296](https://github.com/vercel/next.js/issues/88296)) - Fixes a crash when processing mdx files with multibyte characters. ([#​87713](https://github.com/vercel/next.js/issues/87713)) - Turbopack: [mimalloc](https://microsoft.github.io/mimalloc/) upgrade and enabling it on musl ([#​88503](https://github.com/vercel/next.js/issues/88503)) ([#​87815](https://github.com/vercel/next.js/issues/87815)) ([#​88426](https://github.com/vercel/next.js/issues/88426)) - Fixes [a significant performance issue](https://github.com/vercel/next.js/pull/88426) on musl-based Linux distributions (e.g. Alpine in Docker) related to musl's allocator. - Other platforms have always used mimalloc, but we previously did not use mimalloc on musl because of compilation issues that have since been resolved. ##### Credits Huge thanks to [@​mischnic](https://github.com/mischnic) for helping! </details> <details> <summary>nodejs/node (node)</summary> ### [`v22.22.0`](https://github.com/nodejs/node/releases/tag/v22.22.0): 2026-01-13, Version 22.22.0 'Jod' (LTS), @​marco-ippolito [Compare Source](https://github.com/nodejs/node/compare/v22.21.1...v22.22.0) This is a security release. ##### Notable Changes lib: - (CVE-2025-59465) add TLSSocket default error handler - (CVE-2025-55132) disable futimes when permission model is enabled lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs src: - (CVE-2025-59466) rethrow stack overflow exceptions in async\_hooks src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle tls: - (CVE-2026-21637) route callback exceptions through error handlers ##### Commits - \[[`6badf4e6f4`](https://github.com/nodejs/node/commit/6badf4e6f4)] - **deps**: update c-ares to v1.34.6 (Node.js GitHub Bot) [#​60997](https://github.com/nodejs/node/pull/60997) - \[[`37509c3ff0`](https://github.com/nodejs/node/commit/37509c3ff0)] - **deps**: update undici to 6.23.0 (Matteo Collina) [nodejs-private/node-private#791](https://github.com/nodejs-private/node-private/pull/791) - \[[`eb8e41f8db`](https://github.com/nodejs/node/commit/eb8e41f8db)] - **(CVE-2025-59465)** **lib**: add TLSSocket default error handler (RafaelGSS) [nodejs-private/node-private#797](https://github.com/nodejs-private/node-private/pull/797) - \[[`ebbf942a83`](https://github.com/nodejs/node/commit/ebbf942a83)] - **(CVE-2025-55132)** **lib**: disable futimes when permission model is enabled (RafaelGSS) [nodejs-private/node-private#748](https://github.com/nodejs-private/node-private/pull/748) - \[[`6b4849583a`](https://github.com/nodejs/node/commit/6b4849583a)] - **(CVE-2025-55130)** **lib,permission**: require full read and write to symlink APIs (RafaelGSS) [nodejs-private/node-private#760](https://github.com/nodejs-private/node-private/pull/760) - \[[`ddadc31f09`](https://github.com/nodejs/node/commit/ddadc31f09)] - **(CVE-2025-59466)** **src**: rethrow stack overflow exceptions in async\_hooks (Matteo Collina) [nodejs-private/node-private#773](https://github.com/nodejs-private/node-private/pull/773) - \[[`d4d9f3915f`](https://github.com/nodejs/node/commit/d4d9f3915f)] - **(CVE-2025-55131)** **src,lib**: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) [nodejs-private/node-private#759](https://github.com/nodejs-private/node-private/pull/759) - \[[`25d6799df6`](https://github.com/nodejs/node/commit/25d6799df6)] - **(CVE-2026-21637)** **tls**: route callback exceptions through error handlers (Matteo Collina) [nodejs-private/node-private#796](https://github.com/nodejs-private/node-private/pull/796) </details> <details> <summary>oven-sh/setup-bun (oven-sh/setup-bun)</summary> ### [`v2.1.2`](https://github.com/oven-sh/setup-bun/releases/tag/v2.1.2) [Compare Source](https://github.com/oven-sh/setup-bun/compare/v2.1.1...v2.1.2) `oven-sh/setup-bun` is the github action for setting up Bun. #### What's Changed - fix: default token only on public github instance by [@​xhyrom](https://github.com/xhyrom) in [#​157](https://github.com/oven-sh/setup-bun/pull/157) **Full Changelog**: <oven-sh/setup-bun@v2...v2.1.2> ### [`v2.1.1`](https://github.com/oven-sh/setup-bun/releases/tag/v2.1.1) [Compare Source](https://github.com/oven-sh/setup-bun/compare/v2.1.0...v2.1.1) `oven-sh/setup-bun` is the github action for setting up Bun. #### What's Changed - feat: implement wildcard resolution into the action by [@​xhyrom](https://github.com/xhyrom) in [#​93](https://github.com/oven-sh/setup-bun/pull/93) - feat: fallback arm64 to x64 architecture for win32 platform by [@​xhyrom](https://github.com/xhyrom) in [#​131](https://github.com/oven-sh/setup-bun/pull/131) - feat: use packageManager from package.json as default bun version by [@​xhyrom](https://github.com/xhyrom) in [#​152](https://github.com/oven-sh/setup-bun/pull/152) - bump the `form-data` dependency to version v4.0.5 due to <GHSA-fjxv-7rqg-78g4> by [@​Jarred-Sumner](https://github.com/Jarred-Sumner) **Full Changelog**: <oven-sh/setup-bun@v2.1.0...v2.1.1> </details> <details> <summary>prettier/prettier (prettier)</summary> ### [`v3.8.0`](https://github.com/prettier/prettier/blob/HEAD/CHANGELOG.md#380) [Compare Source](https://github.com/prettier/prettier/compare/3.7.4...3.8.0) [diff](https://github.com/prettier/prettier/compare/3.7.4...3.8.0) 🔗 [Release Notes](https://prettier.io/blog/2026/01/14/3.8.0) </details> <details> <summary>bvaughn/react-error-boundary (react-error-boundary)</summary> ### [`v6.1.0`](https://github.com/bvaughn/react-error-boundary/releases/tag/6.1.0) [Compare Source](https://github.com/bvaughn/react-error-boundary/compare/6.0.3...6.1.0) - [#​235](https://github.com/bvaughn/react-error-boundary/issues/235): Fix error type (`Error` -> `unknown`) - Export `getErrorMessage` helper method </details> <details> <summary>JohannesKlauss/react-keymap-hook (react-hotkeys-hook)</summary> ### [`v5.2.3`](https://github.com/JohannesKlauss/react-hotkeys-hook/releases/tag/v5.2.3) [Compare Source](https://github.com/JohannesKlauss/react-keymap-hook/compare/8c0f32cd3f1d5b24fc93e603235ca9490df10b44...v5.2.3) #### What's Changed - chore(deps): update dependency vite to v7.1.11 \[security] by [@​renovate](https://github.com/renovate)\[bot] in [JohannesKlauss/react-hotkeys-hook#1296](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1296) - feat: add metadata support for hotkeys by [@​pkulcsarnr](https://github.com/pkulcsarnr) in [JohannesKlauss/react-hotkeys-hook#1299](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1299) - chore(deps): update dependency vitest to v4 by [@​renovate](https://github.com/renovate)\[bot] in [JohannesKlauss/react-hotkeys-hook#1307](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1307) - chore(deps): update actions/setup-node action to v6 by [@​renovate](https://github.com/renovate)\[bot] in [JohannesKlauss/react-hotkeys-hook#1306](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1306) - chore(deps): update actions/checkout action to v6 by [@​renovate](https://github.com/renovate)\[bot] in [JohannesKlauss/react-hotkeys-hook#1305](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1305) - fix(deps): update all non-major dependencies by [@​renovate](https://github.com/renovate)\[bot] in [JohannesKlauss/react-hotkeys-hook#1304](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1304) - Try to prevent events firing incorrectly when using `useKey: true` by [@​matiastucci](https://github.com/matiastucci) in [JohannesKlauss/react-hotkeys-hook#1275](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1275) #### New Contributors - [@​pkulcsarnr](https://github.com/pkulcsarnr) made their first contribution in [JohannesKlauss/react-hotkeys-hook#1299](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1299) - [@​matiastucci](https://github.com/matiastucci) made their first contribution in [JohannesKlauss/react-hotkeys-hook#1275](https://github.com/JohannesKlauss/react-hotkeys-hook/pull/1275) **Full Changelog**: <JohannesKlauss/react-hotkeys-hook@v5.2.1...v5.2.3> ### [`v5.2.2`](https://github.com/JohannesKlauss/react-keymap-hook/compare/v5.2.1...8c0f32cd3f1d5b24fc93e603235ca9490df10b44) [Compare Source](https://github.com/JohannesKlauss/react-keymap-hook/compare/v5.2.1...8c0f32cd3f1d5b24fc93e603235ca9490df10b44) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCIsImxhYmVscyI6W119--> Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.1.9->7.1.11GitHub Vulnerability Alerts
CVE-2025-62522
Summary
Files denied by
server.fs.denywere sent if the URL ended with\when the dev server is running on Windows.Impact
Only apps that match the following conditions are affected:
server.hostconfig option)Details
server.fs.denycan contain patterns matching against files (by default it includes.env,.env.*,*.{crt,pem}as such patterns). These patterns were able to bypass by using a back slash(\). The root cause is thatfs.readFile('/foo.png/')loads/foo.png.PoC
Release Notes
vitejs/vite (vite)
v7.1.11Compare Source
Bug Fixes
server.fs.denycheck (#20968) (f479cc5)Miscellaneous Chores
Code Refactoring
Build System
v7.1.10Compare Source
Bug Fixes
//(#20760) (b95fa2a)fileToBuiltUrl(#20898) (73b6d24)Documentation
WebSocketspelling (#20890) (29e98dc)Miscellaneous Chores
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.