Skip to content

Update all npm dependencies#929

Merged
slimbuck merged 1 commit into
mainfrom
renovate/all-npm-dependencies
Jun 30, 2026
Merged

Update all npm dependencies#929
slimbuck merged 1 commit into
mainfrom
renovate/all-npm-dependencies

Conversation

@renovate

@renovate renovate Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@playcanvas/splat-transform (source) 2.5.12.7.1 age confidence
@typescript-eslint/eslint-plugin (source) 8.60.18.62.1 age confidence
@typescript-eslint/parser (source) 8.60.18.62.1 age confidence
autoprefixer 10.5.010.5.2 age confidence
concurrently 9.2.19.2.3 age confidence
eslint (source) 10.4.110.6.0 age confidence
globals 17.6.017.7.0 age confidence
i18next (source) 26.3.026.3.4 age confidence
mediabunny (source) 1.46.01.49.0 age confidence
playcanvas (source) 2.19.22.20.2 age confidence
postcss (source) 8.5.158.5.16 age confidence
rollup (source) 4.61.04.62.2 age confidence
sass 1.100.01.101.0 age confidence

Release Notes

playcanvas/splat-transform (@​playcanvas/splat-transform)

v2.7.1

Compare Source

What's Changed

Full Changelog: playcanvas/splat-transform@v2.7.0...v2.7.1

v2.7.0

Compare Source

What's Changed

Full Changelog: playcanvas/splat-transform@v2.6.0...v2.7.0

v2.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: playcanvas/splat-transform@v2.5.2...v2.6.0

v2.5.2

Compare Source

What's Changed

  • Fix GPU decimation on large scenes and stop swallowing GPU failures by @​slimbuck in #​254

Full Changelog: playcanvas/splat-transform@v2.5.1...v2.5.2

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.62.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#​12443, #​12418)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#​12365)
  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#​12328)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

Compare Source

🚀 Features
  • remove redundant package.json "files" (#​12444)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#​12388)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#​12413)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#​12394, #​12393)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#​12281)
  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#​12396, #​10577)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

Compare Source

🚀 Features
  • ast-spec: change type of UnaryExpression.prefix to always true (#​12372)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.62.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

Compare Source

🚀 Features
  • remove redundant package.json "files" (#​12444)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

postcss/autoprefixer (autoprefixer)

v10.5.2

Compare Source

  • Moved -webkit-fill-available before -moz-available, so Firefox
    will use -webkit- version which is closer to stretch.

v10.5.1

Compare Source

open-cli-tools/concurrently (concurrently)

v9.2.3

Compare Source

Full Changelog: open-cli-tools/concurrently@v9.2.2...v9.2.3

eslint/eslint (eslint)

v10.6.0

Compare Source

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#​20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#​20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#​20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#​21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#​21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#​21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#​21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#​21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#​21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#​21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#​20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#​20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#​20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#​20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#​20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#​20983) (lumir)

Chores

v10.5.0

Compare Source

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#​20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#​20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#​20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#​20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#​20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#​20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#​20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#​20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#​20926) (sethamus)

Chores

sindresorhus/globals (globals)

v17.7.0

Compare Source

i18next/i18next (i18next)

v26.3.4

Compare Source

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). Thanks to zx (Jace) for the responsible disclosure.

v26.3.3

Compare Source

  • fix(types): selector t($ => $.arr, { returnObjects: true, context }) on a JSON array of heterogeneous objects now preserves each element's full shape (e.g. { transKey1: string; transKey2: string }[]) instead of collapsing to a union of partial element types. Two type-level causes: (1) FilterKeys evaluated the whole array element type at once, so keyof (A | B) only saw the keys common to every element — it now distributes over the object union and filters each element independently; (2) when TypeScript merges mismatched array element types it injects phantom optional undefined keys (e.g. transKey1_withContext?: undefined on elements that don't define it), which the context-detection helpers mistook for real context variants — they now skip keys typed as undefined. Also adds a dedicated context + returnObjects: true selector overload using const Fn + ReturnType<Fn>, so Target is no longer collapsed to unknown via ApplyTarget. Resolves Problem 1 of #​2398 (Problem 2 was already fixed on master). Thanks @​sauravgupta-dotcom (#​2438). Fixes #​2398.

v26.3.2

Compare Source

  • fix: chained formatters with a parenthesised option that contains the format separator (e.g. join(separator: ', ')) now work at any position in the chain, not just first. Previously the comma-in-parens reassembly only repaired formats[0], so {{v, uppercase, join(separator: ', ')}} split the join(...) option on the inner comma and never rejoined it, producing corrupt output. Replaced the first-position-only repair with a position-independent pass that re-joins fragments until each open paren closes. Thanks @​spokodev (#​2437).

v26.3.1

Compare Source

  • fix(types): t() with a keyPrefix no longer pollutes its return type with sibling keys' values. A regression in 26.3.0 — the [Res] extends [never] guards added to KeysBuilderWithReturnObjects / KeysBuilderWithoutReturnObjects turned the builders into deferred conditional types, so KeyPrefix<Ns> stopped resolving to a literal union and keyPrefix inference widened to the whole namespace. Symptom: useTranslation(ns, { keyPrefix: 'a.b' }) then t('title') would resolve to '<a.b>.title' | '<other.path>.title' | ... instead of just the scoped value. Affected every react-i18next user using keyPrefix. Restored to the eager 26.2.0 form. The same-namespace conflict handling from #​2434 still works via _DropConflictKeys at the merge layer (in options.d.ts). Thanks @​aaronrosenthal (#​2436).
Vanilagy/mediabunny (mediabunny)

v1.49.0

Compare Source

  • Added a new Logging singleton that can be used to control the log level of Mediabunny. Great for silencing console output for CLI applications. (#​415)
  • Added ID3v2 read support for FLAC files (#​417)
  • Removed forgotten console.log in range request warning path

v1.48.1

Compare Source

  • Fixed AVC/HEVC packet segmentation for MPEG-TS when no AUDs are present (#​414)
  • Fixed MPEG-TS metadata reading taking unnecessarily long sometimes

v1.48.0

Compare Source

  • Added InputFormatOptions.hls.offsetTimestampsByDateTime (defaults to true), allowing you to disable Mediabunny offsetting timestamps by date time metadata found in HLS playlists
  • Added the ability to configure decoder preferences like hardware acceleration for each video sink (#​406)
  • Fixed HLS request resolution logic not properly handling redirects
  • Improved error handling after disposing of an Input (#​405)
  • Fixed occassional assertion failures when reading files with high contention (#​404)

v1.47.0

Compare Source

  • Added AudioSample.trim() for getting a slice of an existing audio sample
  • Fixed zero-sample ISOBMFF fragments throwing an error (#​411)
  • Fixed unhandled rejection when disposing invalid input (#​413)
  • Fixed process in Conversion API being called before other transformations, not after (#​403)
playcanvas/engine (playcanvas)

v2.20.2

Compare Source

Fixes

Full Changelog: playcanvas/engine@v2.20.1...v2.20.2

v2.20.1

Compare Source

Fixes

Full Changelog: playcanvas/engine@v2.20.0...v2.20.1

v2.20.0

Compare Source

Breaking changes

Changes

Fixes

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on monday at 10:00am"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@slimbuck slimbuck merged commit 8920e90 into main Jun 30, 2026
2 checks passed
@slimbuck slimbuck deleted the renovate/all-npm-dependencies branch June 30, 2026 08:53
dimitribarbot added a commit to dimitribarbot/supersplat that referenced this pull request Jul 2, 2026
Resolve conflicts by adopting upstream's reactive i18n localization (PR playcanvas#927,
which removed the free localize()/formatTooltipWithShortcut() helpers) across all
fork subsystems: converted ~80 localize() call sites to i18n.t(), using thunk form
() => i18n.t() at reactive menu/tooltip sites. Locale files merged (all fork keys
kept; upstream's renamed 'panel.view-options' -> Settings + language-selector keys
adopted). Kept fork's richer LCC import guard alongside upstream's i18n change.

Requires @playcanvas/splat-transform 2.7.1 (upstream dep bump, PR playcanvas#929) which now
exports WorkerQueue, used by upstream's inline worker-pool fix (PR playcanvas#930).

Verified: npm run lint (clean), npm run build (ok), npm run test (189/189 pass).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant