Update all npm dependencies#929
Merged
Merged
Conversation
slimbuck
approved these changes
Jun 30, 2026
dimitribarbot
added a commit
to dimitribarbot/supersplat
that referenced
this pull request
Jul 2, 2026
Resolve conflicts by adopting upstream's reactive i18n localization (PR playcanvas#927, which removed the free localize()/formatTooltipWithShortcut() helpers) across all fork subsystems: converted ~80 localize() call sites to i18n.t(), using thunk form () => i18n.t() at reactive menu/tooltip sites. Locale files merged (all fork keys kept; upstream's renamed 'panel.view-options' -> Settings + language-selector keys adopted). Kept fork's richer LCC import guard alongside upstream's i18n change. Requires @playcanvas/splat-transform 2.7.1 (upstream dep bump, PR playcanvas#929) which now exports WorkerQueue, used by upstream's inline worker-pool fix (PR playcanvas#930). Verified: npm run lint (clean), npm run build (ok), npm run test (189/189 pass). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.5.1→2.7.18.60.1→8.62.18.60.1→8.62.110.5.0→10.5.29.2.1→9.2.310.4.1→10.6.017.6.0→17.7.026.3.0→26.3.41.46.0→1.49.02.19.2→2.20.28.5.15→8.5.164.61.0→4.62.21.100.0→1.101.0Release Notes
playcanvas/splat-transform (@playcanvas/splat-transform)
v2.7.1Compare Source
What's Changed
Full Changelog: playcanvas/splat-transform@v2.7.0...v2.7.1
v2.7.0Compare Source
What's Changed
Full Changelog: playcanvas/splat-transform@v2.6.0...v2.7.0
v2.6.0Compare Source
What's Changed
New Contributors
Full Changelog: playcanvas/splat-transform@v2.5.2...v2.6.0
v2.5.2Compare Source
What's Changed
Full Changelog: playcanvas/splat-transform@v2.5.1...v2.5.2
typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
v8.62.1Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.62.0Compare Source
🚀 Features
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.61.1Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.61.0Compare Source
🚀 Features
UnaryExpression.prefixto alwaystrue(#12372)❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v8.62.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.62.0Compare Source
🚀 Features
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.61.1Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.61.0Compare Source
This was a version bump only for parser to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
postcss/autoprefixer (autoprefixer)
v10.5.2Compare Source
-webkit-fill-availablebefore-moz-available, so Firefoxwill use
-webkit-version which is closer tostretch.v10.5.1Compare Source
grid-areaspan reset for overriding areas (by @puneetdixit200).open-cli-tools/concurrently (concurrently)
v9.2.3Compare Source
Full Changelog: open-cli-tools/concurrently@v9.2.2...v9.2.3
eslint/eslint (eslint)
v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)v10.5.0Compare Source
Features
5ca8c52feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)b565783feat: report no-with violations at the with keyword (#20971) (Pixel998)2ce032ffeat: report max-lines-per-function violations at function head (#20966) (Pixel998)732cb3efeat: report max-nested-callbacks violations at function head (#20967) (Pixel998)f9c138afeat: report max-depth violations on keywords (#20943) (Pixel998)bdb496cfeat: correct max-depth handling for else-if chains (#20944) (Pixel998)c296873feat: update error loc inmax-statementsto function header (#20907) (Taejin Kim)Documentation
8ae1b5bdocs: Update README (GitHub Actions Bot)ca7eb90docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)f99b47adocs: Update README (GitHub Actions Bot)acf03d4docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)Chores
b18bf58chore: update ecosystem plugins (#20959) (ESLint Bot)c2d1444refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)243b8c5chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)217b2a9test: add unit tests for ParserService (#20949) (Taejin Kim)72003e7test: add location information to error messages inmax-statements(#20945) (lumir)7797c26refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)67c46fachore: update ecosystem plugins (#20938) (ESLint Bot)95d8c7achore: update dependency @eslint/json to v2 (#20934) (renovate[bot])cf9e496chore: update @arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)fb6d396test: run type tests with TypeScript 7 (#20868) (sethamus)sindresorhus/globals (globals)
v17.7.0Compare Source
i18next/i18next (i18next)
v26.3.4Compare Source
deepExtend(used byaddResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with theinoperator, which walks the prototype chain, so a source key matching an inherited built-in (e.g.hasOwnProperty,toString) caused recursion into the sharedObject.prototypefunction and, withoverwrite: true, could overwrite e.g.Object.prototype.hasOwnProperty.callwith a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked withObject.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing__proto__/constructorguard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data withdeep: trueandoverwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages,setPathmechanism). Thanks to zx (Jace) for the responsible disclosure.v26.3.3Compare Source
t($ => $.arr, { returnObjects: true, context })on a JSON array of heterogeneous objects now preserves each element's full shape (e.g.{ transKey1: string; transKey2: string }[]) instead of collapsing to a union of partial element types. Two type-level causes: (1)FilterKeysevaluated the whole array element type at once, sokeyof (A | B)only saw the keys common to every element — it now distributes over the object union and filters each element independently; (2) when TypeScript merges mismatched array element types it injects phantom optionalundefinedkeys (e.g.transKey1_withContext?: undefinedon elements that don't define it), which the context-detection helpers mistook for real context variants — they now skip keys typed asundefined. Also adds a dedicatedcontext+returnObjects: trueselector overload usingconst Fn+ReturnType<Fn>, soTargetis no longer collapsed tounknownviaApplyTarget. Resolves Problem 1 of #2398 (Problem 2 was already fixed on master). Thanks @sauravgupta-dotcom (#2438). Fixes #2398.v26.3.2Compare Source
join(separator: ', ')) now work at any position in the chain, not just first. Previously the comma-in-parens reassembly only repairedformats[0], so{{v, uppercase, join(separator: ', ')}}split thejoin(...)option on the inner comma and never rejoined it, producing corrupt output. Replaced the first-position-only repair with a position-independent pass that re-joins fragments until each open paren closes. Thanks @spokodev (#2437).v26.3.1Compare Source
t()with akeyPrefixno longer pollutes its return type with sibling keys' values. A regression in 26.3.0 — the[Res] extends [never]guards added toKeysBuilderWithReturnObjects/KeysBuilderWithoutReturnObjectsturned the builders into deferred conditional types, soKeyPrefix<Ns>stopped resolving to a literal union andkeyPrefixinference widened to the whole namespace. Symptom:useTranslation(ns, { keyPrefix: 'a.b' })thent('title')would resolve to'<a.b>.title' | '<other.path>.title' | ...instead of just the scoped value. Affected everyreact-i18nextuser usingkeyPrefix. Restored to the eager 26.2.0 form. The same-namespace conflict handling from #2434 still works via_DropConflictKeysat the merge layer (inoptions.d.ts). Thanks @aaronrosenthal (#2436).Vanilagy/mediabunny (mediabunny)
v1.49.0Compare Source
Loggingsingleton that can be used to control the log level of Mediabunny. Great for silencing console output for CLI applications. (#415)console.login range request warning pathv1.48.1Compare Source
v1.48.0Compare Source
InputFormatOptions.hls.offsetTimestampsByDateTime(defaults totrue), allowing you to disable Mediabunny offsetting timestamps by date time metadata found in HLS playlistsInput(#405)v1.47.0Compare Source
AudioSample.trim()for getting a slice of an existing audio sampleprocessin Conversion API being called before other transformations, not after (#403)playcanvas/engine (playcanvas)
v2.20.2Compare Source
Fixes
Full Changelog: playcanvas/engine@v2.20.1...v2.20.2
v2.20.1Compare Source
Fixes
Full Changelog: playcanvas/engine@v2.20.0...v2.20.1
v2.20.0Compare Source
Breaking changes
Changes
Fixes
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.