Skip to content

chore(deps): update npm non-major updates#24

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-non-major-updates
Open

chore(deps): update npm non-major updates#24
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-non-major-updates

Conversation

@renovate

@renovate renovate Bot commented Feb 7, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@cap-js/cds-types (source) ^0.15.0^0.18.0 age confidence
@sap/cds 9.7.09.9.2 age confidence
@vitest/coverage-v8 (source) 3.2.43.2.6 age confidence
@vitest/eslint-plugin 1.6.61.6.20 age confidence
eslint (source) 9.39.29.39.4 age confidence
eslint-plugin-prettier 5.5.55.5.6 age confidence
typescript-eslint (source) 8.54.08.62.1 age confidence
zod (source) 4.3.64.4.3 age confidence

Release Notes

cap-js/cds-types (@​cap-js/cds-types)

v0.18.0

Compare Source

Added
Changed
  • Installing @cap-js/cds-types no longer executes a postinstall script that creates a symlink in node_modules/@​types. Instead, use a paths entry in your tsconfig.json. This entry can be created by running cds add typescript in your project.
Deprecated
Removed
Fixed
Security

v0.17.0

Compare Source

Added
  • Types for nested .where and .having predicates
  • Passing events generated by cds-typer into service.on now offers code completion for the event's properties in the handler
  • Allow all events that can be used in service.on to be used in service.once as well
Changed
  • ResultHandler now returns unknown instead of void, to accommodate asynchronous functions when having @typescript-eslint/strict-void-return activated
  • Documentation for cds.test.axios mentioning that @cap-js/cds-test@1 now returns an axios facade in absence of axios.
  • made cds.context.locale optional
  • cds.tx(ƒ) now returns the return type of ƒ
Deprecated
  • cds.test.chai, cds.test.assert pointing to either cds.test.expect or a custom import of chai.
  • cds.test.axios in favor of cds.test.defaults
Removed
Fixed
Security

v0.16.0

Compare Source

Added
  • Added Request.messages, Request.errors and Request.results
  • Types for SELECT.stream()
  • service.actions
Changed
Deprecated
  • service.operations
  • Undocumented service.entities(), service.events(), service.types(), and service.operations()
Removed
Fixed
  • Types for req.error() et al.
  • Types for cds.error()
  • Type for cds.middlewares.before
Security
vitest-dev/vitest (@​vitest/coverage-v8)

v3.2.6

Compare Source

v3.2.5

Compare Source

vitest-dev/eslint-plugin-vitest (@​vitest/eslint-plugin)

v1.6.20

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v1.6.19

Compare Source

No significant changes

    View changes on GitHub

v1.6.18

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v1.6.17

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v1.6.16

Compare Source

   🚀 Features
    View changes on GitHub

v1.6.15

Compare Source

What's Changed

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.6.14...v1.6.15

v1.6.14

Compare Source

What's Changed

New Contributors

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.6.13...v1.6.14

v1.6.13

Compare Source

   🚀 Features
    View changes on GitHub

v1.6.12

Compare Source

    View changes on GitHub

What's Changed

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.6.11...v1.6.12

v1.6.11

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v1.6.10

Compare Source

   🚀 Features
    View changes on GitHub

v1.6.9

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v1.6.8

Compare Source

No significant changes

    View changes on GitHub

What's Changed

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.6.7...v1.6.8

v1.6.7

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

Documentation

Chores

v9.39.3

Compare Source

Bug Fixes

  • 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

v5.5.6

Compare Source

Patch Changes
typescript-eslint/typescript-eslint (typescript-eslint)

v8.62.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

Compare Source

🚀 Features
  • remove redundant package.json "files" (#​12444)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.4

Compare Source

🩹 Fixes
  • typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#​12340)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.2

Compare Source

🩹 Fixes
  • remove tsbuildinfo cache file from published packages (#​12187)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

Compare Source

🚀 Features
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.0

Compare Source

🚀 Features
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.55.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

colinhacks/zod (zod)

v4.4.3

Compare Source

Commits:

  • 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
  • 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
  • 9195250 docs: remove Mintlify from bronze sponsors (churned)
  • b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 1cab693 fix(v4): restore catch handling for absent object keys (#​5937) (#​5939)
  • c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#​5941)
  • f3c9ec0 4.4.3
  • 1fb56a5 docs: document release procedure in AGENTS.md

v4.4.2

Compare Source

Commits:

  • 0c62df0 Clean up docs navigation and stale labels (#​5901)
  • 20cc794 chore: add security policy and refresh tooling deps
  • 6fbe07b fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#​5791)
  • 4bbed1b Tighten discriminated union option typing
  • bbac3e5 Update PR guidance for agents
  • cf0dc94 Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
  • 292c894 docs: add Zernio gold sponsor
  • 1fc9f31 docs: document codec inversion
  • 1373c85 docs: remove AI disclosure guidance
  • e20d02b chore: ignore triage notes
  • e58ea4d docs: test Zod Mini tab code heights
  • 905761a docs: document preprocess input type narrowing
  • bf64bac chore: tighten test guidance in AGENTS.md
  • 8ec4e73 chore: update play.ts scratch
  • 02c2baf Make z.preprocess defer optionality to inner schema (#​5929)
  • 88015df fix(docs): drop deprecated baseUrl from tsconfig
  • c59d447 4.4.2

v4.4.1

Compare Source

Commits:

  • 481f7be ci: gate release publishing on full test workflow
  • 95ccab4 test(v3): restore optional undefined expectations
  • cede2c6 fix(v4): reject tuple holes before required defaults (#​5900)
  • edd0bf0 release: 4.4.1
  • 180d83d docs: remove Jazz featured sponsor

v4.4.0

Compare Source

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

Tuple defaults now materialize output values correctly

Fixed in #​5661. Tuple parsing now more accurately reflects defaults, optional tails, explicit undefined, and under-filled inputs. The headline behavior is that defaults in tuple positions now properly appear in parsed output.

const schema = z.tuple([
  z.string(),
  z.string().default("fallback"),
]);

schema.parse(["a"]);
// ["a", "fallback"]

Trailing optional elements that are absent still stay absent; they are not filled with undefined.

const schema = z.tuple([
  z.string(),
  z.string().optional(),
]);

schema.parse(["a"]);
// ["a"]

But explicit undefined values supplied by the caller are preserved.

schema.parse(["a", undefined]);
// ["a", undefined]

When optional elements appear before later defaults, the parsed tuple is now dense so array operations behave predictably.

const schema = z.tuple([
  z.string(),
  z.string().optional(),
  z.string().default("fallback"),
]);

schema.parse(["a"]);
// ["a", undefined, "fallback"]

Tuple length errors are also more consistent now. Since z.function() arguments are tuple-shaped, function input errors may look different.

Required object properties with z.undefined()

Fixed in #​5661, with follow-up coverage in 57d80a82. A property whose schema is z.undefined() is now treated as required. The key must be present, but its value may be undefined.

const schema = z.object({
  value: z.undefined(),
});

schema.safeParse({}).success;
// false

schema.safeParse({ value: undefined }).success;
// true

Use .optional() when the key itself may be absent.

const schema = z.object({
  value: z.undefined().optional(),
});

schema.safeParse({}).success;
// true

This also affects related .catch(), .partial(), .default(), and .prefault() combinations that previously relied on missing z.undefined() keys being treated as optional.

Safer .merge() behavior with refinements

Fixed in #​5856. The .merge() method now throws when the receiver has refinements, rather than silently producing ambiguous refinement behavior. Refinements from the second schema are preserved.

const a = z.object({ a: z.string() }).refine((val) => val.a.length > 0);
const b = z.object({ b: z.string() });

a.merge(b);
// throws

Prefer .extend() or .safeExtend() for object composition. The .merge() method is still supported for compatibility, but it is discouraged for new code because its semantics around overlapping keys and refinements are easier to misread.

JSON Schema $defs entries no longer include redundant id

Fixed in #​5759. JSON Schema conversion through z.toJSONSchema() now strips redundant id fields from $defs entries. This is required for correctness in older JSON Schema dialects from before $id was introduced: in those dialects, id changes the resolution scope, so leaving it inside an extracted definition can make references resolve incorrectly. The removed value was redundant because the schema had already been extracted into $defs, so the definition key itself is the identifier. This may affect consumers that were reading those internal id fields directly.

Other JSON Schema fixes in this release:

  • Draft-04/OpenAPI 3.0 min/max intersections: #​5700
  • Recursive lazy schemas with .describe(): #​5797
  • Falsy prefault values emitted as defaults: #​5893
  • CUID pattern output tightened: #​5880
String validators are stricter

Base64 validation now rejects whitespace instead of allowing atob()-style whitespace stripping. Fixed in #​5888.

z.base64().safeParse("Zm9v").success;
// true

z.base64().safeParse("Zm 9v").success;
// false

Other string validator changes:

  • CUID validation through z.cuid() has been tightened, and CUID v1 is now deprecated. Fixed in #​5880.
  • HTTP URL validation through z.httpUrl() now rejects malformed HTTP(S) URLs with a missing slash after the protocol. The underlying URL constructor normalizes inputs like https:/example.com, but Zod now rejects them instead of accepting the repaired URL. Fixed in #​5672, related to #​5284.
z.httpUrl().safeParse("https://example.com").success;
// true

z.httpUrl().safeParse("https:/example.com").success;
// false

z.httpUrl().safeParse("http:/www.apple.com").success;
// false
Union paths are fixed in formatted errors

Two union-related error fixes landed:

  • Nested union paths are now preserved correctly in the output of z.treeifyError() and z.formatError(). Fixed in #​5708 and 60ff3987.
  • Invalid discriminated union errors now include discriminator options and improved messages. Fixed in #​5723. This may affect users snapshotting ZodError output.

Other fixes

Record key transforms now run

Fixed in #​5891. Record schemas now run transforms on record keys.

const schema = z.record(
  z.string().transform((key) => key.toUpperCase()),
  z.number()
);

schema.parse({ foo: 1 });
// { FOO: 1 }

Related record fixes:

  • Key refinement failures now surface as structured invalid_key issues. Fixed in #​5719.
  • Non-enumerable properties are skipped more consistently. Fixed in #​5719.
  • The v3-style single-argument z.record(valueType) form works again. Fixed in 0e960108.
Metadata and input handling in fromJSONSchema()

Schema generation from JSON Schema now applies metadata more consistently across enum, const, not, anyOf, and multi-type schemas. Fixed in #​5758. It also rejects or normalizes more non-JSON-like inputs, including cyclic objects and BigInt. Fixed in 87cf0f93.

Codecs

Codec changes:

  • Encoding through z.discriminatedUnion().encode() now works when the discriminator uses a codec. Fixed in #​5769.
  • Codec inversion was added in #​5770.
const stringToNumber = z.codec(
  z.string(),
  z.number(),
  {
    decode: Number,
    encode: String,
  }
);

const numberToString = z.invertCodec(stringToNumber);
Transform context

Transform callbacks now support ctx.addIssue(). Fixed in #​5699.

Conditional .superRefine() with when

The when option was added for .superRefine(). Added in #​5741, with related abort behavior fixed in #​5681.

Defaults for Map and Set

Defaults for Map and Set are now cloned instead of shared across parses. Fixed in #​5855.

const schema = z.map(z.string(), z.number()).default(new Map());

const a = schema.parse(undefined);
const b = schema.parse(undefined);

a === b;
// false
Empty unions

Empty z.union([]), z.xor([]), and discriminated unions no longer crash at construction time. They construct and fail at parse time. Fixed in #​5869.

Floating-point multiples

Number multipleOf() / step() validation is more accurate for decimal and exponent edge cases. Fixed in #​5687 and #​5793.

Global config and jitless

Configuration fixes:

  • Global configuration is now shared through globalThis, improving behavior across mixed CJS/ESM module instances. Fixed in #​5889.
  • Jitless mode now avoids eval probing when set before first access. Fixed in #​5864.
Prototype pollution hardening

Object catchall paths now skip __proto__ keys. Fixed in #​5898.

Performance improvements

Reduced memory usage from lazy-bound methods

Fixed in #​5897. Classic builder methods are now lazy-bound through a shared internal prototype instead of eagerly attached per schema instance. This significantly reduces per-schema method allocation overhead, especially in codebases that construct many schemas. Detached methods continue to work:

const schema = z.string();
const optional = schema.optional;

optional.call(schema);
// still works
Improved tree-shaking

Implemented in 195e8696 and #​5689. Top-level factory calls are annotated as pure, and generated stub package manifests now include sideEffects: false. This gives bundlers more room to remove unused Zod code.

This is intended as the conclusive fix for a long-standing class of tree-shaking and bundle-size issues, especially in Next.js and Turbopack projects. The most visible symptom was that unused validators and locales could survive bundling even when importing from zod/mini or from a narrow subpath.

Related reports include:

{
  "sideEffects": false
}

Locales

Added or updated locale support:

Locale message text changed in some cases, which may affect snapshots.

Closed issues

The following issues were closed by PRs included in this release:

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Feb 7, 2026
@renovate renovate Bot enabled auto-merge (squash) February 7, 2026 02:13
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch from a71c657 to c6f32c9 Compare February 9, 2026 12:36
@renovate renovate Bot changed the title chore(deps): update dependency @sap/cds to v9.7.1 chore(deps): update npm non-major updates Feb 9, 2026
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 5 times, most recently from 2ace0cf to a40b3e0 Compare February 16, 2026 13:34
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 2 times, most recently from c2df324 to 4f306ca Compare February 20, 2026 14:13
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch from 4f306ca to c5cfbe7 Compare February 23, 2026 19:19
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 6 times, most recently from 1714280 to 5297843 Compare March 10, 2026 14:44
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 4 times, most recently from 5c3c038 to 99bec61 Compare March 16, 2026 18:11
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 5 times, most recently from 3507e73 to c1e2b24 Compare March 26, 2026 13:05
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 2 times, most recently from ab6cea8 to 505b394 Compare March 31, 2026 22:11
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch from 505b394 to 55a2b40 Compare April 8, 2026 05:52
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 3 times, most recently from cee9040 to af4b5f9 Compare April 27, 2026 18:55
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 5 times, most recently from 071b12f to 173fcb3 Compare May 4, 2026 19:37
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 4 times, most recently from d2f1285 to 00cdd31 Compare May 12, 2026 16:29
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 3 times, most recently from 1ab02e0 to d1903b8 Compare May 24, 2026 05:03
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 4 times, most recently from cf24997 to 1ed6b6e Compare June 1, 2026 04:11
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 2 times, most recently from 4944afd to 8badb85 Compare June 8, 2026 18:05
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 3 times, most recently from a3077da to 3e3099c Compare June 10, 2026 07:56
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch 3 times, most recently from d34cea6 to ef22e99 Compare June 22, 2026 19:44
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch from ef22e99 to e966662 Compare June 29, 2026 14:14
@renovate renovate Bot force-pushed the renovate/npm-non-major-updates branch from e966662 to 31e6ff6 Compare June 29, 2026 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants