Update all non-major dependencies

[cnap-tech-renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
@modelcontextprotocol/sdk (source)	devDependencies	minor	1.27.1 → 1.29.0
hono (source)	devDependencies	patch	4.12.5 → 4.12.25
isolated-vm	devDependencies	minor	6.0.2 → 6.1.2
oxlint (source)	devDependencies	minor	1.51.0 → 1.70.0
tsx (source)	devDependencies	minor	4.21.0 → 4.22.4
vitest (source)	devDependencies	patch	4.1.7 → 4.1.9
zod (source)	devDependencies	minor	4.3.6 → 4.4.3

---

Release Notes

modelcontextprotocol/typescript-sdk (@​modelcontextprotocol/sdk)

v1.29.0

Compare Source

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #​1577) by @​felixweinberger in #​1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in #​1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in #​1575
• Add typings exports by @​tdraier in #​1623
• v1.x npm audit fix by @​KKonstantinov in #​1780
• v1.x #​1623 follow up -add missing types to package.json by @​KKonstantinov in #​1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in #​1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in #​1640
• chore: bump version to 1.29.0 by @​felixweinberger in #​1820

New Contributors

• @​tdraier made their first contribution in #​1623
• @​jnMetaCode made their first contribution in #​1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

Compare Source

What's Changed

• feat: use scopes_supported from resource metadata by default (fixes #​580) by @​antogyn in #​757
• [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @​pcarleton in #​1611
• fix: reject plain JSON Schema objects passed as inputSchema by @​tiluckdave in #​1596
• fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @​pcarleton in #​1462
• fix(server/auth): RFC 8252 loopback port relaxation by @​poteat in #​1738
• chore: bump version to 1.28.0 by @​felixweinberger in #​1746

New Contributors

• @​antogyn made their first contribution in #​757
• @​tiluckdave made their first contribution in #​1596
• @​poteat made their first contribution in #​1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

honojs/hono (hono)

v4.12.25

Compare Source

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@​Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

v4.12.24

Compare Source

What's Changed

• docs(contribution): simplifyAI Usage Policy by @​yusukebe in #​4972
• chore: remove @​types/glob by @​rtritto in #​4978
• fix(bearer-auth): mention verifyToken in missing-options error message by @​tan7vir in #​4987
• refactor(language): Test/improve tests on languages middleware by @​iNeoO in #​4980
• fix(utils/ipaddr): expand "::" to eight zero groups by @​youcefzemmar in #​4973
• fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @​Mohammad-Faiz-Cloud-Engineer in #​4982
• refactor(timing): Test/add test for middleware timing by @​iNeoO in #​4991
• fix(utils/ipaddr): render the unspecified address binary as "::" by @​sarathfrancis90 in #​4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

Compare Source

What's Changed

• fix(serve-static): normalize all backslashes in file paths, not just the first in #​4962
• feat(context): export the Context class publicly by @​BlankParticle in #​4543
• docs(contribution): add AI Usage Policy by @​yusukebe in #​4970
• feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @​na-trium-144 in #​4961
• fix(utils/ipaddr): do not compress a single 0 group to :: by @​yusukebe in #​4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

Compare Source

What's Changed

• chore: update vitest to v4 and cleanups by @​BlankParticle in #​4952
• fix(mime): specify charset parameter per MIME type instead of mechanical detection by @​renatograsso10 in #​4912
• fix(compress): respect Accept-Encoding when encoding option is set by @​LeSingh1 in #​4951
• fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @​ATOM00blue in #​4955
• feat: add msgpack as a compressible content type by @​na-trium-144 in #​4957

New Contributors

• @​renatograsso10 made their first contribution in #​4912
• @​LeSingh1 made their first contribution in #​4951
• @​ATOM00blue made their first contribution in #​4955
• @​na-trium-144 made their first contribution in #​4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Compare Source

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474

---

Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

v4.12.20

Compare Source

What's Changed

• fix(route): preserve the base path of the mounted route() app by @​usualoma in #​4942
• fix(jsx): widen jsx and jsxFn children to Child[] by @​ashunar0 in #​4947

New Contributors

• @​ashunar0 made their first contribution in #​4947

Full Changelog: honojs/hono@v4.12.19...v4.12.20

v4.12.19

Compare Source

What's Changed

• ci: pin GitHub Actions to SHAs by @​yusukebe in #​4932
• fix(serveStatic): make options parameter optional in all adapters by @​mixelburg in #​4934
• fix(cookie): return the first cookie when there are multiple cookies with the same name by @​usualoma in #​4922
• feat(bearer-auth): make bearerAuth generic for typed context in verifyToken by @​justinnais in #​4913
• feat(cache): key cache entries by configured vary headers by @​usualoma in #​4915
• feat(request): add bytes() by @​yusukebe in #​4921
• fix(stream): upgrade @hono/node-server to v2 and fix abort handling by @​yusukebe in #​4940

New Contributors

• @​justinnais made their first contribution in #​4913

Full Changelog: honojs/hono@v4.12.18...v4.12.19

v4.12.18

Compare Source

Security fixes

This release includes fixes for the following security issues:

Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Affects: Cache Middleware. Fixes missing cache-skip handling for Vary: Authorization and Vary: Cookie, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm

CSS Declaration Injection via Style Object Values in JSX SSR

Affects: hono/jsx. Fixes a missing CSS-context escape for style object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p

Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Affects: hono/utils/jwt. Fixes improper validation of exp, nbf, and iat claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36

---

Users who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.

v4.12.17

Compare Source

What's Changed

• fix(jsx): normalize SVG attributes on the root element by @​kfly8 in #​4893
• fix(ssg): add atom+xml and rss+xml to defaultExtensionMap by @​yuintei in #​4899
• fix(cors): make origin optional in CORSOptions by @​truffle-dev in #​4905
• fix(types): propagate middleware response types to app.on overloads by @​T4ko0522 in #​4906

New Contributors

• @​kfly8 made their first contribution in #​4893
• @​truffle-dev made their first contribution in #​4905

Full Changelog: honojs/hono@v4.12.16...v4.12.17

v4.12.16

Compare Source

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

v4.12.15

Compare Source

What's Changed

• fix(jwt): support single-line PEM keys by @​hiendv in #​4889

New Contributors

• @​hiendv made their first contribution in #​4889

Full Changelog: honojs/hono@v4.12.14...v4.12.15

v4.12.14

Compare Source

Security fixes

This release includes fixes for the following security issues:

Improper handling of JSX attribute names in hono/jsx SSR

Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375

Other changes

• fix(aws-lambda): handle invalid header names in request processing (#​4883) fa2c74f

v4.12.13

Compare Source

What's Changed

• fix(types): infer response type from last handler in app.on 9-/10-handler overloads by @​T4ko0522 in #​4865
• feat(trailing-slash): add skip option by @​yusukebe in #​4862
• feat(cache): add onCacheNotAvailable option by @​yusukebe in #​4876

New Contributors

• @​T4ko0522 made their first contribution in #​4865

Full Changelog: honojs/hono@v4.12.12...v4.12.13

v4.12.12

Compare Source

Security fixes

This release includes fixes for the following security issues:

Middleware bypass via repeated slashes in serveStatic

Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (//) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c

Path traversal in toSSG() allows writing files outside the output directory

Affects: toSSG() for Static Site Generation. Fixes a path traversal issue where crafted ssgParams values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx

Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g

Missing validation of cookie name on write path in setCookie()

Affects: setCookie(), serialize(), and serializeSigned() from hono/cookie. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm

Non-breaking space prefix bypass in cookie name handling in getCookie()

Affects: getCookie() from hono/cookie. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4

---

Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.

v4.12.11

Compare Source

What's Changed

• feat(css): add classNameSlug option to createCssContext by @​flow-pie in #​4834

New Contributors

• @​flow-pie made their first contribution in #​4834

Full Changelog: honojs/hono@v4.12.10...v4.12.11

v4.12.10

Compare Source

What's Changed

• test(router): fix Simple capturing group test by @​yusukebe in #​4838
• docs: fix impaired -> inspired typo in benchmark READMEs by @​Abhi3975 in #​4843
• fix(jsx/dom): apply select value after children are rendered by @​usualoma in #​4847
• fix(compress): convert strong ETag to weak ETag when compressing by @​usualoma in #​4848
• docs(ip-restriction): add clear JSDoc examples and param types by @​VISHNU7KASIREDDY in #​4851

New Contributors

• @​Abhi3975 made their first contribution in #​4843
• @​VISHNU7KASIREDDY made their first contribution in #​4851

Full Changelog: honojs/hono@v4.12.9...v4.12.10

v4.12.9

Compare Source

What's Changed

• fix(request): remove parseBody from bodyCache to prevent TypeError by @​yusukebe in #​4807
• feat(client): add PickResponseByStatusCode type by @​yusukebe in #​4791
• fix(ssg): pass SSG_CONTEXT to forGetInfoURLRequest by @​yuintei in #​4810
• fix(service-worker): make fire() fallback behavior consistent with handle() by @​yusukebe in #​4821
• fix(cors): reflect request origin when credentials is true with wildcard by @​ctonneslan in #​4813

New Contributors

• @​yuintei made their first contribution in #​4810
• @​ctonneslan made their first contribution in #​4813

Full Changelog: honojs/hono@v4.12.8...v4.12.9

v4.12.8

Compare Source

What's Changed

• fix(utils/mime): Normalize input extension to lowercase before MIME check by @​TheEssem in #​4800
• fix(bearer-auth): escape regex metacharacters in bearer auth prefix option by @​otoneko1102 in #​4750

New Contributors

• @​TheEssem made their first contribution in #​4800

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Compare Source

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

---

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

Compare Source

What's Changed

• fix(accept): replace regex split to mitigate ReDoS by @​EdamAme-x in #​4758
• fix(jsx): align link hoisting and dedupe with React 19 by @​usualoma in #​4792
• chore(builld): tsconfig project references by @​BarryThePenguin in #​4797
• chore: add tsconfig.spec.json by @​yusukebe in #​4798
• feat(jsx-renderer): support function-based options by @​3w36zj6 in #​4780
• fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @​t0waxx in #​4782

New Contributors

• @​t0waxx made their first contribution in #​4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

laverdet/isolated-vm (isolated-vm)

v6.1.2

Compare Source

v6.1.1

Compare Source

v6.1.0

Compare Source

oxc-project/oxc (oxlint)

v1.70.0

Compare Source

🚀 Features

• 2e8bda4 linter/vue: Implement no-dupe-keys rule (#​23350) (bab)
• 1490a0a linter/react: Implement react-compiler rule (#​23202) (Boshen)
• dd560ae linter/unicorn: Implement no-array-fill-with-reference-type rule (#​23397) (Mikhail Baev)
• af36c2f linter: Add schema for react/jsx-curly-brace-presence (#​23400) (WaterWhisperer)
• 47d34a3 linter: Add schema for react/jsx-handler-names (#​23393) (WaterWhisperer)
• f4250d0 linter: Add schema for unicorn/import-style (#​23386) (WaterWhisperer)
• 30c74ce linter: Add schema for jsx_a11y/no-noninteractive-element-to-interactive-role (#​23384) (Sysix)
• cfbe8dc linter: Add schema for jsx_a11y/no-interactive-element-to-noninteractive-role (#​23382) (WaterWhisperer)
• d15b7ff linter: Add schema for typescript/no-restricted-types (#​23381) (WaterWhisperer)
• 028a811 linter: Add schema for jsx-a11y/media-has-caption (#​23377) (Sysix)
• b3b1038 linter: Add schema for jsx-a11y/label-has-associated-control (#​23376) (Sysix)
• 7ada6b2 linter: Add schema for jsx_a11y/no-distracting-elements (#​23379) (WaterWhisperer)
• ee3dd49 linter: Add schema for jsx-a11y/img-redundant-alt (#​23374) (Sysix)
• df5f8dd linter: Add short descriptions to most lint rules. (#​23365) (Connor Shea)
• e3fd735 linter: Add schema for jsx_a11y/alt-text (#​23369) (Sysix)
• 0f2fff4 linter: Add schema for react/exhaustive-deps (#​23372) (Mikhail Baev)
• e3e4e10 linter: Add schema for react_perf/jsx-no-new-object-as-prop (#​23368) (Mikhail Baev)
• 9366d44 linter: Add schema for unicorn/prefer-at (#​23366) (WaterWhisperer)
• f57b55d linter: Add schema for typescript/array-type (#​23355) (Sysix)
• 0dcf912 linter: Add schema for typescript/ban-ts-comment (#​23354) (Sysix)
• 51fa83e linter: Add schema for react/no-did-update-set-state (#​23357) (Mikhail Baev)
• 59db0bd linter: Add schema for consistent-generic-constructors (#​23353) (Sysix)
• c4775c0 linter: Add schema for typescript/consistent-type-assertions (#​23349) (Sysix)
• 6e516f7 linter: Add schema for typescript/consistent-type-imports (#​23348) (Sysix)
• 012134d linter: Add schema for react/jsx-no-target-blank (#​23345) (WaterWhisperer)
• 0806aae linter: Add schema for jsx_a11y/no-noninteractive-tabindex (#​23337) (Mikhail Baev)
• 0708b5a linter: Add schema for react/jsx-filename-extension (#​23315) (Mikhail Baev)
• 150bce1 linter: Add schema for typescript/no-empty-object-type (#​23309) (Sysix)
• f9e36f1 linter: Add schema for typescript/no-duplicate-type-constituents (#​23308) (Sysix)
• 937accf linter: Add schema for typescript/no-invalid-void-type (#​23307) (Sysix)
• 3e042b9 linter: Add schema for typescript/no-misused-promises (#​23306) (Sysix)
• da212d1 linter: Add schema for typescript/no-unnecessary-condition (#​23305) (Sysix)
• f8f0d38 linter: Add schema for typescript/parameter-properties (#​23304) (Sysix)
• 2275fc7 linter: Add schema for typescript/prefer-nullish-coalescing (#​23302) (Sysix)
• d353858 linter: Add schema for typescript/prefer-string-starts-ends-with (#​23301) (Sysix)
• 03060f5 linter: Add schema for typescript/triple-slash-reference (#​23300) (Sysix)
• 6619cee linter: Add schema for promise/param-names (#​23298) (Sysix)
• 8bf108e linter: Add schema for promise/catch-or-return (#​23297) (Sysix)
• 48158d0 linter: Add schema for vitest/consistent-each-for (#​23294) (Sysix)
• 7e74c98 linter: Add schema for vitest/consistent-test-filename (#​23293) (Sysix)
• ff94d4a linter: Add schema for vitest/consistent-vitest-vi (#​23292) (Sysix)
• 2409a10 linter: Add schema for vitest/prefer-import-in-mock (#​23291) (Sysix)
• 3d782b7 linter: Add schema for react/no-unstable-nested-components (#​23287) (Mikhail Baev)
• 0a0bc2f linter/jsx-a11y: Add allowedRedundantRoles option to no-redundant-roles (#​22820) (bab)
• 80758a5 linter/vue: Implement no-side-effects-in-computed-properties rule (#​23282) (bab)
• e3869ac linter: Add schema for react/no-object-type-as-default-prop (#​23279) (Mikhail Baev)
• 4480609 linter: Add schema for react/jsx-props-no-spreading (#​23276) (Mikhail Baev)
• 08d68a5 linter/react: Implement jsx-no-literals rule (#​23145) (kapobajza)
• 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)
• bdb723c linter/unicorn: Implement prefer-single-call rule (#​23235) (Yuzhe Shi)
• 31543ed linter: Add schema for vue/define-props-destructuring (#​23252) (Sysix)
• 21b6c3d linter: Add schema for oxc/no-async-endpoint-handlers (#​23251) (Sysix)
• e77ff81 linter: Add schema for unicorn/prefer-object-from-entries (#​23249) (Mikhail Baev)
• bcac2d6 linter: Add schema for jest/vitest/no-restricted-matchers (#​23247) (Sysix)
• 539f036 linter: Add schema for jest/vitest/no-restricted-*-methods (#​23246) (Sysix)
• dd1b927 linter/vue: Implement require-default-prop rule (#​22951) (bab)
• 3f018e7 linter: Add schema for unicorn/no-instanceof-builtins (#​23225) (Mikhail Baev)
• e0d0f78 linter: Verify promise/no-callback-in-promise schema (#​23141) (beanscg)
• 123d4f4 linter: Add schema for jest/vitest/valid-expect (#​23185) (Sysix)
• 46c8a21 linter: Add schema for jest/vitest/require-top-level-describe (#​23184) (Sysix)
• 41465cf linter: Add schema for jest/vitest/prefer-snapshot-hint (#​23183) (Sysix)
• d068b9b linter: Add schema for jest/vitest/prefer-expect-assertions (#​23181) (Sysix)
• 064a1ee linter: Add schema for jest/prefer-ending-with-an-expect (#​23180) (Sysix)
• d046797 linter: Add schema for jest/vitest/no-standalone-expect (#​23179) (Sysix)
• 137b9a6 linter: Add schema for jest/vitest/no-large-snapshots (#​23178) (Sysix)
• 0f3e4a5 linter: Add schema for jest/vitest/no-hooks (#​23177) (Sysix)
• cd0b384 linter: Add schema for unicorn/explicit-length-check (#​23155) (Mikhail Baev)
• 01b74c4 linter: Add schema for jest/no-deprecated-functions (#​23136) (Sysix)
• 9d6a387 linter: Add schema for unicorn/catch-error-name (#​23137) (Mikhail Baev)
• 0da8efa linter: Add schema for jest/vitest/max-nested-describe (#​23131) (Sysix)
• d71c9fd linter: Add schema for eslint/no-use-before-define (#​23129) (Sysix)

🐛 Bug Fixes

• 26ddac6 linter: Avoid config schema generation for jsx_a11y/no-noninteractive-element-interactions (#​23385) (Sysix)
• 40556ad linter: Parse jsx-a11y/control-has-associated-label config with DefaultRuleConfig (#​23373) (Sysix)
• 71e9648 linter: Expose no-noninteractive-element-interactions schema (#​23283) (camc314)
• 6c86d1c linter/react-perf: Correct nativeAllowList all schema (#​23229) (camc314)
• 4dd52de linter/react-perf: Re-generate stale snapshots (#​23228) (camc314)
• 8f3db61 linter: Allow options for eslint/capitalized-comments (#​23139) (Sysix)

⚡ Performance

• f09707e linter: jest/no-deprecated-functions store config version as usize (#​23138) (Sysix)

📚 Documentation

• f682e25 linter: Remove manually written options doc for eslint/prefer-arrow-callback (#​23438) (Mikhail Baev)
• 64c942c linter: Remove manually written options doc for eslint/no-sequences (#​23420) (Mikhail Baev)
• 14abf32 linter/react-perf: Use autogenerated docs (#​23227) (camc314)

v1.69.0

Compare Source

🚀 Features

• e805174 linter: Add schema for jest/vitest/max-expects (#​23105) (Sysix)
• 7850577 linter: Add schema for jest/vitest/expect-expect (#​23104) (Sysix)
• 75f641a linter: Add schema for jest/vitest/consistent-test-it (#​23103) (Sysix)
• 5125f89 linter/unicorn: Support no-null checkArguments option (#​23098) (camc314)
• b8b9797 linter: Add schema for import-max-dependencies (#​23096) (Sysix)
• 65cb47a linter/eslint: Support no-unused-expressions ignoreDirectives option (#​23097) (camc314)
• f6c36d5 linter: Add schema for import/prefer-default-export (#​23091) (Sysix)
• 0d4a5d1 linter: Add schema for eslint/sort-vars (#​23090) (Sysix)
• fdb5bf5 linter: Add schema for eslint/radix (#​23082) (Sysix)
• 05b4dcf linter: Add schema for eslint/prefer-const (#​23081) (Sysix)
• 5a06c4d linter/vue: Implement next-tick-style rule (#​23041) (Alex Peshkov)
• e38a36a linter: Add schema for eslint/operator-assignment (#​23080) (Sysix)
• 907cee7 linter: Add schema for eslint/no-warning-comments (#​23075) (Sysix)
• 9470bb2 linter: Add schema for eslint/no-unused-vars (#​23073) (Sysix)
• 234b5cf linter: Add schema for eslint/no-shadow (#​23072) (Sysix)
• de0dd8b linter: Add schema for eslint/no-restricted-exports (#​23020) (Sysix)
• faa3e0d linter: Add schema for eslint/no-param-reassign (#​23018) (Sysix)
• dbc9c27 linter: Add schema for eslint/no-magic-numbers (#​23017) (Sysix)
• 38d3569 linter: Add schema for eslint/no-inner-declarations (#​23016) (Sysix)
• 008fa41 linter: Add schema for eslint/no-constant-condition (#​22991) (Sysix)
• ca44623 linter: Add schema for eslint/no-empty-function (#​22988) (Sysix)
• 43eb04d linter: Add schema for eslint/id-match (#​22987) (Sysix)
• a800f27 linter: Add schema for eslint/capitalized-comments (#​22984) (Sysix)
• 96e2d32 linter: Add schema for eslint/id-length (#​22963) (Sy

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.