chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@ai-sdk/anthropic (source)	3.0.83 → 3.0.85			dependencies	patch
@ai-sdk/google (source)	3.0.81 → 3.0.83			dependencies	patch
@ai-sdk/openai (source)	3.0.70 → 3.0.73			dependencies	patch	3.0.74
@harperfast/skills (source)	1.9.1 → 1.10.1			dependencies	minor
@types/node (source)	25.9.3 → 25.9.4			devDependencies	patch
@vitest/coverage-v8 (source)	4.1.8 → 4.1.9			devDependencies	patch
ai (source)	6.0.202 → 6.0.208			dependencies	patch
harper (source)	5.0.31 → 5.1.5			devDependencies	minor	5.1.7 (+1)
hono (source)	4.12.25 → 4.12.26			devDependencies	patch
node (source)	24.16.0 → 24.17.0				minor
oxlint (source)	1.69.0 → 1.70.0			devDependencies	minor	1.71.0
vitest (source)	4.1.8 → 4.1.9			devDependencies	patch

---

Release Notes

vercel/ai (@​ai-sdk/anthropic)

v3.0.85

Compare Source

Patch Changes

• Updated dependencies [779f5cd]
  • @​ai-sdk/provider-utils@​4.0.30

v3.0.84

Patch Changes

• Updated dependencies [bfa5864]
• Updated dependencies [f42aa79]
  • @​ai-sdk/provider-utils@​4.0.29

HarperFast/skills (@​harperfast/skills)

v1.10.1

Compare Source

Bug Fixes

• correct extending-tables resource override API for Harper 5.x (#​54) (531488c)

v1.10.0

Compare Source

Features

• Describe the changes for the vite plugin (e8a0c3f)

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.9

Compare Source

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)

View changes on GitHub

vercel/ai (ai)

v6.0.208

Compare Source

v6.0.207

Compare Source

Patch Changes

• 779f5cd: fix(provider-utils): cancel response body on download rejection to prevent socket leak

  When a download was rejected early — because the Content-Length header exceeded the size limit, the response status was not ok, or a redirect resolved to a blocked URL — the fetch response body was left unconsumed and uncancelled. With WHATWG Fetch/undici this leaves the underlying TCP socket open instead of returning it to the connection pool, allowing an attacker-controlled origin to exhaust file descriptors and cause a denial of service. The body is now cancelled on all early-rejection paths in readResponseWithSizeLimit, download, and downloadBlob, and fetchWithValidatedRedirects cancels each redirect hop's body before following or rejecting the next hop.

• Updated dependencies [5bfde36]

• Updated dependencies [779f5cd]

  • @​ai-sdk/gateway@​3.0.133
  • @​ai-sdk/provider-utils@​4.0.30

v6.0.206

Compare Source

Patch Changes

• Updated dependencies [e962dda]
  • @​ai-sdk/gateway@​3.0.132

v6.0.205

Compare Source

Patch Changes

• Updated dependencies [6160ced]
• Updated dependencies [c9b8abd]
  • @​ai-sdk/gateway@​3.0.131

v6.0.204

Compare Source

v6.0.203

Compare Source

Patch Changes

• f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypasses

  validateDownloadUrl and the file download helpers (downloadBlob, download) could be bypassed in several ways when handling untrusted URLs:

  • A fully-qualified hostname with a trailing dot (e.g. localhost., myhost.local.) skipped the localhost/.local blocklist.
  • IPv6 addresses that embed an IPv4 address in their last 32 bits — IPv4-compatible (::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the 64:ff9b:1::/48 local-use prefix) — were not decoded and checked against the private IPv4 ranges.
  • Redirects were validated only after fetch had already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.
  • Several reserved/internal address ranges were not blocked: CGNAT (100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved 240.0.0.0/4 block (including the 255.255.255.255 broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).

  The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.

• 5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.

• b4b575a: fix: redact server error details from UI message streams by default

  streamText(...).toUIMessageStream() and createUIMessageStream defaulted their onError callback to getErrorMessage, which serializes the raw error (error.toString() / JSON.stringify(error)) into the client-facing { type: 'error', errorText } chunk — and also into tool-output-error parts. The documented default was () => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.

  The default onError now returns the documented generic 'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies an onError handler. This also redacts tool-output-error and invalid-tool-input error text by default; pass an onError to surface richer messages.

• Updated dependencies [bfa5864]

• Updated dependencies [f42aa79]

  • @​ai-sdk/provider-utils@​4.0.29
  • @​ai-sdk/gateway@​3.0.129

harperfast/harper (harper)

v5.1.5

Compare Source

What's Changed

• test(integration): TLS cert hot-reload multi-worker regression test (#​586) (#​1314)
• fix(blob): gate blob unlink on the record removal committing (#​1364) (#​1369)
• fix(migration): await in-flight blob saves before declaring v4→v5 migration done (#​1351)
• fix(blob): tolerate source-unavailable blobs in pre-commit so a missing blob can't wedge replication (#​1353)
• fix(blob): don't await already-saving replication blobs in preCommit.complete() (#​1341 regression) (#​1376)
• fix(table): make eviction path errors non-fatal across both storage engines (#​1287) (#​1361)
• Flag structure updates per transaction log so replicas decode against current structures (#​1348) (#​1352)
• fix(test): resolve MQTT retained-message subscribe timeout flake
• fix(databases): complete the dead restartNumber reindex-recovery trigger (#​1374)
• Throw a typed, retryable error when querying an attribute whose index is still building (#​1363)
• Short-circuit expiration-warning check after first expiring write
• Warn when a per-record expiresAt has no scheduled cleanup (#​1339)
• feat(mcp): implement ping + logging/setLevel + notifications/message (#​1350)
• fix(test): drain orphaned lmdb cursor wrappers after Read Txn Expiration (#​1367)
• fix(headers): group multi-valued Set-Cookie into arrays for writeHead (#​1360)
• test: expand schema tests — @​sealed, Brotli Blob, array @​indexed, schema-less table (#​1205)
• fix: writeHead iterable response headers as an object, not a nested array (#​1344)
• fix(mcp): result-shaped output schemas for application CRUD tools (#​1324) (#​1336)
• fix(mcp): application-profile 500 + operations-profile conformance (#​1317) (#​1320)

Full Changelog: HarperFast/harper@v5.1.4...v5.1.5

v5.1.4

Compare Source

What's Changed

• chore: bump version to 5.1.4
• deploy_component: fail the deploy on peer replication failures (non-zero exit) (#​1334)
• fix(deploy): make peer deployment-row wait configurable, default 120s (#​1338)
• fix(blob): clean up replication-received blobs when a source apply is skipped (#​1341)
• Add RocksDB transaction log stats to analytics (#​1335)

Full Changelog: HarperFast/harper@v5.1.3...v5.1.4

v5.1.3

Compare Source

What's Changed

• 5.1.3
• fix(replay): bound slow-but-progressing replay and bypass validation during crash recovery (#​1318)
• fix: dispose component scopes before worker exit in dev, and serialize reloads (#​1323)
• perf(commit): early-out the out-of-order audit walk when a write is fully superseded (#​1321)
• Register replication_leadingDuplicateSkip in CONFIG_PARAMS
• Guard eviction-batch transaction creation against unhandled rejection
• Batch RocksDB record eviction and tombstone cleanup into shared transactions
• Tolerate already-dropped column family in dropTable and serialize the drop
• fix: backfill schemaDefined on replicas missing the flag (#​503)
• test: regression guard for heterogeneous schema-less ingest (#​1282) (#​1284)
• Defer getRecordCount key scan to the timeout path (#​1280)
• test(integration): address blob-advanced review feedback
• test(integration): address review feedback on blob-advanced
• test(integration): add blob-advanced tests for multi-path blobPaths and per-device-type DB sharding (#​1195)

Full Changelog: HarperFast/harper@v5.1.2...v5.1.3

v5.1.2

Compare Source

What's Changed

• 5.1.2
• fix(table): dedup re-delivered out-of-order writes before the resequencing walk (#​1114)
• fix(server): make Bun listener respect config.reusePort
• fix(server): never use SO_REUSEPORT for the operations API (Bun path)
• Use actual sampled count for getRecordCount sampleSize
• Make getRecordCount estimator tests deterministic (negative time budget)
• Fix describe_table record_count over-estimate on large RocksDB tables
• test(mqtt): keep deploy_component setup so fixture deps install
• test: move MQTT suite to integrationTests/mqtt/, consolidate fixture
• test: address Gemini review feedback for #​1209
• test(integration): add MQTT suite for %u substitution, anonymous subscriber, SYS_CON, RS256
• test: assert startup readiness and seed/fetch statuses in transaction-context-reads
• test: closed transaction in ALS context still reads latest committed state
• refactor(encoding): hoist the non-versioned encode early-exit (gemini review)
• fix(encoding): stop versioned-write metadata leaking into non-versioned dbis records (#​1307)
• Merge pull request #​1305 from HarperFast/ci/bump-arp-pin-9eb635a9
• ci: bump ai-review-prompts pin to 9eb635a (week-of-06-08 calibration)

Full Changelog: HarperFast/harper@v5.1.1...v5.1.2

v5.1.1

Compare Source

What's Changed

• 5.1.1
• chore(deps): bump @​harperfast/integration-testing to ^0.5.2
• Remove accidentally committed node_modules symlink
• Use options?.intermediateSource directly in shouldRevalidateEvents gate
• fix: do not revalidate replicated writes on cache-sourced tables (#​1302)
• fix(deploy): surface install output and failed phase in deploy_component error response
• Merge pull request #​1236 from HarperFast/fix/models-5.1-correctness
• Merge branch 'main' into fix/models-5.1-correctness
• test(models): update MAX_RESPONSE_BODY_BYTES assertion to 256 MiB
• Raise success-body cap to 256 MiB for maximal legal embedding batches
• fix(ci): format and lint fixes for models correctness batch
• review fixes: structural test, URL-parsed native-OpenAI check, bounded-reader hardening, total tool-arg cap
• fix(models): correctness batch for Harper 5.1 GA

Full Changelog: HarperFast/harper@v5.1.0...v5.1.1

v5.1.0

Compare Source

Harper 5.1

Harper 5.1 adds an AI/LLM integration layer, a built-in MCP server, deployment tracking, HNSW int8 quantization, a new middleware and routing system, and a set of replication and upgrade reliability fixes.

AI Models Integration

A built-in models layer provides a unified interface for AI backends (Anthropic, OpenAI, AWS Bedrock, Ollama). Applications call scope.models.embed(), scope.models.generate(), and scope.models.generateStream() directly, without managing external connections per-application. The @embed schema directive automates vector embedding at the schema level: on every write Harper calls the configured model and stores the result automatically. scope.models.generate now supports toolMode: 'auto' for agentic tool-calling loops.

MCP Server

A built-in Model Context Protocol server allows LLM clients (Claude Desktop, Cursor, Zed) to connect directly to a Harper instance. Two profiles: an operations profile that wraps Harper's operations API as tools, and an application profile that auto-generates tools from Resource verb methods. The harper mcp CLI provides a stdio bridge and diagnostic tooling.

Application Routing & Middleware

Components can now declare a urlPath to scope their routes to a URL prefix (Harper strips the prefix before dispatch) and before/after to order execution relative to named middleware — most commonly relative to 'authentication'. This works uniformly for HTTP, WebSocket, and Upgrade handlers. request.getNodeRequestResponse() provides a Node.js IncomingMessage/ServerResponse bridge for integrating Express/Koa-style third-party middleware.

Deployment Tracking

deploy_component now records a full audit trail in system.hdb_deployment, tracking deployment phases, per-node outcomes, and install output. The response includes a deployment_id. New operations: list_deployments, get_deployment (with SSE streaming for live deploys), get_deployment_payload, delete_deployment_payload.

HNSW int8 Quantization

HNSW vector indexes support int8 quantization (on by default for new indexes), roughly 3× smaller index and 5× faster search with ~1% recall cost at recall@​10. Search is asymmetric: queries use full-precision vectors, the graph uses int8, and results are reranked before returning. dotProduct distance is also new in 5.1.

Replication & Upgrade Reliability

• Wedge detection and auto-recovery for stalled replication streams
• Resumable bulk clone — interrupted copies resume from where they stopped
• Client-side WebSocket dead-connection detection
• Reconnect backoff capped at 30s
• Boot replay bounded — handles corrupt transaction log frames instead of aborting
• replication.pingInterval / replication.pingTimeout configurable keepalive
• LOCAL_ONLY record metadata flag for writes that should not replicate
• In-place v4→v5 upgrade reliability: correct hostname handling, __dbis__ structure persistence, blob/metadata preservation during LMDB→RocksDB migration

Configuration

• HARPER_CONFIG env var — recommended way to specify config file location
• storage.rocks.blockCacheSize — explicit RocksDB block cache sizing
• storage.migrateOnStart: true — auto-migrate LMDB to RocksDB on startup
• WriteBufferManager on by default at 1/3 of block cache

Full Changelog: HarperFast/harper@v5.0.31...v5.1.0

honojs/hono (hono)

v4.12.26

Compare Source

What's Changed

• fix(lambda-edge): satisfy Deno lib types for Content-Length body encoding by @​yusukebe in #​5013
• ci: publish to npm from CI with OIDC trusted publishing by @​yusukebe in #​5028
• chore: remove unused devcontainer and gitpod configs by @​yusukebe in #​5029
• chore: replace arg and glob with Bun native APIs in build script by @​yusukebe in #​5030

Full Changelog: honojs/hono@v4.12.25...v4.12.26

nodejs/node (node)

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
• (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
• (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
• (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
• (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
• (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
• (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
• (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
• (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
• (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
• (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low

Commits

• [9e4dfc7bba] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878
• [cb2aed980c] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890
• [a8a0d12875] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #​62891
• [66e6203c1c] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #​62891
• [dd627ced27] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [684bae568f] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [3a631e7f83] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #​62656
• [cf44df3996] - deps: update undici to 7.28.0 (Node.js GitHub Bot) #​63703
• [138c70294b] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868
• [be7e719c3f] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846
• [cc7c11b4d1] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855
• [9224427b92] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867
• [cf85d54839] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873
• [a1bbc24f96] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870
• [e3723ff2d6] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854
• [a77af4867b] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854
• [31beb4f707] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857
• [8e75c73f91] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869

oxc-project/oxc (oxlint)

v1.70.0

Compare Source

🚀 Features

• 2e8bda4 linter/vue: Implement no-dupe-keys rule (#​23350) (bab)
• 1490a0a linter/react: Implement react-compiler rule (#​23202) (Boshen)
• dd560ae linter/unicorn: Implement no-array-fill-with-reference-type rule (#​23397) (Mikhail Baev)
• af36c2f linter: Add schema for react/jsx-curly-brace-presence (#​23400) (WaterWhisperer)
• 47d34a3 linter: Add schema for react/jsx-handler-names (#​23393) (WaterWhisperer)
• f4250d0 linter: Add schema for unicorn/import-style (#​23386) (WaterWhisperer)
• 30c74ce linter: Add schema for jsx_a11y/no-noninteractive-element-to-interactive-role (#​23384) (Sysix)
• cfbe8dc linter: Add schema for jsx_a11y/no-interactive-element-to-noninteractive-role (#​23382) (WaterWhisperer)
• d15b7ff linter: Add schema for typescript/no-restricted-types (#​23381) (WaterWhisperer)
• 028a811 linter: Add schema for jsx-a11y/media-has-caption (#​23377) (Sysix)
• b3b1038 linter: Add schema for jsx-a11y/label-has-associated-control (#​23376) (Sysix)
• 7ada6b2 linter: Add schema for jsx_a11y/no-distracting-elements (#​23379) (WaterWhisperer)
• ee3dd49 linter: Add schema for jsx-a11y/img-redundant-alt (#​23374) (Sysix)
• df5f8dd linter: Add short descriptions to most lint rules. (#​23365) (Connor Shea)
• e3fd735 linter: Add schema for jsx_a11y/alt-text (#​23369) (Sysix)
• 0f2fff4 linter: Add schema for react/exhaustive-deps (#​23372) (Mikhail Baev)
• e3e4e10 linter: Add schema for react_perf/jsx-no-new-object-as-prop (#​23368) (Mikhail Baev)
• 9366d44 linter: Add schema for unicorn/prefer-at (#​23366) (WaterWhisperer)
• f57b55d linter: Add schema for typescript/array-type (#​23355) (Sysix)
• 0dcf912 linter: Add schema for typescript/ban-ts-comment (#​23354) (Sysix)
• 51fa83e linter: Add schema for react/no-did-update-set-state (#​23357) (Mikhail Baev)
• 59db0bd linter: Add schema for consistent-generic-constructors (#​23353) (Sysix)
• c4775c0 linter: Add schema for typescript/consistent-type-assertions (#​23349) (Sysix)
• 6e516f7 linter: Add schema for typescript/consistent-type-imports (#​23348) (Sysix)
• 012134d linter: Add schema for react/jsx-no-target-blank (#​23345) (WaterWhisperer)
• 0806aae linter: Add schema for jsx_a11y/no-noninteractive-tabindex (#​23337) (Mikhail Baev)
• 0708b5a linter: Add schema for react/jsx-filename-extension (#​23315) (Mikhail Baev)
• 150bce1 linter: Add schema for typescript/no-empty-object-type (#​23309) (Sysix)
• f9e36f1 linter: Add schema for typescript/no-duplicate-type-constituents (#​23308) (Sysix)
• 937accf linter: Add schema for typescript/no-invalid-void-type (#​23307) (Sysix)
• 3e042b9 linter: Add schema for typescript/no-misused-promises (#​23306) (Sysix)
• da212d1 linter: Add schema for typescript/no-unnecessary-condition (#​23305) (Sysix)
• f8f0d38 linter: Add schema for typescript/parameter-properties (#​23304) (Sysix)
• 2275fc7 linter: Add schema for typescript/prefer-nullish-coalescing (#​23302) (Sysix)
• d353858 linter: Add schema for typescript/prefer-string-starts-ends-with (#​23301) (Sysix)
• 03060f5 linter: Add schema for typescript/triple-slash-reference (#​23300) (Sysix)
• 6619cee linter: Add schema for promise/param-names (#​23298) (Sysix)
• 8bf108e linter: Add schema for promise/catch-or-return (#​23297) (Sysix)
• 48158d0 linter: Add schema for vitest/consistent-each-for (#​23294) (Sysix)
• 7e74c98 linter: Add schema for vitest/consistent-test-filename (#​23293) (Sysix)
• ff94d4a linter: Add schema for vitest/consistent-vitest-vi (#​23292) (Sysix)
• 2409a10 linter: Add schema for vitest/prefer-import-in-mock (#​23291) (Sysix)
• 3d782b7 linter: Add schema for react/no-unstable-nested-components (#​23287) (Mikhail Baev)
• 0a0bc2f linter/jsx-a11y: Add allowedRedundantRoles option to no-redundant-roles (#​22820) (bab)
• 80758a5 linter/vue: Implement no-side-effects-in-computed-properties rule (#​23282) (bab)
• e3869ac linter: Add schema for react/no-object-type-as-default-prop (#​23279) (Mikhail Baev)
• 4480609 linter: Add schema for react/jsx-props-no-spreading (#​23276) (Mikhail Baev)
• 08d68a5 linter/react: Implement jsx-no-literals rule (#​23145) (kapobajza)
• 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)
• bdb723c linter/unicorn: Implement prefer-single-call rule (#​23235) (Yuzhe Shi)
• 31543ed linter: Add schema for vue/define-props-destructuring (#​23252) (Sysix)
• 21b6c3d linter: Add schema for oxc/no-async-endpoint-handlers (#​23251) (Sysix)
• e77ff81 linter: Add schema for unicorn/prefer-object-from-entries (#​23249) (Mikhail Baev)
• bcac2d6 linter: Add schema for jest/vitest/no-restricted-matchers (#​23247) (Sysix)
• 539f036 linter: Add schema for jest/vitest/no-restricted-*-methods (#​23246) (Sysix)
• dd1b927 linter/vue: Implement require-default-prop rule (#​22951) (bab)
• 3f018e7 linter: Add schema for unicorn/no-instanceof-builtins (#​23225) (Mikhail Baev)
• e0d0f78 linter: Verify promise/no-callback-in-promise schema (#​23141) (beanscg)
• 123d4f4 linter: Add schema for jest/vitest/valid-expect (#​23185) (Sysix)
• 46c8a21 linter: Add schema for jest/vitest/require-top-level-describe (#​23184) (Sysix)
• 41465cf linter: Add schema for jest/vitest/prefer-snapshot-hint (#​23183) (Sysix)
• d068b9b linter: Add schema for jest/vitest/prefer-expect-assertions (#​23181) (Sysix)
• 064a1ee linter: Add schema for jest/prefer-ending-with-an-expect (#​23180) (Sysix)
• d046797 linter: Add schema for jest/vitest/no-standalone-expect (#​23179) (Sysix)
• 137b9a6 linter: Add schema for jest/vitest/no-large-snapshots (#​23178) (Sysix)
• 0f3e4a5 linter: Add schema for jest/vitest/no-hooks (#​23177) (Sysix)
• cd0b384 linter: Add schema for unicorn/explicit-length-check (#​23155) (Mikhail Baev)
• 01b74c4 linter: Add schema for jest/no-deprecated-functions (#​23136) (Sysix)
• 9d6a387 linter: Add schema for unicorn/catch-error-name (#​23137) (Mikhail Baev)
• 0da8efa linter: Add schema for jest/vitest/max-nested-describe (#​23131) (Sysix)
• d71c9fd linter: Add schema for eslint/no-use-before-define (#​23129) (Sysix)

🐛 Bug Fixes

• 26ddac6 linter: Avoid config schema generation for jsx_a11y/no-noninteractive-element-interactions (#​23385) (Sysix)
• 40556ad linter: Parse jsx-a11y/control-has-associated-label config with DefaultRuleConfig (#​23373) (Sysix)
• 71e9648 linter: Expose no-noninteractive-element-interactions schema (#​23283) (camc314)
• 6c86d1c linter/react-perf: Correct nativeAllowList all schema (#​23229) (camc314)
• 4dd52de linter/react-perf: Re-generate stale snapshots (#​23228) (camc314)
• 8f3db61 linter: Allow options for eslint/capitalized-comments (#​23139) (Sysix)

⚡ Performance

• f09707e linter: jest/no-deprecated-functions store config version as usize (#​23138) (Sysix)

📚 Documentation

• f682e25 linter: Remove manually written options doc for eslint/prefer-arrow-callback (#​23438) (Mikhail Baev)
• 64c942c linter: Remove manually written options doc for eslint/no-sequences (#​23420) (Mikhail Baev)
• 14abf32 linter/react-perf: Use autogenerated docs (#​23227) (camc314)

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • "before 9am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.