fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@typescript-eslint/eslint-plugin (source)	8.39.1 -> 8.46.0					dependencies	minor
@typescript-eslint/parser (source)	8.39.1 -> 8.46.0					dependencies	minor
actions/dependency-review-action	v4.7.1 -> v4.8.1					action	minor
actions/setup-go	v5.5.0 -> v6.0.0					action	major
actions/setup-node	v4.4.0 -> v5.0.0					action	major
eslint-plugin-react-hooks (source)	^5.1.0 -> ^7.0.0					dependencies	major
eslint-plugin-unused-imports	4.1.4 -> 4.2.0					dependencies	minor
github.com/aperturerobotics/starpc	v0.39.8 -> v0.39.9					require	patch
github.com/golangci/golangci-lint/v2	v2.4.0 -> v2.5.0					require	minor
github.com/goreleaser/goreleaser/v2	v2.11.2 -> v2.12.5					require	minor
github/codeql-action	v3.29.9 -> v4.30.8					action	major
golang.org/x/tools	v0.36.0 -> v0.38.0					require	minor
mvdan.cc/gofumpt	v0.8.0 -> v0.9.1					require	minor
starpc	0.39.8 -> 0.39.9					dependencies	patch
typescript (source)	5.9.2 -> 5.9.3					devDependencies	patch

---

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.46.0

Compare Source

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#​11659)
• rule-schema-to-typescript-types: clean up and make public (#​11633)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#​11660)
• typescript-estree: forbid abstract method and accessor to have implementation (#​11657)
• eslint-plugin: removed error type previously deprecated (#​11674)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#​11603)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#​11634)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#​11628)
• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#​11487)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev

You can read about our versioning strategy and releases on our website.

v8.45.0

Compare Source

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#​11616)

🩹 Fixes

• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#​11614)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#​11617)

❤️ Thank You

• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.44.1

Compare Source

🩹 Fixes

• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#​11611)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#​11599)
• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#​11597)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.44.0

Compare Source

🚀 Features

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#​11267)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-conversion] ignore enum members (#​11490)

❤️ Thank You

• Moses Odutusin @​thebolarin
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.43.0

Compare Source

🚀 Features

• typescript-estree: disallow empty type parameter/argument lists (#​11563)

🩹 Fixes

• eslint-plugin: [prefer-return-this-type] don't report an error when returning a union type that includes a classType (#​11432)
• eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#​11359)
• eslint-plugin: [no-floating-promises] allowForKnownSafeCalls now supports function names (#​11423, #​11430)
• eslint-plugin: [consistent-type-exports] fix declaration shadowing (#​11457)
• eslint-plugin: [no-unnecessary-type-conversion] only report ~~ on integer literal types (#​11517)
• scope-manager: exclude Program from DefinitionBase node types (#​11469)
• eslint-plugin: [no-non-null-assertion] do not suggest optional chain on LHS of assignment (#​11489)
• type-utils: add union type support to TypeOrValueSpecifier (#​11526)

❤️ Thank You

• Dima @​dbarabashh
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• tao
• Victor Genaev @​mainframev
• Yukihiro Hasegawa @​y-hsgw
• 민감자(Minji Kim) @​mouse0429
• 송재욱

You can read about our versioning strategy and releases on our website.

v8.42.0

Compare Source

🩹 Fixes

• deps: update eslint monorepo to v9.33.0 (#​11482)

You can read about our versioning strategy and releases on our website.

v8.41.0

Compare Source

🩹 Fixes

• deps: update dependency prettier to v3.6.2 (#​11496)

You can read about our versioning strategy and releases on our website.

v8.40.0

Compare Source

🚀 Features

• typescript-estree: forbid invalid keys in EnumMember (#​11232)

❤️ Thank You

• fisker Cheung @​fisker

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.46.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.45.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.44.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.44.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.43.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.42.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.41.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.40.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

actions/dependency-review-action (actions/dependency-review-action)

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

• (bug) Fix spamming link test in deprecation warning (again) by @​ahpook in #​1000
• Bump version for 4.8.1 release by @​ahpook in #​1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

• Make Ruby Code Scannable by @​ljones140 in #​978
• Batch some contributions for release by @​brrygrdn in #​986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in #​978
• @​jasperkamerling made their first contribution in #​986
• @​MattMencel made their first contribution in #​986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in #​966
• Claire153/fix spamming mentioned issue by @​claire153 in #​974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in #​945
• Deprecate deny lists by @​claire153 in #​958
• Address discrepancy between docs and reality by @​ahpook in #​960

New Contributors

• @​KyFaSt made their first contribution in #​945
• @​claire153 made their first contribution in #​958
• @​ahpook made their first contribution in #​960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

actions/setup-go (actions/setup-go)

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @​matthewhughes934 in #​460
• Upgrade Nodejs runtime from node20 to node 24 by @​salmanmkc in #​624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot[bot] in #​589
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in #​591
• Upgrade @​typescript-eslint/parser from 8.31.1 to 8.35.1 by @​dependabot[bot] in #​590
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​594
• Upgrade typescript from 5.4.2 to 5.8.3 by @​dependabot[bot] in #​538
• Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @​dependabot[bot] in #​603
• Upgrade form-data to bring in fix for critical vulnerability by @​matthewhughes934 in #​618
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​631

New Contributors

• @​matthewhughes934 made their first contribution in #​618
• @​salmanmkc made their first contribution in #​624

Full Changelog: actions/setup-go@v5...v6.0.0

actions/setup-node (actions/setup-node)

v5.0.0

Compare Source

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in #​1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in #​1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in #​1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in #​1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in #​1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​1345

New Contributors

• @​priya-kinthali made their first contribution in #​1348
• @​salmanmkc made their first contribution in #​1325

Full Changelog: actions/setup-node@v4...v5.0.0

facebook/react (eslint-plugin-react-hooks)

v7.0.0

Compare Source

This release slims down presets to just 2 configurations (recommended and recommended-latest), and all compiler rules are enabled by default.

• Breaking: Removed recommended-latest-legacy and flat/recommended configs. The plugin now provides recommended (legacy and flat configs with all recommended rules), and recommended-latest (legacy and flat configs with all recommended rules plus new bleeding edge experimental compiler rules). (@​poteto in #​34757)

v6.1.1

Compare Source

Note: 6.1.0 accidentally allowed use of recommended without flat config, causing errors when used with ESLint v9's defineConfig() helper. This has been fixed in 6.1.1.

• Fix recommended config for flat config compatibility. The recommended config has been converted to flat config format. Non-flat config users should use recommended-legacy instead. (@​poteto in #​34700)
• Add recommended-latest and recommended-latest-legacy configs that include React Compiler rules. (@​poteto in #​34675)
• Remove unused NoUnusedOptOutDirectives rule. (@​poteto in #​34703)
• Remove hermes-parser and dependency. (@​poteto in #​34719)
• Remove @babel/plugin-proposal-private-methods dependency. (@​ArnaudBarre and @​josephsavona in #​34715)
• Update for Zod v3/v4 compatibility. (@​kolian and @​josephsavona in #​34717)

v6.1.0

Compare Source

Note: Version 6.0.0 was mistakenly released and immediately deprecated and untagged on npm. This is the first official 6.x major release and includes breaking changes.

• Breaking: Require Node.js 18 or newer. (@​michaelfaith in #​32458)
• Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@​michaelfaith in #​32457)
• New Violations: Disallow calling use within try/catch blocks. (@​poteto in #​34040)
• New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@​jbrown215 in #​33544)
• Handle React.useEffect in addition to useEffect in rules-of-hooks. (@​Ayc0 in #​34076)
• Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@​jbrown215) in #​34497

v6.0.0

Compare Source

Accidentally released. See 6.1.0 for the actual changes.

sweepline/eslint-plugin-unused-imports (eslint-plugin-unused-imports)

v4.2.0

Compare Source

aperturerobotics/starpc (github.com/aperturerobotics/starpc)

v0.39.9

Compare Source

golangci/golangci-lint (github.com/golangci/golangci-lint/v2)

v2.5.0

Compare Source

1. New linters
   • Add godoclint linter https://github.com/godoc-lint/godoc-lint
   • Add unqueryvet linter https://github.com/MirrexOne/unqueryvet
   • Add iotamixing linter https://github.com/AdminBenni/iota-mixing
2. Linters new features or changes
   • embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
   • err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
   • ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
   • gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
   • ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
   • musttag: from 0.13.1 to 0.14.0 (support interface methods)
   • revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
   • thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
   • wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
3. Linters bug fixes
   • asciicheck: from 0.4.1 to 0.5.0
   • errname: from 1.1.0 to 1.1.1
   • fatcontext: from 0.8.0 to 0.8.1
   • go-printf-func-name: from 0.1.0 to 0.1.1
   • godot: from 1.5.1 to 1.5.4
   • gosec: from 2.22.7 to 2.22.8
   • nilerr: from 0.1.1 to a temporary fork
   • nilnil: from 1.1.0 to 1.1.1
   • protogetter: from 0.3.15 to 0.3.16
   • tagliatelle: from 0.7.1 to 0.7.2
   • testifylint: from 1.6.1 to 1.6.4
4. Misc.
   • fix: "no export data" errors are now handled as a standard typecheck error
5. Documentation
   • Improve nolint section about syntax

goreleaser/goreleaser (github.com/goreleaser/goreleaser/v2)

v2.12.5

Compare Source

Announcement

Read the official announcement: Announcing GoReleaser v2.12.

Changelog

Full Changelog: goreleaser/goreleaser@v2.12.4...v2.12.5

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them?
You can sponsor, get a Pro License or contribute with code.

Where to go next?

• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.12.4

Compare Source

Announcement

Read the official announcement: Announcing GoReleaser v2.12.

Changelog

Bug fixes

• 5991ec9: fix(deps): update fang, fix error handler (@​caarlos0)
• ed03d58: fix(docker/v2): handle bad COPY/ADD (@​caarlos0)
• 6c05856: fix(docker/v2): more logs (@​caarlos0)
• 806492d: fix(makeself): path to script, better tests (@​caarlos0)
• 0ffcd8f: fix: error handling in github actions (@​caarlos0)

Full Changelog: goreleaser/goreleaser@v2.12.3...v2.12.4

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them?
You can sponsor, get a Pro License or contribute with code.

Where to go next?

• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.12.3

Compare Source

Announcement

Read the official announcement: Announcing GoReleaser v2.12.

Changelog

Bug fixes

• a1d945d: fix(makeself): keep full binary name (@​caarlos0)
• 54274e5: fix(makeself): keep script name (@​caarlos0)
• f195f3c: fix(sbom): --enrich=all should be the default (#​6095) (@​caarlos0)
• 798a927: fix: lint (@​caarlos0)

Documentation updates

• 78ec122: docs(sec): threat model (@​caarlos0)
• 269a76b: docs: fedora move exclude to repo config (#​6103) (@​mulbc)
• fd5a30f: docs: fix inconsistency about symlink in nfpm.md (#​6094) (@​kaitokimuraofficial)
• 44b0d91: docs: fix title (@​caarlos0)
• f63a01c: docs: icons on smaller screens (@​caarlos0)
• 821cd7a: docs: pin mkdocs-material image, add it to dependabot (@​caarlos0)

Other work

• 0ef2b3f: ci(sec): improve workflows (@​caarlos0)
• 3eea0d7: ci(sec): improve workflows perms (@​caarlos0)

Full Changelog: goreleaser/goreleaser@v2.12.2...v2.12.3

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them?
You can sponsor, get a Pro License or contribute with code.

Where to go next?

• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.12.2

Compare Source

Announcement

Read the official announcement: Announcing GoReleaser v2.12.

Changelog

Bug fixes

• 63d8105: fix(dockers/v2): properly support pywheel (#​6089) (@​caarlos0)

Other work

• 5d46c96: ci(sec): improve codeql (#​6090) (@​caarlos0)

Full Changelog: goreleaser/goreleaser@v2.12.1...v2.12.2

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them?
You can sponsor, get a Pro License or contribute with code.

Where to go next?

• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.12.1

Compare Source

Announcement

Read the official announcement: Announcing GoReleaser v2.12.

Changelog

Bug fixes

• 12f7f48: fix(blob): artifact filter (@​caarlos0)
• 744dcac: fix(blob): disable ssl param name (#​6048) (@​caarlos0)
• 60a6c65: fix(docker/v2): do not warn skip docker/v2 on production builds (#​6047) (@​caarlos0)
• 1f75831: fix(docker/v2): improve error message (@​caarlos0)
• 6f7199e: fix(docker/v2): properly set manifest annotations (#​6053) (@​caarlos0)
• f57c1ce: fix(poetry): schema, import (@​caarlos0)
• 26c8097: fix(schema): Introduce BinarySign struct to fix schema bug (#​6058) (@​frenchi)
• bd3743d: fix: lint issues ([@​caarlos0](https://redirec

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: tools/go.sum

Command failed: go get -t ./...
go: module github.com/goreleaser/goreleaser/[email protected] requires go >= 1.25.1; switching to go1.25.2
go: downloading go1.25.2 (linux/amd64)
go: download go1.25.2: golang.org/[email protected]: verifying module: checksum database disabled by GOSUMDB=off

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​goreleaser/​goreleaser/​v2@​v2.11.2 ⏵ v2.12.5	+1
	github.com/​golangci/​golangci-lint/​v2@​v2.4.0 ⏵ v2.5.0	+1
	github.com/​aperturerobotics/​starpc@​v0.39.8 ⏵ v0.39.9	+1

View full report