Skip to content

- Update all non-major dependencies with digest and pinDigest #422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Blusia merged 2 commits into from
Jul 8, 2025
Merged

- Update all non-major dependencies with digest and pinDigest #422

Blusia merged 2 commits into from
Jul 8, 2025

Conversation

@blumilk-renovate
Copy link
Contributor

@blumilk-renovate blumilk-renovate bot commented Jul 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Pending
@tailwindcss/postcss (source) dependencies patch ^4.1.8 -> ^4.1.11
@typescript-eslint/eslint-plugin (source) devDependencies minor ^8.28.0 -> ^8.35.0 8.35.1
@typescript-eslint/parser (source) devDependencies minor ^8.28.0 -> ^8.35.0 8.35.1
actions/setup-node action minor v4.3.0 -> v4.4.0
alpine stage minor 3.21.3 -> 3.22.0
axllent/mailpit (source) minor v1.24.0 -> v1.27.0
composer stage patch 2.8.6 -> 2.8.9
composer/composer stage patch 2.8.6-bin -> 2.8.9-bin
docker/build-push-action action minor v6.15.0 -> v6.18.0
docker/setup-buildx-action action minor v3.10.0 -> v3.11.1
filament/filament (source) require patch ^3.3.7 -> ^3.3.29 3.3.30
filament/spatie-laravel-translatable-plugin (source) require patch ^3.3.7 -> ^3.3.30
intervention/image-laravel (source) require patch ^1.5.5 -> ^1.5.6
josiasmontag/laravel-recaptchav3 require patch ^1.0 -> ^1.0.4
larastan/larastan require-dev minor ^3.2.0 -> ^3.5.0
laravel-vite-plugin dependencies patch ^1.2.0 -> ^1.3.0
laravel/framework (source) require minor ^12.17.0 -> ^12.19.3
laravel/sanctum require patch ^4.0.8 -> ^4.1.1
nesbot/carbon (source) require minor ^3.8.6 -> ^3.10.1
node stage minor 22.14.0-bullseye-slim -> 22.17.0-bullseye-slim
nunomaduro/collision require-dev patch ^8.7.0 -> ^8.8.2
php patch 8.4.5 -> 8.4.8
php final patch 8.4.5-fpm-bookworm -> 8.4.7-fpm-bookworm 8.4.8-fpm-bookworm
phpunit/phpunit (source) require-dev patch ^12.2.0 -> ^12.2.5
postcss (source) devDependencies patch ^8.5.3 -> ^8.5.6
sentry/sentry-laravel (source) require minor ^4.13.0 -> ^4.15.1
shivammathur/setup-php action minor 2.32.0 -> 2.34.1
tailwindcss (source) dependencies patch ^4.1.8 -> ^4.1.11
xdebug/xdebug patch 3.4.2 -> 3.4.4

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.1.11

Compare Source

Fixed
  • Add heuristic to skip candidate migrations inside emit(…) (#​18330)
  • Extract candidates with variants in Clojure/ClojureScript keywords (#​18338)
  • Document --watch=always in the CLI's usage (#​18337)
  • Add support for Vite 7 to @tailwindcss/vite (#​18384)

v4.1.10

Compare Source

Fixed
  • Fix incorrectly generated CSS when using percentages in arbitrary values with calc (e.g. w-[calc(100%-var(--offset))]) (#​18289)

v4.1.9

Compare Source

Fixed
  • Correctly parse custom properties with strings containing semicolons (#​18251)
  • Upgrade: Migrate arbitrary modifiers without percentage signs to bare values (e.g. /[0.16]/16) (#​18184)
  • Upgrade: Migrate CSS variable shorthands where fallback value contains function call (#​18184)
  • Upgrade: Migrate negative arbitrary values to negative bare values (e.g. mb-[-32rem]-mb-128) (#​18212)
  • Upgrade: Do not migrate blur in wire:model.blur (#​18216)
  • Don't add spaces around CSS dashed idents when formatting math expressions (#​18220)
typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.35.0

Compare Source

🚀 Features
  • eslint-plugin: [no-base-to-string] add checkUnknown Option (#​11128)
❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.34.1

Compare Source

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.34.0

Compare Source

🩹 Fixes
  • typescript-estree: add validation to interface extends (#​11271)
❤️ Thank You
  • Tao

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.35.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.34.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.34.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed

Bug fixes:
Enhancement:
Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

axllent/mailpit (axllent/mailpit)

v1.27.0

Compare Source

Chore
  • Remove unused functionality/deadcode (golangci-lint)
  • Refactor error handling and resource management across multiple files (golangci-lint)
  • Refactor API Swagger definitions and remove unused structs
  • Bump minimum Go version to v1.24.3 for jhillyerd/enmime/v2
  • Switch version checks & self-updater to use ghru/v2
  • Update Go dependencies
  • Update node dependencies
Fix
  • Align websocket new message values with global Message Summary (no null values) (#​526)

v1.26.2

Compare Source

Feature
  • Store username with messages, auto-tag, and UI display (#​521)
  • Allow version checking to be disabled (#​524)
Chore
  • Apply linting to all JavaScript/Vue files with eslint & prettier
  • Update Go dependencies
  • Update node dependencies
Fix
  • Improve version polling, add thread safety and exponential backoff (#​523)
Test
  • Add JavaScript linting tests to CI
  • Add Go linting (gofmt) to CI

v1.26.1

Compare Source

Feature
  • Add relay config to preserve (keep) original Message-IDs when relaying messages (#​515)
Chore
  • Update Go dependencies
  • Update node dependencies
  • Update caniemail testing database
Fix
  • Add optional message_num argument in POP3 LIST command (#​518)
  • Use float64 for returned SQL value types for rqlite compatibility (#​520)
Test
  • Add small delay in POP3 test after disconnection to allow for background deletion in rqlite
  • Add automated tests using the rqlite database

v1.26.0

Compare Source

Feature
  • Send API allow separate auth (#​504)
  • Add Prometheus exporter (#​505)
Chore
  • Add MP_DATA_FILE deprecation warning
  • Update Go dependencies
  • Update node dependencies
Fix
  • Ignore basic auth for OPTIONS requests to API when CORS is set
  • Fix sendmail symlink detection for macOS (#​514)

v1.25.1

Compare Source

Chore
  • Switch from unnecessary float64 to uint64 API values for App Information, message & attachment sizes
  • Extend latest version cache expiration from 5 to 15 minutes
  • Lighten outline-secondary buttons in dark mode
  • Add note to swagger docs about API date formats
  • Update Go dependencies
  • Update node dependencies
Fix
  • Update bootstrap5-tags to fix text pasting in message release modal (#​498)

v1.25.0

Compare Source

Feature
  • Add option to hide the "Delete all" button in web UI (#​495)
Chore
  • Upgrade to jhillyerd/enmime/v2
  • Switch yaml parser to github.com/goccy/go-yaml
  • Tweak UI to improve contrast between read & unread messages
  • Adjust UI margin for side navigation
  • Update Go dependencies
  • Update node dependencies
  • Update caniemail database
Fix
  • Include SMTPUTF8 capability in SMTP EHLO response (#​496)
Documentation
  • Switch to git-cliff for changelog generation
  • Add Message ListUnsubscribe to swagger / API documentation (#​494)

v1.24.2

Compare Source

Feature
  • Display unread count in app badge (#​485)
Chore
  • Install script improvements & better error handling (#​482)
  • Update Go dependencies
  • Update node dependencies
  • Update caniemail database

v1.24.1

Compare Source

Feature
  • Add ability to mark all search results as read (#​476)
Chore
  • Bump node version to 22 for binary releases
  • Improve error message for From header parsing failure (#​477)
  • Update Go dependencies
  • Update node dependencies
docker/build-push-action (docker/build-push-action)

v6.18.0

Compare Source

[!NOTE]
Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Compare Source

[!NOTE]
Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Compare Source

Full Changelog: docker/build-push-action@v6.15.0...v6.16.0

docker/setup-buildx-action (docker/setup-buildx-action)

v3.11.1

Compare Source

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Compare Source

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

filamentphp/panels (filament/filament)

v3.3.29

Compare Source

v3.3.28

Compare Source

v3.3.27

Compare Source

v3.3.26

Compare Source

v3.3.25

Compare Source

v3.3.24

Compare Source

v3.3.23

Compare Source

v3.3.22

Compare Source

v3.3.21

Compare Source

filamentphp/spatie-laravel-translatable-plugin (filament/spatie-laravel-translatable-plugin)

v3.3.30

Compare Source

v3.3.29

Compare Source

v3.3.28

Compare Source

v3.3.27

Compare Source

v3.3.26

Compare Source

v3.3.25

Compare Source

v3.3.24

Compare Source

v3.3.23

Compare Source

v3.3.22

Compare Source

v3.3.21

Compare Source

larastan/larastan (larastan/larastan)

v3.5.0

Compare Source

What's Changed

Added
Fixed

New Contributors

Full Changelog: larastan/larastan@v3.4.2...v3.5.0

v3.4.2

Compare Source

What's Changed

New Contributors

Full Changelog: larastan/larastan@v3.4.1...v3.4.2

v3.4.1

Compare Source

What's Changed

New Contributors

Full Changelog: larastan/larastan@v3.4.0...v3.4.1

laravel/framework (laravel/framework)

v12.19.3

Compare Source

v12.19.2

Compare Source

v12.19.1

Compare Source

v12.19.0

Compare Source

v12.18.0

Compare Source

CarbonPHP/carbon (nesbot/carbon)

v3.10.1

Compare Source

Complete commits list: CarbonPHP/carbon@3.10.0...3.10.1

Summary:

v3.10.0

Compare Source

Complete commits list: CarbonPHP/carbon@3.9.1...3.10.0

Summary:

New Contributors

nodejs/node (node)

v22.17.0: 2025-06-24, Version 22.17.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes
⚠️ Deprecations
Instantiating node:http classes without new

Constructing classes like IncomingMessage or ServerResponse without the new
keyword is now discouraged. This clarifies API expectations and aligns with standard
JavaScript behavior. It may warn or error in future versions.

Contributed by Yagiz Nizipli in #​58518.

options.shell = "" in node:child_process

Using an empty string for shell previously had undefined behavior. This change
encourages explicit choices (e.g., shell: true or a shell path) and avoids
relying on implementation quirks.

Contributed by Antoine du Hamel and Renegade334 #​58564.

HTTP/2 priority signaling

The HTTP/2 prioritization API (e.g., stream.priority) is now deprecated due to
poor real-world support. Applications should avoid using priority hints and expect future removal.

Contributed by Matteo Collina and Antoine du Hamel #​58313.

✅ Features graduated to stable
assert.partialDeepStrictEqual()

This method compares only a subset of properties in deep object comparisons,
useful for flexible test assertions. Its stabilization means it's now safe for
general use and won't change unexpectedly in future releases.

Contributed by Ruben Bridgewater in #​57370.

Miscellaneous
  • dirent.parentPath
  • filehandle.readableWebStream()
  • fs.glob()
  • fs.openAsBlob()
  • node:readline/promises
  • port.hasRef()
  • readable.compose()
  • readable.iterator()
  • readable.readableAborted
  • readable.readableDidRead
  • Duplex.fromWeb()
  • Duplex.toWeb()
  • Readable.fromWeb()
  • Readable.isDisturbed()
  • Readable.toWeb()
  • stream.isErrored()
  • stream.isReadable()
  • URL.createObjectURL()
  • URL.revokeObjectURL()
  • v8.setHeapSnapshotNearHeapLimit()
  • Writable.fromWeb()
  • Writable.toWeb()
  • writable.writableAborted
  • Startup Snapshot API
  • ERR_INPUT_TYPE_NOT_ALLOWED
  • ERR_UNKNOWN_FILE_EXTENSION
  • ERR_UNKNOWN_MODULE_FORMAT
  • ERR_USE_AFTER_CLOSE

Contributed by James M Snell in
#​57513 and
#​58541.

Semver-minor features
🔧 fs.FileHandle.readableWebStream gets autoClose option

This gives developers explicit control over whether the file descriptor should
be closed when the stream ends. Helps avoid subtle resource leaks.

Contributed by James M Snell in #​58548.

🔧 fs.Dir now supports explicit resource management

This improves ergonomics around async iteration of directories. Developers can
now manually control when a directory is closed using .close() or with Symbol.asyncDispose.

Contributed by Antoine du Hamel in #​58206.

📊 http2 gains diagnostics channel: http2.server.stream.finish

Adds observability support for when a stream finishes. Useful for logging,
monitoring, and debugging HTTP/2 behavior without patching internals.

Contributed by Darshan Sen in #​58560.

🔐 Permissions: implicit allow-fs-read to entrypoint

Node.js permissions model now allows read access to the entry file by default.
It makes running permission-restricted apps smoother while preserving security.

Contributed by Rafael Gonzaga in #​58579.

🎨 util.styleText() adds 'none' style

This lets developers remove styling cleanly without hacks. Useful for overriding
inherited terminal styles when composing styled strings.

Contributed by James M Snell in #​58437.

🧑‍💻 Community updates
Commits

Configuration

📅 Schedule: Branch creation - "* * 1 */3 *" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@blumilk-renovate blumilk-renovate bot requested a review from a team as a code owner July 1, 2025 10:09
@blumilk-renovate blumilk-renovate bot added dependencies Pull requests that update a dependency file docker Pull requests that update Docker code github-actions javascript Pull requests that update Javascript code php Pull requests that update Php code renovate labels Jul 1, 2025
@blumilk-renovate blumilk-renovate bot requested a review from Blusia July 1, 2025 10:09
@blumilk-renovate
Copy link
Contributor Author

blumilk-renovate bot commented Jul 1, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock
Command failed: composer update filament/filament:3.3.29 filament/spatie-laravel-translatable-plugin:3.3.30 intervention/image-laravel:1.5.6 josiasmontag/laravel-recaptchav3:1.0.4 larastan/larastan:3.5.0 laravel/framework:12.19.3 laravel/sanctum:4.1.1 nesbot/carbon:3.10.1 nunomaduro/collision:8.8.2 phpunit/phpunit:12.2.5 sentry/sentry-laravel:4.15.1 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins --minimal-changes
Loading composer repositories with package information
Dependency guzzlehttp/guzzle is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies (-W) to include root dependencies.
Dependency mockery/mockery is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies (-W) to include root dependencies.
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires php ^8.4 but your php version (8.3.14) does not satisfy that requirement.
  Problem 2
    - Root composer.json requires filament/filament ^3.3.29 -> satisfiable by filament/filament[v3.3.29].
    - Root composer.json requires filament/spatie-laravel-translatable-plugin ^3.3.30 -> satisfiable by filament/spatie-laravel-translatable-plugin[v3.3.30].
    - filament/filament v3.3.29 requires filament/support v3.3.29 -> satisfiable by filament/support[v3.3.29].
    - filament/spatie-laravel-translatable-plugin v3.3.30 requires filament/support v3.3.30 -> satisfiable by filament/support[v3.3.30].
    - You can only install one version of a package, so only one of these can be installed: filament/support[v3.0.0, ..., v3.3.30].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

@blumilk-renovate blumilk-renovate bot force-pushed the renovate/all-minor-patch-digest-pindigest branch from ba37d54 to f37e2e5 Compare July 2, 2025 10:07
@blumilk-renovate
Copy link
Contributor Author

blumilk-renovate bot commented Jul 2, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@Blusia Blusia requested a review from EwelinaSkrzypacz July 2, 2025 10:48
@mtracz
Copy link
Member

mtracz commented Jul 2, 2025

Root composer.json requires php ^8.4 but your php version (8.3.14) does not satisfy that requirement.

Strange, that Renovate detects or uses wrong PHP version.
We have to fix it or find what is wrong.

Might help but not the best solution:

@Blusia Blusia merged commit 21c9fd6 into main Jul 8, 2025
3 checks passed
@Blusia Blusia deleted the renovate/all-minor-patch-digest-pindigest branch July 8, 2025 06:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EwelinaSkrzypacz EwelinaSkrzypacz EwelinaSkrzypacz approved these changes

@Blusia Blusia Blusia approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code github-actions javascript Pull requests that update Javascript code php Pull requests that update Php code renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mtracz @EwelinaSkrzypacz @Blusia