Bump the all-dependencies group with 21 updates

[dependabot]

Bumps the all-dependencies group with 21 updates:

Package	From	To
cspell	9.8.0	10.0.0
eslint-config-prettier	9.1.2	10.1.8
lint-staged	15.5.2	17.0.4
oxfmt	0.47.0	0.49.0
yaml	2.8.4	2.9.0
yargs	17.7.2	18.0.0
fast-xml-parser	5.7.1	5.8.0
i18next-http-backend	3.0.6	4.0.0
@opentelemetry/semantic-conventions	1.40.0	1.41.1
immer	10.2.0	11.1.8
react-resize-detector	10.0.1	12.3.0
micro-memoize	4.2.0	5.1.1
@itwin/build-tools	5.10.0-dev.6	5.10.0-dev.11
@types/node	12.20.55	25.7.0
cpx2	7.0.2	8.0.2
cross-env	7.0.3	10.1.0
react-error-boundary	4.1.2	6.1.1
typescript	5.6.3	6.0.3
vite	8.0.10	8.0.12
inversify	6.0.3	8.1.0
reflect-metadata	0.1.14	0.2.2

Updates cspell from 9.8.0 to 10.0.0

Release notes

Sourced from cspell's releases.

v10.0.0

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

• v3: Synchronous default export — importFresh(modulePath) returns the module directly
• v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

• packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
• packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
  • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
  • Make loadPnp and loadPnpIfNeeded async
  • Change cachedPnpImportsSync → cachedPnpImports (now stores Promise<LoaderResult>)
  • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
  • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
  • Use optional chaining on the module's default export to handle edge cases
• test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
• test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.

---

feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

• Bump engines.node across packages/test-packages to >=22.18.0 and update root @types/node to ^22.19.15.
• Update CI workflows to test Node 22/24/25 and adjust integration update workflow to Node 22.
• Remove eslint-plugin-n “unsupported node builtins” disables now that the minimum Node version includes those built-ins.

... (truncated)

Changelog

Sourced from cspell's changelog.

v10.0.0 (2026-04-06)

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

• v3: Synchronous default export — importFresh(modulePath) returns the module directly
• v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

• packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
• packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
  • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
  • Make loadPnp and loadPnpIfNeeded async
  • Change cachedPnpImportsSync → cachedPnpImports (now stores Promise<LoaderResult>)
  • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
  • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
  • Use optional chaining on the module's default export to handle edge cases
• test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
• test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.

---

feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

... (truncated)

Commits

• 6ddfd57 v10.0.0
• 9ab431c chore: Prepare Release v10.0.0 (auto-deploy) (#8781)
• ef406ee feat!: Drop support for Node 20 (#8779)
• See full diff in compare view

Updates eslint-config-prettier from 9.1.2 to 10.1.8

Release notes

Sourced from eslint-config-prettier's releases.

v10.1.8

republish latest version

Full Changelog: prettier/eslint-config-prettier@v10.1.5...v10.1.8

v10.1.5

Patch Changes

• #332 60fef02 Thanks @​JounQin! - chore: add funding field into package.json

Full Changelog: prettier/eslint-config-prettier@v10.1.4...v10.1.5

v10.1.4

Patch Changes

• #328 94b4799 Thanks @​silvenon! - fix(cli): do not crash on no rules configured

Full Changelog: prettier/eslint-config-prettier@v10.1.3...v10.1.4

v10.1.3

Patch Changes

• #325 4e95a1d Thanks @​pilikan! - fix: this package is commonjs, align its types correctly

New Contributors

• @​pilikan made their first contribution in prettier/eslint-config-prettier#325

Full Changelog: prettier/eslint-config-prettier@v10.1.2...v10.1.3

v10.1.2

Patch Changes

• #321 a8768bf Thanks @​Fdawgs! - chore(package): add homepage for some 3rd-party registry - see #321 for more details

v10.1.1

Patch Changes

• #309 eb56a5e Thanks @​JounQin! - fix: separate the /flat entry for compatibility

  For flat config users, the previous "eslint-config-prettier" entry still works, but "eslint-config-prettier/flat" adds a new name property for config-inspector, we just can't add it for the default entry for compatibility.

  See also prettier/eslint-config-prettier#308

  // before
  import eslintConfigPrettier from "eslint-config-prettier";
  // after
  import eslintConfigPrettier from "eslint-config-prettier/flat";

... (truncated)

Changelog

Sourced from eslint-config-prettier's changelog.

eslint-config-prettier

10.1.5

Patch Changes

• #332 60fef02 Thanks @​JounQin! - chore: add funding field into package.json

10.1.4

Patch Changes

• #328 94b4799 Thanks @​silvenon! - fix(cli): do not crash on no rules configured

10.1.3

Patch Changes

• #325 4e95a1d Thanks @​pilikan! - fix: this package is commonjs, align its types correctly

10.1.2

Patch Changes

• #321 a8768bf Thanks @​Fdawgs! - chore(package): add homepage for some 3rd-party registry - see #321 for more details

10.1.1

Patch Changes

• #309 eb56a5e Thanks @​JounQin! - fix: separate the /flat entry for compatibility

  For flat config users, the previous "eslint-config-prettier" entry still works, but "eslint-config-prettier/flat" adds a new name property for config-inspector, we just can't add it for the default entry for compatibility.

  See also prettier/eslint-config-prettier#308

  // before
  import eslintConfigPrettier from "eslint-config-prettier";
  // after
  import eslintConfigPrettier from "eslint-config-prettier/flat";

10.1.0

Minor Changes

• #306 56e2e34 Thanks @​JounQin! - feat: migrate to exports field

... (truncated)

Commits

• See full diff in compare view

Updates lint-staged from 15.5.2 to 17.0.4

Release notes

Sourced from lint-staged's releases.

v17.0.4

Patch Changes

• #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

v17.0.3

Patch Changes

• #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

v17.0.2

Patch Changes

• #1779 88670ca Thanks @​iiroj! - Enable immutable GitHub releases

v17.0.1

Patch Changes

• #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

v17.0.0

Major Changes

• #1745 e244adf Thanks @​iiroj! - Node.js v20 is no longer supported, and the oldest supported version is now 22.22.1, which is an active LTS version at the time of this release. Node.js 20 will be EOL after April 2026. Please upgrade your Node.js version!

• #1676 0584e0b Thanks @​outslept! - Lint-staged now tries to verify the installed Git version is at least 2.32.0, released in 2021. If you're using an even older Git version, you need to upgrade it before running lint-staged!

• #1745 2dcc40a Thanks @​iiroj! - The dependency yaml is now marked as optional and probably won't be installed by default. If you're using a YAML configuration file you should install the package separately:

  npm install --development yaml

  If you're using .lintstagedrc as the config file name (without a file extension), it will be treated as a YAML file. If the content is JSON, consider renaming it to .lintstagedrc.json to avoid needing to install yaml.

Minor Changes

• #1748 809d5ef Thanks @​iiroj! - Add new option --hide-all for hiding all unstaged changes and untracked files, before running tasks. This makes it easier to run tools like Knip which check for unused code. Untracked files are included in the backup stash and restored automatically after running.

• #1759 f13045a Thanks @​iiroj! - Update dependencies, including tinyexec@1.1.1 to fix the following issues:

  • When using a Node.js version manager with multiple versions installed (nvm, n, for example), scripts with the #!/usr/bin/env node shebang (Prettier, ESLint, for example) were previously spawned using the default Node.js version configured by the version manager (the one which node points to) on POSIX systems. Now, they will be spawned with the same version that lint-staged itself was started with.
    • For example, if your default Node.js version is 24.14.1 but lint-staged is run with the latest version 25.9.0, the tasks spawned by lint-staged will now also use version 25.9.0. Previously they were spawned using 24.14.1.

... (truncated)

Changelog

Sourced from lint-staged's changelog.

17.0.4

Patch Changes

• #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

17.0.3

Patch Changes

• #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

17.0.2

Patch Changes

• #1779 88670ca Thanks @​iiroj! - Enable immutable GitHub releases

17.0.1

Patch Changes

• #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

17.0.0

Major Changes

• #1745 e244adf Thanks @​iiroj! - Node.js v20 is no longer supported, and the oldest supported version is now 22.22.1, which is an active LTS version at the time of this release. Node.js 20 will be EOL after April 2026. Please upgrade your Node.js version!

• #1676 0584e0b Thanks @​outslept! - Lint-staged now tries to verify the installed Git version is at least 2.32.0, released in 2021. If you're using an even older Git version, you need to upgrade it before running lint-staged!

• #1745 2dcc40a Thanks @​iiroj! - The dependency yaml is now marked as optional and probably won't be installed by default. If you're using a YAML configuration file you should install the package separately:

  npm install --development yaml

  If you're using .lintstagedrc as the config file name (without a file extension), it will be treated as a YAML file. If the content is JSON, consider renaming it to .lintstagedrc.json to avoid needing to install yaml.

Minor Changes

• #1748 809d5ef Thanks @​iiroj! - Add new option --hide-all for hiding all unstaged changes and untracked files, before running tasks. This makes it easier to run tools like Knip which check for unused code. Untracked files are included in the backup stash and restored automatically after running.

... (truncated)

Commits

• 2862964 Merge pull request #1789 from lint-staged/changeset-release/main
• c9ecd54 chore(changeset): release
• cc6b51a Merge pull request #1788 from lint-staged/fix-update-index-again
• f95c1f8 fix: update both default index.lock and non-standard lock when latter exists
• f44ee68 Merge pull request #1786 from lint-staged/update-repo-url
• a61cf18 build(deps): update dependencies
• ea00037 docs: disable Changesets "thanks"
• ab7c26c docs: update repo URL to point in lint-staged/lint-staged
• a36ec1e Merge pull request #1783 from lint-staged/changeset-release/main
• 03ce2a9 chore(changeset): release
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for lint-staged since your current version.

Updates oxfmt from 0.47.0 to 0.49.0

Changelog

Sourced from oxfmt's changelog.

[0.49.0] - 2026-05-11

🚀 Features

• 6e8e818 oxfmt: Experimental .svelte support (#21700) (leaysgur)

[0.45.0] - 2026-04-13

🐛 Bug Fixes

• 50c389b oxfmt: Support .editorconfig quote_type (#20989) (leaysgur)

[0.44.0] - 2026-04-06

🐛 Bug Fixes

• dd2df87 npm: Export package.json for oxlint and oxfmt (#20784) (kazuya kawaguchi)
• 4216380 oxfmt: Support .editorconfig tab_width fallback (#20988) (leaysgur)

[0.43.0] - 2026-03-30

🚀 Features

• 6ef440a oxfmt: Support bool for object style options (#20853) (leaysgur)

[0.42.0] - 2026-03-24

🚀 Features

• 416865a formatter,oxfmt: Add doc comments for JsdocConfig (#20644) (leaysgur)
• 4fec907 formatter: Add JSDoc comment formatting support (#19828) (Dunqing)

[0.40.0] - 2026-03-12

🐛 Bug Fixes

• bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#20273) (leaysgur)

[0.36.0] - 2026-03-02

🐛 Bug Fixes

• 04e6223 npm: Add preferUnplugged for Yarn PnP compatibility (#19829) (Boshen)

📚 Documentation

• 2fa936f README.md: Map npm package links to npmx.dev (#19666) (Boshen)

[0.35.0] - 2026-02-23

... (truncated)

Commits

• d652a55 release(apps): oxlint v1.64.0 && oxfmt v0.49.0 (#22318)
• 6e8e818 feat(oxfmt): Experimental .svelte support (#21700)
• 330fe31 refactor(config): Update doc comment for GlobSet (#22197)
• fb3067c refactor(oxfmt): use shared GlobSet for overrides (#22147)
• 5921a25 release(apps): oxlint v1.63.0 && oxfmt v0.48.0 (#22109)
• See full diff in compare view

Updates yaml from 2.8.4 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

• fix: Avoid calling Array.prototype.push.apply() with large source array
• fix(lexer): Avoid recursive calls that may exhaust the call stack

Commits

• ddb21b0 2.9.0
• 167365b docs: Clarify that not all errors can be avoided
• 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
• 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
• See full diff in compare view

Updates yargs from 17.7.2 to 18.0.0

Changelog

Sourced from yargs's changelog.

18.0.0 (2025-05-26)

⚠ BREAKING CHANGES

• command names are not derived from modules passed to command.
• singleton usage of yargs yargs.foo, yargs().argv, has been removed.
• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23.
• yargs is now ESM first

Features

• commandDir now works with ESM files (#2461) (27eec18)
• locale: adds hebrew translation (#2357) (4266485)
• yargs is now ESM first (d90af45)
• zsh: Add default completion as fallback (#2331) (e02c91b)

Bug Fixes

• addDirectory do not support absolute command dir (#2465) (3a40a78)
• allows ESM modules commands to be extensible using visit option (#2468) (200e1aa)
• browser: fix shims so that yargs continues working in browser context (#2457) (4ae5f57)
• build: address problems with typescript compilation (#2445) (8d72fb3)
• coerce should play well with parser configuration (#2308) (8343c66)
• deps: update dependency yargs-parser to v22 (#2470) (639130d)
• exit after async handler done (#2313) (e326cde)
• handle spaces in bash completion (#2452) (83b7788)
• parser-configuration should work well with generated completion script (#2332) (888db19)
• propagate Dictionary including undefined in value type (#2393) (2b2f7f5)
• zsh: completion no longer requires double tab when using autoloaded (0dd8fe4)

Code Refactoring

• command names are not derived from modules passed to command. (d90af45)
• singleton usage of yargs yargs.foo, yargs().argv, has been removed. (d90af45)

Build System

• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23. (d90af45)

Commits

• 0bc7255 chore(main): release 18.0.0 (#2325)
• 639130d fix(deps): update dependency yargs-parser to v22 (#2470)
• 200e1aa fix: allows ESM modules commands to be extensible using visit option (#2468)
• 888db19 fix: parser-configuration should work well with generated completion script (...
• 3a40a78 fix: addDirectory do not support absolute command dir (#2465)
• 90e9eca docs: remove to old slack channel (#2466)
• 0dd8fe4 fix(zsh): completion no longer requires double tab when using autoloaded
• 27eec18 feat: commandDir now works with ESM files (#2461)
• f9c72a7 docs: update examples to run from examples folder (#2463)
• e02c91b feat(zsh): Add default completion as fallback (#2331)
• Additional commits viewable in compare view

Updates fast-xml-parser from 5.7.1 to 5.8.0

Release notes

Sourced from fast-xml-parser's releases.

update strnum, FXB. Use xml-naming for DOCTYPE

• integrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)
  • This will consider xml-version as well. '1.0' is default
• update strnum to 2.3.0
  • You can set octal and binary parsing which is by deault off
• update fast-xml-builder to 1.2.0
  • can sanitize tag names if found invalid
  • fix format output

fix minor old bugs and update builder

• fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
• fix stop node expression when ns prefix is removed (found by iruizsalinas)
• update XML Builder to 1.1.7
• mark addEntity deprecated

backward compatibility for numerical external entity, fix #705, #817

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

*5.8.0 / 2026-05-12

• integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)
  • This will consider xml-version as well. '1.0' is default
• update strnum to 2.3.0
  • You can set octal and binary parsing which is bydeault off
• update fast-xml-builder to 1.2.0
  • can sanitize tag names if found invalid
  • fix format output

5.7.3 / 2006-05-05

• fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
• fix stop node expression when ns prefix is removed (found by iruizsalinas)
• update XML Builder to 1.1.7
• mark addEntity deprecated

5.7.2 / 2026-04-25

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

• fix typo in CJS typing file

5.7.0 / 2026-04-17

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to user entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

• fix: entity replacement for numeric entities
• use @​nodable/entities to replace entities
  • this may change some error messages related to entities expansion limit or inavlid use
  • post check would be exposed in future version

... (truncated)

Commits

• 4bcee44 for release
• 8a287bf release info
• 50b01dc Use "@​byspec/xml" for testing
• 816b652 update typings to mark validator use deprecated
• 8ad0e65 update fast-xml-builder and strnum
• 58e967e integrate xml-naming
• 42fa3c3 separate XML validator, UPDATE DOCS
• d6d8042 update to release
• d263370 remove dev dependency 'he'
• f9c9a2c update builder to 1.1.7
• Additional commits viewable in compare view

Updates i18next-http-backend from 3.0.6 to 4.0.0

Changelog

Sourced from i18next-http-backend's changelog.

4.0.0

• BREAKING: drop cross-fetch dependency. i18next-http-backend now requires a host-provided fetch. This is available in Node ≥ 18 (stable since Node 21), all modern browsers, Deno, and Bun. For runtimes without native fetch, install a ponyfill yourself and inject it via options.alternateFetch, or stay on v3.x.
• BREAKING: minimum Node version is now 18 (engines.node = ">=18").
• chore: simplified environment detection in lib/request.js — uses globalThis (with global / window fallbacks for legacy embedded runtimes) instead of separate global.* / window.* branches per API. XHR / ActiveXObject are still picked up if the host provides them, but no longer polyfilled.
• chore: declared "sideEffects": false for better tree-shaking by downstream bundlers.
• build: replaced babel + browserify + uglify-js with tsdown (rolldown + oxc). One config produces ESM, CJS, and the IIFE browser bundles. Drops @babel/cli, @babel/core, @babel/preset-env, babel-plugin-add-module-exports, browserify, uglify-js, the fixcjs rewrite hack, and the --ignore cross-fetch browserify flag. Side benefit: minified browser bundle shrinks from ~13 KB to ~6.8 KB (oxc minifier + no babel runtime helpers).
• build: ESM and CJS outputs are now bundled into a single index.js per format (previously one file per lib/*.js module). The package's exports map is unchanged, so this is invisible to consumers using documented entry points.
• lint: replaced eslint-config-standard (+ five plugins) with neostandard and migrated to ESLint 9 flat config (eslint.config.mjs). Removed deprecated tslint and dtslint — test:typescript now runs tsc --noEmit plus tsd.
• chore: tightened .npmignore — published tarball no longer includes the source lib/, the build configs (tsdown.config.ts, eslint.config.mjs, tsconfig.json), or the root index.js re-export shim. Drops from 21.3 KB → ~17 KB packed.
• docs: alternateFetch is now documented in the README options block as the supported escape hatch for fetch ponyfills, test mocking, and request interception. v4 migration note added to "Getting started".

Commits

• a4d4a83 4.0.0
• fdf4f98 feat!: v4 — drop cross-fetch, switch build to tsdown, lint to neostandard
• d8dafd8 docs: clarify that nested-ns with slashes was never officially supported
• e534a62 build
• See full diff in compare view

Updates @opentelemetry/semantic-conventions from 1.40.0 to 1.41.1

Release notes

Sourced from @​opentelemetry/semantic-conventions's releases.

semconv/v1.41.1

1.41.1

🚀 Features

Note: Semantic Conventions v1.41.0 included an issue that prevented publishing a "1.41.0" version of this package.

• feat: update semantic conventions to v1.41.1 #6695 @​trentm
  • Semantic Conventions v1.41.1: changelog v1.41.0 | changelog v1.41.1 | latest docs
  • @opentelemetry/semantic-conventions (stable) changes: 8 added exports
  • @opentelemetry/semantic-conventions/incubating (unstable) changes: 2 exported values changed, 4 newly deprecated exports, 80 added exports

Stable changes in v1.41.1

ATTR_DEPLOYMENT_ENVIRONMENT_NAME              // deployment.environment.name
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_DEVELOPMENT // "development"
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_PRODUCTION  // "production"
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_STAGING     // "staging"
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_TEST        // "test"
ATTR_OTEL_EVENT_NAME                          // otel.event.name
ATTR_TELEMETRY_DISTRO_NAME                    // telemetry.distro.name
ATTR_TELEMETRY_DISTRO_VERSION                 // telemetry.distro.version

Unstable changes in v1.41.1

METRIC_K8S_CONTAINER_CPU_LIMIT_UTILIZATION   // k8s.container.cpu.limit_utilization -> k8s.container.cpu.limit.utilization
METRIC_K8S_CONTAINER_CPU_REQUEST_UTILIZATION // k8s.container.cpu.request_utilization -> k8s.container.cpu.request.utilization

METRIC_K8S_CONTAINER_CPU_LIMIT      // k8s.container.cpu.limit: Replaced by `k8s.container.cpu.limit.desired`.
METRIC_K8S_CONTAINER_CPU_REQUEST    // k8s.container.cpu.request: Replaced by `k8s.container.cpu.request.desired`.
</tr></table> 

... (truncated)

Commits

• 013c600 chore: prepare next release (#6699)
• b7a0c63 feat(semantic-conventions): update semantic conventions to v1.41.1 (#6695)
• 774143b chore(renovate): add minimumReleaseAge to config (#6697)
• e0dafe0 fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...
• f804c93 chore(deps): update github/codeql-action digest to 68bde55 (#6682)
• 95e48e7 refactor(sdk-logs): alias LoggerProviderConfig to LoggerProviderOptions (...
• 907b627 feat(sdk-node): allow startNodeSDK() without an arg (#6688)
• 0d15261 docs: Add SIG meeting info and welcoming language (#6689)
• 0893288 chore(sdk-node): restore skipped test cases (#6685)
• 3b5bfbd feat(configuration): show all config validation errors, if there are multiple...
• Additional commits viewable in compare view

Updates immer from 10.2.0 to 11.1.8

Release notes

Sourced from immer's releases.

v11.1.8

11.1.8 (2026-05-08)

Bug Fixes

• update current and original typings to assert draft value is unwrapped (#1236) (bf2d154)

v11.1.7

11.1.7 (2026-05-06)

Bug Fixes

• improve higher order type inference for WritableDraft (#1205) (7390d6c)

v11.1.6

11.1.6 (2026-05-04)

Bug Fixes

• remove invalid curried producer type (#1216) (b40b04f)

v11.1.5

11.1.5 (2026-05-04)

Bug Fixes

• handle nested proxies after spreading...

  Description has been truncated

[changeset-bot]

⚠️ No Changeset found

Latest commit: 29273b8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[grigasp]

how did it decide to bump though major versions? 🫨

[saskliutas]

how did it decide to bump though major versions? 🫨

It's default behavior #1347

[saskliutas]

Decided to change approach as dependabot does not meet our requirements: #1347

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml