fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@arethetypeswrong/cli (source)	0.16.2 → 0.18.2			devDependencies	minor
@semantic-release/commit-analyzer	13.0.0 → 13.0.1			devDependencies	patch
@semantic-release/github	10.3.3 → 10.3.5			devDependencies	patch
@semantic-release/npm	12.0.1 → 12.0.2			devDependencies	patch
@semantic-release/release-notes-generator	14.0.1 → 14.1.0			devDependencies	minor
commitizen	4.3.0 → 4.3.1			devDependencies	patch
concurrently	9.0.0 → 9.2.1			devDependencies	minor
husky	9.1.5 → 9.1.7			devDependencies	patch
node (source)	20.17.0 → 20.20.0			volta	minor
semantic-release	24.1.1 → 24.2.9			devDependencies	minor
tslib (source)	2.7.0 → 2.8.1			dependencies	minor
tsup (source)	8.2.4 → 8.5.1			devDependencies	minor
typescript (source)	5.6.2 → 5.9.3			devDependencies	minor

---

Release Notes

arethetypeswrong/arethetypeswrong.github.io (@​arethetypeswrong/cli)

v0.18.2

Patch Changes

• Updated dependencies [58dca0c]
  • @​arethetypeswrong/core@​0.18.2

v0.18.1

Compare Source

Patch Changes

• Updated dependencies [a4dc8a6]
  • @​arethetypeswrong/core@​0.18.1

v0.18.0

Compare Source

Minor Changes

• 5dd9c0b: Requiring Node.js 20 for using latest lru-cache.

Patch Changes

• Updated dependencies [5dd9c0b]
  • @​arethetypeswrong/core@​0.18.0

v0.17.4

Compare Source

Patch Changes

• Updated dependencies [f118862]
  • @​arethetypeswrong/core@​0.17.4

v0.17.3

Compare Source

Patch Changes

• Updated dependencies [e3c775e]
  • @​arethetypeswrong/core@​0.17.3

v0.17.2

Compare Source

Patch Changes

• Updated dependencies [59940cd]
  • @​arethetypeswrong/core@​0.17.2

v0.17.1

Compare Source

Patch Changes

• 1bfc877: Fix typo in MissingExportEquals message
• db6464d: Fix minor typos
• 55544ac: Fix truncated stdout when piping more than 64kb to another process
• Updated dependencies [5f96cdc]
• Updated dependencies [def786e]
• Updated dependencies [1bfc877]
• Updated dependencies [db6464d]
  • @​arethetypeswrong/core@​0.17.1

v0.17.0

Compare Source

Patch Changes

• Updated dependencies [e7ac94c]
  • @​arethetypeswrong/core@​0.17.0

v0.16.4

Compare Source

Patch Changes

• Updated dependencies [3ca2866]
  • @​arethetypeswrong/core@​0.16.4

v0.16.3

Compare Source

Patch Changes

• 66ada51: Fix warning message json-format suggestion to use proper syntax

semantic-release/commit-analyzer (@​semantic-release/commit-analyzer)

v13.0.1

Compare Source

Bug Fixes

• deps: update dependency import-from-esm to v2 (#​741) (f106b76)

semantic-release/github (@​semantic-release/github)

v10.3.5

Compare Source

Bug Fixes

• replace searchAPI usage with GraphQL in findSRIssue util (#​907) (7fb46a3)

v10.3.4

Compare Source

Bug Fixes

• glob-assets: remove unnecessary option when invoking globby() (#​924) (efe9f49)

semantic-release/npm (@​semantic-release/npm)

v12.0.2

Compare Source

Bug Fixes

• deps: update npm to ^10.9.3 (#​972) (93e0937)

semantic-release/release-notes-generator (@​semantic-release/release-notes-generator)

v14.1.0

Compare Source

Features

• preset: support ignoreCommits option (#​836) (485bc0a)

v14.0.3

Compare Source

Bug Fixes

• deps: update dependency import-from-esm to v2 (#​756) (832620e)

v14.0.2

Compare Source

Bug Fixes

• AWS CodeCommit compatibility (#​748) (687e2e2)

commitizen/cz-cli (commitizen)

v4.3.1

Compare Source

4.3.1 (2024-09-27)

Bug Fixes

• Close process after retry commit. Closes #​974 (#​1001) (3ce8dd5)

open-cli-tools/concurrently (concurrently)

v9.2.1

Compare Source

What's Changed

• chore: update eslint-plugin-simple-import-sort from v10 to v12 by @​noritaka1166 in #​551
• chore: update eslint-config-prettier from v9 to v10 by @​noritaka1166 in #​552
• Remove lodash by @​gustavohenke in #​555
• chore: update coveralls-next from v4 to v5 by @​noritaka1166 in #​557
• Replace jest with vitest by @​gustavohenke in #​554
• Upgrade to pnpm v10 by @​paescuj in #​558
• chore: remove unused eslint-plugin-jest by @​noritaka1166 in #​559
• Minor dependency updates by @​paescuj in #​560
• Migrate to ESLint v9 by @​paescuj in #​561
• Update shell-quote to 1.8.3 by @​paescuj in #​562
• Full coverage by @​paescuj in #​563
• Update GH actions/workflows, enable NPM provenance by @​paescuj in #​564

Full Changelog: open-cli-tools/concurrently@v9.2.0...v9.2.1

v9.2.0

Compare Source

What's Changed

• Bump esbuild from 0.23.1 to 0.25.0 in the npm_and_yarn group by @​dependabot in #​528
• fix: don't throw when there are no commands by @​gustavohenke in #​532
• docs: nicer quotes by @​IsaacLeeWebDev in #​537
• Add --kill-timeout by @​gustavohenke in #​540
• docs: fix typo by @​ldeveber in #​542
• fix: correct typos in comments and documentation by @​noritaka1166 in #​544
• refactor: use startsWith & simplify boolean expression by @​noritaka1166 in #​543
• refactor: use optional chaining by @​noritaka1166 in #​545
• Handle SIGPIPEs by @​gustavohenke in #​547
• refactor: fix map and reduce as return values are not used by @​noritaka1166 in #​546
• docs: fix typos in docs by @​noritaka1166 in #​548
• chore: update jest from v29 to v30 by @​noritaka1166 in #​549
• chore: update @​types/jest from v29 to v30 by @​noritaka1166 in #​550

New Contributors

• @​IsaacLeeWebDev made their first contribution in #​537
• @​ldeveber made their first contribution in #​542
• @​noritaka1166 made their first contribution in #​544

Full Changelog: open-cli-tools/concurrently@v9.1.2...v9.2.0

v9.1.2

Compare Source

What's Changed

• Add ability to have custom logger by @​mwood23 in #​522

New Contributors

• @​mwood23 made their first contribution in #​522

Full Changelog: open-cli-tools/concurrently@v9.1.1...v9.1.2

v9.1.1

Compare Source

What's Changed

• fix: support Deno's JSON with comments configuration by @​mahtaran in #​523

Full Changelog: open-cli-tools/concurrently@v9.1.0...v9.1.1

v9.1.0

Compare Source

What's Changed

• Remove signal event listeners on finish by @​gustavohenke in #​512
• Add support for Deno shortcuts and wildcards by @​mahtaran in #​508
• bin: show help when no args are passed by @​gustavohenke in #​513

New Contributors

• @​mahtaran made their first contribution in #​508

Full Changelog: open-cli-tools/concurrently@v9.0.1...v9.1.0

v9.0.1

Compare Source

What's Changed

• Don't set up more than 1 abort signal listener by @​gustavohenke in #​503

Full Changelog: open-cli-tools/concurrently@v9.0.0...v9.0.1

typicode/husky (husky)

v9.1.7

Compare Source

What's Changed

• fix: add husky label to deprecated warning by @​smackfu in #​1538

New Contributors

• @​smackfu made their first contribution in #​1538

Full Changelog: typicode/husky@v9.1.6...v9.1.7

v9.1.6

Compare Source

What's Changed

• Fix issue where example pre-commit file is generated incorrectly by @​dexmlee in #​1519

New Contributors

• @​OlegKipchatov made their first contribution in #​1495
• @​Byron2016 made their first contribution in #​1499
• @​dexmlee made their first contribution in #​1519

Full Changelog: typicode/husky@v9.1.5...v9.1.6

nodejs/node (node)

v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792
• [14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• [1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313

Commits

• [0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [fba0025b9c] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #​59956
• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #​59791
• [9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #​59689
• [d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #​59335
• [576242ff39] - deps: V8: cherry-pick a0d0d4f (Ho Cheung) #​60716
• [a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #​60314
• [fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #​59133
• [acec79989e] - deps: V8: cherry-pick 6b1b9bc (zhoumingtao) #​59283
• [e65b930aa7] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #​59806
• [e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #​59562
• [e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #​59579
• [8a504d900a] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #​59080
• [8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #​59591
• [109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #​59470
• [4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #​59445
• [caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #​58876
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [960d05ad7d] - doc: add history entries to --input-type section (Antoine du Hamel) #​58175
• [20616f1750] - http2: do not crash on mismatched ping buffer length (René) #​60135
• [9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #​59261
• [dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #​54347
• [bb108191aa] - meta: call create-release-post.yml post release (Aviv Keller) #​60366
• [2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #​58646
• [144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #​59487
• [2c8a73f95f] - src: remove duplicate assignment of O_EXCL in node_constants.cc (Daniel Osvaldo R) #​59049
• [b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #​59755
• [9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #​59640
• [4f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #​59637
• [3ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #​59563
• [a7a109f926] - test: fix typos (Lee Jiho) #​59330
• [fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #​60419
• [bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #​59414
• [0cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #​58840
• [76001f9480] - tools: remove unused actions from build-tarball.yml (Antoine du Hamel) #​59787
• [69904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #​59785
• [a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #​59434
• [6443ad2da5] - tools: drop deprecated macos-13 runner (Richard Lau) #​60679
• [45ec702ef7] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #​59379
• [9e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #​59446

v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241

Commits

• [ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #​58270
• [c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #​58171
• [d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #​58867
• [84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #​58213
• [068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #​58942
• [edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #​57498
• [0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #​58628
• [1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #​57768
• [0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #​56655
• [a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #​57180
• [43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #​56855
• [91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #​58566
• [b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #​58711
• [ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #​57382
• [142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #​58712
• [fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #​58144
• [c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #​57386
• [cded8e7e77] - dns: fix parse memory leaky (theanarkh) #​58973
• [182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #​58404
• [621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #​57449
• [b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #​57426
• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #​58911
• [38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #​57318
• [d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #​57309
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [8c3bc156ed] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #​57073
• [e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #​56835
• [e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #​57219
• [026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #​57183
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241
• [ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #​57076
• [1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #​52607
• [b73a1356ce] - doc: add module namespace object links (Dario Piotrowicz) #​57093
• [09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #​57092
• [2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #​57090
• [cd8259cb4e] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #​57046
• [7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #​57091
• [14fcfc242b] - doc: add a note about require('../common') in testing documentation (Aditi) #​56953
• [bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #​57028
• [acd4d7f269] - doc: improve documentation on argument validation (Aditi) #​56954
• [4cd6b3ca73] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #​57015
• [01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #​57004
• [77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #​56907
• [77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #​56539
• [73e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #​55947
• [9a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #​55791
• [04d9c5baeb] - doc: add scroll margin to

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.