fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@1stg/app-config (source)	^10.0.1 -> ^14.0.0			devDependencies	major
@commitlint/cli (source)	^18.6.1 -> ^20.0.0			devDependencies	major
@types/webpack (source)	^4.41.38 -> ^5.0.0			devDependencies	major
actions/checkout	v4 -> v5			action	major
actions/setup-node	v4 -> v5			action	major
babel-loader	^8.3.0 -> ^10.0.0			devDependencies	major
cross-env	^7.0.3 -> ^10.0.0			dependencies	major
css-loader	^5.2.7 -> ^7.0.0			devDependencies	major
eslint (source)	^8.56.0 -> ^9.0.0			devDependencies	major
eslint-import-resolver-typescript	^3.6.1 -> ^4.0.0			devDependencies	major
github/codeql-action	v3 -> v4			action	major
history	^4.10.1 -> ^5.0.0			dependencies	major
koa-cash	^4.1.1 -> ^5.0.0			dependencies	major
koa-logger	^3.2.1 -> ^4.0.0			dependencies	major
lint-staged	^15.2.2 -> ^16.0.0			devDependencies	major
lru-cache	^10.1.0 -> ^11.0.0			dependencies	major
mini-css-extract-plugin	^1.6.2 -> ^2.0.0			devDependencies	major
node (source)	16.20.2 -> 22.20.0				major
npm-run-all2	^6.1.2 -> ^8.0.0			devDependencies	major
postcss-loader	^4.3.0 -> ^8.0.0			devDependencies	major
react (source)	^18.2.0 -> ^19.0.0			dependencies	major
react-dom (source)	^18.2.0 -> ^19.0.0			dependencies	major
react-router (source)	^5.3.4 -> ^7.0.0			dependencies	major
react-router-dom (source)	^5.3.4 -> ^7.0.0			dependencies	major
rimraf	^5.0.5 -> ^6.0.0			devDependencies	major
sass-loader	^10.5.2 -> ^16.0.0			devDependencies	major
serialize-javascript	^6.0.2 -> ^7.0.0			dependencies	major
webpack	^4.47.0 -> ^5.0.0			devDependencies	major
webpack-cli (source)	^4.10.0 -> ^6.0.0			devDependencies	major
webpack-merge	^5.10.0 -> ^6.0.0			devDependencies	major
yarn (source)	3.8.5 -> 4.10.3			packageManager	major

---

Release Notes

1stG/configs (@​1stg/app-config)

v14.3.0

Compare Source

Minor Changes

• #​388 5343736 Thanks @​JounQin! - fix: clarify correct engines field due to 1stg/prettier-config

Patch Changes

• Updated dependencies [5343736]:
  • @​1stg/common-config@​14.3.0

v14.2.0

Compare Source

Minor Changes

• #​385 a7ee3ee Thanks @​JounQin! - chore(deps): bump related config packages

Patch Changes

• Updated dependencies [a7ee3ee]:
  • @​1stg/common-config@​14.2.0

v14.1.0

Compare Source

Minor Changes

• #​377 ed8b7e5 Thanks @​JounQin! - feat: enable eslint-plugin-node-dependencies conditionally

Patch Changes

• Updated dependencies [ed8b7e5, ed8b7e5, ed8b7e5]:
  • @​1stg/postcss-config@​6.1.0
  • @​1stg/stylelint-config@​6.1.0
  • @​1stg/common-config@​14.1.0

v14.0.0

Compare Source

Major Changes

• #​371 3cbd4b7 Thanks @​JounQin! - feat!: migrate eslint-plugin-unicorn to eslint-plugin-unicorn-x

• #​372 f6e2755 Thanks @​JounQin! - feat!: use n.convertPath setting for hashbang rule

Patch Changes

• Updated dependencies [3cbd4b7, f6e2755]:
  • @​1stg/common-config@​14.0.0

v13.1.0

Compare Source

Minor Changes

• #​367 94685f7 Thanks @​JounQin! - chore(eslint): bump eslint-plugin-unicorn to v59.0.1

Patch Changes

• Updated dependencies [94685f7]:
  • @​1stg/common-config@​13.1.0

v13.0.1

Compare Source

Patch Changes

• Updated dependencies [db3b78b]:
  • @​1stg/common-config@​11.0.0

v13.0.0

Compare Source

Major Changes

• #​229 6561a5e Thanks @​JounQin! - chore: bump all upgradable (dev)Dependencies

Patch Changes

• Updated dependencies [6561a5e]:
  • @​1stg/common-config@​10.0.0

v12.0.1

Compare Source

Patch Changes

• #​220 9268bd0 Thanks @​JounQin! - fix(tsconfig): incompatible module option for Node16 and NodeNext

• #​220 9268bd0 Thanks @​JounQin! - fix(eslint): incorrect project setting for ts in md/mdx

• Updated dependencies [9268bd0, 9268bd0]:

  • @​1stg/common-config@​9.0.1

v12.0.0

Compare Source

Major Changes

• #​329 c08b298 Thanks @​JounQin! - chore: bump prettier-plugin-pkg with different orders for types related entries

Patch Changes

• Updated dependencies [c08b298, c08b298]:
  • @​1stg/common-config@​12.0.0
  • @​1stg/stylelint-config@​6.0.4

v11.1.2

Compare Source

Patch Changes

• #​325 cf9c358 Thanks @​JounQin! - fix(eslint-config): enable curly correctly due to config-prettier

• Updated dependencies [cf9c358]:

  • @​1stg/browserslist-config@​2.1.2
  • @​1stg/common-config@​11.1.2
  • @​1stg/postcss-config@​6.0.4

v11.1.1

Compare Source

Patch Changes

• #​322 8fc446d Thanks @​JounQin! - chore(prettier-config): bump sh plugin

• Updated dependencies [8fc446d]:

  • @​1stg/common-config@​11.1.1

v11.1.0

Compare Source

Minor Changes

• #​191 59681fb Thanks @​JounQin! - chore: bump eslint-plugin-jsdoc

Patch Changes

• Updated dependencies [59681fb]:
  • @​1stg/common-config@​8.1.0

v11.0.3

Compare Source

Patch Changes

• #​309 5dbb419 Thanks @​JounQin! - chore(eslint-config): enable destructuring: all for prefer-const

  chore: bump all deps

• Updated dependencies [5dbb419]:

  • @​1stg/browserslist-config@​2.1.1
  • @​1stg/common-config@​11.0.5
  • @​1stg/postcss-config@​6.0.2
  • @​1stg/stylelint-config@​6.0.2

v11.0.2

Compare Source

Patch Changes

• 3227ee5 Thanks @​JounQin! - chore(eslint-config): drop outdated eslint-formatter-friendly

• Updated dependencies [3227ee5]:

  • @​1stg/common-config@​11.0.4

v11.0.1

Compare Source

Patch Changes

• 55d6ede Thanks @​JounQin! - chore: bump pkgr packages

v11.0.0

Compare Source

Major Changes

• #​284 db3b78b Thanks @​JounQin! - chore: bump all (dev) deps

Patch Changes

• Updated dependencies [db3b78b]:
  • @​1stg/browserslist-config@​2.0.1
  • @​1stg/common-config@​11.0.0
  • @​1stg/stylelint-config@​6.0.1

conventional-changelog/commitlint (@​commitlint/cli)

v20.1.0

Compare Source

Note: Version bump only for package @​commitlint/cli

v20.0.0

Compare Source

Note: Version bump only for package @​commitlint/cli

19.8.1 (2025-05-08)

Bug Fixes

• update dependency tinyexec to v1 (#​4332) (e49449f)

v19.8.1

Compare Source

Bug Fixes

• update dependency tinyexec to v1 (#​4332) (e49449f)

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/cli

19.6.1 (2024-12-15)

Note: Version bump only for package @​commitlint/cli

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.6.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.6.0

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.5.0

Compare Source

Features

• cli: use special errorCode for missing rules/config #​4142 (#​4143) (d7070d8)

19.4.1 (2024-08-28)

Note: Version bump only for package @​commitlint/cli

v19.4.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.4.0

Compare Source

Features

• support command line options from a file (#​4109) (a20e890)
• support linting from the last tag (#​4110) (4b204ec)

v19.3.0

Compare Source

Note: Version bump only for package @​commitlint/cli

19.2.2 (2024-04-14)

Note: Version bump only for package @​commitlint/cli

19.2.1 (2024-03-19)

Note: Version bump only for package @​commitlint/cli

v19.2.2

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.2.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.2.0

Compare Source

Features

• cli: introduce new --last flag, to stop recommending HEAD~1 (#​3916) (99f4f3f)

v19.1.0

Compare Source

Note: Version bump only for package @​commitlint/cli

19.0.3 (2024-02-28)

Note: Version bump only for package @​commitlint/cli

19.0.2 (2024-02-28)

Note: Version bump only for package @​commitlint/cli

19.0.1 (2024-02-27)

Bug Fixes

• drop resolve-from, resolve-global and import-fresh, resolve global packages correctly (#​3939) (8793c63), closes #​3938

v19.0.3

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.0.2

Compare Source

Note: Version bump only for package @​commitlint/cli

v19.0.1

Compare Source

Bug Fixes

• drop resolve-from, resolve-global and import-fresh, resolve global packages correctly (#​3939) (8793c63), closes #​3938

v19.0.0

Compare Source

• feat!: migrate to pure ESM (#​3850) (3423735), closes #​3850

Reverts

• Revert "chore!: minimum node version v20" (2816783)

BREAKING CHANGES

• migrate to pure ESM

• feat: migrate to pure ESM

• chore: update snapshot

• fix: load parserPreset with another await

• test: migrate to vitest

• test: remove no replacement --runInBand test-ci script

• chore: fix code reviews

• refactor(load): rewrite resolve logic

• fix(config-nx-scopes): fix syntax error

• feat(resolve-extends): add resolveFrom and loadParserPreset

• feat(load): use resolveFrom and loadParserPreset from resolve-extends

• test: include only @​commitlint/* packages src in coverage

• test: explicit import vitest utilities

• test: remove @​jest/globals from dependencies

• fix(resolve-extends): resolveFrom output should be platform aware

• test: restore NO_COLOR to test script

• chore: fix linting issues

• fix: should use fileURLToPath instead of pathname for Windows compatibility

• Apply suggestions from code review

• fix: should reuse cli instead call yargs()

• feat(cli): set terminalWidth as wrap to avoid work break on help

• Update .eslintrc.cjs

• feat: migrate @​commitlint/config-conventional to pure ESM

18.6.1 (2024-02-13)

Note: Version bump only for package @​commitlint/cli

actions/checkout (actions/checkout)

v5

Compare Source

actions/setup-node (actions/setup-node)

v5

Compare Source

babel/babel-loader (babel-loader)

v10.0.0

Compare Source

What's Changed

Breaking Changes

• bump node requirement to ^18.20.0 || ^20.10.0 || >=22.0.0 and webpack requirement to >= 5.61.0 by @​JLHwung in #​1026
• breaking: use output.hashFunction as loader cache hasher by @​JLHwung in #​1027

New Features

• Add babel-loader logger by @​JLHwung in #​1034
• Support cache with external dependencies by @​JLHwung in #​1033

Bug Fixes

• [Bugfix] Ensure stability of filename cache-keys by @​stefanpenner in #​909

Docs

• docs: clarify that cacheIdentifier is computed from the merged options by @​JLHwung in #​1000
• Create SECURITY.md by @​JLHwung in #​1032
• Add babel-loader v10 readme by @​JLHwung in #​1046
• add readme section for loggingDebug support by @​JLHwung in #​1038
• Update readme and repo templates by @​JLHwung in #​1041

Dependencies

• migrate to c8 by @​JLHwung in #​996
• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in #​998
• Bump dev dependencies by @​JLHwung in #​1001
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in #​1020
• Update deps by @​JLHwung in #​1025
• refactor: replace find-cache-dir by find-up by @​JLHwung in #​1031
• Bump webpack from 5.93.0 to 5.94.0 by @​dependabot in #​1035
• chore: update dev deps by @​JLHwung in #​1036
• Bump cross-spawn from 7.0.3 to 7.0.6 by @​dependabot in #​1049

Internal

• Remove caller option check by @​JLHwung in #​1007
• Update tests by @​JLHwung in #​1003
• Update metadata test by @​JLHwung in #​1024
• Migrate to node test runner by @​JLHwung in #​1028
• chore: use default eslint rules by @​JLHwung in #​1029
• refactor: use webpack builtin schema util by @​JLHwung in #​1030

New Contributors

• @​stefanpenner made their first contribution in #​909

Full Changelog: babel/babel-loader@v9.1.3...v10.0.0

v9.2.1

Compare Source

What's Changed

• Avoid error on missing getLogger by @​nicolo-ribaudo in #​1045

Full Changelog: babel/babel-loader@v9.2.0...v9.2.1

v9.2.0

Compare Source

What's Changed

• Remove caller option check by @​JLHwung in #​1007
• Update deps by @​JLHwung in #​1025
• docs: clarify that cacheIdentifier is computed from the merged options by @​JLHwung in #​1000
• Add babel-loader logger by @​JLHwung in #​1037

Full Changelog: babel/babel-loader@v9.1.3...v9.2.0

v9.1.3

Compare Source

Security dependency updates

• Bump http-cache-semantics from 4.1.0 to 4.1.1 by @​dependabot in #​982
• Bump semver from 7.3.2 to 7.5.2 by @​dependabot in #​993
• bump find-cache-dir to v4 by @​JLHwung in #​995

New Contributors

• @​piwysocki made their first contribution in #​981
• @​comoser made their first contribution in #​897

Full Changelog: babel/babel-loader@v9.1.2...v9.1.3

v9.1.2

Compare Source

9.1.1 was a broken release, it didn't include all the commits.

Dependencies updates

• Bump qs from 6.5.2 to 6.5.3 by @​dependabot in #​977
• Bump json5 from 2.2.1 to 2.2.3 by @​dependabot in #​980

Misc

• GitHub Workflows security hardening by @​sashashura in #​976

New Contributors

• @​sashashura made their first contribution in #​976

Full Changelog: babel/babel-loader@v9.1.0...v9.1.2

v9.1.1

Compare Source

v9.1.0

Compare Source

New features

• Pass external dependencies from Babel to Webpack by @​nicolo-ribaudo in #​971

Full Changelog: babel/babel-loader@v9.0.1...v9.1.0

v9.0.1

Compare Source

Bug Fixes

• remove "node:" builtin prefix by @​JLHwung in #​970

Full Changelog: babel/babel-loader@v9.0.0...v9.0.1

v9.0.0

Compare Source

What's Changed

• update hash method mechanism so it doesn't fail on a fips enabled machine by @​darmbrust in #​939
• Require babel ^7.12.0 and Node.js >= 14.15.0 versions by @​JLHwung in #​956
• Remove dependency on loader-utils and drop webpack 4 support by @​nied in #​942

New Contributors

• @​darmbrust made their first contribution in #​939
• @​nied made their first contribution in #​942

Full Changelog: babel/babel-loader@v8.2.5...v9.0.0

v8.4.1

Compare Source

What's Changed

• Avoid error on missing getLogger by @​nicolo-ribaudo in #​1044

Full Changelog: babel/babel-loader@v8.4.0...v8.4.1

v8.4.0

Compare Source

What's Changed

• Fix loader-utils vulnerability by @​LuckyLuky in #​979
• Add babel-loader logger by @​JLHwung in #​1039

New Contributors

• @​LuckyLuky made their first contribution in #​979

Full Changelog: babel/babel-loader@v8.3.0...v8.4.0

kentcdodds/cross-env (cross-env)

v10.1.0

Compare Source

Features

• add support for default value syntax (152ae6a)

For example:

"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",

If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

v10.0.0

Compare Source

TL;DR: You should probably not have to change anything if:

• You're using a modern maintained version of Node.js (v20+ is tested)
• You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #​261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

• Replace Jest with Vitest for testing
• Convert all source files from .js to .ts with proper TypeScript types
• Use zshy for ESM-only builds (removes CJS support)
• Adopt @​epic-web/config for TypeScript, ESLint, and Prettier
• Update to Node.js >=20 requirement
• Remove kcd-scripts dependency
• Add comprehensive e2e tests with GitHub Actions matrix testing
• Update GitHub workflow with caching and cross-platform testing
• Modernize documentation and remove outdated sections
• Update all dependencies to latest versions
• Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: ce43b84

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
react-hackernews	Error			Oct 11, 2025 9:56am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	node-releases@​2.0.14 ⏵ 2.0.23	+1
	side-channel@​1.0.4
	has-proto@​1.0.1
	@​1stg/​common-config@​10.0.0 ⏵ 14.3.0	+1		+3
	array-buffer-byte-length@​1.0.0
	gopd@​1.0.1
	globalthis@​1.0.3
	safer-buffer@​2.1.2
	functions-have-names@​1.2.3
	aggregate-error@​3.1.0
	available-typed-arrays@​1.0.5
	is-negative-zero@​2.0.2
	object-keys@​1.1.1
	safe-regex-test@​1.0.0
	get-symbol-description@​1.0.0
	unbox-primitive@​1.0.2
	is-date-object@​1.0.5
	is-shared-array-buffer@​1.0.2
	is-bigint@​1.0.4
	typed-array-length@​1.0.4
	is-weakref@​1.0.2
	which-boxed-primitive@​1.0.2
	is-string@​1.0.7
	is-symbol@​1.0.4
	is-number-object@​1.0.7
	object.assign@​4.1.4
	is-boolean-object@​1.1.2
	for-each@​0.3.3
	@​vue/​babel-helper-vue-transform-on@​1.1.5 ⏵ 1.5.0				+7
	is-arrayish@​0.2.1
	@​babel/​plugin-transform-react-jsx-development@​7.22.5 ⏵ 7.27.1			-2
	@​babel/​plugin-transform-regexp-modifiers@​7.27.1
	@​babel/​plugin-transform-dotall-regex@​7.23.3 ⏵ 7.27.1
	@​babel/​plugin-transform-unicode-regex@​7.23.3 ⏵ 7.27.1
See 478 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		safer-buffer@2.1.2 has Obfuscated code. Confidence: 0.94 Location: Package overview From: yarn.lock → npm/safer-buffer@2.1.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report