chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@upstash/redis	^1.35.4 → ^1.36.1
eslint (source)	^9.37.0 → ^9.39.2
eslint-config-unjs	^0.5.0 → ^0.6.2
pnpm (source)	10.18.0 → 10.28.0
prettier (source)	^3.6.2 → ^3.8.0
std-env	^3.9.0 → ^3.10.0

---

Release Notes

upstash/upstash-redis (@​upstash/redis)

v1.36.1

Compare Source

What's Changed

• feat: support chunked messages by @​joschan21 in upstash/redis-js#1404

Full Changelog: upstash/redis-js@v1.36.0...v1.36.1

v1.36.0

Compare Source

What's Changed

• feat: add redis functions support by @​ytkimirti in upstash/redis-js#1401

Full Changelog: upstash/redis-js@v1.35.8...v1.36.0

v1.35.8

Compare Source

What's Changed

• DX-2280: Remove large-group runners by @​CahidArda in upstash/redis-js#1398
• fix: bump next by @​CahidArda in upstash/redis-js#1400
• fix: improve env variable access by @​ytkimirti in upstash/redis-js#1399

Full Changelog: upstash/redis-js@v1.35.7...v1.35.8

v1.35.7

Compare Source

What's Changed

• DX-2204: document telemetry configuration option by @​CahidArda in upstash/redis-js#1393
• DX-2265: add Requester type declaration by @​CahidArda in upstash/redis-js#1397
• Fix: zremrangebyscore should accept string | number for min/max scores by @​mvonschledorn in upstash/redis-js#1396

New Contributors

• @​mvonschledorn made their first contribution in upstash/redis-js#1396

Full Changelog: upstash/redis-js@v1.35.6...v1.35.7

v1.35.6

Compare Source

What's Changed

Improvement:

• DX-2172: catch json parse errors by @​alitariksahin in upstash/redis-js#1392

Full Changelog: upstash/redis-js@v1.35.5...v1.35.6

v1.35.5

Compare Source

What's Changed

• Update function fromEnv() summary to also include Vercels naming convention by @​Ruitjes in upstash/redis-js#1390
• DX-2161: fall back to returning the message string if message is not parsable by @​CahidArda in upstash/redis-js#1391

New Contributors

• @​Ruitjes made their first contribution in upstash/redis-js#1390

Full Changelog: upstash/redis-js@v1.35.4...v1.35.5

eslint/eslint (eslint)

v9.39.2

Compare Source

v9.39.1

Compare Source

v9.39.0

Compare Source

v9.38.0

Compare Source

Features

• ce40f74 feat: update complexity rule to only highlight function header (#​20048) (Atul Nair)
• e37e590 feat: correct no-loss-of-precision false positives with e notation (#​20187) (Francesco Trotta)

Bug Fixes

• 50c3dfd fix: improve type support for isolated dependencies in pnpm (#​20201) (Francesco Trotta)
• a1f06a3 fix: correct SourceCode typings (#​20114) (Pixel998)

Documentation

• 462675a docs: improve web accessibility by hiding non-semantic character (#​20205) (루밀LuMir)
• c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#​20203) (루밀LuMir)
• b39e71a docs: Update README (GitHub Actions Bot)
• cd39983 docs: move custom-formatters type descriptions to nodejs-api (#​20190) (Percy Ma)

Chores

• d17c795 chore: upgrade @​eslint/js@​9.38.0 (#​20221) (Milos Djermanovic)
• 25d0e33 chore: package.json update for @​eslint/js release (Jenkins)
• c82b5ef refactor: Use types from @​eslint/core (#​20168) (Nicholas C. Zakas)
• ff31609 ci: add Node.js 25 to ci.yml (#​20220) (루밀LuMir)
• 004577e ci: bump github/codeql-action from 3 to 4 (#​20211) (dependabot[bot])
• eac71fb test: remove use of nodejsScope option of eslint-scope from tests (#​20206) (Milos Djermanovic)
• 4168a18 chore: fix typo in legacy-eslint.js (#​20202) (Sweta Tanwar)
• 205dbd2 chore: fix typos (#​20200) (ntnyq)
• dbb200e chore: use team member's username when name is not available in data (#​20194) (Milos Djermanovic)
• 8962089 chore: mark deprecated rules as available until v11.0.0 (#​20184) (Pixel998)

unjs/eslint-config (eslint-config-unjs)

v0.6.2

Compare Source

compare changes

🩹 Fixes

• Disable array immutation rules for now (3cde73a)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.6.1

Compare Source

compare changes

💅 Refactors

• Migrate to @eslint/markdown (2f92a53)
• Update default rules (84cdbad)

📦 Build

• Migrate to obuild (8f36bf1)

🏡 Chore

• Update deps (4347a4f)
• Update globals to v17 (4f168b4)
• Update unicorn to 62 (e737dd7)
• release: V0.6.0 (b683294)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.6.0

Compare Source

compare changes

💅 Refactors

• Migrate to @eslint/markdown (2f92a53)

📦 Build

• Migrate to obuild (8f36bf1)

🏡 Chore

• Update deps (4347a4f)
• Update globals to v17 (4f168b4)
• Update unicorn to 62 (e737dd7)

❤️ Contributors

• Pooya Parsa (@​pi0)

pnpm/pnpm (pnpm)

v10.28.0

Compare Source

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

• Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

• Fix installation of Git dependencies using annotated tags #​10335.

  Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

• Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

• Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

• Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
• Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.

Platinum Sponsors

Gold Sponsors

v10.26.0

Compare Source

v10.25.0

Compare Source

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

v10.20.0

Compare Source

Minor Changes

• Support --all option in pnpm --help to list all commands #​8628.

Patch Changes

• When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #​10100.
• create command should not verify patch info.
• Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #​10063.

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  onlyBuiltDependencies:
    - [email protected] || 21.6.5
    - [email protected]

  Related PR: #​10104.

• Added support for exact versions in minimumReleaseAgeExclude #​9985.

  You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - [email protected]
    - [email protected] || 5.102.1

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

prettier/prettier (prettier)

v3.8.0

Compare Source

diff

🔗 Release note

v3.7.4

Compare Source

diff

LWC: Avoid quote around interpolations (#​18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>

<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>

<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#​18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;

// Prettier 3.7.3
type Foo = /** comment */ (/** comment */ a | b) | c;

// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#​18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);

// Prettier 3.7.3 (first format)
type X = (A | B) &
  (// comment
  A | B);

// Prettier 3.7.3 (second format)
type X = (
  | A
  | B // comment
) &
  (A | B);

// Prettier 3.7.4
type X = (A | B) &
  // comment
  (A | B);

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

unjs/std-env (std-env)

v3.10.0

Compare Source

compare changes

🚀 Enhancements

• Detect DENO_DEPLOY for deno deploy EA (#​167)
• Detect google cloud run / job (#​161)

💅 Refactors

• Stricter type checks (995d525)
• Improve jsdocs (#​166)

📦 Build

• Add type: "module" to package.json (cb104d3)

🏡 Chore

• Update dependencies (0a81775)
• Lint (bd107d6)
• Remove jiti dependency (f99e26a)

❤️ Contributors

• Álvaro [email protected]
• Pooya Parsa (@​pi0)

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
ungh	Error		Jan 15, 2026 3:13am