fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@google-cloud/firestore	^7.11.0 → ^7.11.6			dependencies	patch
@google-cloud/pubsub	^3.4.1 → ^3.7.5			dependencies	patch
firebase-tools	^13.29.2 → ^13.35.1			dependencies	minor
node (source)	20 → 20.20.0				minor
node (source)	16 → 16.20.2			engines	minor
node (source)	20 → 20.20.0			engines	minor
node	20.x → 20.20.0			uses-with	minor
npm (source)	^8.19.0 → ^8.19.4			engines	patch
uglify-js	^3.17.4 → ^3.19.3			dependencies	minor

---

Release Notes

googleapis/nodejs-firestore (@​google-cloud/firestore)

v7.11.6

Compare Source

Bug Fixes

• Pool.ts: add even more logging (c508d1b)

v7.11.5

Compare Source

Bug Fixes

• Pool.ts: add more detailed logging for client garbage collection (#​2420) (1bbca46)

v7.11.4

Compare Source

Bug Fixes

• Improve debug logging for the internal client pool. Added client IDs to debug log statements for client management. (99918f1)

v7.11.3

Compare Source

Bug Fixes

• Improve performance of the UTF-8 string comparison logic (#​2380) (bc6a03e)

v7.11.2

Compare Source

Bug Fixes

• Firestore Client caching stub in bad state issue (#​2365) (04ad0a4)

v7.11.1

Compare Source

Bug Fixes

• Aggregate query readtime bug (#​2331) (9ac0394)
• Bump default deadline on CreateDatabase and RestoreDatabase to 2 minutes (#​2274) (d559080)
• Close default BulkWriter upon terminate. (#​2276) (1e714a8)
• Correctly escape field paths with multiple backslashes or backticks (#​2259) (#​2261) (7056ba7)
• Do not send page size with auto-paginate. Fixes warnings in listCollections and listDocuments. (#​2336) (844b4ca)
• Finalize fixing typings for headers in generator (#​2287) (c6c85b6)
• Prevent crashes if an inactive stream receives an error. (#​2283) (f58fe79)
• Remove unused "long" dependency from firestore proto (#​2324) (5937b93)
• Sort document reference by long type id (#​2257) (3fd0de9)
• Sort strings in UTF-8 encoded byte order (#​2275) (a2950e0)
• Use lazy encoding for utf-8 encoded string comparison (#​2299) (e8777e1)

firebase/firebase-tools (firebase-tools)

v13.35.1

Compare Source

• Fix bug where functions:artifacts:setpolicy command's --none option didn't work as expected (#​8330)

v13.35.0

Compare Source

• Added support for generated Angular SDKs for Data Connect
• App Hosting emulator can now load secret env vars. (#​8305)
• Fixed webframeworks deployments when using multiple hosting sites in firebase.json. (#​8314)
• Added a new command to setup a cleanup policy for functions artifacts. (#​8268)
• Added support for 3rd party builders for Angular. (#​7557)
• Fixed GCF V2 artifact cleanup by correctly encoding artifact names to match GCF V2's format. (#​8318)
• Increase emulator UI body parser limit to match Storage emulator maximum. (#​8329)
• Fixed Data Connect setup issues for fresh databases due to IAM user not being created. (#​8335)
• Fixed an issue where ext:install used POSIX file seperators on Windows machines. (#​8326)
• Updated the Firebase Data Connect local toolkit to v1.9.2, which adds support for generated Angular SDKs and updates Dart SDK fields to follow best practices. (#​8347)
• Fixed an issue where credentials from firebase login would not be correctly provided to the Data Connect emulator.
• Fixed misleading comments in firebase init dataconnect connector.yaml template.
• Improved Data Connect SQL permissions to better handle tables owned by IAM roles. (#​8339)
• Fixed an issue where the Data Connect emulator would crash after some SQL errors.

v13.34.0

Compare Source

• Fix webframeworks deployments when using site in firebase.json. (#​8295)
• Add support for brownfield project onboard dataconnect:sql:setup. (#​8150)
• Update the Firebase Data Connect local toolkit to v1.8.5, which includes the following changes: (#​8310)
  • Fix the Int and Int64 scalars to correctly validate the int32 and int64 ranges, respectively.
  • Fix the generated web SDK so that pnpm properly uses the link functionality.

v13.33.0

Compare Source

• Fixed issue where apps:init fails to detect the output directory when it was run in a directory where app was the only module.
• Set LOG_EXECUTION_ID=true by default for Cloud Functions (2nd gen) to improve debugging by displaying execution IDs in logs. (#​8276)
• Fix bug where function deployment no-oped for functions in bad state. (#​8289)
• Updated the Firebase Data Connect local toolkit to v1.8.4 which includes the following changes: (#​8290)
  • React hooks for mutations without args no longer require undefined to be passed when calling mutate.
  • Fixed import resolution when moduleResolution is set to bundler.
  • React code generation will now generate a README explaining how to use generated query and mutation hook functions.
  • Fixed an issue where React developers have to pass in an empty object even when all fields are optional.
  • Fixed an issue where FirebaseError wasn't being passed into UseMutationOptions.

v13.32.0

Compare Source

• Replaced VSCODE_CWD check to address issues running in VSCode environments. (#​7471)
• Added initial delay when loading python functions (#​8239)
• Enforced webframeworks enablement only on webframeworks sites (#​8168)
• Fixed issue where apps:init throws an error upon app creation.
• Reenabled prompts for unused service deletion in deploy --only.
• Update Firebase Data Connect local toolkit to v1.8.3, which includes the following changes: (#​8263)
  • Adds a _metadata.distance field to vector similarity search results
  • Fixes auth and request.auth when the request is unauthenticated
  • Fixes an issue with hanging commas in import statements in the generated Web SDK
  • Fixes an issue where the additional union type { __angular?: true } breaks type inference in the generated Web SDK

v13.31.2

Compare Source

• Fixed an issue where --import path was incorrectly resolved for the Data Connect emulator. (#​8219)
• Updated the Firebase Data Connect local toolkit to v1.8.2 which fixes an issue with a missing FirebaseError import. (#​8232)

v13.31.1

Compare Source

• Fixed issue where firebase init dataconnect would crash on React-based web apps.
• Updated the Firebase Data Connect local toolkit to v.1.8.1, which:
  • Fixed issue where users who are using a version lower than 11.3.0 of firebase get a "missing import" error.

v13.31.0

Compare Source

• Switched Data Connect from v1beta API to v1 API.
• Added code generation of React hooks for Data Connect
• Genkit init improvements around gcloud login and flow input values.
• Added new command apps:init under experimental flag (appsinit) that automatically detects what SDK to download and places the file in the corresponding place.
• Removed dependencies on some packages and methods that caused deprecation warnings on Node 22.
• Fixes symbol generation when uploading Unity 6 symbols to Crashlytics. (#​7867)
• Fixed SSR issues in Angular 19 by adding support for default and reqHandler exports. (#​8145)
• Added Angular 19 as supported version. (#​8145)
• Fixed appdistribution:testers:list raising an error when a tester is not part of any group. (#​8191)
• Updated the Firebase Data Connect local toolkit to v1.8.0, which includes several changes: (#​8210)
  • Adds support for the v1 Data Connect API in the emulator
  • Adds support for generated React SDKs
  • Fixes @check to also be evaluated for admin auth
  • Fixes CEL expressions to be able to access @redact fields

v13.30.0

Compare Source

• Fixed issue where Extensions deployment fails due to *.firebasestorage.app not being recognized as a valid Storage bucket name. (#​8152)
• Fixes issue with custom 404 pages not being returned in Next.js in the emulator (#​8035).
• Annotate onCallGenkit functions to allow for future Firebase Console annotations (#​8135)
• Adds genkit 1.0.0 template (#​8144)

v13.29.3

Compare Source

• Fixed a Data Connect emulator issue where prepared statements would be persisted after terminated connections.
• Added a warning when deploying a Genkit function without a secret as this is likely a bug (#​8138)
• Fixed .env.* files for web frameworks in Windows (#​8086)
• Updated the Firebase Data Connect local toolkit to v1.7.7, which includes fixes in Dart code generation around required argument typing, and changes the emulator to always serve local connector sources and surface errors if they're invalid or schema migration fails. (#​8153)

nodejs/node (node)

v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792
• [14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• [1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313

Commits

• [0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #​59547
• [fba0025b9c] - build: use windows-2025 runner (Michaël Zasso) #​59673
• [3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #​59956
• [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #​59571
• [1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #​60112
• [5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #​59791
• [9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #​59689
• [d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #​59335
• [576242ff39] - deps: V8: cherry-pick a0d0d4f (Ho Cheung) #​60716
• [a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #​60314
• [fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #​59134
• [cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #​59133
• [acec79989e] - deps: V8: cherry-pick 6b1b9bc (zhoumingtao) #​59283
• [e65b930aa7] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [2426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #​59806
• [e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #​59562
• [e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #​59579
• [8a504d900a] - doc: fix missing link to the Error documentation in the http page (Alexander Makarenko) #​59080
• [8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #​59591
• [109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #​59470
• [4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #​59445
• [caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #​58876
• [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #​59113
• [19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [960d05ad7d] - doc: add history entries to --input-type section (Antoine du Hamel) #​58175
• [20616f1750] - http2: do not crash on mismatched ping buffer length (René) #​60135
• [9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #​59261
• [dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #​54347
• [bb108191aa] - meta: call create-release-post.yml post release (Aviv Keller) #​60366
• [2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #​58646
• [144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #​59607
• [b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #​59487
• [2c8a73f95f] - src: remove duplicate assignment of O_EXCL in node_constants.cc (Daniel Osvaldo R) #​59049
• [b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #​59755
• [9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #​59640
• [4f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #​59637
• [3ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #​59563
• [a7a109f926] - test: fix typos (Lee Jiho) #​59330
• [fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #​60419
• [bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #​59414
• [0cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #​58840
• [76001f9480] - tools: remove unused actions from build-tarball.yml (Antoine du Hamel) #​59787
• [69904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #​59785
• [a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #​59434
• [6443ad2da5] - tools: drop deprecated macos-13 runner (Richard Lau) #​60679
• [45ec702ef7] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #​59379
• [9e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #​59446

v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @​marco-ippolito

Compare Source

Notable Changes

• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241

Commits

• [ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #​58270
• [c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #​58171
• [d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #​58867
• [84d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #​58213
• [068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #​58942
• [edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #​57498
• [0473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #​58628
• [1218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #​57768
• [0e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #​56655
• [a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #​57335
• [82c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #​57180
• [43e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #​56855
• [91282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #​58566
• [b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #​58711
• [ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #​57382
• [142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #​58712
• [fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #​58144
• [c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #​57386
• [cded8e7e77] - dns: fix parse memory leaky (theanarkh) #​58973
• [182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #​58404
• [621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #​57449
• [b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #​57426
• [f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [4e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #​58911
• [38e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #​57318
• [d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #​57309
• [d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [8c3bc156ed] - doc: clarify path.isAbsolute is not path traversal mitigation (Eric Fortis) #​57073
• [e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #​56835
• [e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #​57219
• [026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #​57183
• [3c6206cac9] - doc: add @​geeksilva97 to collaborators (Edy Silva) #​57241
• [ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #​57076
• [1db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #​52607
• [b73a1356ce] - doc: add module namespace object links (Dario Piotrowicz) #​57093
• [09368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #​57092
• [2c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #​57090
• [cd8259cb4e] - doc: modules.md: fix distance definition (Alexander “weej” Jones) #​57046
• [7b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #​57091
• [14fcfc242b] - doc: add a note about require('../common') in testing documentation (Aditi) #​56953
• [bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #​57028
• [acd4d7f269] - doc: improve documentation on argument validation (Aditi) #​56954
• [4cd6b3ca73] - doc: buffer: fix typo on Buffer.copyBytesFrom( offset option (tpoisseau) #​57015
• [01220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #​57004
• [77a0505a32] - doc: update post sec release process (Rafael Gonzaga) #​56907
• [77dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #​56539
• [73e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #​55947
• [9a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #​55791
• [04d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #​58982
• [959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #​58291
• [8757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #​58877
• [6fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #​58477
• [9991788e4a] - http: coerce content-length to number (Marco Ippolito) #​57458
• [ff5cf8a428] - http2: fix check for frame->hd.type (hanguanqiang) #​57644
• [2f333b6c51] - lib: optimize prepareStackTrace on builtin frames (Chengzhong Wu) #​56299
• [cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #​56299
• [faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #​57177
• [a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #​58916
• [b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #​58551
• [2c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #​58550
• [4095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #​58108
• [631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #​58456
• [7d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #​58110
• [1558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #​58106
• [e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #​58356
• [1b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #​58111
• [2b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #​58107
• [833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #​57966
• [c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #​57718
• [9046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #​57717
• [46388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #​57715
• [d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #​57714
• [47004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #​57713
• [4abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #​57503
• [45e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #​57537
• [d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #​57483
• [704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #​57443
• [3f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #​57257
• [7e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #​57253
• [8d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) [#​57292](

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.