Skip to content

Bump the npm-dependencies group with 2 updates#137

Merged
lunarcloud merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-7887e01aed
May 1, 2026
Merged

Bump the npm-dependencies group with 2 updates#137
lunarcloud merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-7887e01aed

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026

Bumps the npm-dependencies group with 2 updates: npm-check-updates and stylelint.

Updates npm-check-updates from 21.0.1 to 22.0.1

Release notes

Sourced from npm-check-updates's releases.

v22.0.1

What's Changed

Full Changelog: raineorshine/npm-check-updates@v22.0.0...v22.0.1

v22.0.0

Breaking Changes

--cooldown now falls back to the greatest non-prerelease version rather than skipping the upgrade entirely when the latest version falls within the cooldown window.

  • This only affects --cooldown (or inferred cooldown from min-release-age/minimumReleaseAge/npmMinimalAgeGate).
  • This only affects --target latest (which is the default).

⚠️ WARNING

In rare circumstances, it is now possible for ncu --cooldown 10 to install a version that was never published to latest. This is because the npm registry does not store a history of versions published to the latest dist-tag. It is impossible to fall back to an earlier latest version, because there is no record of it. However, we do have a list of all published versions, and it's likely that a boring version like 1.0.1 was published to latest at some point. Versions like 1.0.1-pre.0, 1.0.1-beta, 1.0.1-build.58157394, etc will be ignored, as you would expect.

While npm-check-updates typically takes a conservative approach to version upgrades, following semver exactly and only upgrading to the latest version, falling back to the highest version outside the cooldown window is clearly the more intuitive behavior, and this outweighs the few cases where the results would be undesirable. The discussion in #1556 and the large amount of confusion since the initial release of --cooldown attest to this.

How to opt out of the new behavior

You can opt out of the new behavior by using --target "@latest". This forces a strict upgrade (or downgrade) to the latest tag only, without any fallback behavior.

For granular control, use a custom ncurc function to set the target or disable cooldown for a single package.

What's Changed

New Contributors

Full Changelog: raineorshine/npm-check-updates@v21.0.3...v22.0.0

v21.0.3

What's Changed

Full Changelog: raineorshine/npm-check-updates@v21.0.2...v21.0.3

v21.0.2

... (truncated)

Commits
  • 28b5fcb 22.0.1
  • 127c552 fix: suppress cooldown config log messages when JSON output is active (#1692)
  • 7c62657 CHANGELOG
  • c94174d 22.0.0
  • 36e1fd2 feat(cooldown): fall back to greatest passing version when latest is within c...
  • 3641100 build: stub cosmiconfig's typescript dependency to reduce bundle size by 8MB ...
  • b44ec68 Update dependencies (#1685)
  • 2ceac56 Bump @​typescript-eslint/eslint-plugin from 8.58.2 to 8.59.0 (#1682)
  • 9025296 Bump @​typescript-eslint/parser from 8.58.2 to 8.59.0 (#1681)
  • 6803c3e Bump vite from 8.0.8 to 8.0.9 (#1680)
  • Additional commits viewable in compare view

Updates stylelint from 17.8.0 to 17.9.1

Release notes

Sourced from stylelint's releases.

17.9.1

It fixes 4 bugs. We also documented the messageArgs each rule provides to the message configuration property.

17.9.0

It adds 3 new features. Adding the referenceFiles property to your configuration object makes the no-unknown-animations, no-unknown-custom-media and no-unknown-custom-properties rules more useful.

Changelog

Sourced from stylelint's changelog.

17.9.1 - 2026-04-27

It fixes 4 bugs. We also documented the messageArgs each rule provides to the message configuration property.

17.9.0 - 2026-04-23

It adds 3 new features. Adding the referenceFiles property to your configuration object makes the no-unknown-animations, no-unknown-custom-media and no-unknown-custom-properties rules more useful.

Commits
  • 53c8817 Release 17.9.1 (#9248)
  • fa75054 Fix property-no-deprecated autofix for page-break-*: always (#9214)
  • 02b039e Fix selector-no-deprecated false positives for ::part() (#9227)
  • af22bec Document message arguments of rules (#9226)
  • 20f6e9d Fix ConfigurationError regression for custom syntaxes (#9245)
  • 21a57e8 Fix MD5 hash algorithm to SHA256 for caching (#9241)
  • cee404b Release 17.9.0 (#9242)
  • b0af5ae Bump prettier from 3.8.1 to 3.8.3 (#9240)
  • e2c2c43 Bump eslint-plugin-jest from 29.15.1 to 29.15.2 in the eslint group (#9239)
  • 68d008e Bump @​csstools/css-syntax-patches-for-csstree from 1.1.2 to 1.1.3 in the csst...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm-dependencies group with 2 updates
0bb19c8 
Bumps the npm-dependencies group with 2 updates: [npm-check-updates](https://github.com/raineorshine/npm-check-updates) and [stylelint](https://github.com/stylelint/stylelint).


Updates `npm-check-updates` from 21.0.1 to 22.0.1
- [Release notes](https://github.com/raineorshine/npm-check-updates/releases)
- [Changelog](https://github.com/raineorshine/npm-check-updates/blob/main/CHANGELOG.md)
- [Commits](raineorshine/npm-check-updates@v21.0.1...v22.0.1)

Updates `stylelint` from 17.8.0 to 17.9.1
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](stylelint/stylelint@17.8.0...17.9.1)

---
updated-dependencies:
- dependency-name: npm-check-updates
  dependency-version: 22.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: stylelint
  dependency-version: 17.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 30, 2026
@lunarcloud lunarcloud merged commit cc359b0 into main May 1, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-dependencies-7887e01aed branch May 1, 2026 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lunarcloud