fix(deps): update all

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@coral-xyz/anchor	^0.31.1 -> ^0.32.0			dependencies	minor
@​coral-xyz/borsh	^0.31.1 -> ^0.32.0			dependencies	minor
@eslint/compat (source)	^1.3.2 -> ^2.0.0			devDependencies	major
@iota/iota-sdk (source)	~1.6.1 -> ~1.9.0			dependencies	minor
@mysten/sui	~1.38.0 -> ~1.45.0			dependencies	minor
@types/node (source)	^22.8.6 -> ^24.0.0			dependencies	major
@types/node (source)	^22.18.0 -> ^24.0.0			devDependencies	major
actions/checkout	v5 -> v6			action	major
actions/setup-node	v5 -> v6			action	major
glob	^11.0.0 -> ^13.0.0			devDependencies	major
mcr.microsoft.com/vscode/devcontainers/javascript-node	1-20-bullseye -> 4-20-bullseye			final	major
mcr.microsoft.com/vscode/devcontainers/typescript-node	1-20-bullseye -> 4-20-bullseye			final	major
node	22 -> 24			uses-with	major
open	^10.0.3 -> ^11.0.0			dependencies	major
piscina	5.1.3 -> 5.1.4			dependencies	patch
pnpm (source)	10.17.1 -> 10.25.0			packageManager	minor
starknet	^6.11.0 -> ^8.0.0			dependencies	major

---

Release Notes

coral-xyz/anchor (@​coral-xyz/anchor)

v0.32.1

Compare Source

Features

Fixes

• lang: Fix deprecation warnings on alloc and add solana-program to prelude
  (#​3975).
• cli: Fix race condition that could happen when deploying a program
  (#​3976).

Breaking

v0.32.0

Compare Source

Features

• lang: Add #[error] attribute to declare_program! (#​3757).
• cli: Replace anchor verify to use solana-verify under the hood, adding automatic installation via AVM, local path support, and future-proof argument passing (#​3768).
• lang: Replace solana-program crate with smaller crates (#​3819).
• cli: Make anchor deploy to upload the IDL to the cluster by default unless --no-idl is passed (#​3863).
• lang: Add generic program validation support to Program type allowing Program<'info> for executable-only validation (#​3878).
• lang: Use solana-invoke instead of solana_cpi::invoke (#​3900).
• client: remove solana-client from anchor-client and cli (#​3877).
• idl: Build IDL on stable Rustc (#​3842).
• lang: Add custom error when using init on SystemAccount (#​3828).
• lang: Add errors to declare_program (#​3757).
• ts: Add support for Bun as a package manager (#​3586).
• lang: Add support for tuple types in space calculation (#​3744).
• lang: Add missing pubkey const generation (#​3677).
• cli: Add the Minimum Supported Rust Version (MSRV) to the Rust template, since an arbitrary compiler version isn't supported (#​3873).
• cli: Add hooks section to Anchor.toml (#​3862).

Fixes

• docker: Upgrade node to 20.18.0 LTS (#​3687).
• cli: Fix using deprecated commitment recent in migration scripts (#​3725).
• cli: Fix not respecting provider.cluster in keys sync command (#​3761).
• lang: Fix deprecated realloc, store_current_index and clippy warnings (#​3819).
• avm: fix AVM instability with solana-verify (#​3867).
• avm: update AVM to only use non-draft releases(#​3931).
• lang: update bytemuck (#​3858).
• idl: disable Locale in camelCase (#​3845).
• ts: Remove event parsing panic (#​3657).

Breaking

• client: Make sending a tx not panic and instead return an Error when signing fails (#​3865).
• spl: Update SPL dependencies to latest compatible versions (#​3860).
• cli: Replace anchor verify to use solana-verify under the hood, adding automatic installation via AVM, local path support, and future-proof argument passing (#​3768).
• cli: Upload IDL by default with an option to skip ((#​3863)[solana-foundation#3863]).
• lang: remove Solang (#​3824).
• cli: remove anchor publish command (#​3795).

eslint/rewrite (@​eslint/compat)

v2.0.0

Compare Source

⚠ BREAKING CHANGES

• Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#​297)

Features

• patch missing context and SourceCode methods for v10 (#​311) (a40d8c6)
• Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#​297) (acc623c)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^0.17.0 to ^1.0.0

v1.4.1

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^0.16.0 to ^0.17.0

v1.4.0

Compare Source

Features

• Add config types in @​eslint/core (#​237) (7b6dd37)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^0.15.2 to ^0.16.0

iotaledger/iota (@​iota/iota-sdk)

v1.8.0: [Mainnet] v1.8.0

Nodes (Validators and Full nodes)

#​8370: add experimental "internal" gRPC API, including subscription to events with filtering

JSON-RPC

#​8647: Fix a bug in queryTransactionBlocks which causes that some results for TransactionFilter::MoveFunction are not returned.

CLI

#​8620: Use the provided --sender if there is one, rather than always inferring it, for iota client call, publish, upgrade, and serialized-tx-kind.

Internal gRPC API

#​8370: add gRPC streaming for checkpoint data and checkpoint summary, and use a trait to access the storage layer

---

Full Log: iotaledger/iota@v1.7.0...v1.8.0

actions/checkout (actions/checkout)

v6

Compare Source

actions/setup-node (actions/setup-node)

v6

Compare Source

isaacs/node-glob (glob)

v13.0.0

Compare Source

v12.0.0

Compare Source

v11.1.0

Compare Source

v11.0.3

Compare Source

v11.0.2

Compare Source

actions/node-versions (node)

v24.11.1: 24.11.1

Compare Source

Node.js 24.11.1

v24.11.0: 24.11.0

Compare Source

Node.js 24.11.0

v24.10.0: 24.10.0

Compare Source

Node.js 24.10.0

v24.9.0: 24.9.0

Compare Source

Node.js 24.9.0

v24.8.0: 24.8.0

Compare Source

Node.js 24.8.0

v24.7.0: 24.7.0

Compare Source

Node.js 24.7.0

v24.6.0: 24.6.0

Compare Source

Node.js 24.6.0

v24.5.0: 24.5.0

Compare Source

Node.js 24.5.0

v24.4.1: 24.4.1

Compare Source

Node.js 24.4.1

v24.4.0: 24.4.0

Compare Source

Node.js 24.4.0

v24.3.0: 24.3.0

Compare Source

Node.js 24.3.0

v24.2.0: 24.2.0

Compare Source

Node.js 24.2.0

v24.1.0: 24.1.0

Compare Source

Node.js 24.1.0

v24.0.2: 24.0.2

Compare Source

Node.js 24.0.2

v24.0.1: 24.0.1

Compare Source

Node.js 24.0.1

v24.0.0: 24.0.0

Compare Source

Node.js 24.0.0

sindresorhus/open (open)

v11.0.0

Compare Source

Breaking

• Require Node.js 20 e789eec

Improvements

• Automatically detect whether PowerShell is accessible in WSL 67109f8
• Add chromium-browser fallback for Linux b40f4b8
• Throw AggregateError instead of only latest error (#​364) 2778ac6

Fixes

• Fix app launch failure detection for fallback support ce31b94
• Fix WSL access via remote SSH 8821bf7
• Fix handling of import.meta.url not being available 8ce0f7d
• Fix: Suppress PowerShell progress messages on Windows 2283000
• Fix: Ignore stdio on Windows when not waiting for process e1af0ee
• Fix WSL2 local file opening 269b5fd
• Fix spawn handling 966239c
• Fix PowerShell argument escaping 274d704

---

v10.2.0

Compare Source

• Add support for Brave browser (#​362) b62b99e

---

v10.1.2

Compare Source

• Fix detection of Windows default browser from WSL (#​358) 6187a82

---

v10.1.1

Compare Source

• Fix: Use correct bundle ID for Microsoft Edge (#​356) 55537f1

---

piscinajs/piscina (piscina)

v5.1.4

Compare Source

What's Changed

• [Backport v5] chore(docs): remove duplicated by @​github-actions[bot] in #​846
• [Backport v5] refactor: tweaks by @​github-actions[bot] in #​847
• [Backport v5] chore: pin actions by @​github-actions[bot] in #​849
• [Backport v5] chore(deps): Bump on-headers and compression in /docs by @​github-actions[bot] in #​855
• [Backport v5] refactor: TaskInfo by @​github-actions[bot] in #​859
• [Backport v5] refactor: small adjustments over WorkerInfo by @​github-actions[bot] in #​865
• chore(deps): Bump @​napi-rs/nice from 1.0.4 to 1.1.1 by @​github-actions[bot] in #​883
• fix: add provenance by @​github-actions[bot] in #​885
• fix: fix taskDone duplicate listener by @​github-actions[bot] in #​896
• [Backport v5] chore(deps-dev): Bump tsx from 4.20.3 to 4.20.6 by @​github-actions[bot] in #​910
• [Backport v5] chore(deps): Bump actions/checkout from 4.3.0 to 5.0.0 by @​github-actions[bot] in #​912
• [Backport v5] chore(deps): Bump actions/stale from 9.1.0 to 10.1.0 by @​github-actions[bot] in #​911
• docs: add sponsors section by @​github-actions[bot] in #​917
• fix: standardize normalize calculation of stddev by @​github-actions[bot] in #​924

Full Changelog: piscinajs/piscina@v5.1.3...v5.1.4

pnpm/pnpm (pnpm)

v10.25.0

Compare Source

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

v10.20.0

Compare Source

Minor Changes

• Support --all option in pnpm --help to list all commands #​8628.

Patch Changes

• When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #​10100.
• create command should not verify patch info.
• Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #​10063.

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  onlyBuiltDependencies:
    - [email protected] || 21.6.5
    - [email protected]

  Related PR: #​10104.

• Added support for exact versions in minimumReleaseAgeExclude #​9985.

  You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - [email protected]
    - [email protected] || 5.102.1

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #​8748.
• pnpm dlx should not fail when minimumReleaseAge is set #​10037.

starknet-io/starknet.js (starknet)

v8.9.2

Compare Source

Bug Fixes

• corrected also in getTipStatsParallel (1db744f)
• npm audith node-tar issue for the used npm version (a06174e)

Features

• base refactor for v9, channel rpc 0.10, tests, types (70ea529)
• bump version\ (228e34a)

BREAKING CHANGES

• starknetjs v9

8.9.2 (2025-12-08)

Bug Fixes

• replace alchemy with zan for public node (264d86b)

8.9.1 (2025-11-26)

Bug Fixes

• default value for starknetVersion has to be set (8f3e675)

v8.9.1

Compare Source

Bug Fixes

• corrected also in getTipStatsParallel (1db744f)
• npm audith node-tar issue for the used npm version (a06174e)

Features

• base refactor for v9, channel rpc 0.10, tests, types (70ea529)
• bump version\ (228e34a)

BREAKING CHANGES

• starknetjs v9

8.9.2 (2025-12-08)

Bug Fixes

• replace alchemy with zan for public node (264d86b)

8.9.1 (2025-11-26)

Bug Fixes

• default value for starknetVersion has to be set (8f3e675)

v8.9.0

Compare Source

Bug Fixes

• corrected also in getTipStatsParallel (1db744f)
• npm audith node-tar issue for the used npm version (a06174e)

Features

• base refactor for v9, channel rpc 0.10, tests, types (70ea529)
• bump version\ (228e34a)

BREAKING CHANGES

• starknetjs v9

8.9.2 (2025-12-08)

Bug Fixes

• replace alchemy with zan for public node (264d86b)

8.9.1 (2025-11-26)

Bug Fixes

• default value for starknetVersion has to be set (8f3e675)

v8.8.0

Compare Source

Bug Fixes

• both sepolia and mainet on alchemy (f119081)
• public node hotfix (d35e39e)

Features

• starknet version, use starknt version to determin declare hash instead of spec version (70a23ee)

v8.7.0

Compare Source

Bug Fixes

• public node hotfix (#​1510) (4165a3c)

Features

• configurable websocket exponential backoff (#​1503) (6d0593f)

v8.6.0

Compare Source

Features

• blake2s (#​1502) (dd3f8ec)

8.5.5 (2025-10-03)

Bug Fixes

• ensure cleanHex has valid output (f5123b6)

8.5.4 (2025-09-17)

Bug Fixes

• fix waitfortransaction for rotating nodes services with lifeCycleRetries default 3 (7296850)

8.5.3 (2025-09-05)

Bug Fixes

• enforce fixed size for cairo bytes (6a56166)

8.5.2 (2025-08-27)

Bug Fixes

• preserve leading zeros for cairo bytes data (5542a00)

8.5.1 (2025-08-27)

Bug Fixes

• preserve leading zeros for pending word within byte array (5d7ab04)

v8.5.5

Compare Source

Features

• blake2s (#​1502) (dd3f8ec)

8.5.5 (2025-10-03)

Bug Fixes

• ensure cleanHex has valid output (f5123b6)

8.5.4 (2025-09-17)

Bug Fixes

• fix waitfortransaction for rotating nodes services with lifeCycleRetries default 3 (7296850)

8.5.3 (2025-09-05)

Bug Fixes

• enforce fixed size for cairo bytes (6a56166)

8.5.2 (2025-08-27)

Bug Fixes

• preserve leading zeros for cairo bytes data (5542a00)

8.5.1 (2025-08-27)

Bug Fixes

• preserve leading zeros for pending word within byte array (5d7ab04)

v8.5.4

Compare Source

Features

• blake2s (#​1502) (dd3f8ec)

8.5.5 (2025-10-03)

Bug Fixes

• ensure cleanHex has valid output (f5123b6)

8.5.4 (2025-09-17)

Bug Fixes

• fix waitfortransaction for rotating nodes services with lifeCycleRetries default 3 (7296850)

8.5.3 (2025-09-05)

Bug Fixes

• enforce fixed size for cairo bytes (6a56166)

8.5.2 (2025-08-27)

Bug Fixes

• preserve leading zeros for cairo bytes data (5542a00)

8.5.1 (2025-08-27)

Bug Fixes

• preserve leading zeros for pending word within byte array (5d7ab04)

v8.5.3

Compare Source

Features

• blake2s (#​1502) (dd3f8ec)

8.5.5 (2025-10-03)

Bug Fixes

• ensure cleanHex has valid output (f5123b6)

8.5.4 (2025-09-17)

Bug Fixes

• fix waitfortransaction for rotating nodes services with lifeCycleRetries default 3 (7296850)

8.5.3 (2025-09-05)

Bug Fixes

• enforce fixed size for cairo bytes (6a56166)

8.5.2 (2025-08-27)

Bug Fixes

• preserve leading zeros for cairo bytes data (5542a00)

8.5.1 (2025-08-27)

Bug Fixes

• preserve leading zeros for pending word within byte array (5d7ab04)

v8.5.2

Compare Source

Features

• blake2s (#​1502) (dd3f8ec)

8.5.5 (2025-10-03)

Bug Fixes

• ensure cleanHex has valid output (f5123b6)

8.5.4 (2025-09-17)

Bug Fixes

• fix waitfortransaction for rotating nodes services with lifeCycleRetries default 3 (7296850)

8.5.3 (2025-09-05)

Bug Fixes

• enforce fixed size for cairo bytes (6a56166)

8.5.2 (2025-08-27)

Bug F

---

Configuration

📅 Schedule: Branch creation - "after 9pm on sunday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.