build(deps-dev): bump all

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@shopify/prettier-plugin-liquid (source)	1.9.2 -> 1.9.3					devDependencies	patch
@types/node (source)	22.14.1 -> 22.15.3					devDependencies	minor
github/codeql-action	v3.28.15 -> v3.28.16					action	patch
node (source)	22.14.0 -> 22.15.0					engines	minor
pnpm (source)	10.8.1 -> 10.10.0					packageManager	minor
pnpm (source)	10.8.1 -> 10.10.0					engines	minor
returntocorp/semgrep	f435f06 -> f552de9					container	digest
stylelint (source)	16.18.0 -> 16.19.1					devDependencies	minor

---

Release Notes

Shopify/theme-tools (@​shopify/prettier-plugin-liquid)

v1.9.3

Compare Source

Patch Changes

• 067a75e: Improve parsing logic around aliases
• Updated dependencies [067a75e]
  • @​shopify/liquid-html-parser@​2.8.2

github/codeql-action (github/codeql-action)

v3.28.16

Compare Source

nodejs/node (node)

v22.15.0

Compare Source

pnpm/pnpm (pnpm)

v10.10.0

Compare Source

Minor Changes

• Allow loading the preResolution, importPackage, and fetchers hooks from local pnpmfile.

Patch Changes

• Fix cd command, when shellEmulator is true #​7838.
• Sort keys in pnpm-workspace.yaml #​9453.
• Pass the npm_package_json environment variable to the executed scripts #​9452.
• Fixed a mistake in the description of the --reporter=silent option.

v10.9.0

Compare Source

Minor Changes

• Added support for installing JSR packages. You can now install JSR packages using the following syntax:

  pnpm add jsr:<pkg_name>
  

  or with a version range:

  pnpm add jsr:<pkg_name>@&#8203;<range>
  

  For example, running:

  pnpm add jsr:@​foo/bar
  

  will add the following entry to your package.json:

  {
    "dependencies": {
      "@​foo/bar": "jsr:^0.1.2"
    }
  }

  When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:

  {
    "dependencies": {
      "@​foo/bar": "npm:@​jsr/foo__bar@^0.1.2"
    }
  }

  Related issue: #​8941.

  Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined.

• Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml:

  neverBuiltDependencies: []

  dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via:

  pnpm config set dangerouslyAllowAllBuilds true
  

  It can also be set when running a command:

  pnpm install --dangerously-allow-all-builds
  

Patch Changes

• Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #​9424.
• Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning.

stylelint/stylelint (stylelint)

v16.19.1

Compare Source

• Fixed: no-empty-source false positives for non-standard syntaxes (#​8548) (@​ybiquitous).

v16.19.0

Compare Source

It adds 2 options to 2 rules and fixes 3 bugs.

• Added: exceptWithoutPropertyFallback: [] to function-allowed-list (#​8488) (@​ryo-manba).
• Added: ignore: ["four-into-three-edge-values"] to shorthand-property-no-redundant-values (#​8527) (@​ryo-manba).
• Fixed: compact formatter with pnpm to newline the exit code (#​8534) (@​konomae).
• Fixed: declaration-property-value-no-unknown range and message for invalid syntax within known functions (#​8528) (@​ryo-manba).
• Fixed: no-empty-source false positives for --report-needless-disables (#​8536) (@​romainmenke).

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for gh-pages-openinf ready!

Name	Link
🔨 Latest commit	5dfbba3
🔍 Latest deploy log	https://app.netlify.com/sites/gh-pages-openinf/deploys/680f31d5da13a200080003bc
😎 Deploy Preview	https://deploy-preview-1588--gh-pages-openinf.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​node@​22.14.1 ⏵ 22.15.3			+1
	@​shopify/​prettier-plugin-liquid@​1.9.2 ⏵ 1.9.3				+2

View full report