chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	major	v4 -> v5
actions/setup-node	action	major	v4.4.0 -> v6.0.0
sponsorkit	devDependencies	major	^16.4.2 -> ^17.0.0
yarn (source)	packageManager	minor	4.9.2 -> 4.10.3

---

Release Notes

actions/checkout (actions/checkout)

v5

Compare Source

actions/setup-node (actions/setup-node)

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in #​1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #​1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #​1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #​1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

Compare Source

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in #​1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in #​1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in #​1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in #​1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in #​1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​1345

New Contributors

• @​priya-kinthali made their first contribution in #​1348
• @​salmanmkc made their first contribution in #​1325

Full Changelog: actions/setup-node@v4...v5.0.0

antfu-collective/sponsorkit (sponsorkit)

v17.0.0

Compare Source

   🚨 Breaking Changes

• Fix typo exechangeRate to exchangeRate  -  by @​sxzz (fe889)

   🐞 Bug Fixes

• afdian: Monthly amount  -  by @​sxzz (2b8da)

    View changes on GitHub

v16.5.0

Compare Source

   🐞 Bug Fixes

• Incorrect shows the tier for the user with a gifted membership for patreon  -  by @​ycs77 in #​112 (3c3d9)

    View changes on GitHub

yarnpkg/berry (yarn)

v4.10.3

Compare Source

v4.10.2

Compare Source

v4.10.1

Compare Source

v4.10.0

Compare Source

v4.9.4

Compare Source

v4.9.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 3cd5810

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​img/​sharp-linux-ppc64@​0.34.4
	@​img/​sharp-darwin-arm64@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-darwin-x64@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-linux-arm@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-linux-arm64@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-linux-s390x@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-linux-x64@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-linuxmusl-arm64@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-linuxmusl-x64@​0.33.5 ⏵ 0.34.4
	ansis@​3.17.0 ⏵ 4.2.0
	@​img/​colour@​1.0.0
	sponsorkit@​16.4.2 ⏵ 17.0.0	-8			+4
	@​img/​sharp-libvips-linux-ppc64@​1.2.3
	@​img/​sharp-libvips-darwin-arm64@​1.0.4 ⏵ 1.2.3
	@​img/​sharp-libvips-darwin-x64@​1.0.4 ⏵ 1.2.3
	@​img/​sharp-libvips-linux-arm@​1.0.5 ⏵ 1.2.3
	@​img/​sharp-libvips-linux-arm64@​1.0.4 ⏵ 1.2.3
	@​img/​sharp-libvips-linux-s390x@​1.0.4 ⏵ 1.2.3
	@​img/​sharp-libvips-linux-x64@​1.0.4 ⏵ 1.2.3
	@​img/​sharp-libvips-linuxmusl-arm64@​1.0.4 ⏵ 1.2.3
	@​img/​sharp-libvips-linuxmusl-x64@​1.0.4 ⏵ 1.2.3
	@​quansync/​fs@​0.1.3 ⏵ 0.1.5	+1		+2	-5
	@​img/​sharp-win32-arm64@​0.34.4
	@​img/​sharp-win32-ia32@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-win32-x64@​0.33.5 ⏵ 0.34.4
	@​img/​sharp-wasm32@​0.33.5 ⏵ 0.34.4
	unconfig@​7.3.2 ⏵ 7.3.3	+1		+1	-2
	quansync@​0.2.10 ⏵ 0.2.11	+1		+1
	sharp@​0.33.5 ⏵ 0.34.4			+1
	detect-libc@​2.0.4 ⏵ 2.1.2	+1		+1
	jiti@​2.4.2 ⏵ 2.6.1	+1
	semver@​7.7.2 ⏵ 7.7.3	+1		+1
	dotenv@​16.5.0 ⏵ 17.2.3

View full report

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 1f6f1b1 in 1 minute and 15 seconds. Click for details.

• Reviewed 41 lines of code in 3 files
• Skipped 2 files when reviewing.
• Skipped posting 5 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/scheduler.yml:20

• Draft comment:
  Updated actions/checkout to v5. Ensure that your runner environment meets any new requirements (e.g. recent runner versions).
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

2. .github/workflows/scheduler.yml:23

• Draft comment:
  Updated actions/setup-node to v5.0.0. Verify that 'cache: yarn' works as expected with the new automatic caching behavior, and confirm the runner version is at least v2.327.1.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

3. .yarnrc.yml:5

• Draft comment:
  Yarn version updated to 4.10.3. Confirm that this new version is compatible with existing tooling and project setups.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

4. package.json:7

• Draft comment:
  Upgraded sponsorkit to ^17.0.0. Check the release notes for breaking changes (like the renaming fix) that might affect build outputs or integrations.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

5. package.json:9

• Draft comment:
  Updated the packageManager field to '[email protected]' to remain consistent with the .yarnrc.yml configuration.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

Workflow ID: wflow_GKmE6gMNy7RwLADv

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}