chore(deps): update all dependencies

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@keyv/redis	2.8.3 -> 2.8.4					dependencies	patch
@types/node (source)	20.11.5 -> 20.11.19					devDependencies	patch
dotenv	16.3.1 -> 16.4.4					devDependencies	minor
eslint-plugin-sonarjs	0.23.0 -> 0.24.0					devDependencies	minor
eslint-plugin-unused-imports	3.0.0 -> 3.1.0					devDependencies	minor
node (source)	21.6.0 -> 21.6.2						patch
node (source)	21.6.0 -> 21.6.2					engines	patch
node	21.6.0-alpine -> 21.6.2-alpine					final	patch
node	21.6.0-alpine -> 21.6.2-alpine					stage	patch
npm-run-all	4.1.5 -> 5.0.0					devDependencies	replacement
open-graph-scraper	6.3.2 -> 6.4.0					dependencies	minor
pnpm (source)	8.14.1 -> 8.15.3					packageManager	minor
prettier (source)	3.2.4 -> 3.2.5					devDependencies	patch
tsup (source)	8.0.1 -> 8.0.2					devDependencies	patch
type-fest	4.9.0 -> 4.10.2					devDependencies	minor
vitest (source)	1.2.1 -> 1.3.0					devDependencies	minor

This is a special PR that replaces npm-run-all with the community suggested minimal stable replacement version.

---

Release Notes

motdotla/dotenv (dotenv)

### [`v16.4.4`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1644-2024-02-13) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.3...v16.4.4) ##### Changed - 🐞 Replaced chaining operator `?.` with old school `&&` (fixing node 12 failures) [#​812](https://togithub.com/motdotla/dotenv/pull/812) ### [`v16.4.3`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1643-2024-02-12) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.2...v16.4.3) ##### Changed - Fixed processing of multiple files in `options.path` [#​805](https://togithub.com/motdotla/dotenv/pull/805) ### [`v16.4.2`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1642-2024-02-10) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.1...v16.4.2) ##### Changed - Changed funding link in package.json to [`dotenvx.com`](https://dotenvx.com) ### [`v16.4.1`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1641-2024-01-24) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.0...v16.4.1) - Patch support for array as `path` option [#​797](https://togithub.com/motdotla/dotenv/pull/797) ### [`v16.4.0`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1640-2024-01-23) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.3.2...v16.4.0) - Add `error.code` to error messages around `.env.vault` decryption handling [#​795](https://togithub.com/motdotla/dotenv/pull/795) - Add ability to find `.env.vault` file when filename(s) passed as an array [#​784](https://togithub.com/motdotla/dotenv/pull/784) ### [`v16.3.2`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1632-2024-01-18) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.3.1...v16.3.2) ##### Added - Add debug message when no encoding set [#​735](https://togithub.com/motdotla/dotenv/pull/735) ##### Changed - Fix output typing for `populate` [#​792](https://togithub.com/motdotla/dotenv/pull/792) - Use subarray instead of slice [#​793](https://togithub.com/motdotla/dotenv/pull/793)

SonarSource/eslint-plugin-sonarjs (eslint-plugin-sonarjs)

### [`v0.24.0`](https://togithub.com/SonarSource/eslint-plugin-sonarjs/releases/tag/0.24.0) [Compare Source](https://togithub.com/SonarSource/eslint-plugin-sonarjs/compare/0.23.0...0.24.0) #### What's Changed - Prepare for next development iteration by [@​yassin-kammoun-sonarsource](https://togithub.com/yassin-kammoun-sonarsource) in [https://github.com/SonarSource/eslint-plugin-sonarjs/pull/429](https://togithub.com/SonarSource/eslint-plugin-sonarjs/pull/429) - Add prettier as pre-commit hook by [@​vdiez](https://togithub.com/vdiez) in [https://github.com/SonarSource/eslint-plugin-sonarjs/pull/432](https://togithub.com/SonarSource/eslint-plugin-sonarjs/pull/432) - Fix cognitive complexity link by [@​ilia-kebets-sonarsource](https://togithub.com/ilia-kebets-sonarsource) in [https://github.com/SonarSource/eslint-plugin-sonarjs/pull/443](https://togithub.com/SonarSource/eslint-plugin-sonarjs/pull/443) - Drop Node.js 14 support and test against Node.js 20 on CI by [@​yassin-kammoun-sonarsource](https://togithub.com/yassin-kammoun-sonarsource) in [https://github.com/SonarSource/eslint-plugin-sonarjs/pull/445](https://togithub.com/SonarSource/eslint-plugin-sonarjs/pull/445) - Fix FP S3776 (`cognitive-complexity`): Ignore nested functions and default values by [@​yassin-kammoun-sonarsource](https://togithub.com/yassin-kammoun-sonarsource) in [https://github.com/SonarSource/eslint-plugin-sonarjs/pull/444](https://togithub.com/SonarSource/eslint-plugin-sonarjs/pull/444) **Full Changelog**: https://github.com/SonarSource/eslint-plugin-sonarjs/compare/0.23.0...0.24.0

sweepline/eslint-plugin-unused-imports (eslint-plugin-unused-imports)

### [`v3.1.0`](https://togithub.com/sweepline/eslint-plugin-unused-imports/compare/5cef9616c54ec2b9fc0795ed6fa27f4529d7e386...8872ac3f6724a442ed1fe948318812afece1d4a1) [Compare Source](https://togithub.com/sweepline/eslint-plugin-unused-imports/compare/5cef9616c54ec2b9fc0795ed6fa27f4529d7e386...8872ac3f6724a442ed1fe948318812afece1d4a1)

nodejs/node (node)

### [`v21.6.2`](https://togithub.com/nodejs/node/releases/tag/v21.6.2): 2024-02-14, Version 21.6.2 (Current), @​RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v21.6.0...v21.6.2) ##### Notable changes This is a security release. ##### Notable changes - CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High) - CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) - CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High) - CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High) - CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against [PKCS#1](https://togithub.com/PKCS/node/issues/1) v1.5 padding) - (Medium) - CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) - CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) - CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) - undici version 5.28.3 - libuv version 1.48.0 - OpenSSL version 3.0.13+quic1 ##### Commits - \[[`8344719369`](https://togithub.com/nodejs/node/commit/8344719369)] - **crypto**: disable [PKCS#1](https://togithub.com/PKCS/node/issues/1) padding for privateDecrypt (Michael Dawson) [nodejs-private/node-private#525](https://togithub.com/nodejs-private/node-private/pull/525) - \[[`d093600ac4`](https://togithub.com/nodejs/node/commit/d093600ac4)] - **deps**: update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) [#​51614](https://togithub.com/nodejs/node/pull/51614) - \[[`6cd930e5e8`](https://togithub.com/nodejs/node/commit/6cd930e5e8)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) [#​51614](https://togithub.com/nodejs/node/pull/51614) - \[[`9590c15d3d`](https://togithub.com/nodejs/node/commit/9590c15d3d)] - **deps**: upgrade libuv to 1.48.0 (Santiago Gimeno) [#​51698](https://togithub.com/nodejs/node/pull/51698) - \[[`666096298c`](https://togithub.com/nodejs/node/commit/666096298c)] - **deps**: disable io_uring support in libuv by default (Tobias Nießen) [nodejs-private/node-private#528](https://togithub.com/nodejs-private/node-private/pull/528) - \[[`a4edd22e30`](https://togithub.com/nodejs/node/commit/a4edd22e30)] - **fs**: protect against modified Buffer internals in possiblyTransformPath (Tobias Nießen) [nodejs-private/node-private#497](https://togithub.com/nodejs-private/node-private/pull/497) - \[[`6155a1ffaf`](https://togithub.com/nodejs/node/commit/6155a1ffaf)] - **http**: add maximum chunk extension size (Paolo Insogna) [nodejs-private/node-private#518](https://togithub.com/nodejs-private/node-private/pull/518) - \[[`777509495e`](https://togithub.com/nodejs/node/commit/777509495e)] - **lib**: use cache fs internals against path traversal (RafaelGSS) [nodejs-private/node-private#516](https://togithub.com/nodejs-private/node-private/pull/516) - \[[`9d2ac2b3fc`](https://togithub.com/nodejs/node/commit/9d2ac2b3fc)] - **lib**: update undici to v5.28.3 (Matteo Collina) [nodejs-private/node-private#538](https://togithub.com/nodejs-private/node-private/pull/538) - \[[`208b3940c7`](https://togithub.com/nodejs/node/commit/208b3940c7)] - **src**: fix HasOnly(capability) in node::credentials (Tobias Nießen) [nodejs-private/node-private#505](https://togithub.com/nodejs-private/node-private/pull/505) - \[[`fc2454f29c`](https://togithub.com/nodejs/node/commit/fc2454f29c)] - **src,deps**: disable setuid() etc if io_uring enabled (Tobias Nießen) [nodejs-private/node-private#528](https://togithub.com/nodejs-private/node-private/pull/528) - \[[`ef3eea20be`](https://togithub.com/nodejs/node/commit/ef3eea20be)] - **test,doc**: clarify wildcard usage (RafaelGSS) [nodejs-private/node-private#517](https://togithub.com/nodejs-private/node-private/pull/517) - \[[`8547196964`](https://togithub.com/nodejs/node/commit/8547196964)] - **zlib**: pause stream if outgoing buffer is full (Matteo Collina) [nodejs-private/node-private#540](https://togithub.com/nodejs-private/node-private/pull/540)

jshemas/openGraphScraper (open-graph-scraper)

### [`v6.4.0`](https://togithub.com/jshemas/openGraphScraper/blob/HEAD/CHANGELOG.md#640) [Compare Source](https://togithub.com/jshemas/openGraphScraper/compare/2c203d0262f8daba2e4de73a54002de4af854561...8e07e8b134e03d9b4abe4b2cf95d63b3b3740244) - Add character encoding detection and decoding logic using `iconv-lite` - Updating dependencies ### [`v6.3.4`](https://togithub.com/jshemas/openGraphScraper/blob/HEAD/CHANGELOG.md#634) [Compare Source](https://togithub.com/jshemas/openGraphScraper/compare/a90a2dc0b7132934de0659c5db717a8fececdfa6...2c203d0262f8daba2e4de73a54002de4af854561) - Adding check to make sure `customMetaTags` are valid - Updating dependencies ### [`v6.3.3`](https://togithub.com/jshemas/openGraphScraper/blob/HEAD/CHANGELOG.md#633) [Compare Source](https://togithub.com/jshemas/openGraphScraper/compare/f4345f8707854ad0536dfc3647d3ae655bcf64a2...a90a2dc0b7132934de0659c5db717a8fececdfa6) - Updating dependencies - Sent the `Accept: text/html` header by default

pnpm/pnpm (pnpm)

### [`v8.15.3`](https://togithub.com/pnpm/pnpm/releases/tag/v8.15.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.15.2...v8.15.3) #### Patch Changes - Remove vulnerable "ip" package from the dependencies [#​7652](https://togithub.com/pnpm/pnpm/issues/7652). #### Platinum Sponsors #### Gold Sponsors #### Our Silver Sponsors ### [`v8.15.2`](https://togithub.com/pnpm/pnpm/releases/tag/v8.15.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.15.1...v8.15.2) #### Patch Changes - When purging multiple `node_modules` directories, pnpm will no longer print multiple prompts simultaneously. - Don't print an unnecessary warning when adding new dependencies to a project that uses hoisted `node_modules`. - Linking globally the command of a package that has no name in `package.json` [#​4761](https://togithub.com/pnpm/pnpm/issues/4761). - Installation should work with lockfile created by pnpm v9.0.0-alpha.4 #### Platinum Sponsors #### Gold Sponsors #### Our Silver Sponsors ### [`v8.15.1`](https://togithub.com/pnpm/pnpm/releases/tag/v8.15.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.15.0...v8.15.1) #### Patch Changes - Use the `object-hash` library instead of `node-object-hash` for hashing keys of side-effects cache [#​7591](https://togithub.com/pnpm/pnpm/pull/7591). - `bundledDependencies` should never be added to the lockfile with `false` as the value [#​7576](https://togithub.com/pnpm/pnpm/issues/7576). #### Platinum Sponsors #### Gold Sponsors #### Our Silver Sponsors ### [`v8.15.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.15.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.14.3...v8.15.0) #### Minor Changes - When the license field does not exist in `package.json` but a license file exists, try to match and extract the license name [#​7530](https://togithub.com/pnpm/pnpm/pull/7530). #### Patch Changes - Running `pnpm update -r --latest` will no longer downgrade prerelease dependencies [#​7436](https://togithub.com/pnpm/pnpm/issues/7436). - `--aggregate-output` should work on scripts executed from the same project [#​7556](https://togithub.com/pnpm/pnpm/issues/7556). - Prefer hard links over reflinks on Windows as they perform better [#​7564](https://togithub.com/pnpm/pnpm/pull/7564). - Reduce the length of the side-effects cache key. Instead of saving a stringified object composed from the dependency versions of the package, use the hash calculated from the said object [#​7563](https://togithub.com/pnpm/pnpm/pull/7563). - Throw an error if `pnpm update --latest` runs with arguments containing versions specs. For instance, `pnpm update --latest foo@next` is not allowed [#​7567](https://togithub.com/pnpm/pnpm/pull/7567). - Don't fail in Windows CoW if the file already exists [#​7554](https://togithub.com/pnpm/pnpm/issues/7554). #### Platinum Sponsors #### Gold Sponsors #### Our Silver Sponsors ### [`v8.14.3`](https://togithub.com/pnpm/pnpm/releases/tag/v8.14.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.14.2...v8.14.3) #### Patch Changes - `pnpm pack` should work as expected when "prepack" modifies the manifest [#​7558](https://togithub.com/pnpm/pnpm/pull/7558). #### Platinum Sponsors #### Gold Sponsors #### Our Silver Sponsors ### [`v8.14.2`](https://togithub.com/pnpm/pnpm/releases/tag/v8.14.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.14.1...v8.14.2) #### Patch Changes - Registry configuration from previous installation should not override current settings [#​7507](https://togithub.com/pnpm/pnpm/issues/7507). - `pnpm dlx` should not fail, when executed from `package.json` "scripts" [7424](https://togithub.com/pnpm/pnpm/issues/7424). - A git-hosted dependency should not be added to the store if it failed to be built [#​7407](https://togithub.com/pnpm/pnpm/pull/7407). - `pnpm publish` should pack "main" file or "bin" files defined in "publishConfig" [#​4195](https://togithub.com/pnpm/pnpm/issues/4195). #### Platinum Sponsors

config help if that's undesired. [ ] If you want to rebase/retry this PR, check this box This PR has been generated by Mend Renovate. View repository job log here. © Githubissues. Githubissues is a development platform for aggregating issues.