Skip to content

chore(deps): update dependency @types/node to v25.5.2#1058

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/node-25.x
Open

chore(deps): update dependency @types/node to v25.5.2#1058
renovate[bot] wants to merge 1 commit intomainfrom
renovate/node-25.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Jan 10, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
@types/node (source) devDependencies minor 25.0.325.5.2 OpenSSF Scorecard

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Dependency updates label Jan 10, 2026
@renovate renovate bot enabled auto-merge (squash) January 10, 2026 02:04
@github-actions github-actions bot added qa:running QA workflow is currently running status:approved Pull request has been approved labels Jan 10, 2026
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 10, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@renovate renovate bot force-pushed the renovate/node-25.x branch from 1371829 to 96eebc9 Compare January 10, 2026 18:15
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.0.5 chore(deps): update dependency @types/node to v25.0.6 Jan 10, 2026
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.0.6 chore(deps): update dependency @types/node to v25.0.7 Jan 13, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch 2 times, most recently from 35d13c9 to 984752c Compare January 13, 2026 18:53
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.0.7 chore(deps): update dependency @types/node to v25.0.8 Jan 13, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 984752c to b2701b9 Compare January 15, 2026 19:03
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.0.8 chore(deps): update dependency @types/node to v25.0.9 Jan 15, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from b2701b9 to 605deb6 Compare January 22, 2026 03:03
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.0.9 chore(deps): update dependency @types/node to v25.0.10 Jan 22, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 605deb6 to e7992a8 Compare January 28, 2026 19:12
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.0.10 chore(deps): update dependency @types/node to v25.1.0 Jan 28, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from e7992a8 to 74d630c Compare February 1, 2026 18:06
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.1.0 chore(deps): update dependency @types/node to v25.2.0 Feb 1, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 74d630c to 3336dad Compare February 5, 2026 15:44
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.2.0 chore(deps): update dependency @types/node to v25.2.1 Feb 5, 2026
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.2.1 chore(deps): update dependency @types/node to v25.2.2 Feb 8, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 3336dad to 32dec87 Compare February 8, 2026 02:31
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.2.2 chore(deps): update dependency @types/node to v25.2.3 Feb 10, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 32dec87 to 1025e79 Compare February 10, 2026 15:56
@renovate renovate bot force-pushed the renovate/node-25.x branch from 1025e79 to 6191473 Compare February 19, 2026 02:55
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.2.3 chore(deps): update dependency @types/node to v25.3.0 Feb 19, 2026
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.3.0 chore(deps): update dependency @types/node to v25.3.1 Feb 26, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch 2 times, most recently from c156169 to 073fdb8 Compare February 26, 2026 19:12
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.3.1 chore(deps): update dependency @types/node to v25.3.2 Feb 26, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 073fdb8 to e804135 Compare February 28, 2026 22:14
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.3.2 chore(deps): update dependency @types/node to v25.3.3 Feb 28, 2026
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.3.3 chore(deps): update dependency @types/node to v25.3.5 Mar 8, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch 2 times, most recently from 93fe4b9 to 18f9801 Compare March 9, 2026 20:09
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.3.5 chore(deps): update dependency @types/node to v25.4.0 Mar 9, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 18f9801 to 746a8e3 Compare March 12, 2026 19:57
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.4.0 chore(deps): update dependency @types/node to v25.5.0 Mar 12, 2026
@renovate renovate bot force-pushed the renovate/node-25.x branch from 746a8e3 to a89b2e0 Compare April 3, 2026 10:42
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.5.0 chore(deps): update dependency @types/node to v25.5.1 Apr 3, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 3, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​types/​node@​25.0.3 ⏵ 25.5.210010081 +196 +2100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 3, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm @img/sharp-libvips-darwin-arm64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-darwin-arm64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-darwin-arm64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-darwin-x64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-darwin-x64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-darwin-x64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-arm under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linux-arm@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-arm@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-arm64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linux-arm64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-arm64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-ppc64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linux-ppc64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-ppc64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-riscv64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linux-riscv64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-riscv64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-s390x under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linux-s390x@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-s390x@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-x64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linux-x64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-x64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linuxmusl-arm64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linuxmusl-arm64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linuxmusl-arm64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linuxmusl-x64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-libvips-linuxmusl-x64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linuxmusl-x64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-wasm32 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-wasm32@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-wasm32@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-win32-arm64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-win32-arm64@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-win32-arm64@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-win32-ia32 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-win32-ia32@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-win32-ia32@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-win32-x64 under LGPL-3.0-or-later

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata)

License: LGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json)

From: ?npm/next@16.1.1npm/@img/sharp-win32-x64@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-win32-x64@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Low adoption: npm node-exports-info

Location: Package overview

From: ?npm/eslint-config-next@16.1.1npm/node-exports-info@1.6.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate
chore(deps): update dependency @types/node to v25.5.2
29a20f7 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/node-25.x branch from a89b2e0 to 29a20f7 Compare April 3, 2026 14:44
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v25.5.1 chore(deps): update dependency @types/node to v25.5.2 Apr 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

+1 more reviewer

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Dependency updates qa:running QA workflow is currently running status:approved Pull request has been approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants