Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Update	Change	Age	Adoption	Passing	Confidence
awscli	patch	2.24.17 -> 2.24.20
deno	patch	2.2.2 -> 2.2.3
flutter (source)	patch	3.29.0 -> 3.29.1
pnpm (source)	minor	10.5.2 -> 10.6.2
terraform	patch	1.11.0 -> 1.11.1
terragrunt	patch	0.75.0 -> 0.75.3
trivy	minor	0.59.1 -> 0.60.0

---

Release Notes

aws/aws-cli (awscli)

v2.24.20

Compare Source

v2.24.19

Compare Source

v2.24.18

Compare Source

denoland/deno (deno)

v2.2.3

Compare Source

• feat(unstable): lint plugins support field selectors (#​28324)
• fix(add): better help text for --dev arg (#​28304)
• fix(check/npm): move not found errors inside npm packages to tsc diagnostics
  (#​28337)
• fix(ext/node): SQLite reset guards to prevent database locks (#​28298)
• fix(ext/node): node compatibility issue missing fd in createServer callback
  socket object (#​27789)
• fix(fmt/md): handle callout followed by non-text (#​28333)
• fix(lint): run with --no-prompt (#​28305)
• fix(lsp): include prefix and suffix for rename edits (#​28327)
• fix(lsp): limit languages in semantic tokens provider (#​28310)
• fix(node): require esm should prefer module.exports export (#​28376)
• fix(otel): don't throw when calling setActiveSpan at root (#​28323)
• fix(unstable): Missing PrivateIdentifier type for PropertyDefinition key
  (#​28358)
• fix(unstable): lint plugin ObjectPattern inconsistencies (#​28359)
• fix(unstable): lint plugin child combinator not working with groups (#​28360)
• fix(unstable): lint plugin fix :has(), :is/where/matches and :not()
  selectors (#​28348)
• fix(unstable): lint plugin regex attribute selector not working (#​28340)
• fix(unstable): lint plugin swapped exported and source for
  ExportAllDeclaration (#​28357)
• fix(unstable/lint): remove duplicated Fix vs FixData interface (#​28344)
• fix: add "module.exports" export to ESM CJS wrapper module (#​28373)
• fix: deno_ast 0.46 (#​28331)
• fix: respect lockfile for multiple available jsr versions (#​28375)
• perf(http): instantiate generic functions in deno_http, increase opt-level
  for some more hyper deps (#​28317)
• perf(lsp): don't set resolver npm reqs if unchanged (#​28302)
• perf(lsp): register semantic tokens provider upon opening enabled doc (#​28384)

flutter/flutter (flutter)

v3.29.1

Compare Source

• flutter/163830 - Fix Tab linear and elastic animation blink.
• flutter/164119 - Configuration changes to run test on macOS 14 for Flutter's CI.
• flutter/164155 - Roll .ci.yaml changes into the LUCI configuration only when the master branch is updated.
• flutter/164191 - Improve safaridriver launch process in Flutter's CI testing for web.
• flutter/164193 - Provide guided error message when app crashes due to JIT restriction on iPhones.
• flutter/164050 - Fixes test reorderable_list_test.dart failing for certain ordering seeds, such as 2025022.
• flutter/163316 - Configuration changes to run test on macOS 14 for Flutter's CI.
• flutter/163581 - Fix crash when using BackdropFilters in certain GLES drivers.
• flutter/163616 - Disable Vulkan on known bad Xclipse GPU drivers for Android.
• flutter/163666 - Always post new task during gesture dispatch to fix jittery scrolling on iOS devices.
• flutter/163667 - Ensure that OpenGL "flipped" textures do not leak via texture readback.
• flutter/163741 - Flutter tool respects tracked engine.version.
• flutter/163754 - Fix text glitch when returning to foreground for Android.
• flutter/163058 - Fixes jittery glyphs.
• flutter/163201 - Fixes buttons with icons that ignore foregroundColor.
• flutter/163265 - Disable Vulkan on known bad exynos SoCs for Android.
• flutter/163261 - Fixes for Impeller DrawVertices issues involving snapshots with empty sizes.
• flutter/163672 - Check for tracked engine.version before overriding.

pnpm/pnpm (pnpm)

v10.6.2

Compare Source

Patch Changes

• pnpm self-update should always update the version in the packageManager field of package.json.
• Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable #​8971.
• pnpm patch-commit will now use the same filesystem as the store directory to compare and create patch files.
• Don't show info output when --loglevel=error is used.
• peerDependencyRules should be set in pnpm-workspace.yaml to take effect.

v10.6.1

Compare Source

Patch Changes

• The pnpm CLI process should not stay hanging, when --silent reporting is used.
• When --loglevel is set to error, don't show installation summary, execution time, and big tarball download progress.
• Don't ignore pnpm.patchedDependencies from package.json #​9226.
• When executing the approve-builds command, if package.json contains onlyBuiltDependencies or ignoredBuiltDependencies, the selected dependency package will continue to be written into package.json.
• When a package version cannot be found in the package metadata, print the registry from which the package was fetched.

v10.6.0

Compare Source

Minor Changes

• pnpm-workspace.yaml can now hold all the settings that .npmrc accepts. The settings should use camelCase #​9211.

  pnpm-workspace.yaml example:

  verifyDepsBeforeRun: install
  optimisticRepeatInstall: true
  publicHoistPattern:
    - "*types*"
    - "!@​types/react"

• Projects using a file: dependency on a local tarball file (i.e. .tgz, .tar.gz, .tar) will see a performance improvement during installation. Previously, using a file: dependency on a tarball caused the lockfile resolution step to always run. The lockfile will now be considered up-to-date if the tarball is unchanged.

Patch Changes

• pnpm self-update should not leave a directory with a broken pnpm installation if the installation fails.
• fast-glob replace with tinyglobby to reduce the size of the pnpm CLI dependencies #​9169.
• pnpm deploy should not remove fields from the deployed package's package.json file #​9215.
• pnpm self-update should not read the pnpm settings from the package.json file in the current working directory.
• Fix pnpm deploy creating a package.json without the imports and license field #​9193.
• pnpm update -i should list only packages that have newer versions #​9206.
• Fix a bug causing entries in the catalogs section of the pnpm-lock.yaml file to be removed when dedupe-peer-dependents=false on a filtered install. #​9112

hashicorp/terraform (terraform)

v1.11.1

Compare Source

1.11.1 (March 5, 2025)

BUG FIXES:

• Temporarily revert updated Windows symlink handling until we can account for known existing configurations using non-symlink junctions. (#​36575)

• terraform test: Fix crash when a run block attempts to cleanup after a non-applyable plan. (#​36582)

• Updated dependency golang.org/x/oauth2 from v0.23.0 => v0.27.0 to integrate latest changes (fix for CVE-2025-22868) (#​36584)

• lang/funcs/transpose: Avoid crash due to map with null values (#​36611)

• Combining ephemeral and sensitive marks could fail when serializing planned changes (#​36619)

gruntwork-io/terragrunt (terragrunt)

v0.75.3

Compare Source

✨ New Features

This release introduces support for all the remaining assume_role arguments used by OpenTofu/Terraform backends.

Thank you to @​erpel for contributing this!

What's Changed

• feat: Add support for all assume_role block arguments for s3 backend by @​erpel in https://github.com/gruntwork-io/terragrunt/pull/3975
• fix: Adjusting contribution docs by @​yhakbar in https://github.com/gruntwork-io/terragrunt/pull/3979
• chore: Bumping Dependencies as requested by Dependabot by @​yhakbar in https://github.com/gruntwork-io/terragrunt/pull/3984
• docs: update contributing.md with dev containers entry by @​j2udev in https://github.com/gruntwork-io/terragrunt/pull/3977

New Contributors

• @​erpel made their first contribution in https://github.com/gruntwork-io/terragrunt/pull/3975

Full Changelog: gruntwork-io/terragrunt@v0.75.2...v0.75.3

v0.75.2

Compare Source

What's Changed

• Stacks: added support for stack values by @​denis256 in https://github.com/gruntwork-io/terragrunt/pull/3961

Example HCL configuration:

stack "dev" {
  source = "stacks/dev"
  path   = "dev"

### new values block
  values = {
    project = "dev-project"
    env     = "dev"
  }
}

RFC: https://github.com/gruntwork-io/terragrunt/issues/3313

Full Changelog: gruntwork-io/terragrunt@v0.75.1...v0.75.2

v0.75.1

Compare Source

What's Changed

• feat: Strict control for old deprecated env vars by @​levkohimins in https://github.com/gruntwork-io/terragrunt/pull/3964
• feat: Adding .coderabbit.yaml file by @​yhakbar in https://github.com/gruntwork-io/terragrunt/pull/3969
• fix: Updated failing engine tests by @​denis256 in https://github.com/gruntwork-io/terragrunt/pull/3960
• fix: Replacing usage of run-all with run --all in starlight docs by @​yhakbar in https://github.com/gruntwork-io/terragrunt/pull/3950
• fix: Update mark_as_read example and docs by @​odgrim in https://github.com/gruntwork-io/terragrunt/pull/3971
• fix: Adding missing cautionary asides by @​yhakbar in https://github.com/gruntwork-io/terragrunt/pull/3970
• chore: Tofu engine update to v0.0.16 in tests by @​denis256 in https://github.com/gruntwork-io/terragrunt/pull/3951
• build(deps-dev): bump uri from 0.13.0 to 0.13.2 in /docs by @​dependabot in https://github.com/gruntwork-io/terragrunt/pull/3963

New Contributors

• @​odgrim made their first contribution in https://github.com/gruntwork-io/terragrunt/pull/3971

Full Changelog: gruntwork-io/terragrunt@v0.75.0...v0.75.1

aquasecurity/trivy (trivy)

v0.60.0

Compare Source

Features

• add --vuln-severity-source flag (#​8269) (d464807)
• add report summary table (#​8177) (dd54f80)
• cyclonedx: Add initial support for loading external VEX files from SBOM references (#​8254) (4820eb7)
• go: fix parsing main module version for go >= 1.24 (#​8433) (e58dcfc)
• misconf: render causes for Terraform (#​8360) (a99498c)

Bug Fixes

• db: fix case when 2 trivy-db were copied at the same time (#​8452) (bb3cca6)
• don't use scope for trivy registry login command (#​8393) (8715e5d)
• go: merge nested flags into string for ldflags for Go binaries (#​8368) (b675b06)
• image: disable AVD-DS-0007 for history scanning (#​8366) (a3cd693)
• k8s: add missed option PkgRelationships (#​8442) (f987e41)
• misconf: do not log scanners when misconfig scanning is disabled (#​8345) (5695eb2)
• misconf: ecs include enhanced for container insights (#​8326) (39789ff)
• misconf: fix incorrect k8s locations due to JSON to YAML conversion (#​8073) (a994453)
• os: add mapping OS aliases (#​8466) (6b4cebe)
• python: add poetry v2 support (#​8323) (10cd98c)
• report: remove html escaping for shortDescription and fullDescription fields for sarif reports (#​8344) (3eb0b03)
• sbom: add SBOM file's filePath as Application FilePath if we can't detect its path (#​8346) (ecc01bb)
• sbom: improve logic for binding direct dependency to parent component (#​8489) (85cca8c)
• sbom: preserve OS packages from multiple SBOMs (#​8325) (bd5baaf)
• server: secrets inspectation for the config analyzer in client server mode (#​8418) (a1c4bd7)
• spdx: init pkgFilePaths map for all formats (#​8380) (72ea4b0)
• terraform: apply parser options to submodule parsing (#​8377) (398620b)
• update all documentation links (#​8045) (49456ba)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.