build(deps-dev): bump sinon from 21.1.2 to 22.0.0 by dependabot[bot] · Pull Request #325 · DataDog/pprof-nodejs

dependabot · 2026-05-12T22:25:02Z

Bumps sinon from 21.1.2 to 22.0.0.

Changelog

22.0.0

ed911df5 Update Ruby gems (Carl-Erik Kopseng)

75a1e5b8 Update to Node 26 (Carl-Erik Kopseng)

197d6608 Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)

c5ddf80b Update fake-timers@15.4: includes new Temporal API (Carl-Erik Kopseng)

f4ab02f6 Update updatable packages (Carl-Erik Kopseng)

0536afc8 Quality: Global mutable call id can grow unbounded across long-lived processes (#2691) (tuanaiseo)

refactor: global mutable call id can grow unbounded across l

callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

Affected files: proxy-invoke.js

Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com

Wrap around for all values that are too high

Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

f4f7d93b Perform additional cleanup when calling callThrough() (#2670) (Cyrille)

6199e9e4 improve GitHubworkflows by introducing zizmor for monitoring (#2686) (Till!)

fix(workflows): fetch-depth is for actions/checkout

chore(workflows): update

pin all actions to precise commits

avoid credential leakage from actions/checkout

group action updates going forward

add zimor config to ignore "secrets outside env"

add job to keep validating workflows

f7476b59 Use path.normalize() for path normalization (Carl-Erik Kopseng)

2c975393 fix: make build and node test scripts cross-platform (laplace young)

a7692917 fix: isolate walk state from Object prototype (laplace young)

66df977a Fix sinon.restore() cascade-restoring sub-sandboxes (#2704) (Charlie Leitheiser)

The ESM port of createApi (#2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

... (truncated)

Commits

52555af 22.0.0
ed911df Update Ruby gems
75a1e5b Update to Node 26
197d660 Update documentation on faking timers to reflect the current state of fake-ti...
c5ddf80 Update fake-timers@15.4: includes new Temporal API
f4ab02f Update updatable packages
0536afc Quality: Global mutable call id can grow unbounded across long-lived processe...
f4f7d93 Perform additional cleanup when calling callThrough() (#2670)
6199e9e improve GitHubworkflows by introducing zizmor for monitoring (#2686)
1519009 Merge #2703: isolate walk state from Object prototype
Additional commits viewable in compare view

dependabot · 2026-05-12T22:25:04Z

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-05-12T22:25:40Z

Overall package size

Self size: 2 MB
Deduped: 2.36 MB
No deduping: 2.36 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | source-map | 0.7.6 | 185.63 kB | 185.63 kB | | pprof-format | 2.2.1 | 163.06 kB | 163.06 kB | | node-gyp-build | 4.8.4 | 13.86 kB | 13.86 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

Bumps [sinon](https://github.com/sinonjs/sinon) from 21.1.2 to 22.0.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v21.1.2...v22.0.0) --- updated-dependencies: - dependency-name: sinon dependency-version: 22.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

* use trusted publishing for dev releases (#310) * use trusted publishing for dev releases * use release publisher file to release dev tag too (#311) use release publisher file to release dev tag * chore(deps): minor: sinon · patch: @types/node, @types/sinon (#317) Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com> * build(deps-dev): bump typescript from 5.9.3 to 6.0.3 (#315) * build(deps-dev): bump typescript from 5.9.3 to 6.0.3 Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix(ts): explicit types in tsconfig and bump @types/node to 25.6.0 TypeScript 6.0 no longer auto-loads @types/* by default with this project's tsconfig setup, so Node and Mocha globals (Buffer, process, __dirname, describe, it, ...) became unresolved. Pin "types" to ["node", "mocha"] so the compiler picks them up explicitly. Also bumps @types/node from 25.5.2 to 25.6.0, superseding #314. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Attila Szegedi <attila.szegedi@datadoghq.com> * chore(deps): node-gyp-build (major → 4.8.4) (#316) Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com> * build(deps-dev): bump @types/node from 25.6.0 to 25.7.0 (#324) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.6.0 to 25.7.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.7.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump eslint-plugin-n from 17.24.0 to 18.0.1 (#320) Bumps [eslint-plugin-n](https://github.com/eslint-community/eslint-plugin-n) from 17.24.0 to 18.0.1. - [Release notes](https://github.com/eslint-community/eslint-plugin-n/releases) - [Changelog](https://github.com/eslint-community/eslint-plugin-n/blob/master/CHANGELOG.md) - [Commits](eslint-community/eslint-plugin-n@v17.24.0...v18.0.1) --- updated-dependencies: - dependency-name: eslint-plugin-n dependency-version: 18.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump node-gyp-build from 3.9.0 to 4.8.4 (#284) Bumps [node-gyp-build](https://github.com/prebuild/node-gyp-build) from 3.9.0 to 4.8.4. - [Commits](prebuild/node-gyp-build@v3.9.0...v4.8.4) --- updated-dependencies: - dependency-name: node-gyp-build dependency-version: 4.8.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Attila Szegedi <szegedi@users.noreply.github.com> * build(deps-dev): bump semver from 7.7.4 to 7.8.0 (#323) Bumps [semver](https://github.com/npm/node-semver) from 7.7.4 to 7.8.0. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.7.4...v7.8.0) --- updated-dependencies: - dependency-name: semver dependency-version: 7.8.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump sinon from 21.1.2 to 22.0.0 (#325) Bumps [sinon](https://github.com/sinonjs/sinon) from 21.1.2 to 22.0.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v21.1.2...v22.0.0) --- updated-dependencies: - dependency-name: sinon dependency-version: 22.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add Node.js v25 to benchmarks (#326) * support Node.js v26 (#327) * support Node.js v26 * Revert lazy profile-tree changes to mitigate CpuProfile::Delete crash (#329) * Revert "use stop and collect on time profiler (#305)" This reverts commit 85f2457. * Revert "Switch heap profiling to use lazy allocation profile method by default (#281)" This reverts commit fb3d75d. * Touchup for TS6 changes introduced after the reverted commits. Specifically enforcing TS2883 under `composite: true`: any function whose inferred return type names a non-imported type must be annotated explicitly. * v14.5.2 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Attila Szegedi <attila.szegedi@datadoghq.com> Co-authored-by: Attila Szegedi <szegedi@users.noreply.github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code semver-patch Bug or security fixes, mainly labels May 12, 2026

dependabot Bot added the dependencies Pull requests that update a dependency file label May 12, 2026

dependabot Bot requested a review from szegedi as a code owner May 12, 2026 22:25

dependabot Bot added the semver-patch Bug or security fixes, mainly label May 12, 2026

dependabot Bot requested a review from nsavoire as a code owner May 12, 2026 22:25

dependabot Bot added the javascript Pull requests that update javascript code label May 12, 2026

dependabot Bot requested review from IlyasShabi and r1viollet as code owners May 12, 2026 22:25

dependabot Bot force-pushed the dependabot/npm_and_yarn/sinon-22.0.0 branch from 07677b0 to 6f42b1c Compare May 13, 2026 09:49

dependabot Bot force-pushed the dependabot/npm_and_yarn/sinon-22.0.0 branch from 6f42b1c to a4af4b2 Compare May 13, 2026 12:04

szegedi enabled auto-merge (squash) May 13, 2026 12:29

szegedi approved these changes May 13, 2026

View reviewed changes

szegedi merged commit 569aee2 into main May 13, 2026
120 of 122 checks passed

szegedi deleted the dependabot/npm_and_yarn/sinon-22.0.0 branch May 13, 2026 12:29

IlyasShabi mentioned this pull request May 19, 2026

V5.14.2 #331

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps-dev): bump sinon from 21.1.2 to 22.0.0#325

build(deps-dev): bump sinon from 21.1.2 to 22.0.0#325
szegedi merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sinon-22.0.0

dependabot Bot commented on behalf of github May 12, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 12, 2026

Uh oh!

github-actions Bot commented May 12, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

22.0.0

Uh oh!

dependabot Bot commented on behalf of github May 12, 2026

Labels

Uh oh!

github-actions Bot commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Overall package size

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 12, 2026 •

edited

Loading

github-actions Bot commented May 12, 2026 •

edited

Loading