fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@aptre/common	^0.22.13 -> ^0.24.0					devDependencies	minor
actions/cache	v4 -> v5					action	major
actions/checkout	v5.0.0 -> v6.0.1					action	major
actions/setup-go	v6.0.0 -> v6.1.0					action	minor
actions/setup-node	v6.0.0 -> v6.1.0					action	minor
github.com/aperturerobotics/common	v0.22.13 -> v0.24.0					require	minor
github.com/aperturerobotics/controllerbus	ff3f278 -> 10a0463					require	digest
github.com/aperturerobotics/starpc	v0.39.10 -> v0.41.0					require	minor
github.com/klauspost/compress	v1.18.1 -> v1.18.2					require	patch
github.com/pion/webrtc/v4	v4.1.6 -> v4.1.8					require	patch
github.com/quic-go/quic-go	v0.56.0 -> v0.57.1					require	minor
github/codeql-action	v4.31.2 -> v4.31.8					action	patch
prettier (source)	3.6.2 -> 3.7.4					devDependencies	minor
rimraf	6.1.0 -> 6.1.2					devDependencies	patch
starpc	^0.39.0 -> ^0.41.0					dependencies	minor

---

Release Notes

aperturerobotics/common (@​aptre/common)

v0.24.0

Compare Source

v0.23.0

Compare Source

v0.22.14

Compare Source

actions/cache (actions/cache)

v5

Compare Source

actions/checkout (actions/checkout)

v6.0.1

Compare Source

v6.0.0

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

actions/setup-go (actions/setup-go)

v6.1.0

Compare Source

What's Changed

Enhancements

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​nicholasngai in #​665
• Add support for .tool-versions file and update workflow by @​priya-kinthali in #​673
• Add comprehensive breaking changes documentation for v6 by @​mahabaleshwars in #​674

Dependency updates

• Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @​dependabot in #​617
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in #​641
• Upgrade semver and @​types/semver by @​dependabot in #​652

New Contributors

• @​nicholasngai made their first contribution in #​665
• @​priya-kinthali made their first contribution in #​673
• @​mahabaleshwars made their first contribution in #​674

Full Changelog: actions/setup-go@v6...v6.1.0

actions/setup-node (actions/setup-node)

v6.1.0

Compare Source

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in #​1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in #​1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in #​1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in #​1419

Full Changelog: actions/setup-node@v6...v6.1.0

aperturerobotics/starpc (github.com/aperturerobotics/starpc)

v0.41.0

Compare Source

v0.40.1

Compare Source

v0.40.0

Compare Source

klauspost/compress (github.com/klauspost/compress)

v1.18.2

Compare Source

What's Changed

• flate: Fix invalid encoding on level 9 with single value input by @​klauspost in #​1115
• flate: reduce stateless allocations by @​RXamzin in #​1106
• build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 in the github-actions group by @​dependabot[bot] in #​1111

v1.18.1 is marked "retracted" due to invalid flate/zip/gzip encoding.

New Contributors

• @​RXamzin made their first contribution in #​1106

Full Changelog: klauspost/compress@v1.18.1...v1.18.2

pion/webrtc (github.com/pion/webrtc/v4)

v4.1.8

Compare Source

Changelog

• 0936b7d Option to check for fingerprint in DTLS handshake
• 79d7571 Implement deadlines for mux
• 21a8b0a Update module github.com/pion/stun/v3 to v3.0.2 (#​3293)
• 62f6101 Do not invoke OnBufferedAmountLow after close

v4.1.7

Compare Source

Changelog

• f3177f8 Option to ignore rid pause in a=simulcast:recv
• d8e8182 Update module github.com/pion/rtp to v1.8.26 (#​3288)
• c6b288f Add WithDirectPTS option for precise RTP timestamp (#​3287)
• 210cd95 Add CanTrickleICECandidates
• aac830d Update module github.com/pion/ice/v4 to v4.0.13 (#​3285)
• c71cc75 Update module github.com/pion/dtls/v3 to v3.0.8 (#​3284)
• 8242681 Update module github.com/pion/ice/v4 to v4.0.12 (#​3281)
• 4b59cf9 Support advertising ICE trickling (#​3097)
• 71b8a13 Don't drop packets when probing Simulcast
• c457479 Update module github.com/pion/srtp/v3 to v3.0.9 (#​3280)
• 67d948b Update module github.com/pion/sctp to v1.8.41 (#​3279)
• 39210f1 Update module github.com/pion/ice/v4 to v4.0.11 (#​3278)
• ed9f7fa Add an error for sdp unmarshalling error
• 5552def Fix and improve a flaky test (#​3275)
• 418e18c Update actions/checkout action to v6
• e6d249e Added option to configure DTLS Cipher Suites
• d32d5cd Fix a flaky test
• ae65995 Add deterministic NACK/RTX reproduction test (#​3270)
• e710dae Refactor streamsForSSRC to return struct
• 5eb9d49 Fix race in test
• e7e3b36 Consider first packet when reading Simulcast IDs (#​3144)
• 17287fd Fix flaky test TestPeerConnection_Media_Sample
• 27a8f9b Improve trickle-ice example
• a4c8b34 Update module github.com/pion/interceptor to v0.1.42 (#​3266)
• 157d90a Update module github.com/pion/turn/v4 to v4.1.3 (#​3265)
• 87b21be Update module github.com/pion/transport/v3 to v3.1.1 (#​3262)
• 1840a5f Update module github.com/pion/transport/v3 to v3.1.0
• 8b9583c Add whip-whep-like example
• 7354d59 Fix a rare race in peerconnection_go_test
• 8b43c73 Update dependency node to v24 (#​3256)
• c24d2d4 Update module github.com/pion/turn/v4 to v4.1.2 (#​3257)
• 49a4074 Expose stats ID for use in interceptor factories
• 41e0480 Update module github.com/pion/rtp to v1.8.25 (#​3254)
• 69d77e7 Update module github.com/pion/stun/v3 to v3.0.1 (#​3255)
• fe44e78 Improve custom-logger README (#​3253)
• 919c686 Add simple datachannel example with demo.html (#​3252)
• 8f7e057 Improve the data-channels example
• 7d8a700 Fix test race
• 041530f Update CI configs to v0.11.32
• 030bbf1 Update module github.com/pion/rtp to v1.8.24
• 6886103 Update module github.com/pion/rtcp to v1.2.16 (#​3244)

quic-go/quic-go (github.com/quic-go/quic-go)

v0.57.1

Compare Source

This release resolves a panic during the server handshake when using the upcoming Go 1.26 toolchain, specifically occurring with TLS session tickets disabled (#​5462). This issue does not impact builds on Go 1.25 or earlier versions.

v0.57.0

Compare Source

This release reworks the HTTP/3 header processing logic:

• Both client and server now send their respective header size constraints using the SETTINGS_MAX_FIELD_SECTION_SIZE setting: #​5431
• For any QPACK-related errors, the correct error code (QPACK_DECOMPRESSION_FAILED) is now used: #​5439
• QPACK header parsing is now incremental (instead of parsing all headers at once), which is ~5-10% faster and reduces allocations: #​5435 (and quic-go/qpack#67)
• The server now sends a 431 status code (Request Header Fields Too Large) when encountering HTTP header fields exceeding the size constraint: #​5452

 

Breaking Changes

• http3: Transport.MaxResponseBytes is now an int (before: int64): #​5433
   

Notable Fixes

• qlogwriter: fix storing of event schemas (this prevented qlog event logging from working for HTTP/3): #​5430
• http3: errors sending the request are now ignored, instead, the response from the server is read (thereby allowing the client to read the status code, for example): #​5432

What's Changed

• build(deps): bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in #​5426
• qlogwriter: fix storing of event schemas by @​marten-seemann in #​5430
• http3: send SETTINGS_MAX_FIELD_SECTION_SIZE in the SETTINGS frame by @​marten-seemann in #​5431
• http3: read response after encountering error sending the request by @​marten-seemann in #​5432
• http3: make Transport.MaxResponseBytes an int by @​marten-seemann in #​5433
• http3: add a benchmark for header parsing by @​marten-seemann in #​5435
• update qpack to v0.6.0 by @​marten-seemann in #​5434
• http3: use QPACK_DECOMPRESSION_FAILED for QPACK errors by @​marten-seemann in #​5439
• add documentation for Conn.NextConnection by @​marten-seemann in #​5442
• ackhandler: don’t generate an immediate ACK for the first packet by @​marten-seemann in #​5447
• don’t arm connection timer for connection ID retirement by @​marten-seemann in #​5449
• README: add nodepass to list of projects by @​yosebyte in #​5448
• qlogwriter: use synctest to make tests deterministic by @​marten-seemann in #​5454
• http3: limit size of decompressed headers by @​marten-seemann in #​5452

New Contributors

• @​yosebyte made their first contribution in #​5448

Full Changelog: quic-go/quic-go@v0.56.0...v0.57.0

github/codeql-action (github/codeql-action)

v4.31.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #​3354

See the full CHANGELOG.md for more information.

v4.31.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #​3343

See the full CHANGELOG.md for more information.

v4.31.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #​3321

See the full CHANGELOG.md for more information.

v4.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

prettier/prettier (prettier)

v3.7.4

Compare Source

diff

LWC: Avoid quote around interpolations (#​18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>

<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>

<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#​18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;

// Prettier 3.7.3
type Foo = /** comment */ (/** comment */ a | b) | c;

// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#​18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);

// Prettier 3.7.3 (first format)
type X = (A | B) &
  (// comment
  A | B);

// Prettier 3.7.3 (second format)
type X = (
  | A
  | B // comment
) &
  (A | B);

// Prettier 3.7.4
type X = (A | B) &
  // comment
  (A | B);

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

isaacs/rimraf (rimraf)

v6.1.2

Compare Source

v6.1.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​aptre/​common@​0.22.13 ⏵ 0.24.0				+4
	golang/​github.com/​pion/​webrtc/​v4@​v4.1.6 ⏵ v4.1.8	+1
	npm/​starpc@​0.39.10 ⏵ 0.41.0			+1	+2
	npm/​rimraf@​6.1.0 ⏵ 6.1.2				+4
	npm/​prettier@​3.6.2 ⏵ 3.7.4	-8		-3
	golang/​github.com/​klauspost/​compress@​v1.18.1 ⏵ v1.18.2	+1
	golang/​github.com/​aperturerobotics/​controllerbus@​v0.51.4-0.20251113002647-ff3f278bc709 ⏵ v0.51.4-0.20251122005227-10a046324797
	golang/​github.com/​aperturerobotics/​starpc@​v0.39.10 ⏵ v0.41.0	+1
	golang/​github.com/​aperturerobotics/​common@​v0.22.13 ⏵ v0.24.0

View full report

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 14 additional dependencies were updated

Details:

Package	Change
github.com/pion/dtls/v3	v3.0.7 -> v3.0.8
github.com/pion/ice/v4	v4.0.10 -> v4.0.13
github.com/pion/interceptor	v0.1.41 -> v0.1.42
github.com/pion/mdns/v2	v2.0.7 -> v2.1.0
github.com/pion/rtcp	v1.2.15 -> v1.2.16
github.com/pion/rtp	v1.8.23 -> v1.8.26
github.com/pion/sctp	v1.8.40 -> v1.8.41
github.com/pion/srtp/v3	v3.0.8 -> v3.0.9
github.com/pion/stun/v3	v3.0.0 -> v3.0.2
github.com/pion/transport/v3	v3.0.8 -> v3.1.1
github.com/pion/turn/v4	v4.1.1 -> v4.1.3
golang.org/x/net	v0.46.0 -> v0.47.0
golang.org/x/sync	v0.17.0 -> v0.18.0
golang.org/x/tools	v0.38.0 -> v0.39.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 14 additional dependencies were updated

Details:

Package	Change
github.com/pion/dtls/v3	v3.0.7 -> v3.0.8
github.com/pion/ice/v4	v4.0.10 -> v4.0.13
github.com/pion/interceptor	v0.1.41 -> v0.1.42
github.com/pion/mdns/v2	v2.0.7 -> v2.1.0
github.com/pion/rtcp	v1.2.15 -> v1.2.16
github.com/pion/rtp	v1.8.23 -> v1.8.26
github.com/pion/sctp	v1.8.40 -> v1.8.41
github.com/pion/srtp/v3	v3.0.8 -> v3.0.9
github.com/pion/stun/v3	v3.0.0 -> v3.0.2
github.com/pion/transport/v3	v3.0.8 -> v3.1.1
github.com/pion/turn/v4	v4.1.1 -> v4.1.3
golang.org/x/net	v0.46.0 -> v0.47.0
golang.org/x/sync	v0.17.0 -> v0.18.0
golang.org/x/tools	v0.38.0 -> v0.39.0