Skip to content

Bump sinon from 21.1.2 to 22.0.0#1019

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sinon-22.0.0
Open

Bump sinon from 21.1.2 to 22.0.0#1019
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sinon-22.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps sinon from 21.1.2 to 22.0.0.

Changelog

Sourced from sinon's changelog.

22.0.0

  • ed911df5 Update Ruby gems (Carl-Erik Kopseng)
  • 75a1e5b8 Update to Node 26 (Carl-Erik Kopseng)
  • 197d6608 Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)
  • c5ddf80b Update [email protected]: includes new Temporal API (Carl-Erik Kopseng)
  • f4ab02f6 Update updatable packages (Carl-Erik Kopseng)
  • 0536afc8 Quality: Global mutable call id can grow unbounded across long-lived processes (#2691) (tuanaiseo)
    • refactor: global mutable call id can grow unbounded across l

    callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

    Affected files: proxy-invoke.js

    Signed-off-by: tuanaiseo [email protected]

    • Wrap around for all values that are too high

    Signed-off-by: tuanaiseo [email protected] Co-authored-by: Carl-Erik Kopseng [email protected]

  • f4f7d93b Perform additional cleanup when calling callThrough() (#2670) (Cyrille)
  • 6199e9e4 improve GitHubworkflows by introducing zizmor for monitoring (#2686) (Till!)
    • fix(workflows): fetch-depth is for actions/checkout
    • chore(workflows): update
    • pin all actions to precise commits
    • avoid credential leakage from actions/checkout
    • group action updates going forward
    • add zimor config to ignore "secrets outside env"
    • add job to keep validating workflows
  • f7476b59 Use path.normalize() for path normalization (Carl-Erik Kopseng)
  • 2c975393 fix: make build and node test scripts cross-platform (laplace young)
  • a7692917 fix: isolate walk state from Object prototype (laplace young)
  • 66df977a Fix sinon.restore() cascade-restoring sub-sandboxes (#2704) (Charlie Leitheiser)

    The ESM port of createApi (#2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

... (truncated)

Commits
  • 52555af 22.0.0
  • ed911df Update Ruby gems
  • 75a1e5b Update to Node 26
  • 197d660 Update documentation on faking timers to reflect the current state of fake-ti...
  • c5ddf80 Update [email protected]: includes new Temporal API
  • f4ab02f Update updatable packages
  • 0536afc Quality: Global mutable call id can grow unbounded across long-lived processe...
  • f4f7d93 Perform additional cleanup when calling callThrough() (#2670)
  • 6199e9e improve GitHubworkflows by introducing zizmor for monitoring (#2686)
  • 1519009 Merge #2703: isolate walk state from Object prototype
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump sinon from 21.1.2 to 22.0.0
6fc7285 
Bumps [sinon](https://github.com/sinonjs/sinon) from 21.1.2 to 22.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](sinonjs/sinon@v21.1.2...v22.0.0)

---
updated-dependencies:
- dependency-name: sinon
  dependency-version: 22.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 12, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 12, 2026 01:31
@dependabot dependabot Bot added the javascript Pull requests that update Javascript code label May 12, 2026
@dependabot dependabot Bot requested review from ikalinin1, valfirst and vkepin and removed request for a team May 12, 2026 01:31
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 12, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.54%. Comparing base (7e2a368) to head (6fc7285).

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #1019   +/-   ##
=========================================
  Coverage     87.54%   87.54%           
  Complexity      273      273           
=========================================
  Files            35       35           
  Lines          1044     1044           
  Branches         72       72           
=========================================
  Hits            914      914           
  Misses          119      119           
  Partials         11       11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valfirst valfirst Awaiting requested review from valfirst valfirst is a code owner automatically assigned from vividus-framework/maintainers

@vkepin vkepin Awaiting requested review from vkepin vkepin is a code owner automatically assigned from vividus-framework/maintainers

@ikalinin1 ikalinin1 Awaiting requested review from ikalinin1 ikalinin1 is a code owner automatically assigned from vividus-framework/maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter