Bump @microsoft/rush from 5.109.2 to 5.164.0

[dependabot]

Bumps @microsoft/rush from 5.109.2 to 5.164.0.

Changelog

Sourced from @​microsoft/rush's changelog.

5.164.0

Tue, 16 Dec 2025 21:49:00 GMT

Minor changes

• Hash full shrinkwrap entry to detect sub-dependency resolution changes

Updates

• Fix an issue where ProjectChangeAnalyzer checked the pnpm-lock.yaml file in the default subspace only, when it should consider all subspaces.
• Log a warning if Git-tracked symbolic links are encountered during repo state analysis.
• Add support for defining pnpm catalog config.

5.163.0

Tue, 25 Nov 2025 17:04:05 GMT

Minor changes

• Added the ability to select projects via path, e.g. rush build --to path:./my-project or rush build --only path:/some/absolute/path
• Add project-level parameter ignoring to prevent unnecessary cache invalidation. Projects can now use "parameterNamesToIgnore" in "rush-project.json" to exclude custom command-line parameters that don't affect their operations.

Updates

• Extract CredentialCache API out into "@​rushstack/credential-cache". Reference directly in plugins to avoid pulling in all of "@​rushstack/rush-sdk" unless necessary.
• Add subspaceName to the output of the rush list command

5.162.0

Sat, 18 Oct 2025 00:06:36 GMT

Updates

• Fork npm-check to address npm audit CVE

5.161.0

Fri, 17 Oct 2025 23:22:50 GMT

Updates

• Add an allowOversubscription option to the command definitions in common/config/rush/command-line.json to prevent running tasks from exceeding concurrency.
• Add support for PNPM's minimumReleaseAge setting to help mitigate supply chain attacks
• Enable prerelease version matching in bridge-package command
• Fix an issue where rush add --make-consistent ... may drop the implicitlyPreferredVersions and ensureConsistentVersions properties from common/config/rush/common-versions.json.
• Treat intermittent ignored redis errors as warnings and allow build to continue.

5.160.1

Fri, 03 Oct 2025 22:25:25 GMT

Updates

• Fix an issue with validation of the pnpm-lock.yaml packageExtensionsChecksum field in pnpm v10.

... (truncated)

Commits

• b65048d Bump versions [skip ci]
• 727f45d Update changelogs [skip ci]
• 3ae648c Bump versions [skip ci]
• aeef9b1 Update changelogs [skip ci]
• 0fd5a15 Bump versions [skip ci]
• 3ae0848 Update changelogs [skip ci]
• a963054 Bump versions [skip ci]
• ed45275 Update changelogs [skip ci]
• 79f2434 Bump ESLint (#5408)
• 1f3e785 Bump versions [skip ci]
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
@microsoft/rush	[>= 5.113.a, < 5.114]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[nev21]

@dependabot recreate

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (9a9dec3) to head (495ed34).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #244   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           26        26           
  Lines          458       458           
  Branches       113       113           
=========================================
  Hits           458       458           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.