Skip to content

chore(deps): update all non-major dependencies#537

Merged
renovate[bot] merged 1 commit into
mainfrom
renovate/all-minor-patch
Jul 15, 2025
Merged

chore(deps): update all non-major dependencies#537
renovate[bot] merged 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 15, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@rollup/plugin-commonjs (source) ^28.0.3 -> ^28.0.6 age confidence
@rollup/pluginutils (source) ^5.1.4 -> ^5.2.0 age confidence
@types/node (source) ^22.15.30 -> ^22.16.3 age confidence
@vitest/coverage-v8 (source) ^3.2.2 -> ^3.2.4 age confidence
changelogen ^0.6.1 -> ^0.6.2 age confidence
esbuild ^0.25.5 -> ^0.25.6 age confidence
eslint (source) ^9.28.0 -> ^9.31.0 age confidence
eslint-config-unjs ^0.4.2 -> ^0.5.0 age confidence
pkg-types ^2.1.0 -> ^2.2.0 age confidence
pnpm (source) 10.11.1 -> 10.13.1 age confidence
prettier (source) ^3.5.3 -> ^3.6.2 age confidence
rollup (source) ^4.42.0 -> ^4.45.0 age confidence
vitest (source) ^3.2.2 -> ^3.2.4 age confidence

Release Notes

rollup/plugins (@​rollup/plugin-commonjs)

v28.0.6

2025-06-17

Bugfixes
  • fix: fix crash with invalidated proxy modules (#​1876)

v28.0.5

2025-06-14

Bugfixes
  • fix: crawl dynamicRequireRoot outside cwd (#​1859)

v28.0.4

2025-06-14

Bugfixes
  • fix: try/catch instanceof in getAugmentedNamespace (#​1868)
rollup/plugins (@​rollup/pluginutils)

v5.2.0

2025-06-17

Features
  • feat: add exactRegex and prefixRegex (#​1865)
vitest-dev/vitest (@​vitest/coverage-v8)

v3.2.4

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v3.2.3

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
unjs/changelogen (changelogen)

v0.6.2

Compare Source

compare changes

🩹 Fixes
  • cli: Accept hideAuthorEmail arg (#​275)
📖 Documentation
  • Add note about version number interpretation (#​272)
🌊 Types
  • config.types accept boolean value (#​278)
🏡 Chore
❤️ Contributors
evanw/esbuild (esbuild)

v0.25.6

Compare Source

  • Fix a memory leak when cancel() is used on a build context (#​4231)

    Calling rebuild() followed by cancel() in rapid succession could previously leak memory. The bundler uses a producer/consumer model internally, and the resource leak was caused by the consumer being termianted while there were still remaining unreceived results from a producer. To avoid the leak, the consumer now waits for all producers to finish before terminating.

  • Support empty :is() and :where() syntax in CSS (#​4232)

    Previously using these selectors with esbuild would generate a warning. That warning has been removed in this release for these cases.

  • Improve tree-shaking of try statements in dead code (#​4224)

    With this release, esbuild will now remove certain try statements if esbuild considers them to be within dead code (i.e. code that is known to not ever be evaluated). For example:

    // Original code
return 'foo'
try { return 'bar' } catch {}

// Old output (with --minify)
return"foo";try{return"bar"}catch{}

// New output (with --minify)
return"foo";

  • Consider negated bigints to have no side effects

    While esbuild currently considers 1, -1, and 1n to all have no side effects, it didn't previously consider -1n to have no side effects. This is because esbuild does constant folding with numbers but not bigints. However, it meant that unused negative bigint constants were not tree-shaken. With this release, esbuild will now consider these expressions to also be side-effect free:

    // Original code
let a = 1, b = -1, c = 1n, d = -1n

// Old output (with --bundle --minify)
(()=>{var n=-1n;})();

// New output (with --bundle --minify)
(()=>{})();

  • Support a configurable delay in watch mode before rebuilding (#​3476, #​4178)

    The watch() API now takes a delay option that lets you add a delay (in milliseconds) before rebuilding when a change is detected in watch mode. If you use a tool that regenerates multiple source files very slowly, this should make it more likely that esbuild's watch mode won't generate a broken intermediate build before the successful final build. This option is also available via the CLI using the --watch-delay= flag.

    This should also help avoid confusion about the watch() API's options argument. It was previously empty to allow for future API expansion, which caused some people to think that the documentation was missing. It's no longer empty now that the watch() API has an option.

  • Allow mixed array for entryPoints API option (#​4223)

    The TypeScript type definitions now allow you to pass a mixed array of both string literals and object literals to the entryPoints API option, such as ['foo.js', { out: 'lib', in: 'bar.js' }]. This was always possible to do in JavaScript but the TypeScript type definitions were previously too restrictive.

  • Update Go from 1.23.8 to 1.23.10 (#​4204, #​4207)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4673 and CVE-2025-22874) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

  • Experimental support for esbuild on OpenHarmony (#​4212)

    With this release, esbuild now publishes the @esbuild/openharmony-arm64 npm package for OpenHarmony. It contains a WebAssembly binary instead of a native binary because Go doesn't currently support OpenHarmony. Node does support it, however, so in theory esbuild should now work on OpenHarmony through WebAssembly.

    This change was contributed by @​hqzing.

eslint/eslint (eslint)

v9.31.0

Compare Source

v9.30.1

Compare Source

v9.30.0

Compare Source

v9.29.0

Compare Source

unjs/eslint-config (eslint-config-unjs)

v0.5.0

Compare Source

compare changes

📦 Build
  • ⚠️ Update dependencies (9bff5ca)
⚠️ Breaking Changes
  • ⚠️ Update dependencies (9bff5ca)
❤️ Contributors
unjs/pkg-types (pkg-types)

v2.2.0

Compare Source

compare changes

🚀 Enhancements
  • findWorkspaceDir: Add support for Deno workspace detection (#​231)
🏡 Chore
❤️ Contributors

v2.1.1

Compare Source

compare changes

📖 Documentation
🌊 Types
  • packagejson: Autocompletion for script names (#​229)
  • packagejson: Add funding field (#​224)
  • funding field is optional (a82b636)
🏡 Chore
❤️ Contributors
pnpm/pnpm (pnpm)

v10.13.1

Compare Source

Patch Changes
  • Run user defined pnpmfiles after pnpmfiles of plugins.

v10.13.0

Compare Source

Minor Changes

  • Added the possibility to load multiple pnpmfiles. The pnpmfile setting can now accept a list of pnpmfile locations #​9702.

  • pnpm will now automatically load the pnpmfile.cjs file from any config dependency named @pnpm/plugin-* or pnpm-plugin-* #​9729.

    The order in which config dependencies are initialized should not matter — they are initialized in alphabetical order. If a specific order is needed, the paths to the pnpmfile.cjs files in the config dependencies can be explicitly listed using the pnpmfile setting in pnpm-workspace.yaml.

Patch Changes
  • When patching dependencies installed via pkg.pr.new, treat them as Git tarball URLs #​9694.
  • Prevent conflicts between local projects' config and the global config in dangerouslyAllowAllBuilds, onlyBuiltDependencies, onlyBuiltDependenciesFile, and neverBuiltDependencies #​9628.
  • Sort keys in pnpm-workspace.yaml with deep #​9701.
  • The pnpm rebuild command should not add pkgs included in ignoredBuiltDependencies to ignoredBuilds in node_modules/.modules.yaml #​9338.
  • Replaced shell-quote with shlex for quoting command arguments #​9381.

v10.12.4

Compare Source

Patch Changes

v10.12.3

Compare Source

Patch Changes
  • Restore hoisting of optional peer dependencies when installing with an outdated lockfile.
    Regression introduced in v10.12.2 by #​9648; resolves #​9685.

v10.12.2

Compare Source

Patch Changes
  • Fixed hoisting with enableGlobalVirtualStore set to true #​9648.
  • Fix the --help and -h flags not working as expected for the pnpm create command.
  • The dependency package path output by the pnpm licenses list --json command is incorrect.
  • Fix a bug in which pnpm deploy fails due to overridden dependencies having peer dependencies causing ERR_PNPM_OUTDATED_LOCKFILE #​9595.

v10.12.1

Minor Changes

  • Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path).

    In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available.

    This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories.

    To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via:

    pnpm config -g set enable-global-virtual-store true

    NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI.

    Related PR: #​8190

  • The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml.
  • Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #​9425.
  • Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #​9605.
  • Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not.
Patch Changes
  • Sort versions printed by pnpm patch using semantic versioning rules.
  • Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #​9598.
  • Revert #​9574 to fix a regression #​9596.
prettier/prettier (prettier)

v3.6.2

Compare Source

diff

Markdown: Add missing blank line around code block (#​17675 by @​fisker)
<!-- Input -->
1. Some text, and code block below, with newline after code block

   ```yaml
   ---
   foo: bar
   ```

   1. Another
   2. List

<!-- Prettier 3.6.1 -->
1. Some text, and code block below, with newline after code block

   ```yaml
   ---
   foo: bar
   ```
   1. Another
   2. List

<!-- Prettier 3.6.2 -->
1. Some text, and code block below, with newline after code block

   ```yaml
   ---
   foo: bar
   ```

   1. Another
   2. List

v3.6.1

Compare Source

diff

TypeScript: Allow const without initializer (#​17650, #​17654 by @​fisker)
// Input
export const version: string;

// Prettier 3.6.0 (--parser=babel-ts)
SyntaxError: Unexpected token (1:21)
> 1 | export const version: string;
    |                     ^

// Prettier 3.6.0 (--parser=oxc-ts)
SyntaxError: Missing initializer in const declaration (1:14)
> 1 | export const version: string;
    |              ^^^^^^^^^^^^^^^

// Prettier 3.6.1
export const version: string;
Miscellaneous: Avoid closing files multiple times (#​17665 by @​43081j)

When reading a file to infer the interpreter from a shebang, we use the
n-readlines library to read the first line in order to get the shebang.

This library closes files when it reaches EOF, and we later try close the same
files again. We now close files only if n-readlines did not already close
them.

v3.6.0

Compare Source

diff

🔗 Release Notes

rollup/rollup (rollup)

v4.45.0

Compare Source

2025-07-12

Features
  • Improve tree-shaking when both branches of a conditional expression return the same boolean value (#​6000)
  • In environments that support both CJS and ESM, prefer the ESM build of Rollup (#​6005)
Bug Fixes
  • Ensure static blocks do not prevent tree-shaking if they access this (#​6001)
Pull Requests

v4.44.2

Compare Source

2025-07-04

Bug Fixes
  • Correctly handle @__PURE__ annotations after new keyword (#​5998)
  • Generate correct source mapping for closing braces of block statements (#​5999)
Pull Requests

v4.44.1

Compare Source

2025-06-26

Bug Fixes
  • Reinstate maxParallelFileOps limit of 1000 to resolve the issue for some (#​5992)
Pull Requests

v4.44.0

Compare Source

2025-06-19

Features
  • Remove limit on maxParallelFileOps as this could break watch mode with the commonjs plugin (#​5986)
Bug Fixes
  • Provide better source mappings when coarse intermediate maps are used (#​5985)
Pull Requests

v4.43.0

Compare Source

2025-06-11

Features
  • Provide new fs option and this.fs API to replace file system (#​5944)
Pull Requests

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 020d1e0 to c19f953 Compare June 23, 2025 04:47
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 9 times, most recently from 22f9283 to 658c9a2 Compare July 1, 2025 00:10
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from f23d9ee to 9e4082f Compare July 8, 2025 18:32
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 8c97e63 to 472b2e9 Compare July 12, 2025 00:04
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 472b2e9 to e189577 Compare July 12, 2025 07:53
@renovate renovate Bot merged commit 306aa09 into main Jul 15, 2025
2 checks passed
@renovate renovate Bot deleted the renovate/all-minor-patch branch July 15, 2025 01:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants