Skip to content

fix(deps): update minor/patch updates#6386

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/minorpatch-updates
May 22, 2026
Merged

fix(deps): update minor/patch updates#6386
renovate[bot] merged 1 commit into
masterfrom
renovate/minorpatch-updates

Conversation

@renovate

@renovate renovate Bot commented May 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@​codemirror/view ^6.42.1^6.43.0 age confidence devDependencies minor
@mermaid-js/mermaid-cli ^11.14.0^11.15.0 age confidence devDependencies minor
@vue/language-server (source) ^3.2.8^3.3.0 age confidence devDependencies minor 3.3.1
aws-actions/configure-aws-credentials v4.0.2v4.3.1 age confidence action minor
axios (source) ^1.16.0^1.16.1 age confidence overrides patch
codecov/codecov-action v6.0.0v6.0.1 age confidence action patch
cross-platform-actions/action v1.0.0v1.1.0 age confidence action minor
eslint (source) ^10.3.0^10.4.0 age confidence devDependencies minor
lint-staged ^17.0.4^17.0.5 age confidence devDependencies patch
mimalloc-safe 0.1.590.1.61 age confidence dependencies patch
napi 3.8.63.9.0 age confidence dependencies patch
napi-build 2.3.12.3.2 age confidence build-dependencies patch
napi-derive 3.5.53.5.6 age confidence dependencies patch
rollup (source) ^4.60.3^4.60.4 age confidence devDependencies patch
swc_common 21.0.121.0.2 age confidence dependencies patch
swc_ecma_ast 23.0.023.0.1 age confidence dependencies patch
swc_ecma_parser 39.0.239.1.0 age confidence dependencies patch
taiki-e/install-action v2.77.6v2.79.1 age confidence action minor v2.79.4 (+2)
typescript-eslint (source) ^8.59.3^8.59.4 age confidence devDependencies patch
vue-tsc (source) ^3.2.8^3.3.0 age confidence devDependencies minor 3.3.1
wasm-pack ^0.13.1^0.15.0 age confidence devDependencies minor

Release Notes

mermaid-js/mermaid-cli (@​mermaid-js/mermaid-cli)

v11.15.0

Compare Source

🚀 Features

🐛 Bug Fixes

🧰 Maintenance

📦 Dependency updates

vuejs/language-tools (@​vue/language-server)

v3.3.0

Compare Source

language-core
  • feat: check required fallthrough attributes (#​6049) - Thanks to @​KazariEX!
  • fix: penetrate v-if branch fragments when collecting single root nodes - Thanks to @​KazariEX!
  • refactor: rename Sfc APIs to IR - Thanks to @​KazariEX!
language-service
  • fix: reuse ASTs for define assignment suggestions - Thanks to @​KazariEX!
  • fix: re-support html.customData (#​5910) - Thanks to @​Bomberus!
  • fix: strip ="" only for plain boolean props completion edits - Thanks to @​KazariEX!
  • fix: reset to default data provider after running with vue data provider - Thanks to @​KazariEX!
typescript-plugin
vscode
  • fix: include extraFileExtensions in tsserver configure request payload (#​6048) - Thanks to @​KazariEX!
  • fix: write typescript plugins at build time (#​6050) - Thanks to @​KazariEX!
  • fix: avoid infinite diagnostics on Vue files when project diagnostics is enabled (#​6051) - Thanks to @​KazariEX!

v3.2.9

Compare Source

language-core
vscode
  • fix: trigger file rename edits when moving folders with Vue files (#​6046) - Thanks to @​KazariEX!
workspace
aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)

v4.3.1

Compare Source

Bug Fixes

v4.3.0

Compare Source

NOTE: This release tag originally pointed to 59b4418, but a critical bug was discovered shortly after publishing. We updated this tag to d0834ad to prevent anyone using the 4.3.0 tag from encountering the bug, and we published 4.3.1 to allow workflows to auto update correctly.

Features
Bug Fixes
  • docs: readme samples versioning (5b3c895)
  • the wrong example region for China partition in README (37fe9a7)
  • properly set proxy environment variable (cbea708)
Miscellaneous Chores

v4.2.1

Compare Source

Bug Fixes
  • ensure explicit inputs take precedence over environment variables (e56e6c4)
  • prioritize explicit inputs over environment variables (df9c8fe)

v4.2.0

Compare Source

Features
  • add Expiration field to Outputs (a4f3267)
  • Document role-duration-seconds range (5a0cf01)
  • support action inputs as environment variables (#​1338) (2c168ad)
Bug Fixes
  • make sure action builds, also fix dependabot autoapprove (c401b8a)
  • role chaning on mulitple runs (#​1340) (9e38641)

v4.1.0

Compare Source

Features
Bug Fixes

v4.0.3

Compare Source

Features
  • added release-please action config (0f88004)
Bug Fixes
Miscellaneous Chores
axios/axios (axios)

v1.16.1

Compare Source

codecov/codecov-action (codecov/codecov-action)

v6.0.1

Compare Source

cross-platform-actions/action (cross-platform-actions/action)

v1.1.0: Cross Platform Action 1.1.0

Compare Source

Added

  • Add support for DragonFly BSD (#​19)

  • Add support for MidnightBSD (#​102)

  • Add support for FreeBSD 14.4 (#​122)

  • Add support for OmniOS r151058

  • New syntax for multiple steps (#​83).
    Instead of invoking the action multiple times it's now possible to use a
    custom shell when running commands:

    jobs:
  custom-shell:
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: cpa.sh {0}

    steps:
      - name: Start VM
        uses: cross-platform-actions/action@master
        with:
          operating_system: freebsd
          architecture: x86-64
          version: '15.0'

      - name: Run command using custom shell
        run: '[ "`uname`" = FreeBSD ]'

    Each custom-shell step automatically synchronizes files in both
    directions: runner-to-vm before the step runs and vm-to-runner after.
    Pass --sync-files DIRECTION after the file argument to change this
    (both (default), none (skip sync), runner-to-vm, or
    vm-to-runner), or use cpa.sh --sync-files standalone to sync on
    demand without running a command:

    - name: Sync files from runner to VM
  run: cpa.sh --sync-files runner-to-vm

  • Reboot mode for rebooting the VM and waiting for it to come back up
    (#​103,
    #​118).
    cpa.sh --reboot issues the reboot and blocks until the VM is reachable
    again:

    - name: Reboot VM
  run: cpa.sh --reboot
Security
  • Bump builders to releases that use immutable releases, providing
    integrity verification for downloaded artifacts
    (#​140)
Deprecated

  • The run input parameter has been deprecated and is now optional. Use the
    custom shell (shell: cpa.sh {0}) in subsequent steps to run commands in
    the virtual machine instead.

  • The shutdown_vm input parameter has been deprecated and will be removed
    in a future release. There is no replacement. When unset, it now defaults
    to true if the run parameter is provided (preserving the legacy
    behavior) and false otherwise (so the VM stays alive across subsequent
    custom-shell steps without needing to specify it).

eslint/eslint (eslint)

v10.4.0

Compare Source

lint-staged/lint-staged (lint-staged)

v17.0.5

Compare Source

Patch Changes
  • #​1792 1f67271 - Correctly set the --max-arg-length default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.
napi-rs/mimalloc-safe (mimalloc-safe)

v0.1.61

Compare Source

Chore
  • Updated the following local packages: libmimalloc-sys2
rollup/rollup (rollup)

v4.60.4

Compare Source

2026-05-14

Bug Fixes
  • Improve stability of chunk hashes (#​6362)
Pull Requests
taiki-e/install-action (taiki-e/install-action)

v2.79.1: 2.79.1

Compare Source

  • Update tombi@latest to 0.11.5.

  • Update cargo-nextest@latest to 0.9.136.

  • Update typos@latest to 1.46.2.

  • Update mise@latest to 2026.5.10.

v2.79.0: 2.79.0

Compare Source

  • Support more host architectures. (#​1841, thanks @​Gelbpunkt)

  • Deprecate mdbook-alerts because the feature now included in mdbook and the repository has been archived. (#​1844)

  • Deprecate iai-callgrind-runner because it has been renamed to gungraun-runner. gungraun-runner is also supported by this action. (#​1844)

v2.78.3: 2.78.3

Compare Source

  • Update zizmor@latest to 1.25.2.

  • Update cargo-zigbuild@latest to 0.22.3. (#​1814, thanks @​simonhollingshead)

  • Update wasm-tools@latest to 1.249.0.

  • Update gungraun-runner@latest to 0.19.0.

v2.78.2: 2.78.2

Compare Source

  • Update wasm-pack@latest to 0.15.0.

  • Update zizmor@latest to 1.25.0.

  • Update mise@latest to 2026.5.9.

  • Update cargo-nextest@latest to 0.9.135.

  • Update cyclonedx@latest to 0.32.0.

  • Update prek@latest to 0.4.0.

v2.78.1: 2.78.1

Compare Source

  • Update mise@latest to 2026.5.7.

  • Diagnostic improvements.

v2.78.0: 2.78.0

Compare Source

  • Support cargo-mutants. (#​1812, thanks @​jakewimmer)

  • Update covgate@latest to 0.2.0.

  • Update cargo-llvm-cov@latest to 0.8.7.

  • Update uv@latest to 0.11.14.

  • Update martin@latest to 1.9.1.

  • Update tombi@latest to 0.11.4.

v2.77.7: 2.77.7

Compare Source

  • Update mise@latest to 2026.5.6.

  • Update cargo-deny@latest to 0.19.6.

typescript-eslint/typescript-eslint (typescript-eslint)

v8.59.4

Compare Source

🩹 Fixes
  • typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#​12340)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

wasm-bindgen/wasm-pack (wasm-pack)

v0.15.0

Compare Source

  • ✨ Features

    • Add wasm64-unknown-unknown target support - audreyt, pull/1553

      Parameterizes the target triple in cargo_build_wasm() and cargo_build_wasm_tests(), extracts --target from extra options, adds --enable-memory64 to wasm-opt args for wasm64 targets, and dynamically constructs the CARGO_TARGET_*_RUNNER env var from the target triple.

    • Add --panic-unwind flag to build and test commands - guybedford, pull/1572

    • Move wasm-pack-template into the repo - guybedford, pull/1573

      Vendors the project template directly into this repository so wasm-pack new no longer depends on a separate external template repo.

  • 🤕 Fixes

    • Replace deprecated binary-install and add release auto-publish - guybedford, pull/1579

      The 0.14.0 npm package shipped with the old drager/wasm-pack release URL and was never republished after the repository moved, so npm install -g wasm-pack failed with a 404. This inlines the install/run logic into npm/binary.js, drops the deprecated binary-install dependency (which pulled in unmaintained rimraf@3, glob@7, inflight, and tar@6), promotes tar to a real dependency, and adds release workflow automation so the npm package no longer requires a manual npm publish.

    • Make init.sh POSIX-compatible and stop mangling $VERSION - guybedford, pull/1578

    • Add trailing newline in package.json - joaofreires, pull/1162

    • Fix dragerwasm-bindgen in URLs - akesling, pull/1571

  • 🛠️ Maintenance

    • Bump follow-redirects from 1.15.11 to 1.16.0 in /npm - [dependabot], pull/1565

    • Bump rustls-webpki from 0.103.9 to 0.103.13 - [dependabot], pull/1570

    • Bump brace-expansion from 1.1.12 to 1.1.14 in /npm - [dependabot], pull/1574

    • Bump tar from 0.4.44 to 0.4.45 - [dependabot], pull/1559

    • Bump time from 0.3.45 to 0.3.47 - [dependabot], pull/1549

    • Bump minimatch from 3.1.2 to 3.1.5 in /npm - [dependabot], pull/1555

  • 📖 Documentation

    • Update documentation and references to the new GitHub repo - [qinyuhang], pull/1567

    • Fix typo in prerequisites documentation - pRizz, pull/1545

v0.14.0

Compare Source

  • ✨ Features

    • Support arbitrary wasm targets (WASI support) - RReverser, pull/1524

      Allows building for targets other than wasm32-unknown-unknown, enabling WASI and other custom wasm targets.

    • macOS ARM (aarch64-apple-darwin) build support - kaleidawave, pull/1529

      Adds native Apple Silicon support in release builds and NPM package.

    • Allow --split-linked-modules flag for wasm-bindgen - codeart1st, pull/1443

    • Custom build profile support - rafaelbeckel, pull/1428

      Allows using custom cargo profiles via --profile.

  • 🤕 Fixes

  • 🛠️ Maintenance

    • Update dependencies to latest versions - [drager], pull/1536

    • Security workflow permissions fixes - [drager]

    • Bump ring from 0.17.8 to 0.17.14 - dependabot, pull/1516

    • Bump brace-expansion from 1.1.11 to 1.1.12 in /npm - dependabot, pull/1515

    • Bump rustls from 0.23.16 to 0.23.18 - dependabot, pull/1451

    • Fix tar vulnerability (CVE-2026-23745) in npm package

      Override tar dependency to ^7.5.3 to fix arbitrary file overwrite and symlink poisoning vulnerability (GHSA-8qq5-rm4j-mr97).

    • Fix axios vulnerabilities in npm package

      Override axios dependency to ^0.30.0 to fix SSRF/credential leakage via absolute URL and XSRF-TOKEN leakage (CSRF) vulnerabilities.

  • 📖 Documentation

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 06:00 PM and 11:59 PM, only on Thursday (* 18-23 * * 4)
    • Between 12:00 AM and 05:59 AM, only on Friday (* 0-5 * * 5)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot enabled auto-merge May 21, 2026 18:54
@vercel

vercel Bot commented May 21, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
rollup Ready Ready Preview, Comment May 22, 2026 6:02am

Request Review

@github-actions

github-actions Bot commented May 21, 2026
edited
Loading

Copy link
Copy Markdown

Thank you for your contribution! ❤️

You can try out this pull request locally by installing Rollup via

npm install rollup/rollup#renovate/minorpatch-updates

Notice: Ensure you have installed the latest nightly Rust toolchain. If you haven't installed it yet, please see https://www.rust-lang.org/tools/install to learn how to download Rustup and install Rust.

or load it into the REPL:
https://rollup-opur3o82u-rollup-js.vercel.app/repl/?pr=6386

@github-actions

github-actions Bot commented May 21, 2026
edited
Loading

Copy link
Copy Markdown

Performance report

  • BUILD: 6967ms, 837 MB
    • initialize: 0ms, 24 MB (+8%)
    • generate module graph: 2489ms, 639 MB
      • generate ast: 1321ms, 627 MB
    • sort and bind modules: 444ms, 705 MB
    • mark included statements: 3996ms, 837 MB
      • treeshaking pass 1: 2248ms (+53ms, +2.4%), 827 MB
      • treeshaking pass 2: 488ms, 844 MB (-3%)
      • treeshaking pass 3: 427ms, 834 MB
      • treeshaking pass 4: 415ms, 820 MB
      • treeshaking pass 5: 412ms, 837 MB
  • GENERATE: 726ms, 905 MB
    • initialize render: 0ms, 837 MB
    • generate chunks: 44ms, 861 MB
      • optimize chunks: 0ms, 853 MB
    • render chunks: 669ms (+21ms, +3.3%), 890 MB (-3%)
    • transform chunks: 22ms, 905 MB
    • generate bundle: 0ms, 905 MB

@codecov

codecov Bot commented May 21, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.78%. Comparing base (6549e96) to head (26a5b1a).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6386   +/-   ##
=======================================
  Coverage   98.78%   98.78%           
=======================================
  Files         274      274           
  Lines       10795    10795           
  Branches     2883     2883           
=======================================
  Hits        10664    10664           
  Misses         89       89           
  Partials       42       42

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate Bot force-pushed the renovate/minorpatch-updates branch from 2912c67 to 26a5b1a Compare May 22, 2026 06:01
@renovate renovate Bot added this pull request to the merge queue May 22, 2026
Merged via the queue into master with commit 6817778 May 22, 2026
49 checks passed
@renovate renovate Bot deleted the renovate/minorpatch-updates branch May 22, 2026 06:42
@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

This PR has been released as part of rollup@4.61.0. You can test it via npm install rollup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants