Skip to content

fix(deps): update all non-major dependencies - autoclosed #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix(deps): update all non-major dependencies - autoclosed #62

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 28, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@sxzz/eslint-config ^7.0.6 -> ^7.1.2 age confidence
@sxzz/test-utils ^0.5.7 -> ^0.5.9 age confidence
@types/node (source) ^22.16.5 -> ^22.17.2 age confidence
bumpp ^10.2.0 -> ^10.2.3 age confidence
esbuild ^0.25.8 -> ^0.25.9 age confidence
eslint (source) ^9.31.0 -> ^9.33.0 age confidence
pnpm (source) 10.13.1 -> 10.14.0 age confidence
rollup (source) ^4.45.1 -> ^4.46.2 age confidence
tsdown ^0.12.9 -> ^0.14.1 age confidence
tsx (source) ^4.20.3 -> ^4.20.4 age confidence
typescript (source) ^5.8.3 -> ^5.9.2 age confidence
unplugin (source) ^2.3.5 -> ^2.3.6 age confidence
vite (source) ^7.0.5 -> ^7.1.2 age confidence
webpack ^5.100.2 -> ^5.101.2 age confidence

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v7.1.2

Compare Source

   🚀 Features
    View changes on GitHub

v7.1.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v7.1.0

Compare Source

   🚀 Features
    View changes on GitHub
sxzz/test-utils (@​sxzz/test-utils)

v0.5.9

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.5.8

Compare Source

   🚀 Features
    View changes on GitHub
antfu-collective/bumpp (bumpp)

v10.2.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.2.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v10.2.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
evanw/esbuild (esbuild)

v0.25.9

Compare Source

  • Better support building projects that use Yarn on Windows (#​3131, #​3663)

    With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

    1. Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive
    2. Some developers put their projects on the D: drive
    3. Yarn generates relative paths that use ../.. to get from the project directory to the cache directory
    4. Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)
    5. I didn't have access to a Windows machine for testing this edge case

    Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.

  • Preserve parentheses around function expressions (#​4252)

    The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

    Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:

    // Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())

// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
  return fn1();
}());

// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
  return fn1();
})());

    Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.

  • Update Go from 1.23.10 to 1.23.12 (#​4257, #​4258)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

eslint/eslint (eslint)

v9.33.0

Compare Source

v9.32.0

Compare Source

pnpm/pnpm (pnpm)

v10.14.0

Compare Source

Minor Changes

  • Added support for JavaScript runtime resolution

    Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

    Usage example:

    {
  "devEngines": {
    "runtime": {
      "name": "node",
      "version": "^24.4.0",
      "onFail": "download" (we only support the "download" value for now)
    }
  }
}

    How it works:

    1. pnpm install resolves your specified range to the latest matching runtime version.
    2. The exact version (and checksum) is saved in the lockfile.
    3. Scripts use the local runtime, ensuring consistency across environments.

    Why this is better:

    1. This new setting supports also Deno and Bun (vs. our Node-only settings useNodeVersion and executionEnv.nodeVersion)
    2. Supports version ranges (not just a fixed version).
    3. The resolved version is stored in the pnpm lockfile, along with an integrity checksum for future validation of the Node.js content's validity.
    4. It can be used on any workspace project (like executionEnv.nodeVersion). So, different projects in a workspace can use different runtimes.
    5. For now devEngines.runtime setting will install the runtime locally, which we will improve in future versions of pnpm by using a shared location on the computer.

    Related PR: #​9755.

  • Add --cpu, --libc, and --os to pnpm install, pnpm add, and pnpm dlx to customize supportedArchitectures via the CLI #​7510.

Patch Changes
  • Fix a bug in which pnpm add downloads packages whose libc differ from pnpm.supportedArchitectures.libc.
  • The integrities of the downloaded Node.js artifacts are verified #​9750.
  • Allow dlx to parse CLI flags and options between the dlx command and the command to run or between the dlx command and -- #​9719.
  • pnpm install --prod should removing hoisted dev dependencies #​9782.
  • Fix an edge case bug causing local tarballs to not re-link into the virtual store. This bug would happen when changing the contents of the tarball without renaming the file and running a filtered install.
  • Fix a bug causing pnpm install to incorrectly assume the lockfile is up to date after changing a local tarball that has peers dependencies.
rollup/rollup (rollup)

v4.46.2

Compare Source

2025-07-29

Bug Fixes
  • Fix in-operator handling for external namespace and when the left side cannot be analyzed (#​6041)
Pull Requests

v4.46.1

Compare Source

2025-07-28

Bug Fixes
  • Do not fail when using the in operator on external namespaces (#​6036)
Pull Requests

v4.46.0

Compare Source

2025-07-27

Features
  • Optimize in checks on namespaces to keep them treeshake-able (#​6029)
Pull Requests

v4.45.3

Compare Source

2025-07-26

Bug Fixes
  • Do not fail build if a const is reassigned but warn instead (#​6020)
  • Fail with a helpful error message if an exported binding is not defined (#​6023)
Pull Requests
rolldown/tsdown (tsdown)

v0.14.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.14.0

Compare Source

   🚨 Breaking Changes
  • Disable expandDirectories for matching fast-glob's behavior  -  by @​sxzz (8171b)
    View changes on GitHub

v0.13.5

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.13.4

Compare Source

   🚀 Features
   🐞 Bug Fixes
  • Suppress mixed export warnings if cjsDefault is enabled  -  by @​sxzz (3ffa9)
    View changes on GitHub

v0.13.3

Compare Source

   🚨 Minor Breaking Changes
  • dts.build option should be enable manually for tsc -b  -  by @​sxzz (13146)
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.13.2

Compare Source

   🚨 Upstream Breaking Changes
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.13.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.13.0

Compare Source

   🚨 Breaking Changes
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
privatenumber/tsx (tsx)

v4.20.4

Compare Source

microsoft/TypeScript (typescript)

v5.9.2

Compare Source

unjs/unplugin (unplugin)

v2.3.6

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
vitejs/vite (vite)

v7.1.2

Compare Source

Bug Fixes
Miscellaneous Chores

v7.1.1

Compare Source

Bug Fixes
Miscellaneous Chores

v7.1.0

Compare Source

Features
  • support files with more than 1000 lines by generateCodeFrame (#​20508) (e7d0b2a)
Bug Fixes
Tests

v7.0.6

Compare Source

Bug Fixes
Miscellaneous Chores
Code Refactoring
webpack/webpack (webpack)

v5.101.2

Compare Source

Fixes
  • Fixed syntax error when comment is on the last line
  • Handle var declaration for createRequire
  • Distinguish free variable and tagged variable

v5.101.1

Compare Source

Fixes
  • Filter deleted assets in processAdditionalAssets hook
  • HMR failure in defer module
  • Emit assets even if invalidation occurs again
  • Export types for serialization and deserialization in plugins and export the ModuleFactory class
  • Fixed the failure export of internal function for ES module chunk format
  • Fixed GetChunkFilename failure caused by dependOn entry
  • Fixed the import of missing dependency chunks
  • Fixed when entry chunk depends on the runtime chunk hash
  • Fixed module.exports bundle to ESM library
  • Adjusted the time of adding a group depending on the fragment of execution time
  • Fixed circle dependencies when require RawModule and condition of isDeferred
  • Tree-shakable module library should align preconditions of allowInlineStartup

v5.101.0

Compare Source

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@bolt-new-by-stackblitz Bolt.new (by StackBlitz)
Copy link

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from 931947c to 80c94e6 Compare August 2, 2025 21:43
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 86f3843 to b3b38e0 Compare August 8, 2025 05:26
@socket-security Socket Security
Copy link

socket-security bot commented Aug 8, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​sxzz/​test-utils@​0.5.7 ⏵ 0.5.972 +110073 +194 +3100
Updated@​sxzz/​eslint-config@​7.0.6 ⏵ 7.1.28110097 +196 +1100
Updatedtypescript@​5.8.3 ⏵ 5.9.2100 +110089 +1100100
Updatedeslint@​9.31.0 ⏵ 9.33.097 +110010094 -1100
Updatedrollup@​4.45.1 ⏵ 4.46.297 +110010098 +1100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 4b189ce to 09a1f1f Compare August 14, 2025 17:28
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 321f922 to 033b5a5 Compare August 16, 2025 13:54
@renovate renovate bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Aug 16, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 033b5a5 to 6d2ee13 Compare August 18, 2025 05:05
@renovate renovate bot changed the title fix(deps): update all non-major dependencies fix(deps): update all non-major dependencies - autoclosed Aug 18, 2025
@renovate renovate bot closed this Aug 18, 2025
@renovate renovate bot deleted the renovate/all-minor-patch branch August 18, 2025 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants