fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/core (source)	^7.26.0 -> ^7.26.7
@types/node (source)	^22.10.7 -> ^22.10.10
eslint (source)	^9.18.0 -> ^9.19.0
tsup (source)	^8.3.5 -> ^8.3.6
vite (source)	^6.0.8 -> ^6.0.11
vitest (source)	^3.0.2 -> ^3.0.4

---

Release Notes

babel/babel (@​babel/core)

v7.26.7

Compare Source

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #​17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #​17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #​17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #​17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #​17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #​17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

eslint/eslint (eslint)

v9.19.0

Compare Source

egoist/tsup (tsup)

v8.3.6

Compare Source

   🐞 Bug Fixes

• Don't await sub-process of onSuccess  -  by @​laat in https://github.com/egoist/tsup/issues/1256 (314a6)

    View changes on GitHub

vitejs/vite (vite)

v6.0.11

Compare Source

• fix: preview.allowedHosts with specific values was not respected (#​19246) (aeb3ec8), closes #​19246
• fix: allow CORS from loopback addresses by default (#​19249) (3d03899), closes #​19249

v6.0.10

Compare Source

• fix: try parse server.origin URL (#​19241) (2495022), closes #​19241

v6.0.9

Compare Source

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

vitest-dev/vitest (vitest)

v3.0.4

Compare Source

   🐞 Bug Fixes

• Filter projects eagerly during config resolution  -  by @​sheremet-va and @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7313 (dff44)
• Apply development|production condition on Vites 6 by @​hi-ogawa and @​sheremet-va (#​7301) (ef146)
• browser: Restrict served files from /__screenshot-error  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7340 (ed9ae)
• deps: Update all non-major dependencies  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7297 (38ea8)
• runner: Timeout long sync hook  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7289 (c60ee)
• typechecking: Support typechecking parsing with Vite 6  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7335 (bff70)
• types: Fix public types  -  by @​mrginglymus and @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7328 (ce6af)

    View changes on GitHub

v3.0.3

Compare Source

   🐞 Bug Fixes

• browser:
  • Don't throw a validation error if v8 coverage is used with filtered instances  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7306 (fa463)
  • Don't fail when running --browser.headless if the browser projest is part of the workspace  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7311 (e43a8)

   🏎 Performance

• reporters: Update summary only when needed  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7291 (7f36b)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/core@7.26.7 🔁 npm/@babel/core@7.26.0	Transitive: shell	+38	11.4 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@types/node@22.10.10 🔁 npm/@types/node@22.10.7	None	+1	2.37 MB	types
npm/eslint@9.19.0 🔁 npm/eslint@9.18.0	Transitive: eval, filesystem, shell, unsafe	+84	10.7 MB	eslintbot, openjsfoundation
npm/tsup@8.3.6 🔁 npm/tsup@8.3.5	Transitive: environment, network, shell, unsafe	+76	10.1 MB	egoist
npm/vite@6.0.11 🔁 npm/vite@6.0.8	Transitive: environment, filesystem, network, shell	+7	6 MB	antfu, patak, soda, ...2 more
npm/vitest@3.0.4 🔁 npm/vitest@3.0.2	Transitive: environment, filesystem, shell, unsafe	+31	3.83 MB	antfu, oreanno, patak, ...1 more

View full report↗︎