fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/vite-plugin (source)	^1.11.0 -> ^1.11.2
@eslint/js (source)	^9.32.0 -> ^9.33.0
@rolldown/pluginutils (source)	1.0.0-beta.30 -> 1.0.0-beta.31
@types/node (source)	^22.17.0 -> ^22.17.1
eslint (source)	^9.32.0 -> ^9.33.0
eslint-plugin-regexp	^2.9.1 -> ^2.10.0
fs-extra	^11.3.0 -> ^11.3.1
rolldown (source)	1.0.0-beta.30 -> 1.0.0-beta.31
tsdown	^0.13.2 -> ^0.14.0
typescript-eslint (source)	^8.38.0 -> ^8.39.0
vite (source)	^7.0.12 -> ^7.1.0
vite (source)	^7.0.6 -> ^7.1.1
wrangler (source)	^4.27.0 -> ^4.28.1

---

Release Notes

cloudflare/workers-sdk (@​cloudflare/vite-plugin)

v1.11.2

Compare Source

Patch Changes

• Updated dependencies [773cca3, 773cca3, 2e8eb24, 93c4c26, 48853a6, 2e8eb24]:
  • [email protected]

v1.11.1

Compare Source

Patch Changes

• #​9993 9901788 Thanks @​jamesopstad! - Fix issue that resulted in A hanging Promise was canceled errors when developing large applications.
  We now handle requests for modules in a Durable Object so that they can be shared across invocations.

  Additionally, using import.meta.hot.send within the context of a request is now supported.

• #​9556 8ba7736 Thanks @​edmundhung! - fix: cross-process service bindings no longer skip static asset serving

• #​10099 360004d Thanks @​emily-shen! - fix: move local dev container cleanup to process exit hook. This should ensure containers are cleaned up even when Wrangler is shut down programatically.

• #​10173 4e62cd8 Thanks @​jamesopstad! - Ensure that headers set via server.headers in the Vite config are added to HTML asset responses in development.

• Updated dependencies [6b9cd5b, b4d1373, 631f26d, d6ecd05, b4d1373, 360004d, e82aa19, dae1377, 8ba7736, 1655bec, 354a001, 5c3b83f, 502a8e0, 07c8611, 7e204a9, 3f83ac1]:

  • @​cloudflare/unenv-preset@​2.6.0
  • [email protected]
  • [email protected]

eslint/eslint (@​eslint/js)

v9.33.0

Compare Source

rolldown/rolldown (@​rolldown/pluginutils)

v1.0.0-beta.31

Compare Source

🚀 Features

• support function for asset_inline_limit (#​5453) by @​AliceLanniste
• hmr: generate initializer for export * from ... (#​5577) by @​hyf0
• hmr: remove meaningless stmt instead of replacing with empty stmt (#​5570) by @​hyf0
• option watch.clearScreen (#​5518) by @​situ2001
• rolldown: oxc v0.80.0 (#​5538) by @​Boshen
• plugin/generateBundle: add support for modifying chunk filename (#​5564) by @​shulaoda
• assetFileNames: support name and originalFileName (#​5555) by @​shulaoda
• add optional onInvalidate schema to validator (#​5528) by @​situ2001
• don't throw resolve errors for dynamic import inside try block (#​5537) by @​shulaoda
• rolldown: oxc v0.79.0 (#​5512) by @​Boshen
• rolldown_plugin_asset: align render_chunk logic (#​5511) by @​shulaoda
• rolldown_plugin_utls: finish render_asset_url_in_js (#​5508) by @​shulaoda
• rolldown_plugin_utils: align replacement logic for __VITE_ASSET__ (#​5507) by @​shulaoda
• rolldown_plugin_utils: add partial render_asset_url_in_js support (#​5504) by @​shulaoda
• expose sourcemapBaseUrl from NormalizedOutputOptions (#​5513) by @​sapphi-red

🐛 Bug Fixes

• modify output filename correctly in generateBundle and writeBundle (#​5580) by @​shulaoda
• hmr: ensure correct runtime behavior for export * from ... (#​5578) by @​hyf0
• hmr: repeated imports should point to the same binding (#​5571) by @​hyf0
• hmr: handle export * from ... (#​5566) by @​hyf0
• rolldown_plugin_web_worker_post: handle import.meta correctly (#​5565) by @​shulaoda
• antd bundle output not correct (#​5549) by @​IWANABETHATGUY
• hmr: module namespace object should be included via treeshaking mechanism normally (#​5543) by @​hyf0
• plugin/vite-resolve: use import / require conditions for external modules resolution (#​5540) by @​sapphi-red
• rolldown_plugin_asset: InvalidAsset#is should match InvalidAsset::True (#​5529) by @​AliceLanniste
• __name lacks require('./chunk-containing-runtime') when format: 'cjs' + keepNames: true (#​5526) by @​IWANABETHATGUY
• plugin/vite-resolve: resolve externalized packages with resolve.externalConditions (#​5491) by @​sapphi-red
• optimization.inlineConst: true does not keep export names when output.minifyInternalExports: true is enabled (#​5520) by @​IWANABETHATGUY
• scanner: identify module.exports.__esModule = true (#​5503) by @​overlookmotel
• error instead of panic if sourcemapBaseUrl is an invalid URL (#​5514) by @​sapphi-red

🚜 Refactor

• hmr: use __rolldown_exports__ as the name for esm module namespace object (#​5579) by @​hyf0
• tests: rename _configName to _testName in configuration files and update variant formatting in snapshots (#​5569) by @​hyf0
• rolldown: remove unnecessary comments (#​5552) by @​situ2001
• rolldown: Remove rolldown_rstr crate and use CompactStr directly (#​5542) by @​Copilot
• hide namespace statement index knowledge inside StmtInfos (#​5545) by @​sapphi-red
• use pascal case when naming bitflags field for ImportRecordMeta (#​5539) by @​IWANABETHATGUY
• use concat_string! to simplify string concatenation (#​5527) by @​IWANABETHATGUY
• use combinator function handle sourcemap_base_url parsing (#​5517) by @​IWANABETHATGUY
• rolldown_plugin_utils: improve to_output_file_path_in_js (#​5505) by @​shulaoda

📚 Documentation

• wording nit (#​5521) by @​nullxone

🧪 Testing

• rust: rename configName to _configName and add comments (#​5568) by @​hyf0
• rust: re-organize rolldown_testing_config (#​5567) by @​hyf0

⚙️ Miscellaneous Tasks

• deps: lock file maintenance npm packages (#​5582) by @​renovate[bot]
• deps: lock file maintenance (#​5581) by @​renovate[bot]
• deps: lock file maintenance rust crates (#​5576) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​5574) by @​renovate[bot]
• deps: update github-actions (#​5573) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to v0.15.1 (#​5572) by @​renovate[bot]
• deps: update dependency tsdown to v0.13.2 (#​5562) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to ^0.15.0 (#​5563) by @​renovate[bot]
• ai: Add AGENTS.md and GitHub Copilot setup workflow (#​5556) by @​Copilot
• deps: update dependency tsdown to v0.13.1 (#​5551) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to v0.14.3 (#​5544) by @​renovate[bot]
• ensure all diagnostics in self.errors have Severity::Error (#​5494) by @​sapphi-red
• vscode: remove code-spell-checker extension (#​5530) by @​shulaoda
• deps: update dependency rolldown-plugin-dts to v0.14.2 (#​5522) by @​renovate[bot]
• add link to the REPL in the reproduction field description (#​5519) by @​sapphi-red
• enable some rollup tests (#​5515) by @​sapphi-red

❤️ New Contributors

• @​Copilot made their first contribution in #​5556
• @​nullxone made their first contribution in #​5521

eslint/eslint (eslint)

v9.33.0

Compare Source

ota-meshi/eslint-plugin-regexp (eslint-plugin-regexp)

v2.10.0

Compare Source

Minor Changes

• refctor: replace indexOf() with strict equality (#​864)

jprichardson/node-fs-extra (fs-extra)

v11.3.1

Compare Source

• Fix case where move/moveSync could incorrectly think files are identical on Windows (#​1050)

rolldown/tsdown (tsdown)

v0.14.0

Compare Source

   🚨 Breaking Changes

• Disable expandDirectories for matching fast-glob's behavior  -  by @​sxzz (8171b)

    View changes on GitHub

v0.13.5

Compare Source

   🐞 Bug Fixes

• Use latest rolldown  -  by @​sxzz (8ae72)

    View changes on GitHub

v0.13.4

Compare Source

   🚀 Features

• Add failOnWarn option  -  by @​Gugustinette in https://github.com/rolldown/tsdown/issues/411 (d7d49)
• Add cjsDefault option  -  by @​sxzz (f503f)

   🐞 Bug Fixes

• Suppress mixed export warnings if cjsDefault is enabled  -  by @​sxzz (3ffa9)

    View changes on GitHub

v0.13.3

Compare Source

   🚨 Minor Breaking Changes

• dts.build option should be enable manually for tsc -b  -  by @​sxzz (13146)

   🚀 Features

• Add logLevel & customLogger option  -  by @​sxzz (724d1)
• Add warnOnce to logger  -  by @​sxzz (eb4fb)
• Allow regex for ignoreWatch  -  by @​sxzz (91f9f)
• Warn user if config includes cjs format  -  by @​Gugustinette and @​sxzz in https://github.com/rolldown/tsdown/issues/403 (bd42e)

   🐞 Bug Fixes

• Resolve ignoreWatch  -  by @​sxzz (d0e31)

    View changes on GitHub

typescript-eslint/typescript-eslint (typescript-eslint)

v8.39.0

Compare Source

🚀 Features

• update to TypeScript 5.9.2 (#​11445)

❤️ Thank You

• Brad Zacher @​bradzacher

You can read about our versioning strategy and releases on our website.

vitejs/rolldown-vite (vite)

v7.1.0

Compare Source

Features

• support files with more than 1000 lines by generateCodeFrame (#​20508) (e7d0b2a)

Bug Fixes

• css: avoid warnings for image-set containing __VITE_ASSET__ (#​20520) (f1a2635)
• css: empty CSS entry points should generate CSS files, not JS files (#​20518) (bac9f3e)
• dev: denied request stalled when requested concurrently (#​20503) (64a52e7)
• manifest: initialize entryCssAssetFileNames as an empty Set (#​20542) (6a46cda)
• skip prepareOutDirPlugin in workers (#​20556) (97d5111)

Miscellaneous Chores

• update JSDoc of experimental.enableNativePlugin option (2008da5)

Code Refactoring

• deprecate esbuild / optimizeDeps.esbuild options (#​355) (4dab15e)

Tests

• detect ts support via process.features (#​20544) (856d3f0)
• fix unimportant errors in test-unit (#​20545) (1f23554)

vitejs/vite (vite)

v7.1.1

Compare Source

Bug Fixes

• deps: update launch-editor-middleware (#​20569) (826b394)

Miscellaneous Chores

• fix changelog beta links (#​20561) (2e0c21a)
• update 7.1 changelog (#​20560) (d8869b8)

v7.1.0

Compare Source

Features

• support files with more than 1000 lines by generateCodeFrame (#​20508) (e7d0b2a)

Bug Fixes

• css: avoid warnings for image-set containing __VITE_ASSET__ (#​20520) (f1a2635)
• css: empty CSS entry points should generate CSS files, not JS files (#​20518) (bac9f3e)
• dev: denied request stalled when requested concurrently (#​20503) (64a52e7)
• manifest: initialize entryCssAssetFileNames as an empty Set (#​20542) (6a46cda)
• skip prepareOutDirPlugin in workers (#​20556) (97d5111)

Tests

• detect ts support via process.features (#​20544) (856d3f0)
• fix unimportant errors in test-unit (#​20545) (1f23554)

cloudflare/workers-sdk (wrangler)

v4.28.1

Compare Source

Patch Changes

• #​10130 773cca3 Thanks @​dario-piotrowicz! - update maybeStartOrUpdateRemoteProxySession config argument (to allow callers to specify an environment)

  Before this change maybeStartOrUpdateRemoteProxySession could be called with either the path to a wrangler config file or the configuration of a worker. The former override however did not allow the caller to specify an environment, so the maybeStartOrUpdateRemoteProxySession API has been updated so that in the wrangler config case an object (with the path and a potential environment) needs to be passed instead.

  For example, before callers could invoke the function in the following way

  await maybeStartOrUpdateRemoteProxySession(configPath);

  note that there is no way to tell the function what environment to use when parsing the wrangle configuration.

  Now callers will instead call the function in the following way:

  await maybeStartOrUpdateRemoteProxySession({
  	path: configPath,
  	environment: targetEnvironment,
  });

  note that now a target environment can be specified.

• #​10130 773cca3 Thanks @​dario-piotrowicz! - fix getPlatformProxy not taking into account the potentially specified environment for remote bindings

• #​10122 2e8eb24 Thanks @​dario-piotrowicz! - fix startWorker not respecting auth options for remote bindings

  fix startWorker currently not taking into account the auth field
  that can be provided as part of the dev options when used in conjunction
  with remote bindings

  example:

  Given the following

  import { unstable_startWorker } from "wrangler";
  
  const worker = await unstable_startWorker({
  	entrypoint: "./worker.js",
  	bindings: {
  		AI: {
  			type: "ai",
  			experimental_remote: true,
  		},
  	},
  	dev: {
  		experimentalRemoteBindings: true,
  		auth: {
  			accountId: "<ACCOUNT_ID>",
  			apiToken: {
  				apiToken: "<API_TOKEN>",
  			},
  		},
  	},
  });
  
  await worker.ready;

  wrangler will now use the provided <ACCOUNT_ID> and <API_TOKEN> to integrate with
  the remote AI binding instead of requiring the user to authenticate.

• #​10209 93c4c26 Thanks @​devin-ai-integration! - fix: strip ANSI escape codes from log files to improve readability and parsing

• #​9774 48853a6 Thanks @​nikitassharma! - Validate container configuration against account limits in wrangler to give early feedback to the user

• #​10122 2e8eb24 Thanks @​dario-piotrowicz! - fix incorrect TypeScript type for AI binding in the startWorker API

v4.28.0

Compare Source

Minor Changes

• #​9530 e82aa19 Thanks @​Akshit222! - Add --json flag to r2 bucket info command for machine-readable output.

Patch Changes

• #​10004 b4d1373 Thanks @​dario-piotrowicz! - fix wrangler dev logs being logged on the incorrect level in some cases

  currently the way wrangler dev prints logs is faulty, for example the following code

  console.error("this is an error");
  console.warn("this is a warning");
  console.debug("this is a debug");

  inside a worker would cause the following logs:

  ✘ [ERROR] this is an error
  
  ✘ [ERROR] this is a warning
  
  this is a debug
  

  (note that the warning is printed as an error and the debug log is printed even if by default it should not)

  the changes here make sure that the logs are instead logged to their correct level, so for the code about the following will be logged instead:

  ✘ [ERROR] this is an error
  
  ▲ [WARNING] this is a warning
  

  (running wrangler dev with the --log-level=debug flag will also cause the debug log to be included as well)

• #​10099 360004d Thanks @​emily-shen! - fix: move local dev container cleanup to process exit hook. This should ensure containers are cleaned up even when Wrangler is shut down programatically.

• #​10186 dae1377 Thanks @​matthewdavidrodgers! - Deleting when Pages project binds to worker requires confirmation

• #​10169 1655bec Thanks @​devin-ai-integration! - fix: report startup errors before workerd profiling

• #​10136 354a001 Thanks @​nikitassharma! - Update wrangler containers images list to make fewer API calls to improve command runtime

• #​10157 5c3b83f Thanks @​devin-ai-integration! - Enforce 64-character limit for Workflow binding names locally to match production validation

• #​10154 502a8e0 Thanks @​devin-ai-integration! - Fix UTF BOM handling in config files - remove UTF-8 BOM and error on other BOMs

• #​10176 07c8611 Thanks @​devin-ai-integration! - Add macOS version validation to prevent EPIPE errors on unsupported macOS versions (below 13.5). Miniflare and C3 fail hard while Wrangler shows warnings but continues execution.

• Updated dependencies [6b9cd5b, 631f26d, d6ecd05, b4d1373, 8ba7736, 07c8611, 7e204a9, 3f83ac1]:

  • @​cloudflare/unenv-preset@​2.6.0
  • [email protected]

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.