Skip to content

fix(deps): update all non-major dependencies #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #65

wants to merge 1 commit into from
+875 −836

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 14, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@sxzz/test-utils ^0.5.4 -> ^0.5.5 age adoption passing confidence
@types/node (source) ^22.13.14 -> ^22.15.2 age adoption passing confidence
ast-kit ^1.4.2 -> ^1.4.3 age adoption passing confidence
esbuild ^0.25.2 -> ^0.25.3 age adoption passing confidence
eslint (source) ^9.23.0 -> ^9.25.1 age adoption passing confidence
pnpm (source) 10.7.0 -> 10.9.0 age adoption passing confidence
rollup (source) ^4.38.0 -> ^4.40.0 age adoption passing confidence
tsdown ^0.6.10 -> ^0.9.8 age adoption passing confidence
typescript (source) ^5.8.2 -> ^5.8.3 age adoption passing confidence
unplugin ^2.2.2 -> ^2.3.2 age adoption passing confidence
unplugin-oxc ^0.3.2 -> ^0.3.6 age adoption passing confidence
unplugin-replace ^0.5.1 -> ^0.5.2 age adoption passing confidence
vite (source) ^6.2.4 -> ^6.3.3 age adoption passing confidence
vitest (source) ^3.1.1 -> ^3.1.2 age adoption passing confidence
webpack ^5.98.0 -> ^5.99.7 age adoption passing confidence

Release Notes

sxzz/test-utils (@​sxzz/test-utils)

v0.5.5

Compare Source

   🚀 Features
    View changes on GitHub
sxzz/ast-kit (ast-kit)

v1.4.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
evanw/esbuild (esbuild)

v0.25.3

Compare Source

  • Fix lowered async arrow functions before super() (#​4141, #​4142)

    This change makes it possible to call an async arrow function in a constructor before calling super() when targeting environments without async support, as long as the function body doesn't reference this. Here's an example (notice the change from this to null):

    // Original code
class Foo extends Object {
  constructor() {
    (async () => await foo())()
    super()
  }
}

// Old output (with --target=es2016)
class Foo extends Object {
  constructor() {
    (() => __async(this, null, function* () {
      return yield foo();
    }))();
    super();
  }
}

// New output (with --target=es2016)
class Foo extends Object {
  constructor() {
    (() => __async(null, null, function* () {
      return yield foo();
    }))();
    super();
  }
}

    Some background: Arrow functions with the async keyword are transformed into generator functions for older language targets such as --target=es2016. Since arrow functions capture this, the generated code forwards this into the body of the generator function. However, JavaScript class syntax forbids using this in a constructor before calling super(), and this forwarding was problematic since previously happened even when the function body doesn't use this. Starting with this release, esbuild will now only forward this if it's used within the function body.

    This fix was contributed by @​magic-akari.

  • Fix memory leak with --watch=true (#​4131, #​4132)

    This release fixes a memory leak with esbuild when --watch=true is used instead of --watch. Previously using --watch=true caused esbuild to continue to use more and more memory for every rebuild, but --watch=true should now behave like --watch and not leak memory.

    This bug happened because esbuild disables the garbage collector when it's not run as a long-lived process for extra speed, but esbuild's checks for which arguments cause esbuild to be a long-lived process weren't updated for the new --watch=true style of boolean command-line flags. This has been an issue since this boolean flag syntax was added in version 0.14.24 in 2022. These checks are unfortunately separate from the regular argument parser because of how esbuild's internals are organized (the command-line interface is exposed as a separate Go API so you can build your own custom esbuild CLI).

    This fix was contributed by @​mxschmitt.

  • More concise output for repeated legal comments (#​4139)

    Some libraries have many files and also use the same legal comment text in all files. Previously esbuild would copy each legal comment to the output file. Starting with this release, legal comments duplicated across separate files will now be grouped in the output file by unique comment content.

  • Allow a custom host with the development server (#​4110)

    With this release, you can now use a custom non-IP host with esbuild's local development server (either with --serve= for the CLI or with the serve() call for the API). This was previously possible, but was intentionally broken in version 0.25.0 to fix a security issue. This change adds the functionality back except that it's now opt-in and only for a single domain name that you provide.

    For example, if you add a mapping in your /etc/hosts file from local.example.com to 127.0.0.1 and then use esbuild --serve=local.example.com:8000, you will now be able to visit http://local.example.com:8000/ in your browser and successfully connect to esbuild's development server (doing that would previously have been blocked by the browser). This should also work with HTTPS if it's enabled (see esbuild's documentation for how to do that).

  • Add a limit to CSS nesting expansion (#​4114)

    With this release, esbuild will now fail with an error if there is too much CSS nesting expansion. This can happen when nested CSS is converted to CSS without nesting for older browsers as expanding CSS nesting is inherently exponential due to the resulting combinatorial explosion. The expansion limit is currently hard-coded and cannot be changed, but is extremely unlikely to trigger for real code. It exists to prevent esbuild from using too much time and/or memory. Here's an example:

    a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{color:red}}}}}}}}}}}}}}}}}}}}

    Previously, transforming this file with --target=safari1 took 5 seconds and generated 40mb of CSS. Trying to do that will now generate the following error instead:

    ✘ [ERROR] CSS nesting is causing too much expansion

    example.css:1:60:
      1 │ a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{color:red}}}}}}}}}}}}}}}}}}}}
        ╵                                                             ^

  CSS nesting expansion was terminated because a rule was generated with 65536 selectors. This limit
  exists to prevent esbuild from using too much time and/or memory. Please change your CSS to use
  fewer levels of nesting.

  • Fix path resolution edge case (#​4144)

    This fixes an edge case where esbuild's path resolution algorithm could deviate from node's path resolution algorithm. It involves a confusing situation where a directory shares the same file name as a file (but without the file extension). See the linked issue for specific details. This appears to be a case where esbuild is correctly following node's published resolution algorithm but where node itself is doing something different. Specifically the step LOAD_AS_FILE appears to be skipped when the input ends with ... This release changes esbuild's behavior for this edge case to match node's behavior.

  • Update Go from 1.23.7 to 1.23.8 (#​4133, #​4134)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses, such as for CVE-2025-22871.

    As a reminder, esbuild's development server is intended for development, not for production, so I do not consider most networking-related vulnerabilities in Go to be vulnerabilities in esbuild. Please do not use esbuild's development server in production.

eslint/eslint (eslint)

v9.25.1

Compare Source

v9.25.0

Compare Source

v9.24.0

Compare Source

pnpm/pnpm (pnpm)

v10.9.0

Compare Source

Minor Changes

  • Added support for installing JSR packages. You can now install JSR packages using the following syntax:

    pnpm add jsr:<pkg_name>

    or with a version range:

    pnpm add jsr:<pkg_name>@&#8203;<range>

    For example, running:

    pnpm add jsr:@&#8203;foo/bar

    will add the following entry to your package.json:

    {
  "dependencies": {
    "@&#8203;foo/bar": "jsr:^0.1.2"
  }
}

    When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:

    {
  "dependencies": {
    "@&#8203;foo/bar": "npm:@&#8203;jsr/foo__bar@^0.1.2"
  }
}

    Related issue: #​8941.

    Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined.

  • Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml:

    neverBuiltDependencies: []

    dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via:

    pnpm config set dangerouslyAllowAllBuilds true

    It can also be set when running a command:

    pnpm install --dangerously-allow-all-builds
Patch Changes
  • Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #​9424.
  • Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning.

v10.8.1

Compare Source

Patch Changes
  • Removed bright white highlighting, which didn't look good on some light themes #​9389.
  • If there is no pnpm related configuration in package.json, onlyBuiltDependencies will be written to pnpm-workspace.yaml file #​9404.

v10.8.0

Compare Source

Minor Changes

  • Experimental. A new hook is supported for updating configuration settings. The hook can be provided via .pnpmfile.cjs. For example:

    module.exports = {
  hooks: {
    updateConfig: (config) => ({
      ...config,
      nodeLinker: "hoisted",
    }),
  },
};

  • Now you can use the pnpm add command with the --config flag to install new configurational dependencies #​9377.

Patch Changes
  • Do not hang indefinitely, when there is a glob that starts with !/ in pnpm-workspace.yaml. This fixes a regression introduced by #​9169.
  • pnpm audit --fix should update the overrides in pnpm-workspace.yaml.
  • pnpm link should update overrides in pnpm-workspace.yaml, not in package.json #​9365.

v10.7.1: pnpm 10.7.1

Compare Source

Patch Changes

  • pnpm config set should convert the settings to their correct type before adding them to pnpm-workspace.yaml #​9355.
  • pnpm config get should read auth related settings via npm CLI #​9345.
  • Replace leading ~/ in a path in .npmrc with the home directory #​9217.

Platinum Sponsors

Bit Bit Syntax

Gold Sponsors

Discord u|screen
JetBrains Nx
CodeRabbit Route4Me
Workleap Stackblitz
rollup/rollup (rollup)

v4.40.0

Compare Source

2025-04-12

Features
  • Only show eval warnings on first render and only when the call is not tree-shaken (#​5892)
  • Tree-shake non-included dynamic import members when the handler just maps to one named export (#​5898)
Bug Fixes
  • Consider dynamic imports nested within top-level-awaited dynamic import expressions to be awaited as well (#​5900)
  • Fix namespace rendering when tree-shaking is disabled (#​5908)
  • When using multiple transform hook filters, all of them need to be satisfied together (#​5909)
Pull Requests

v4.39.0

Compare Source

2025-04-02

Features
  • Do not create separate facade chunks if a chunk would contain several entry modules that allow export extension if there are no export name conflicts (#​5891)
Bug Fixes
  • Mark the id property as optional in the filter for the resolveId hook (#​5896)
Pull Requests
rolldown/tsdown (tsdown)

v0.9.8

Compare Source

   🚀 Features
    View changes on GitHub

v0.9.7

Compare Source

   🚀 Features
   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v0.9.6

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.9.5

Compare Source

   🚀 Features
    View changes on GitHub

v0.9.4

Compare Source

   🚀 Features
    View changes on GitHub

v0.9.3

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.9.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.9.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.9.0

Compare Source

   🚨 Breaking Changes
  • Rename dts.isolatedDeclaration to dts.isolatedDeclarations  -  by @​sxzz (afc8e)
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.8.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.8.0

Compare Source

   🚀 Features
    View changes on GitHub

v0.7.5

Compare Source

No significant changes

    View changes on GitHub

v0.7.4

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.7.3

Compare Source

No significant changes

    View changes on GitHub

v0.7.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.7.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.7.0

Compare Source

   🚨 Breaking Changes
   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub
microsoft/TypeScript (typescript)

v5.8.3

Compare Source

unjs/unplugin (unplugin)

v2.3.2

Compare Source

   🐞 Bug Fixes
  • Update minimum rollup version requirement for native filter support  -  by @​sxzz (a0e08)
    View changes on GitHub
unplugin/unplugin-oxc (unplugin-oxc)

v0.3.6

Compare Source

   🚀 Features
    View changes on GitHub

v0.3.5

Compare Source

   🚀 Features
    View changes on GitHub

v0.3.4

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.3.3

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
unplugin/unplugin-replace (unplugin-replace)

v0.5.2

Compare Source

   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub
vitejs/vite (vite)

v6.3.3

Compare Source

v6.3.2

Compare Source

v6.3.1

Compare Source

v6.3.0

Compare Source

  • fix(hmr): avoid infinite loop happening with hot.invalidate in circular deps (#​19870) (d4ee5e8), closes #​19870
  • fix(preview): use host url to open browser (#​19836) (5003434), closes [#​19836](https:/

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@stackblitz StackBlitz
Copy link

stackblitz bot commented Apr 14, 2025

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@socket-security Socket Security
Copy link

socket-security bot commented Apr 14, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedesbuild@​0.25.2 ⏵ 0.25.3911007194100
Updated@​sxzz/​test-utils@​0.5.4 ⏵ 0.5.573 +110074 +194100
Updatedunplugin-replace@​0.5.1 ⏵ 0.5.274 +11009987100
Updatedunplugin-oxc@​0.3.2 ⏵ 0.3.675 +2100100 +194 +1100
Updatedvitest@​3.1.1 ⏵ 3.1.2971007799100
Updated@​types/​node@​22.13.14 ⏵ 22.15.2100 +110080 +196100
Updatedvite@​6.2.6 ⏵ 6.3.3951008199100
Updatedast-kit@​1.4.2 ⏵ 1.4.3100 +110082 +190 +6100
Updatedunplugin@​2.3.1 ⏵ 2.3.210010082 +194100
Updatedtsdown@​0.6.10 ⏵ 0.9.886 +110086 +196 +1100
Updatedtypescript@​5.8.2 ⏵ 5.8.310010089100100
Updatedeslint@​9.23.0 ⏵ 9.25.197 +110010096100
Updatedwebpack@​5.98.0 ⏵ 5.99.79610010097100
Updatedrollup@​4.38.0 ⏵ 4.40.097 +110010098100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 12 times, most recently from ff1ced0 to 7fa35c0 Compare April 20, 2025 06:41
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from 4ebe365 to 203bb4a Compare April 25, 2025 17:39
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 203bb4a to 9813ae9 Compare April 26, 2025 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants