Skip to content

fix(deps): update all non-major dependencies - autoclosed #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix(deps): update all non-major dependencies - autoclosed #184

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 2, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@babel/types (source) ^7.27.3 -> ^7.28.1 age confidence
@jridgewell/gen-mapping (source) ^0.3.8 -> ^0.3.12 age confidence
@jridgewell/trace-mapping (source) ^0.3.25 -> ^0.3.29 age confidence
@rspack/cli (source) ^1.4.8 -> ^1.4.9 age confidence
@rspack/core (source) ^1.3.12 -> ^1.4.9 age confidence
@swc/core (source) ^1.11.29 -> ^1.13.1 age confidence
@sxzz/eslint-config ^7.0.1 -> ^7.0.6 age confidence
@sxzz/prettier-config ^2.2.1 -> ^2.2.3 age confidence
@sxzz/test-utils ^0.5.6 -> ^0.5.7 age confidence
@types/node (source) ^22.15.23 -> ^22.16.5 age confidence
@vitest/ui (source) ^3.1.4 -> ^3.2.4 age confidence
@vue/reactivity (source) ^3.5.15 -> ^3.5.17 age confidence
bumpp ^10.1.1 -> ^10.2.0 age confidence
esbuild ^0.25.6 -> ^0.25.8 age confidence
eslint (source) ^9.27.0 -> ^9.31.0 age confidence
pnpm (source) 10.11.0 -> 10.13.1 age confidence
prettier (source) ^3.5.3 -> ^3.6.2 age confidence
rolldown (source) 1.0.0-beta.28 -> 1.0.0-beta.29 age confidence
tsdown ^0.12.4 -> ^0.13.0 age confidence
unplugin-oxc ^0.4.4 -> ^0.4.7 age confidence
vite (source) ^7.0.0 -> ^7.0.5 age confidence
vite-plugin-inspect ^11.1.0 -> ^11.3.0 age confidence
vitest (source) ^3.1.4 -> ^3.2.4 age confidence
webpack ^5.99.9 -> ^5.100.2 age confidence
webpack-dev-server ^5.2.1 -> ^5.2.2 age confidence

Release Notes

web-infra-dev/rspack (@​rspack/cli)

v1.4.9

Compare Source

What's Changed

Performance Improvements ⚡
New Features 🎉
Bug Fixes 🐞
Refactor 🔨
Document Updates 📖
Other Changes

Full Changelog: web-infra-dev/rspack@v1.4.8...v1.4.9

swc-project/swc (@​swc/core)

v1.13.1

Compare Source

Bug Fixes
Testing
evanw/esbuild (esbuild)

v0.25.8

Compare Source

  • Fix another TypeScript parsing edge case (#​4248)

    This fixes a regression with a change in the previous release that tries to more accurately parse TypeScript arrow functions inside the ?: operator. The regression specifically involves parsing an arrow function containing a #private identifier inside the middle of a ?: ternary operator inside a class body. This was fixed by propagating private identifier state into the parser clone used to speculatively parse the arrow function body. Here is an example of some affected code:

    class CachedDict {
  #has = (a: string) => dict.has(a);
  has = window
    ? (word: string): boolean => this.#has(word)
    : this.#has;
}

  • Fix a regression with the parsing of source phase imports

    The change in the previous release to parse source phase imports failed to properly handle the following cases:

    import source from 'bar'
import source from from 'bar'
import source type foo from 'bar'

    Parsing for these cases should now be fixed. The first case was incorrectly treated as a syntax error because esbuild was expecting the second case. And the last case was previously allowed but is now forbidden. TypeScript hasn't added this feature yet so it remains to be seen whether the last case will be allowed, but it's safer to disallow it for now. At least Babel doesn't allow the last case when parsing TypeScript, and Babel was involved with the source phase import specification.

v0.25.7

Compare Source

  • Parse and print JavaScript imports with an explicit phase (#​4238)

    This release adds basic syntax support for the defer and source import phases in JavaScript:

    • defer

      This is a stage 3 proposal for an upcoming JavaScript feature that will provide one way to eagerly load but lazily initialize imported modules. The imported module is automatically initialized on first use. Support for this syntax will also be part of the upcoming release of TypeScript 5.9. The syntax looks like this:

      import defer * as foo from "<specifier>";
const bar = await import.defer("<specifier>");

      Note that this feature deliberately cannot be used with the syntax import defer foo from "<specifier>" or import defer { foo } from "<specifier>".

    • source

      This is a stage 3 proposal for an upcoming JavaScript feature that will provide another way to eagerly load but lazily initialize imported modules. The imported module is returned in an uninitialized state. Support for this syntax may or may not be a part of TypeScript 5.9 (see this issue for details). The syntax looks like this:

      import source foo from "<specifier>";
const bar = await import.source("<specifier>");

      Note that this feature deliberately cannot be used with the syntax import defer * as foo from "<specifier>" or import defer { foo } from "<specifier>".

    This change only adds support for this syntax. These imports cannot currently be bundled by esbuild. To use these new features with esbuild's bundler, the imported paths must be external to the bundle and the output format must be set to esm.

  • Support optionally emitting absolute paths instead of relative paths (#​338, #​2082, #​3023)

    This release introduces the --abs-paths= feature which takes a comma-separated list of situations where esbuild should use absolute paths instead of relative paths. There are currently three supported situations: code (comments and string literals), log (log message text and location info), and metafile (the JSON build metadata).

    Using absolute paths instead of relative paths is not the default behavior because it means that the build results are no longer machine-independent (which means builds are no longer reproducible). Absolute paths can be useful when used with certain terminal emulators that allow you to click on absolute paths in the terminal text and/or when esbuild is being automatically invoked from several different directories within the same script.

  • Fix a TypeScript parsing edge case (#​4241)

    This release fixes an edge case with parsing an arrow function in TypeScript with a return type that's in the middle of a ?: ternary operator. For example:

    x = a ? (b) : c => d;
y = a ? (b) : c => d : e;

    The : token in the value assigned to x pairs with the ? token, so it's not the start of a return type annotation. However, the first : token in the value assigned to y is the start of a return type annotation because after parsing the arrow function body, it turns out there's another : token that can be used to pair with the ? token. This case is notable as it's the first TypeScript edge case that esbuild has needed a backtracking parser to parse. It has been addressed by a quick hack (cloning the whole parser) as it's a rare edge case and esbuild doesn't otherwise need a backtracking parser. Hopefully this is sufficient and doesn't cause any issues.

  • Inline small constant strings when minifying

    Previously esbuild's minifier didn't inline string constants because strings can be arbitrarily long, and this isn't necessarily a size win if the string is used more than once. Starting with this release, esbuild will now inline string constants when the length of the string is three code units or less. For example:

    // Original code
const foo = 'foo'
console.log({ [foo]: true })

// Old output (with --minify --bundle --format=esm)
var o="foo";console.log({[o]:!0});

// New output (with --minify --bundle --format=esm)
console.log({foo:!0});

    Note that esbuild's constant inlining only happens in very restrictive scenarios to avoid issues with TDZ handling. This change doesn't change when esbuild's constant inlining happens. It only expands the scope of it to include certain string literals in addition to numeric and boolean literals.

pnpm/pnpm (pnpm)

v10.13.1

Compare Source

Patch Changes
  • Run user defined pnpmfiles after pnpmfiles of plugins.

v10.13.0

Compare Source

Minor Changes

  • Added the possibility to load multiple pnpmfiles. The pnpmfile setting can now accept a list of pnpmfile locations #​9702.

  • pnpm will now automatically load the pnpmfile.cjs file from any config dependency named @pnpm/plugin-* or pnpm-plugin-* #​9729.

    The order in which config dependencies are initialized should not matter — they are initialized in alphabetical order. If a specific order is needed, the paths to the pnpmfile.cjs files in the config dependencies can be explicitly listed using the pnpmfile setting in pnpm-workspace.yaml.

Patch Changes
  • When patching dependencies installed via pkg.pr.new, treat them as Git tarball URLs #​9694.
  • Prevent conflicts between local projects' config and the global config in dangerouslyAllowAllBuilds, onlyBuiltDependencies, onlyBuiltDependenciesFile, and neverBuiltDependencies #​9628.
  • Sort keys in pnpm-workspace.yaml with deep #​9701.
  • The pnpm rebuild command should not add pkgs included in ignoredBuiltDependencies to ignoredBuilds in node_modules/.modules.yaml #​9338.
  • Replaced shell-quote with shlex for quoting command arguments #​9381.

v10.12.4

Compare Source

Patch Changes

v10.12.3

Compare Source

Patch Changes
  • Restore hoisting of optional peer dependencies when installing with an outdated lockfile.
    Regression introduced in v10.12.2 by #​9648; resolves #​9685.

v10.12.2

Compare Source

Patch Changes
  • Fixed hoisting with enableGlobalVirtualStore set to true #​9648.
  • Fix the --help and -h flags not working as expected for the pnpm create command.
  • The dependency package path output by the pnpm licenses list --json command is incorrect.
  • Fix a bug in which pnpm deploy fails due to overridden dependencies having peer dependencies causing ERR_PNPM_OUTDATED_LOCKFILE #​9595.

v10.12.1

Minor Changes

  • Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path).

    In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available.

    This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories.

    To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via:

    pnpm config -g set enable-global-virtual-store true

    NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI.

    Related PR: #​8190

  • The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml.
  • Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #​9425.
  • Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #​9605.
  • Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not.
Patch Changes
  • Sort versions printed by pnpm patch using semantic versioning rules.
  • Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #​9598.
  • Revert #​9574 to fix a regression #​9596.

v10.11.1

Compare Source

Patch Changes
  • Fix an issue in which pnpm deploy --legacy creates unexpected directories when the root package.json has a workspace package as a peer dependency #​9550.
  • Dependencies specified via a URL that redirects will only be locked to the target if it is immutable, fixing a regression when installing from GitHub releases. (#​9531)
  • Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #​9505.
  • Use pnpm_config_ env variables instead of npm_config_ #​9571.
  • Fix a regression (in v10.9.0) causing the --lockfile-only flag on pnpm update to produce a different pnpm-lock.yaml than an update without the flag.
  • Let pnpm deploy work in repos with overrides when inject-workspace-packages=true #​9283.
  • Fixed the problem of path loss caused by parsing URL address. Fixes a regression shipped in pnpm v10.11 via #​9502.
  • pnpm -r --silent run should not print out section #​9563.
rolldown/tsdown (tsdown)

v0.13.0

Compare Source

   🚨 Breaking Changes
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
unplugin/unplugin-oxc (unplugin-oxc)

v0.4.7

Compare Source

   🚀 Features
    View changes on GitHub

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Jun 2, 2025
@bolt-new-by-stackblitz Bolt.new (by StackBlitz)
Copy link

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Jun 2, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/unplugin/unplugin-vue@184

commit: 5e80a1f

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 5595d7c to 6b2f479 Compare June 9, 2025 11:05
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 13 times, most recently from 11c3079 to 1ffb8b3 Compare June 16, 2025 12:33
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from be424bd to c3452af Compare June 17, 2025 19:27
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 15 times, most recently from 9d36c81 to f0c1158 Compare July 15, 2025 17:08
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from f2195a0 to 203764d Compare July 18, 2025 22:43
@socket-security Socket Security
Copy link

socket-security bot commented Jul 18, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedesbuild@​0.25.6 ⏵ 0.25.891 +110071 +194100
Updated@​rspack/​cli@​1.4.8 ⏵ 1.4.999 +11007697100
Updated@​rspack/​core@​1.4.8 ⏵ 1.4.998 +110079 +197 +1100
Updated@​types/​node@​22.16.4 ⏵ 22.16.51001008096100
Updated@​swc/​core@​1.13.0 ⏵ 1.13.19210010097100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 93e1a26 to 2a5a5b8 Compare July 21, 2025 16:56
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 2a5a5b8 to 5e80a1f Compare July 22, 2025 10:33
@renovate renovate bot changed the title fix(deps): update all non-major dependencies fix(deps): update all non-major dependencies - autoclosed Jul 22, 2025
@renovate renovate bot closed this Jul 22, 2025
@renovate renovate bot deleted the renovate/all-minor-patch branch July 22, 2025 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants