Skip to content

fix(deps): update all non-major dependencies #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #87

wants to merge 1 commit into from
+935 −883

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 15, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
@sxzz/eslint-config ^7.1.4 -> ^7.2.5 age confidence
@sxzz/test-utils ^0.5.10 -> ^0.5.11 age confidence
@types/node (source) ^22.18.1 -> ^22.18.6 age confidence
esbuild ^0.25.9 -> ^0.25.10 age confidence
eslint (source) ^9.35.0 -> ^9.36.0 age confidence
magic-string ^0.30.18 -> ^0.30.19 age confidence
pnpm (source) 10.15.1 -> 10.17.1 age confidence
rollup (source) ^4.50.1 -> ^4.52.2 age confidence
tsdown ^0.14.2 -> ^0.15.4 age confidence
tsx (source) ^4.20.5 -> ^4.20.6 age confidence
unplugin-oxc ^0.5.1 -> ^0.5.2 age confidence

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v7.2.5

Compare Source

No significant changes

    View changes on GitHub

v7.2.4

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v7.2.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v7.2.2

Compare Source

   🐞 Bug Fixes
  • Disable no-anonymous-default-export for vue/jsx files  -  by @​sxzz (a1e6a)
    View changes on GitHub

v7.2.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v7.2.0

Compare Source

   🚀 Features
    View changes on GitHub
sxzz/test-utils (@​sxzz/test-utils)

v0.5.11

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
evanw/esbuild (esbuild)

v0.25.10

Compare Source

  • Fix a panic in a minification edge case (#​4287)

    This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

    function identity(x) { return x }
identity({ y: identity(123) })

  • Fix @supports nested inside pseudo-element (#​4265)

    When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

    The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

    However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

    /* Original code */
::placeholder {
  color: red;
  body & { color: green }
  @​supports (color: blue) { color: blue }
}

/* Old output (with --supported:nesting=false) */
::placeholder {
  color: red;
}
body :is() {
  color: green;
}
@​supports (color: blue) {
   {
    color: blue;
  }
}

/* New output (with --supported:nesting=false) */
::placeholder {
  color: red;
}
body :is() {
  color: green;
}
@​supports (color: blue) {
  ::placeholder {
    color: blue;
  }
}
eslint/eslint (eslint)

v9.36.0

Compare Source

rich-harris/magic-string (magic-string)

v0.30.19

Compare Source

Bug Fixes
Features
  • replace(All) support replacement for functions when the first parameter is a string (#​304) (fd1d887)
pnpm/pnpm (pnpm)

v10.17.1

Compare Source

Patch Changes
  • When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #​9974.
  • Fix state.json creation path when executing pnpm patch in a workspace project #​9733.
  • When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #​9987.

v10.17.0

Compare Source

Minor Changes

  • The minimumReleaseAgeExclude setting now supports patterns. For instance:

    minimumReleaseAge: 1440
minimumReleaseAgeExclude:
  - "@​eslint/*"

    Related PR: #​9984.

Patch Changes
  • Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #​9978.
  • When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #​9979.

v10.16.1

Compare Source

Patch Changes
  • The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #​9963.
  • Forcibly disable ANSI color codes when generating patch diff #​9914.

v10.16.0

Compare Source

Minor Changes

  • There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

    The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

    If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

    minimumReleaseAgeExclude:
  - webpack

    Related issue: #​9921.

  • Added support for finders #​9946.

    In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:

    pnpm why minimist

    prints the chain of dependencies to any installed instance of minimist:

    verdaccio 5.20.1
├─┬ handlebars 4.7.7
│ └── minimist 1.2.8
└─┬ mv 2.1.1
  └─┬ mkdirp 0.5.6
    └── minimist 1.2.8

    What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

    This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

    Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:

    module.exports = {
  finders: {
    react17: (ctx) => {
      return ctx.readManifest().peerDependencies?.react === "^17.0.0";
    },
  },
};

    Now we can use this finder function by running:

    pnpm why --find-by=react17

    pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
└── graphql-tag 2.12.6

    It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:

    module.exports = {
  finders: {
    react17: (ctx) => {
      const manifest = ctx.readManifest();
      if (manifest.peerDependencies?.react === "^17.0.0") {
        return `license: ${manifest.license}`;
      }
      return false;
    },
  },
};

    Every matched package will also print out the license from its package.json:

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
│   license: MIT
└── graphql-tag 2.12.6
    license: MIT
Patch Changes
  • Fix deprecation warning printed when executing pnpm with Node.js 24 #​9529.
  • Throw an error if nodeVersion is not set to an exact semver version #​9934.
  • pnpm publish should be able to publish a .tar.gz file #​9927.
  • Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #​9626.
rollup/rollup (rollup)

v4.52.2

Compare Source

2025-09-23

Bug Fixes
  • Fix Android build crashing due to failed dlopen (#​6109)
Pull Requests

v4.52.1

Compare Source

2025-09-23

Bug Fixes
  • Opt-out of dynamic import optimization when using top-level await to effectively prevent deadlocks (#​6121)
Pull Requests

v4.52.0

Compare Source

2025-09-19

Features
  • Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#​6087)
  • Add support for x86_64-pc-windows-gnu platform (#​6110)
Pull Requests

v4.51.0

Compare Source

2025-09-19

Features
  • Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#​6108)
Bug Fixes
  • Improve OpenHarmony build to work in more situations (#​6115)
Pull Requests

v4.50.2

Compare Source

2025-09-15

Bug Fixes
  • Resolve an issue where unused destructured array pattern declarations would conflict with included variables (#​6100)
Pull Requests
rolldown/tsdown (tsdown)

v0.15.4

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.15.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.15.2

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.15.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.15.0

Compare Source

   🚨 Breaking Changes
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
privatenumber/tsx (tsx)

v4.20.6

Compare Source

unplugin/unplugin-oxc (unplugin-oxc)

v0.5.2

Compare Source

No significant changes

    View changes on GitHub

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@bolt-new-by-stackblitz Bolt.new (by StackBlitz)
Copy link

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 1d101bf to 3c1af1c Compare September 19, 2025 18:13
@socket-security Socket Security
Copy link

socket-security bot commented Sep 19, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedesbuild@​0.25.9 ⏵ 0.25.10921007391100
Updated@​sxzz/​test-utils@​0.5.10 ⏵ 0.5.1174 +1010079 +294 +1100
Updatedunplugin-oxc@​0.5.1 ⏵ 0.5.279 +9100100 +195100
Updated@​types/​node@​22.18.1 ⏵ 22.18.610010081 +195 +1100
Updatedtsx@​4.20.5 ⏵ 4.20.61001008191 +5100
Updatedmagic-string@​0.30.18 ⏵ 0.30.19100 +1100100 +192100
Updatedeslint@​9.35.0 ⏵ 9.36.097 +110010096100
Updatedrollup@​4.50.1 ⏵ 4.52.29710010099100
Updatedtsdown@​0.14.2 ⏵ 0.15.4100 +3100100 +9100 +5100
Updated@​sxzz/​eslint-config@​7.1.4 ⏵ 7.2.5100 +26100100 +1100 +5100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 32b1438 to bf10a33 Compare September 25, 2025 08:48
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from bf10a33 to f008ba6 Compare September 26, 2025 02:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants