fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sxzz/eslint-config	^4.5.1 -> ^4.6.0
@sxzz/prettier-config	^2.0.2 -> ^2.1.1
@sxzz/test-utils	^0.3.11 -> ^0.4.0
@types/node (source)	^22.10.2 -> ^22.12.0
bumpp	^9.9.2 -> ^9.11.1
eslint (source)	^9.17.0 -> ^9.19.0
fast-glob	^3.3.2 -> ^3.3.3
lightningcss	^1.28.2 -> ^1.29.1
pnpm (source)	9.15.1 -> 9.15.4
rollup (source)	^4.29.1 -> ^4.32.1
tsup (source)	^8.3.5 -> ^8.3.6
typescript (source)	^5.7.2 -> ^5.7.3
unplugin	^2.1.0 -> ^2.1.2
vite (source)	^6.0.6 -> ^6.0.11

---

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v4.6.0

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/116 (bbf24)
  • Update all non-major dependencies  -  by @​sxzz in https://github.com/sxzz/eslint-config/issues/117 (df2d8)

    View changes on GitHub

sxzz/prettier-config (@​sxzz/prettier-config)

v2.1.1

Compare Source

v2.1.0

Compare Source

sxzz/test-utils (@​sxzz/test-utils)

v0.4.0

Compare Source

   🚀 Features

• Can pass expect function  -  by @​sxzz (44978)
• testFixtures: Support concurrent mode  -  by @​sxzz (79c84)

    View changes on GitHub

v0.3.12

Compare Source

   🚀 Features

• Support vitest 3  -  by @​sxzz (aca06)

   🐞 Bug Fixes

• deps: Update all non-major dependencies  -  in https://github.com/sxzz/test-utils/issues/20 (81abe)

    View changes on GitHub

antfu-collective/bumpp (bumpp)

v9.11.1

Compare Source

   🚀 Features

• Cjs path  -  by @​antfu (5b238)

    View changes on GitHub

v9.11.0

Compare Source

   🚀 Features

• Inferring the semver version according to Conventional Commit  -  by @​northword in https://github.com/antfu-collective/bumpp/issues/71 (7d044)

    View changes on GitHub

v9.10.2

Compare Source

   🐞 Bug Fixes

• Version update issue  -  by @​Blithe-Chiang and jiangzs in https://github.com/antfu-collective/bumpp/issues/70 (8f082)

    View changes on GitHub

v9.10.1

Compare Source

   🚀 Features

• More colors for semantic commit tags  -  by @​antfu (40b4e)

    View changes on GitHub

v9.10.0

Compare Source

   🚀 Features

• Support --install flag  -  by @​antfu (96a47)

    View changes on GitHub

v9.9.3

Compare Source

   🐞 Bug Fixes

• Throw on exec error, fix #​67  -  by @​antfu in https://github.com/antfu-collective/bumpp/issues/67 (52816)

    View changes on GitHub

eslint/eslint (eslint)

v9.19.0

Compare Source

v9.18.0

Compare Source

mrmlnc/fast-glob (fast-glob)

v3.3.3

Compare Source

Full Changelog: mrmlnc/fast-glob@3.3.2...3.3.3

💬 Common

• Refer to [email protected] to avoid annoying npm audit spam (#​443, #​444, #​454, #​456, #​457, #​461)

🐛 Bug fixes

• Apply absolute negative patterns to full path instead of file path (#​441, thanks @​webpro)

parcel-bundler/lightningcss (lightningcss)

v1.29.1

Compare Source

v1.29.0

Compare Source

Added

• Implement view transitions level 2, including the @view-transition rule, view-transition-class and view-transition-group properties, and class selector features of the view transition pseudo elements. This enables CSS module scoping and better minification when using these features. – #​885
• Support parsing the @font-feature-values rule – #​840
• Add a feature flag to explicitly enable or disable transpiling the light-dark() function – parcel-bundler/lightningcss@3043896

Fixed

• Compile media query range syntax with boolean logic instead of fractional pixels. Fixes issues with rounding certain values. – parcel-bundler/lightningcss@7f29035
• Fix parsing the list-style shorthand property – parcel-bundler/lightningcss@97891d8
• Fix hashing of :nth-child(an + b of X) selectors in CSS modules – parcel-bundler/lightningcss@ed9e659
• Update napi-rs to fix issue with \0 characters in filenames – parcel-bundler/lightningcss@43707c3
• Fix CustomAtRule.loc TypeScript type – #​876
• Call StyleSheet / StyleSheetExit / Rule.custom.* in visitors passed to composeVisitors – #​875
• Update browser compat data – parcel-bundler/lightningcss@cdbf0d4

pnpm/pnpm (pnpm)

v9.15.4: pnpm 9.15.4

Compare Source

Patch Changes

• Ensure that recursive pnpm update --latest <pkg> updates only the specified package, with dedupe-peer-dependents=true.

Platinum Sponsors

Gold Sponsors

v9.15.3

Compare Source

v9.15.2: pnpm 9.15.2

Compare Source

Patch Changes

• Fixed publish/pack error with workspace dependencies with relative paths #​8904. It was broken in v9.4.0 (398472c).
• Use double quotes in the command suggestion by pnpm patch on Windows #​7546.
• Do not fall back to SSH, when resolving a git-hosted package if git ls-remote works via HTTPS #​8906.
• Improve how packages with blocked lifecycle scripts are reported during installation. Always print the list of ignored scripts at the end of the output. Include a hint about how to allow the execution of those packages.

Platinum Sponsors

Gold Sponsors

rollup/rollup (rollup)

v4.32.1

Compare Source

2025-01-28

Bug Fixes

• Fix possible crash when optimizing logical expressions (#​5804)

Pull Requests

• #​5804: fix: set hasDeoptimizedCache to true as early as possible (@​TrickyPi)
• #​5813: Fix typo (@​kantuni)

v4.32.0

Compare Source

2025-01-24

Features

• Add watch.onInvalidate option to trigger actions immediately when a file is changed (#​5799)

Bug Fixes

• Fix incorrect urls in CLI warnings (#​5809)

Pull Requests

• #​5799: Feature/watch on invalidate (@​drebrez, @​lukastaegert)
• #​5808: chore(deps): update dependency vite to v6.0.9 [security] (@​renovate[bot])
• #​5809: fix: avoid duplicate rollupjs.org prefix (@​GauBen, @​lukastaegert)
• #​5810: chore(deps): update dependency @​shikijs/vitepress-twoslash to v2 (@​renovate[bot])
• #​5811: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.31.0

Compare Source

2025-01-19

Features

• Do not immediately quit when trying to use watch mode from within non-TTY environments (#​5803)

Bug Fixes

• Handle files with more than one UTF-8 BOM header (#​5806)

Pull Requests

• #​5792: fix(deps): update rust crate swc_compiler_base to v8 (@​renovate[bot])
• #​5793: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5794: chore(deps): lock file maintenance (@​renovate[bot])
• #​5801: chore(deps): update dependency eslint-config-prettier to v10 (@​renovate[bot])
• #​5802: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5803: Support watch mode in yarn, gradle and containers (@​lukastaegert)
• #​5806: fix: strip all BOMs (@​TrickyPi)

v4.30.1

Compare Source

2025-01-07

Bug Fixes

• Prevent invalid code when simplifying unary expressions in switch cases (#​5786)

Pull Requests

• #​5786: fix: consider that literals cannot following switch case. (@​TrickyPi)

v4.30.0

Compare Source

2025-01-06

Features

• Inline values of resolvable unary expressions for improved tree-shaking (#​5775)

Pull Requests

• #​5775: feat: enhance the treehshaking for unary expression (@​TrickyPi)
• #​5783: Improve CI caching for node_modules (@​lukastaegert)

v4.29.2

Compare Source

2025-01-05

Bug Fixes

• Keep import attributes when using dynamic ESM import() expressions from CommonJS (#​5781)

Pull Requests

• #​5772: Improve caching on CI (@​lukastaegert)
• #​5773: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5780: feat: use picocolors instead of colorette (@​re-taro)
• #​5781: fix: keep import attributes for cjs format (@​TrickyPi)

egoist/tsup (tsup)

v8.3.6

Compare Source

   🐞 Bug Fixes

• Don't await sub-process of onSuccess  -  by @​laat in https://github.com/egoist/tsup/issues/1256 (314a6)

    View changes on GitHub

microsoft/TypeScript (typescript)

v5.7.3

Compare Source

unjs/unplugin (unplugin)

v2.1.2

Compare Source

   🐞 Bug Fixes

• esbuild: Fix again 9f85a26  -  by @​sxzz (4abab)

    View changes on GitHub

v2.1.1

Compare Source

   🐞 Bug Fixes

• esbuild: Pass original build for custom esbuild setup  -  by @​sxzz (9f85a)

    View changes on GitHub

vitejs/vite (vite)

v6.0.11

Compare Source

• fix: preview.allowedHosts with specific values was not respected (#​19246) (aeb3ec8), closes #​19246
• fix: allow CORS from loopback addresses by default (#​19249) (3d03899), closes #​19249

v6.0.10

Compare Source

• fix: try parse server.origin URL (#​19241) (2495022), closes #​19241

v6.0.9

Compare Source

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

v6.0.8

Compare Source

• fix: avoid SSR HMR for HTML files (#​19193) (3bd55bc), closes #​19193
• fix: build time display 7m 60s (#​19108) (cf0d2c8), closes #​19108
• fix: don't resolve URL starting with double slash (#​19059) (35942cd), closes #​19059
• fix: ensure server.close() only called once (#​19204) (db81c2d), closes #​19204
• fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#​19174) (ad75c56), closes #​19174
• fix: tree shake stringified JSON imports (#​19189) (f2aed62), closes #​19189
• fix: use shared sigterm callback (#​19203) (47039f4), closes #​19203
• fix(deps): update all non-major dependencies (#​19098) (8639538), closes #​19098
• fix(optimizer): use correct default install state path for yarn PnP (#​19119) (e690d8b), closes #​19119
• fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #​19146
• chore(deps): update dependency pathe to v2 (#​19139) (71506f0), closes #​19139

v6.0.7

Compare Source

• fix: fix minify when builder.sharedPlugins: true (#​19025) (f7b1964), closes #​19025
• fix: skip the plugin if it has been called before with the same id and importer (#​19016) (b178c90), closes #​19016
• fix(html): error while removing vite-ignore attribute for inline script (#​19062) (a492253), closes #​19062
• fix(ssr): fix semicolon injection by ssr transform (#​19097) (1c102d5), closes #​19097
• perf: skip globbing for static path in warmup (#​19107) (677508b), closes #​19107
• feat(css): show lightningcss warnings (#​19076) (b07c036), closes #​19076

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@sxzz/[email protected] 🔁 npm/@sxzz/[email protected]	Transitive: eval, filesystem, network, shell, unsafe	+240	33.9 MB	sxzz
npm/@sxzz/[email protected] 🔁 npm/@sxzz/[email protected]	None	0	3.44 kB	sxzz
npm/@sxzz/[email protected] 🔁 npm/@sxzz/[email protected]	Transitive: filesystem	+3	177 kB	sxzz
npm/@types/[email protected] 🔁 npm/@types/[email protected]	None	+1	2.38 MB	types
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment, filesystem, network, shell	+62	5.2 MB	antfu
npm/[email protected] 🔁 npm/[email protected]	Transitive: eval, filesystem, shell, unsafe	+84	10.7 MB	eslintbot, openjsfoundation
npm/[email protected] 🔁 npm/[email protected]	None	+17	508 kB	mrmlnc
npm/[email protected] 🔁 npm/[email protected]	Transitive: filesystem, shell	+1	517 kB	devongovett
npm/[email protected] 🔁 npm/[email protected]	None	+1	2.64 MB	lukastaegert
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment, network, shell, unsafe	+74	7.45 MB	egoist
npm/[email protected] 🔁 npm/[email protected]	None	0	22.7 MB	typescript-bot
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment	+2	759 kB	antfu, sxzz
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment, filesystem, network, shell	+5	3.37 MB	antfu, patak, soda, ...2 more

View full report↗︎