chore(deps): update node-based dev tools

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@lerna-lite/cli (source)	4.10.5 → 5.2.1
@lerna-lite/publish (source)	4.10.5 → 5.2.1
@lerna-lite/version (source)	4.10.5 → 5.2.1
jsdom	27.4.0 → 29.1.1
publint (source)	0.3.16 → 0.3.21
tsdown (source)	0.18.4 → 0.22.0

---

Release Notes

lerna-lite/lerna-lite (@​lerna-lite/cli)

v5.2.1

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v5.2.0

Compare Source

Features

• run: add --aggregate-output for child processes in large monorepo (#​1317) (bd1f908) - by @​ghiscoding

v5.1.0

Compare Source

Features

• add --no-shell for lerna exec/watch to avoid DEP0190 warning (#​1309) (7b7e61c) - by @​ghiscoding

v5.0.0

Compare Source

[!NOTE]
Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#​1302)
• build: use module --nodenext instead of bundler/esnext (#​1301)
• bump NodeJS requirement to Node v22.17 (#​1299)
• remove deprecated code --remove-package-fields (#​1295)

Code Refactoring

• build: use module --nodenext instead of bundler/esnext (#​1301) (14990ba) - by @​ghiscoding
• bump NodeJS requirement to Node v22.17 (#​1299) (91ca715) - by @​ghiscoding
• remove deprecated code --remove-package-fields (#​1295) (072c863) - by @​ghiscoding
• use native import.meta.dirname/filename (#​1302) (9a4f686) - by @​ghiscoding

v4.11.5

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.4

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.3

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.2

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.0

Compare Source

✨ Features

• add customizable remote Release Header & Footer messages (#​1243) (5ad8425) - by @​ghiscoding

lerna-lite/lerna-lite (@​lerna-lite/publish)

v5.2.1

Compare Source

Bug Fixes

• deps: drop normalize-path and normalize-newline dependencies (#​1319) (4d39d12) - by @​ghiscoding
• deps: replace fs-extra with native Node.js APIs (#​1318) (b1cd7f1) - by @​ghiscoding
• deps: update all non-major dependencies (#​1322) (d1e80e5) - by @​renovate[bot]
• publish: align OIDC logic/tests with npm/cli & add CircleCI support (#​1320) (da2a4cc) - by @​ghiscoding

v5.2.0

Compare Source

Features

• deps: migrate from execa to tinyexec (#​1316) (b3de36d) - by @​ghiscoding

v5.1.0

Compare Source

Note: Version bump only for package @​lerna-lite/publish

v5.0.0

Compare Source

[!NOTE]
Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#​1302)
• bump NodeJS requirement to Node v22.17 (#​1299)
• remove deprecated code --remove-package-fields (#​1295)
• core: replace tinyrainbow with native util.styleText() (#​1293)

Bug Fixes

• deps: update all non-major dependencies (#​1289) (530905f) - by @​renovate[bot]
• npmlog: replace has-unicode with internal implementation (#​1284) (c729652) - by @​ghiscoding
• publish: replace byte-size with internal implementation (#​1283) (ae8867d) - by @​ghiscoding
• publish: show output from publish and postpublish lifecycle scripts (#​1287) (d5faf1b) - by @​ghiscoding

Code Refactoring

• bump NodeJS requirement to Node v22.17 (#​1299) (91ca715) - by @​ghiscoding
• core: replace tinyrainbow with native util.styleText() (#​1293) (1d36057) - by @​ghiscoding
• remove deprecated code --remove-package-fields (#​1295) (072c863) - by @​ghiscoding
• use native import.meta.dirname/filename (#​1302) (9a4f686) - by @​ghiscoding

v4.11.5

Compare Source

Bug Fixes

• core: remove p-pipe, p-reduce (#​1280) (d298ef1) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#​1277) (819c5c9) - by @​ghiscoding
• deps: update all non-major dependencies (#​1274) (9351be2) - by @​renovate[bot]
• deps: update dependency tar to v7.5.11 [security] (#​1273) (6ac77a9) - by @​ghiscoding

v4.11.4

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1269) (6c82fab) - by @​renovate[bot]
• deps: update dependency tar to v7.5.10 [security] (#​1272) (f2e9bbf) - by @​renovate[bot]

v4.11.3

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1266) (9cbf1c5) - by @​renovate[bot]
• deps: update all non-major dependencies (#​1267) (28b1984) - by @​renovate[bot]
• deps fix(deps): update dependency tar to v7.5.8 [security] (#​1264) (0b694f7) - by @​renovate[bot]

v4.11.2

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1251) (597828f) - by @​renovate[bot]
• deps: update all non-major dependencies (#​1263) (4b05ca2) - by @​renovate[bot]
• deps: update dependency tar to v7.5.7 [security] (#​1254) (a18a25e) - by @​renovate[bot]

v4.11.1

Compare Source

🐞 Bug Fixes

• deps: update all non-major dependencies (#​1248) (541fe07) - by @​renovate[bot]

v4.11.0

Compare Source

Note: Version bump only for package @​lerna-lite/publish

lerna-lite/lerna-lite (@​lerna-lite/version)

v5.2.1

Compare Source

Bug Fixes

• deps: drop normalize-path and normalize-newline dependencies (#​1319) (4d39d12) - by @​ghiscoding
• deps: replace fs-extra with native Node.js APIs (#​1318) (b1cd7f1) - by @​ghiscoding

v5.2.0

Compare Source

Features

• deps: migrate from execa to tinyexec (#​1316) (b3de36d) - by @​ghiscoding

v5.1.0

Compare Source

Bug Fixes

• deps: update dependency @​conventional-changelog/git-client to ^2.7.0 (#​1312) (d6689fb) - by @​renovate[bot]

v5.0.0

Compare Source

[!NOTE]
Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#​1302)
• bump NodeJS requirement to Node v22.17 (#​1299)
• drop conventional-changelog legacy API for local preset file (#​1296)
• core: replace tinyrainbow with native util.styleText() (#​1293)

Bug Fixes

• deps: update conventional-changelog packages (#​1304) (ee684a7) - by @​renovate[bot]

Code Refactoring

• bump NodeJS requirement to Node v22.17 (#​1299) (91ca715) - by @​ghiscoding
• core: replace tinyrainbow with native util.styleText() (#​1293) (1d36057) - by @​ghiscoding
• drop conventional-changelog legacy API for local preset file (#​1296) (c299059) - by @​ghiscoding
• use native import.meta.dirname/filename (#​1302) (9a4f686) - by @​ghiscoding

v4.11.5

Compare Source

Bug Fixes

• core: remove p-pipe, p-reduce (#​1280) (d298ef1) - by @​ghiscoding
• deps: remove set-blocking, is-stream (#​1276) (8f0d1e3) - by @​ghiscoding
• deps: replace uuid, pify with native Node.js APIs (#​1275) (7bd09e2) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#​1277) (819c5c9) - by @​ghiscoding

v4.11.4

Compare Source

Bug Fixes

• deps: update conventional-changelog packages (#​1270) (dcd5910) - by @​renovate[bot]

v4.11.3

Compare Source

Note: Version bump only for package @​lerna-lite/version

v4.11.2

Compare Source

Bug Fixes

• add missing Comment issues/PRs count in --dry-run mode (#​1261) (5226ad1) - by @​ghiscoding
• deps: update all non-major dependencies (#​1251) (597828f) - by @​renovate[bot]

v4.11.1

Compare Source

🐞 Bug Fixes

• should comment on all linked issues/PRs (#​1245) (39e0f55) - by @​ghiscoding

v4.11.0

Compare Source

✨ Features

• add customizable remote Release Header & Footer messages (#​1243) (5ad8425) - by @​ghiscoding

jsdom/jsdom (jsdom)

v29.1.1

Compare Source

v29.1.0

Compare Source

v29.0.2

Compare Source

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

Compare Source

v29.0.0

Compare Source

Breaking changes:

• Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

• Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
• Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
• Added cssMediaRule.matches and cssSupportsRule.matches getters.
• Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
• Added cssKeyframeRule.keyText getter/setter validation.
• Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
• Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
• Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
• Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (thypon)
• Fixed a memory leak when stylesheets were removed from the document.
• Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
• Fixed nested @media rule parsing.
• Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
• Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
• Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
• Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

Compare Source

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

v28.0.0

Compare Source

• Overhauled resource loading customization. See the new README for details on the new API.
• Added MIME type sniffing to <iframe> and <frame> loads.
• Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
• Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
• Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
• Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
• Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
• Fixed require("url").parse() deprecation warning when using WebSockets.
• Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.
• Fixed many small issues in XMLHttpRequest.

publint/publint (publint)

v0.3.21

Compare Source

Patch Changes

• Suggest adding "sideEffects": false when bundler-oriented package fields or conditions are detected and the field is missing. (#​228)

v0.3.20

Compare Source

Patch Changes

• Suggest adding engines.node when it is missing from detected Node.js packages (#​226)

• Loosen "breaking change" wording in lint messages (7bb3f4f)

v0.3.19

Compare Source

Patch Changes

• Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#​224)

• Fix internal browser directory traversal logic (#​224)

v0.3.18

Compare Source

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

v0.3.17

Compare Source

Patch Changes

• Fix packing packages with pnpm when publishConfig.directory is set (#​216)

• Updated dependencies [2dcb107]:

  • @​publint/pack@​0.1.3

rolldown/tsdown (tsdown)

v0.22.0

Compare Source

   🚨 Breaking Changes

• Drop Node.js < 22.18.0 support, make unrun optional, add tsx config loader  -  by @​sxzz (a1042)
• dts: Auto-enable dts when tsconfig declaration is true  -  by @​sxzz in #​872 (085f0)
• publint: Use pkg from publint results, require publint v0.3.8+  -  by @​sxzz (413bb)

   🚀 Features

• Upgrade rolldown to 1.0.0-rc.18  -  by @​sxzz (66085)
• Upgrade rolldown to v1.0.0  -  by @​sxzz (fabba)
• exports: Auto-enable bin detection by default  -  by @​sxzz in #​873 (abda9)

   🐞 Bug Fixes

• Explicitly drop node 23 support  -  by @​sxzz (85e65)
• debug: Enhance debug logging for pack tarball  -  by @​sxzz and Copilot (5de04)
• exports: Detect types fields nested in conditional exports  -  by @​sxzz (82fa1)
• pkg: Fix duplicate configuration warning logic  -  by @​ho991217 and @​sxzz in #​935 (6a0d9)

🔄 Migration Guide

Node.js version

Upgrade to Node.js 22.18.0 or later. Bun and Deno remain supported (experimental).

unrun is no longer bundled

If your environment relies on the unrun config loader (i.e. you're on a Node version without native TypeScript support and use the default auto loader), install it manually:

npm i -D unrun

# or, alternatively, the new tsx loader:
npm i -D tsx

If you use Node.js 22.18.0+ with native TypeScript support, no change is needed — the auto loader will pick native.

dts auto-enabled from tsconfig

If your tsconfig.json has compilerOptions.declaration: true but you do not want tsdown to emit .d.ts files, opt out explicitly:

// tsdown.config.ts
export default defineConfig({
  dts: false,
})

exports.bin auto-detection

Any entry chunk containing a shebang (e.g. #!/usr/bin/env node) now causes tsdown to write a bin field in package.json automatically. The semantics differ slightly from explicit bin: true:

Value	Single shebang	Multiple shebangs	No shebangs
(unset)	Auto-set bin	Warn, skip	Silent
true	Auto-set bin	Throw	Warn
false	No bin	No bin	No bin

To opt out entirely:

export default defineConfig({
  exports: { bin: false },
})

Links

• tsdown Documentation
• v0.22.0-beta.1 Release
• v0.22.0-beta.2 Release
• v0.22.0-beta.3 Release
• Full diff from v0.21.10

v0.21.10

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (8a449)

    View changes on GitHub

v0.21.9

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (2d74e)
• config: Track transitive config dependencies for watch reload  -  by @​sxzz in #​919 (16e27)
• exports: Add bin to publishConfig when devExports is enabled  -  by @​sxzz in #​911 (60592)
• plugin: Add tsdownConfig and tsdownConfigResolved plugin hooks  -  by @​sxzz in #​918 (665e5)

   🐞 Bug Fixes

• Skip package.json writting when content is deeply equal  -  by @​ocavue and @​sxzz in #​913 (d8e1c)
• Skip Node.js version check in Bun  -  by @​sxzz (38afd)
• css: Detect css modules from full id for vue virtual sfc styles  -  by @​sxzz in #​917 (e6021)

    View changes on GitHub

v0.21.8

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (7f887)
• attw: Improve ignoreRules type to autocomplete known values  -  by @​mrlubos in #​892 (c8f5c)
• create-tsdown: Add Vite Plus template option  -  by @​sxzz (daed0)
• exports: Add extensions option for subpath export keys  -  by @​SinhSinhAn and @​sxzz in #​899 (1bb7a)
• target: Add support for baseline-widely-available target  -  by @​sxzz in #​896 (d6a16)

   🐞 Bug Fixes

• Export type only for cjs dts re-export  -  by @​sxzz (25510)
• Exclude shim file from bundled dependency hint  -  by @​sxzz in #​909 (3f8de)
• dts: Skip cjs dts reexport for non-entry chunks  -  by @​sxzz (5fee2)

    View changes on GitHub

v0.21.7

Compare Source

   🚀 Features

• Add module option for attw and publint to allow passing imported modules directly  -  by @​sxzz (31e90)

   🐞 Bug Fixes

• deps: Add skipNodeModulesBundle dep subpath e2e tests and fix docs  -  by @​sxzz (deff7)

    View changes on GitHub

v0.21.6

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-rc.12  -  by @​sxzz (51292)
• config:
  • Pass root config to workspace config functions  -  by @​sxzz (76169)
  • Use mergeConfig for workspace config merging and support variadic overrides  -  by @​sxzz (148aa)
• dts:
  • Add cjsReexport option to eliminate dual module type hazard  -  by @​mandarini and @​sxzz in #​856 (875c1)
• exports:
  • Add bin option to auto-generate package.json bin field  -  by @​sxzz in #​869 (7ebd6)

   🐞 Bug Fixes

• css:
  • Compile preprocessor langs in virtual CSS modules  -  by @​sxzz in #​865 (7b2e0)
  • Strip .module from CSS output filenames  -  by @​sxzz in #​866 (03ade)
  • Default splitting to true in unbundle mode for CSS inject  -  by @​sxzz in #​867 (a4da6)
  • Split CSS plugin into pre/post phases for scoped CSS support  -  by @​sxzz in #​870 (ff0c4)
• entry:
  • Correctly output relative paths in logger output  -  by @​sxzz (00050)

    View changes on GitHub

v0.21.5

Compare Source

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in #​845 (41411)
• Support typescript v6  -  by @​ocavue in #​858 (bffc4)

   🐞 Bug Fixes

• css:
  • Run final minification on merged CSS output  -  by @​sxzz in #​853 (475df)
  • Don't override internal importer  -  by @​Laupetin in #​860 (af40e)
  • Use aliased exports for CSS module keys  -  by @​wChenonly and @​sxzz in #​840 (bb6de)
• deps:
  • External optionalDependencies by default  -  by @​sxzz (cd24d)
  • Resolve subpath extensions for packages without exports field  -  by @​sxzz in #​863 (c5150)
  • Correctly resolve root @types packages for dts deep imports  -  by @​brc-dd and @​sxzz in #​852 (0b276)

    View changes on GitHub

v0.21.4

Compare Source

   🚀 Features

• css: Add CSS modules support  -  by @​sxzz in #​834 (2a88a)

   🐞 Bug Fixes

• exports: Preserve CRLF line endings in package.json  -  by @​sxzz (a4d4e)

    View changes on GitHub

v0.21.3

Compare Source

   🚀 Features

• copy: Add support for watching copy source files  -  by @​schplitt in #​721 (7c23a)

   🐞 Bug Fixes

• css: Watch inline CSS files in watch mode  -  by @​sxzz (2051a)
• exports: Sort inlined dependencies by package name  -  by @​sxzz (0ec71)
• publint: Support Yarn v1  -  by @​sxzz (4a291)
• unbundle: Root should be lowest common ancestor of entry files  -  by @​sxzz (f1823)

    View changes on GitHub

v0.21.2

Compare Source

   🚨 Breaking Changes

• exe: Add exe.outDir for separate executable output dir, defaults to build  -  by @​sxzz (d49ef)

Note: Executable is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

• Add root option for controlling output directory structure  -  by @​sxzz (bad2d)
• deps: Rename onlyAllowBundle to onlyBundle  -  by @​peaklabs-dev and @​sxzz in #​819 (cbd7b)

   🐞 Bug Fixes

• css: Skip data URIs and external URLs in CSS url() rebasing  -  by @​sxzz (13907)

    View changes on GitHub

v0.21.1

Compare Source

   🚨 Breaking Changes

• css: Move all CSS support to @tsdown/css package  -  by @​sxzz in #​809 [(1b1a1)](https://redirect.github.com/rolldown/tsdown/commit/1

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.