Update all non-major dependencies #415
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.0.6
->3.1.1
10.15.0
->10.18.3
1.90.0
->1.93.2
5.9.2
->5.9.3
7.1.4
->7.1.17
3.0.6
->3.1.1
Release Notes
vuejs/language-tools (@vue/language-server)
v3.1.1
Compare Source
Features
--tsdk
command line arg (#5691)Bug Fixes
Ref
byRefSymbol
property (#5687) - Thanks to @KazariEX!__vue__
in project instead of program (#5690)$scopedSlots
support for Vue 2__VLS_export
(#5696) - Thanks to @KazariEX!Other Changes
writeGlobalTypes
without side effectsv3.1.0
Compare Source
Performance
Other Changes
v3.0.9
Compare Source
Features
--tsdk
command line arg (#5691)v3.0.8
Compare Source
Features
vue.server.path
setting (#5647)Bug Fixes
VueVirtualCode
in constructor (#5635) - Thanks to @KazariEX!typescriptServerPlugin
languages without FS hackfile
scheme files (#5653) - Thanks to @KazariEX!Performance
Other Changes
v3.0.7
Compare Source
Bug Fixes
Other Changes
@typescript-eslint/no-unnecessary-condition
(#5630)pnpm/pnpm (pnpm)
v10.18.3
Compare Source
Patch Changes
verifyDepsBeforeInstall: install
and pre/post install scripts that called other pnpm scripts #10060.@scope:registry
) being parsed as property paths inpnpm config get
when--location=project
is used #9362.pnpm config set --location=project
incorrectly handling keys with slashes (auth tokens, registry settings) #9884.pnpm-workspace.yaml
and.npmrc
exist,pnpm config set --location=project
now writes topnpm-workspace.yaml
(matching read priority) #10072.pnpm outdated --long
#10040.v10.18.2
Compare Source
Patch Changes
pnpm outdated --long
should work #10040.pnpm dlx
should request the full metadata of packages, whenminimumReleaseAge
is set #9963.EPIPE
errors when piping output to other commands #10027.v10.18.1
Compare Source
Patch Changes
--lockfile-only
is used #8320.pnpm setup
creates a command shim to the pnpm executable. This is needed to be able to runpnpm self-update
on Windows #5700.pnpm install
, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when usingpnpm add --save-catalog
as originally intended.v10.18.0
Compare Source
Minor Changes
Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.
Added configuration options for warning thresholds:
fetchWarnTimeoutMs
andfetchMinSpeedKiBps
.Warning messages are displayed when requests exceed time thresholds or fall below speed minimums
Related PR: #10025.
Patch Changes
minimumReleaseAge
configuration #10030.cleanupUnusedCatalogs
configuration when removing dependent packages.scriptShell
is set tofalse
#8748.pnpm dlx
should not fail whenminimumReleaseAge
is set #10037.v10.17.1
Compare Source
Patch Changes
minimumReleaseAge
setting, print this information out in the error message #9974.state.json
creation path when executingpnpm patch
in a workspace project #9733.minimumReleaseAge
is set and thelatest
tag is not mature enough, prefer a non-deprecated version as the newlatest
#9987.v10.17.0
Compare Source
Minor Changes
The
minimumReleaseAgeExclude
setting now supports patterns. For instance:Related PR: #9984.
Patch Changes
minimumReleaseAge
check, when the package is requested by exact version and the packument is loaded from cache #9978.minimumReleaseAge
is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #9979.v10.16.1
Compare Source
Patch Changes
v10.16.0
Compare Source
Minor Changes
There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.
The new setting is called
minimumReleaseAge
. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, settingminimumReleaseAge: 1440
ensures that only packages released at least one day ago can be installed.If you set
minimumReleaseAge
but need to disable this restriction for certain dependencies, you can list them under theminimumReleaseAgeExclude
setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:Related issue: #9921.
Added support for
finders
#9946.In the past,
pnpm list
andpnpm why
could only search for dependencies by name (and optionally version). For example:prints the chain of dependencies to any installed instance of
minimist
:What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have
react@17
in their peer dependencies?This is now possible with "finder functions". Finder functions can be declared in
.pnpmfile.cjs
and invoked with the--find-by=<function name>
flag when runningpnpm list
orpnpm why
.Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our
.pnpmfile.cjs
:Now we can use this finder function by running:
pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.
It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:
Every matched package will also print out the license from its
package.json
:Patch Changes
nodeVersion
is not set to an exact semver version #9934.pnpm publish
should be able to publish a.tar.gz
file #9927.pnpm run
return a non-zero exit code #9626.v10.15.1
Compare Source
Patch Changes
.pnp.cjs
crash when importing subpath #9904.sass/dart-sass (sass)
v1.93.2
Compare Source
JavaScript API
@sass/types
.v1.93.1
Compare Source
JavaScript API
@sass/types
.v1.93.0
Compare Source
@import
, and the loaded file@use
s a user-defined module as well as@include
s a top-level mixin whichemits top-level declarations.
JavaScript API
@sass/types
package which contains the type annotations used byboth the
sass
andsass-embedded
package without any additional code ordependencies.
v1.92.1
Compare Source
would not be passed as implicit configuration to a later imported, forwarded
module.
v1.92.0
Compare Source
Breaking change: Emit declarations, childless at-rules, and comments in
the order they appear in the source even when they're interleaved with nested
rules. This obsoletes the
mixed-decls
deprecation.Breaking change: The function name
type()
is now fully reserved for theplain CSS function. This means that
@function
definitions with the nametype
will produce errors, while function calls will be parsed as specialfunction strings.
Configuring private variables using
@use ... with
,@forward ... with
, andmeta.load-css(..., $with: ...)
is now deprecated. Private variables werealways intended to be fully encapsulated within the module that defines them,
and this helps enforce that encapsulation.
Fix a bug where
@extend
rules loaded through a mixture of@import
and@use
rules could fail to apply correctly.Command-Line Interface
--watch
mode, delete the source map when the associated source file isdeleted.
v1.91.0
Compare Source
Potentially breaking change:
meta.inspect()
(as well as other systemsthat use it such as
@debug
and certain error messages) now emits numberswith as high precision as is available instead of rounding to the nearest
1e⁻¹⁰ as we do when serializing to CSS. This better fits the purpose of
meta.inspect()
, which is to provide full information about the structure ofa Sass value.
Passing a rest argument (
$arg...
) before a positional or named argument whencalling a function or mixin is now deprecated. This was always outside the
specified syntax, but it was historically treated the same as passing the rest
argument at the end of the argument list whether or not that matched the
visual order of the arguments.
microsoft/TypeScript (typescript)
v5.9.3
Compare Source
vitejs/rolldown-vite (vite)
v7.1.17
Compare Source
Features
Bug Fixes
//
(#20760) (b95fa2a)fileToBuiltUrl
(#20898) (73b6d24)Documentation
WebSocket
spelling (#20890) (29e98dc)Miscellaneous Chores
v7.1.16
Compare Source
Features
Bug Fixes
Reverts
v7.1.15
Compare Source
Bug Fixes
Miscellaneous Chores
create-react-app
license (#20865) (166a178)v7.1.14
Compare Source
Features
generatedCode: 'es2015'
(4cfe8e1)Bug Fixes
Performance Improvements
isEntirelyImport
(ac1ceaf)Documentation
Miscellaneous Chores
v7.1.13
Compare Source
Features
import.meta.hot.invalidate
(ebd134f)v7.1.12
Compare Source
Features
Bug Fixes
emitAssets: true
whensharedConfigBuild: true
(#20787) (4c4583c)import.meta.hot.prune
callbacks to complete before running other HMRs (#20698) (98a3484)v7.1.11
Compare Source
Bug Fixes
$
variables correctly (#20761) (7e8e004)optimizeDeps.rollupOptions.transforms
for stable optimizer hash (#417) (efed40f)skipLibCheck
isfalse
(#20755) (cc54e29)Miscellaneous Chores
v7.1.10
Compare Source
Features
v7.1.9
Compare Source
Features
Bug Fixes
Miscellaneous Chores
rolldown-plugin-dts
(#409) (2fbd7f1)v7.1.8
Compare Source
Features
optimization.inlineConst: { mode: 'smart' }
by default (#399) (b2b89d7)Miscellaneous Chores
v7.1.7
Compare Source
Bug Fixes
fs.strict
check to HTML files (#20736) (14015d7)Miscellaneous Chores
Code Refactoring
minify
parameter fromfinalizeCss
(#20701) (8099582)v7.1.6
Compare Source
Features
output.topLevelVar
by default (#380) (7ea4f54)Bug Fixes
build.minify: 'esbuild'
+ native plugins were not working (#397) (1a05fc4)oxc.typescript.onlyRemoveTypeImports
if it's set (#394) (dd64f89)v7.1.5
Compare Source
Features
Bug Fixes
Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.