Skip to content

fix(deps): update all non-major dependencies - autoclosed #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
renovate wants to merge 1 commit into from
Closed

fix(deps): update all non-major dependencies - autoclosed #25

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 6, 2025
edited
Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@sxzz/eslint-config ^7.2.10 -> ^7.4.3 age confidence
@sxzz/prettier-config ^2.2.5 -> ^2.2.6 age confidence
@types/node (source) ^24.10.1 -> ^24.10.4 age confidence
bumpp ^10.3.1 -> ^10.3.2 age confidence
esbuild ^0.27.0 -> ^0.27.2 age confidence
eslint (source) ^9.39.1 -> ^9.39.2 age confidence
pnpm (source) 10.22.0 -> 10.26.0 age confidence
prettier (source) ^3.6.2 -> ^3.7.4 age confidence
rolldown (source) ^1.0.0-beta.50 -> ^1.0.0-beta.55 age confidence
rollup (source) ^4.53.2 -> ^4.53.5 age confidence
tsdown (source) ^0.16.5 -> ^0.18.1 age confidence
unplugin (source) ^2.3.10 -> ^2.3.11 age confidence
vite (source) ^7.2.2 -> ^7.3.0 age confidence
vitest (source) ^4.0.10 -> ^4.0.16 age confidence

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v7.4.3

Compare Source

No significant changes

    View changes on GitHub

v7.4.2

Compare Source

No significant changes

    View changes on GitHub

v7.4.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v7.4.0

Compare Source

   🚀 Features
    View changes on GitHub

v7.3.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v7.3.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v7.3.0

Compare Source

   🚀 Features
    View changes on GitHub
sxzz/prettier-config (@​sxzz/prettier-config)

v2.2.6

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
antfu-collective/bumpp (bumpp)

v10.3.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
evanw/esbuild (esbuild)

v0.27.2

Compare Source

  • Allow import path specifiers starting with #/ (#​4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#​4357, #​4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}

/* Old output (with --target=chrome110) */
main {
  mask: url(x.png) center/5rem no-repeat;
}

/* New output (with --target=chrome110) */
main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
}

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#​4176, #​4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}

// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}

// New output (with --minify)
x===0?foo():bar();

  • Forbid using declarations inside switch clauses (#​4323)

    This is a rare change to remove something that was previously possible. The Explicit Resource Management proposal introduced using declarations. These were previously allowed inside case and default clauses in switch statements. This had well-defined semantics and was already widely implemented (by V8, SpiderMonkey, TypeScript, esbuild, and others). However, it was considered to be too confusing because of how scope works in switch statements, so it has been removed from the specification. This edge case will now be a syntax error. See tc39/proposal-explicit-resource-management#215 and rbuckton/ecma262#14 for details.

    Here is an example of code that is no longer allowed:

    switch (mode) {
  case 'read':
    using readLock = db.read()
    return readAll(readLock)

  case 'write':
    using writeLock = db.write()
    return writeAll(writeLock)
}

    That code will now have to be modified to look like this instead (note the additional { and } block statements around each case body):

    switch (mode) {
  case 'read': {
    using readLock = db.read()
    return readAll(readLock)
  }
  case 'write': {
    using writeLock = db.write()
    return writeAll(writeLock)
  }
}

    This is not being released in one of esbuild's breaking change releases since this feature hasn't been finalized yet, and esbuild always tracks the current state of the specification (so esbuild's previous behavior was arguably incorrect).

v0.27.1

Compare Source

  • Fix bundler bug with var nested inside if (#​4348)

    This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

  • Fix minifier bug with for inside try inside label (#​4351)

    This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

    // Original code
d: {
  e: {
    try {
      while (1) { break d }
    } catch { break e; }
  }
}

// Old output (with --minify)
a:try{e:for(;;)break a}catch{break e}

// New output (with --minify)
a:e:try{for(;;)break a}catch{break e}

  • Inline IIFEs containing a single expression (#​4354)

    Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

    // Original code
const foo = () => {
  const cb = () => {
    console.log(x())
  }
  return cb()
}

// Old output (with --minify)
const foo=()=>(()=>{console.log(x())})();

// New output (with --minify)
const foo=()=>{console.log(x())};

  • The minifier now strips empty finally clauses (#​4353)

    This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

    // Original code
function foo(callback) {
  if (DEBUG) stack.push(callback.name);
  try {
    callback();
  } finally {
    if (DEBUG) stack.pop();
  }
}

// Old output (with --minify --define:DEBUG=false)
function foo(a){try{a()}finally{}}

// New output (with --minify --define:DEBUG=false)
function foo(a){a()}

  • Allow tree-shaking of the Symbol constructor

    With this release, calling Symbol is now considered to be side-effect free when the argument is known to be a primitive value. This means esbuild can now tree-shake module-level symbol variables:

    // Original code
const a = Symbol('foo')
const b = Symbol(bar)

// Old output (with --tree-shaking=true)
const a = Symbol("foo");
const b = Symbol(bar);

// New output (with --tree-shaking=true)
const b = Symbol(bar);
eslint/eslint (eslint)

v9.39.2

Compare Source

pnpm/pnpm (pnpm)

v10.26.0

Compare Source

v10.25.0

Compare Source

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

  • Added --lockfile-only option to pnpm list #​10020.

Patch Changes

  • pnpm self-update should download pnpm from the configured npm registry #​10205.
  • pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
  • Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
  • The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
  • pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
  • Don't add an extra slash to the Node.js mirror URL #​10204.
  • pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite
prettier/prettier (prettier)

v3.7.4

Compare Source

diff

LWC: Avoid quote around interpolations (#​18383 by @​kovsu)
<!-- Input -->
<div foo={bar}>   </div>

<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>

<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>
TypeScript: Fix comment inside union type gets duplicated (#​18393 by @​fisker)
// Input
type Foo = (/** comment */ a | b) | c;

// Prettier 3.7.3
type Foo = /** comment */ (/** comment */ a | b) | c;

// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;
TypeScript: Fix unstable comment print in union type comments (#​18395 by @​fisker)
// Input
type X = (A | B) & (
  // comment
  A | B
);

// Prettier 3.7.3 (first format)
type X = (A | B) &
  (// comment
  A | B);

// Prettier 3.7.3 (second format)
type X = (
  | A
  | B // comment
) &
  (A | B);

// Prettier 3.7.4
type X = (A | B) &
  // comment
  (A | B);

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)
// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');
JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)
// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)
// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

rolldown/rolldown (rolldown)

v1.0.0-beta.55

Compare Source

🚀 Features
🐛 Bug Fixes
🚜 Refactor
📚 Documentation
🧪 Testing
⚙️ Miscellaneous Tasks
❤️ New Contributors

v1.0.0-beta.54

Compare Source

🚀 Features
🐛 Bug Fixes
🚜 Refactor
📚 Documentation
🧪 Testing
⚙️ Miscellaneous Tasks
❤️ New Contributors

v1.0.0-beta.53

Compare Source

💥 BREAKING CHANGES
🚀 Features
  • rolldown_plugin_vite_manifest: pass normalized options to isLegacy callback ([#​7321]

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Oct 6, 2025
@bolt-new-by-stackblitz
Copy link

bolt-new-by-stackblitz bot commented Oct 6, 2025

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Oct 6, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/unplugin-raw@25

commit: 005c3eb

@socket-security
Copy link

socket-security bot commented Oct 6, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedesbuild@​0.27.0 ⏵ 0.27.2911007394100
Updatedrolldown@​1.0.0-beta.50 ⏵ 1.0.0-beta.5599 +410074 +198 +1100
Updated@​sxzz/​prettier-config@​2.2.5 ⏵ 2.2.6771007792 +2100
Updatedvitest@​4.0.10 ⏵ 4.0.1697 -110079 +199100
Updated@​types/​node@​24.10.1 ⏵ 24.10.410010081 +196 +1100
Updatedbumpp@​10.3.1 ⏵ 10.3.296 -210082 +190 +1100
Updated@​sxzz/​eslint-config@​7.2.10 ⏵ 7.4.382 +1100100 +196 +1100
Updatedvite@​7.2.2 ⏵ 7.3.092 -110082 +199100
Updatedunplugin@​2.3.10 ⏵ 2.3.111001008394 -1100
Updatedrollup@​4.53.2 ⏵ 4.53.588 -910010099 +1100
Updatedprettier@​3.6.2 ⏵ 3.7.490 -710097 +197100
Updatedtsdown@​0.16.5 ⏵ 0.18.19810092 +196 +1100
Updatedeslint@​9.39.1 ⏵ 9.39.294 -310010097 +1100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 7eb1898 to 9392b2b Compare October 6, 2025 17:14
@renovate renovate bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Oct 6, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 75a18c6 to edc3802 Compare October 14, 2025 02:00
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 13 times, most recently from 5f996b3 to 7d2e330 Compare October 21, 2025 02:13
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from fb1df5a to 0d32c79 Compare October 23, 2025 08:38
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 71e6e18 to 09e9da7 Compare December 4, 2025 18:10
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from 3b4333d to 87189e3 Compare December 14, 2025 14:10
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 5bc2ff0 to f76b72a Compare December 17, 2025 03:00
@socket-security
Copy link

socket-security bot commented Dec 17, 2025
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from f76b72a to 4b80cff Compare December 17, 2025 15:54
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 4b80cff to 005c3eb Compare December 17, 2025 20:59
@renovate renovate bot changed the title fix(deps): update all non-major dependencies fix(deps): update all non-major dependencies - autoclosed Dec 18, 2025
@renovate renovate bot closed this Dec 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant