Skip to content

fix(deps): update all non-major dependencies #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #20

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 3, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@sxzz/eslint-config ^6.1.1 -> ^6.1.2 age adoption passing confidence
@types/node (source) ^22.14.0 -> ^22.15.2 age adoption passing confidence
esbuild ^0.25.2 -> ^0.25.3 age adoption passing confidence
eslint (source) ^9.24.0 -> ^9.25.1 age adoption passing confidence
pnpm (source) 10.8.0 -> 10.9.0 age adoption passing confidence
rollup (source) ^4.39.0 -> ^4.40.0 age adoption passing confidence
tsdown ^0.6.10 -> ^0.9.7 age adoption passing confidence
unplugin ^2.3.0 -> ^2.3.2 age adoption passing confidence
vite (source) ^6.2.5 -> ^6.3.3 age adoption passing confidence
vitest (source) ^3.1.1 -> ^3.1.2 age adoption passing confidence

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v6.1.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
evanw/esbuild (esbuild)

v0.25.3

Compare Source

  • Fix lowered async arrow functions before super() (#​4141, #​4142)

    This change makes it possible to call an async arrow function in a constructor before calling super() when targeting environments without async support, as long as the function body doesn't reference this. Here's an example (notice the change from this to null):

    // Original code
class Foo extends Object {
  constructor() {
    (async () => await foo())()
    super()
  }
}

// Old output (with --target=es2016)
class Foo extends Object {
  constructor() {
    (() => __async(this, null, function* () {
      return yield foo();
    }))();
    super();
  }
}

// New output (with --target=es2016)
class Foo extends Object {
  constructor() {
    (() => __async(null, null, function* () {
      return yield foo();
    }))();
    super();
  }
}

    Some background: Arrow functions with the async keyword are transformed into generator functions for older language targets such as --target=es2016. Since arrow functions capture this, the generated code forwards this into the body of the generator function. However, JavaScript class syntax forbids using this in a constructor before calling super(), and this forwarding was problematic since previously happened even when the function body doesn't use this. Starting with this release, esbuild will now only forward this if it's used within the function body.

    This fix was contributed by @​magic-akari.

  • Fix memory leak with --watch=true (#​4131, #​4132)

    This release fixes a memory leak with esbuild when --watch=true is used instead of --watch. Previously using --watch=true caused esbuild to continue to use more and more memory for every rebuild, but --watch=true should now behave like --watch and not leak memory.

    This bug happened because esbuild disables the garbage collector when it's not run as a long-lived process for extra speed, but esbuild's checks for which arguments cause esbuild to be a long-lived process weren't updated for the new --watch=true style of boolean command-line flags. This has been an issue since this boolean flag syntax was added in version 0.14.24 in 2022. These checks are unfortunately separate from the regular argument parser because of how esbuild's internals are organized (the command-line interface is exposed as a separate Go API so you can build your own custom esbuild CLI).

    This fix was contributed by @​mxschmitt.

  • More concise output for repeated legal comments (#​4139)

    Some libraries have many files and also use the same legal comment text in all files. Previously esbuild would copy each legal comment to the output file. Starting with this release, legal comments duplicated across separate files will now be grouped in the output file by unique comment content.

  • Allow a custom host with the development server (#​4110)

    With this release, you can now use a custom non-IP host with esbuild's local development server (either with --serve= for the CLI or with the serve() call for the API). This was previously possible, but was intentionally broken in version 0.25.0 to fix a security issue. This change adds the functionality back except that it's now opt-in and only for a single domain name that you provide.

    For example, if you add a mapping in your /etc/hosts file from local.example.com to 127.0.0.1 and then use esbuild --serve=local.example.com:8000, you will now be able to visit http://local.example.com:8000/ in your browser and successfully connect to esbuild's development server (doing that would previously have been blocked by the browser). This should also work with HTTPS if it's enabled (see esbuild's documentation for how to do that).

  • Add a limit to CSS nesting expansion (#​4114)

    With this release, esbuild will now fail with an error if there is too much CSS nesting expansion. This can happen when nested CSS is converted to CSS without nesting for older browsers as expanding CSS nesting is inherently exponential due to the resulting combinatorial explosion. The expansion limit is currently hard-coded and cannot be changed, but is extremely unlikely to trigger for real code. It exists to prevent esbuild from using too much time and/or memory. Here's an example:

    a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{color:red}}}}}}}}}}}}}}}}}}}}

    Previously, transforming this file with --target=safari1 took 5 seconds and generated 40mb of CSS. Trying to do that will now generate the following error instead:

    ✘ [ERROR] CSS nesting is causing too much expansion

    example.css:1:60:
      1 │ a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{a,b{color:red}}}}}}}}}}}}}}}}}}}}
        ╵                                                             ^

  CSS nesting expansion was terminated because a rule was generated with 65536 selectors. This limit
  exists to prevent esbuild from using too much time and/or memory. Please change your CSS to use
  fewer levels of nesting.

  • Fix path resolution edge case (#​4144)

    This fixes an edge case where esbuild's path resolution algorithm could deviate from node's path resolution algorithm. It involves a confusing situation where a directory shares the same file name as a file (but without the file extension). See the linked issue for specific details. This appears to be a case where esbuild is correctly following node's published resolution algorithm but where node itself is doing something different. Specifically the step LOAD_AS_FILE appears to be skipped when the input ends with ... This release changes esbuild's behavior for this edge case to match node's behavior.

  • Update Go from 1.23.7 to 1.23.8 (#​4133, #​4134)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses, such as for CVE-2025-22871.

    As a reminder, esbuild's development server is intended for development, not for production, so I do not consider most networking-related vulnerabilities in Go to be vulnerabilities in esbuild. Please do not use esbuild's development server in production.

eslint/eslint (eslint)

v9.25.1

Compare Source

v9.25.0

Compare Source

pnpm/pnpm (pnpm)

v10.9.0

Compare Source

Minor Changes

  • Added support for installing JSR packages. You can now install JSR packages using the following syntax:

    pnpm add jsr:<pkg_name>

    or with a version range:

    pnpm add jsr:<pkg_name>@&#8203;<range>

    For example, running:

    pnpm add jsr:@&#8203;foo/bar

    will add the following entry to your package.json:

    {
  "dependencies": {
    "@&#8203;foo/bar": "jsr:^0.1.2"
  }
}

    When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:

    {
  "dependencies": {
    "@&#8203;foo/bar": "npm:@&#8203;jsr/foo__bar@^0.1.2"
  }
}

    Related issue: #​8941.

    Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined.

  • Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml:

    neverBuiltDependencies: []

    dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via:

    pnpm config set dangerouslyAllowAllBuilds true

    It can also be set when running a command:

    pnpm install --dangerously-allow-all-builds
Patch Changes
  • Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #​9424.
  • Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning.

v10.8.1

Compare Source

Patch Changes
  • Removed bright white highlighting, which didn't look good on some light themes #​9389.
  • If there is no pnpm related configuration in package.json, onlyBuiltDependencies will be written to pnpm-workspace.yaml file #​9404.
rollup/rollup (rollup)

v4.40.0

Compare Source

2025-04-12

Features
  • Only show eval warnings on first render and only when the call is not tree-shaken (#​5892)
  • Tree-shake non-included dynamic import members when the handler just maps to one named export (#​5898)
Bug Fixes
  • Consider dynamic imports nested within top-level-awaited dynamic import expressions to be awaited as well (#​5900)
  • Fix namespace rendering when tree-shaking is disabled (#​5908)
  • When using multiple transform hook filters, all of them need to be satisfied together (#​5909)
Pull Requests
rolldown/tsdown (tsdown)

v0.9.7

Compare Source

   🚀 Features
   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v0.9.6

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.9.5

Compare Source

   🚀 Features
    View changes on GitHub

v0.9.4

Compare Source

   🚀 Features
    View changes on GitHub

v0.9.3

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.9.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.9.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.9.0

Compare Source

   🚨 Breaking Changes
  • Rename dts.isolatedDeclaration to dts.isolatedDeclarations  -  by @​sxzz (afc8e)
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.8.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.8.0

Compare Source

   🚀 Features
    View changes on GitHub

v0.7.5

Compare Source

No significant changes

    View changes on GitHub

v0.7.4

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.7.3

Compare Source

No significant changes

    View changes on GitHub

v0.7.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.7.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.7.0

Compare Source

   🚨 Breaking Changes
   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub
unjs/unplugin (unplugin)

v2.3.2

Compare Source

   🐞 Bug Fixes
  • Update minimum rollup version requirement for native filter support  -  by @​sxzz (a0e08)
    View changes on GitHub

v2.3.1

Compare Source

   🐞 Bug Fixes
  • filter: Correct the behavior when multiple transform filter options are specified  -  by @​sxzz (f5a5a)
    View changes on GitHub
vitejs/vite (vite)

v6.3.3

Compare Source

v6.3.2

Compare Source

v6.3.1

Compare Source

v6.3.0

Compare Source

v6.2.6

Compare Source

Please refer to CHANGELOG.md for details.

vitest-dev/vitest (vitest)

v3.1.2

Compare Source

   🚀 Features
   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Mar 3, 2025
@stackblitz StackBlitz
Copy link

stackblitz bot commented Mar 3, 2025

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 9081af6 to b5bc21e Compare March 5, 2025 11:57
@renovate renovate bot changed the title chore(deps): update all non-major dependencies chore(deps): update all non-major dependencies - autoclosed Mar 5, 2025
@renovate renovate bot closed this Mar 5, 2025
@renovate renovate bot deleted the renovate/all-minor-patch branch March 5, 2025 18:08
@renovate renovate bot changed the title chore(deps): update all non-major dependencies - autoclosed chore(deps): update all non-major dependencies Mar 10, 2025
@renovate renovate bot reopened this Mar 10, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from b5bc21e to 4933bb8 Compare March 10, 2025 05:19
@renovate renovate bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Mar 10, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from e8d0d22 to 4c10713 Compare March 11, 2025 10:22
@socket-security Socket Security
Copy link

socket-security bot commented Mar 11, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedesbuild@​0.25.2 ⏵ 0.25.3911007194100
Updatedvitest@​3.1.1 ⏵ 3.1.2971007799100
Updated@​types/​node@​22.14.0 ⏵ 22.15.2100 +110080 +196 +2100
Updatedvite@​6.2.5 ⏵ 6.3.395100 +58199100
Updated@​sxzz/​eslint-config@​6.1.1 ⏵ 6.1.282 +110097 +195100
Updatedunplugin@​2.3.0 ⏵ 2.3.21001008294100
Updatedtsdown@​0.6.10 ⏵ 0.9.786 +110086 +196 +1100
Updatedeslint@​9.24.0 ⏵ 9.25.197 +110010096100
Updatedrollup@​4.39.0 ⏵ 4.40.09710010098100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 71f9143 to 5c18269 Compare March 18, 2025 10:53
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 460605a to fcb13f9 Compare March 24, 2025 07:15
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 20216a4 to 29585b8 Compare April 7, 2025 23:19
@renovate renovate bot changed the title fix(deps): update all non-major dependencies fix(deps): update all non-major dependencies - autoclosed Apr 9, 2025
@renovate renovate bot closed this Apr 9, 2025
@renovate renovate bot changed the title fix(deps): update all non-major dependencies - autoclosed fix(deps): update all non-major dependencies Apr 14, 2025
@renovate renovate bot reopened this Apr 14, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from b9a7399 to dab2588 Compare April 20, 2025 22:53
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 5445c41 to e837804 Compare April 25, 2025 08:42
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from e837804 to 12a8291 Compare April 25, 2025 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants