chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sxzz/eslint-config	^4.5.1 -> ^4.6.0
@sxzz/prettier-config	^2.0.2 -> ^2.1.0
@types/node (source)	^22.10.2 -> ^22.10.10
bumpp	^9.9.2 -> ^9.10.2
eslint (source)	^9.17.0 -> ^9.19.0
pnpm (source)	9.14.4 -> 9.15.4
rollup (source)	^4.29.1 -> ^4.32.0
typescript (source)	^5.7.2 -> ^5.7.3
vite (source)	^6.0.6 -> ^6.0.11

---

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v4.6.0

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/116 (bbf24)
  • Update all non-major dependencies  -  by @​sxzz in https://github.com/sxzz/eslint-config/issues/117 (df2d8)

    View changes on GitHub

sxzz/prettier-config (@​sxzz/prettier-config)

v2.1.0

Compare Source

antfu/bumpp (bumpp)

v9.10.2

Compare Source

   🐞 Bug Fixes

• Version update issue  -  by @​Blithe-Chiang and jiangzs in https://github.com/antfu-collective/bumpp/issues/70 (8f082)

    View changes on GitHub

v9.10.1

Compare Source

   🚀 Features

• More colors for semantic commit tags  -  by @​antfu (40b4e)

    View changes on GitHub

v9.10.0

Compare Source

   🚀 Features

• Support --install flag  -  by @​antfu (96a47)

    View changes on GitHub

v9.9.3

Compare Source

   🐞 Bug Fixes

• Throw on exec error, fix #​67  -  by @​antfu in https://github.com/antfu-collective/bumpp/issues/67 (52816)

    View changes on GitHub

eslint/eslint (eslint)

v9.19.0

Compare Source

v9.18.0

Compare Source

pnpm/pnpm (pnpm)

v9.15.4: pnpm 9.15.4

Compare Source

Patch Changes

• Ensure that recursive pnpm update --latest <pkg> updates only the specified package, with dedupe-peer-dependents=true.

Platinum Sponsors

Gold Sponsors

v9.15.3

Compare Source

v9.15.2: pnpm 9.15.2

Compare Source

Patch Changes

• Fixed publish/pack error with workspace dependencies with relative paths #​8904. It was broken in v9.4.0 (398472c).
• Use double quotes in the command suggestion by pnpm patch on Windows #​7546.
• Do not fall back to SSH, when resolving a git-hosted package if git ls-remote works via HTTPS #​8906.
• Improve how packages with blocked lifecycle scripts are reported during installation. Always print the list of ignored scripts at the end of the output. Include a hint about how to allow the execution of those packages.

Platinum Sponsors

Gold Sponsors

v9.15.1

Compare Source

v9.15.0

Compare Source

rollup/rollup (rollup)

v4.32.0

Compare Source

2025-01-24

Features

• Add watch.onInvalidate option to trigger actions immediately when a file is changed (#​5799)

Bug Fixes

• Fix incorrect urls in CLI warnings (#​5809)

Pull Requests

• #​5799: Feature/watch on invalidate (@​drebrez, @​lukastaegert)
• #​5808: chore(deps): update dependency vite to v6.0.9 [security] (@​renovate[bot])
• #​5809: fix: avoid duplicate rollupjs.org prefix (@​GauBen, @​lukastaegert)
• #​5810: chore(deps): update dependency @​shikijs/vitepress-twoslash to v2 (@​renovate[bot])
• #​5811: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.31.0

Compare Source

2025-01-19

Features

• Do not immediately quit when trying to use watch mode from within non-TTY environments (#​5803)

Bug Fixes

• Handle files with more than one UTF-8 BOM header (#​5806)

Pull Requests

• #​5792: fix(deps): update rust crate swc_compiler_base to v8 (@​renovate[bot])
• #​5793: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5794: chore(deps): lock file maintenance (@​renovate[bot])
• #​5801: chore(deps): update dependency eslint-config-prettier to v10 (@​renovate[bot])
• #​5802: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5803: Support watch mode in yarn, gradle and containers (@​lukastaegert)
• #​5806: fix: strip all BOMs (@​TrickyPi)

v4.30.1

Compare Source

2025-01-07

Bug Fixes

• Prevent invalid code when simplifying unary expressions in switch cases (#​5786)

Pull Requests

• #​5786: fix: consider that literals cannot following switch case. (@​TrickyPi)

v4.30.0

Compare Source

2025-01-06

Features

• Inline values of resolvable unary expressions for improved tree-shaking (#​5775)

Pull Requests

• #​5775: feat: enhance the treehshaking for unary expression (@​TrickyPi)
• #​5783: Improve CI caching for node_modules (@​lukastaegert)

v4.29.2

Compare Source

2025-01-05

Bug Fixes

• Keep import attributes when using dynamic ESM import() expressions from CommonJS (#​5781)

Pull Requests

• #​5772: Improve caching on CI (@​lukastaegert)
• #​5773: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5780: feat: use picocolors instead of colorette (@​re-taro)
• #​5781: fix: keep import attributes for cjs format (@​TrickyPi)

microsoft/TypeScript (typescript)

v5.7.3

Compare Source

vitejs/vite (vite)

v6.0.11

Compare Source

• fix: preview.allowedHosts with specific values was not respected (#​19246) (aeb3ec8), closes #​19246
• fix: allow CORS from loopback addresses by default (#​19249) (3d03899), closes #​19249

v6.0.10

Compare Source

• fix: try parse server.origin URL (#​19241) (2495022), closes #​19241

v6.0.9

Compare Source

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

v6.0.8

Compare Source

• fix: avoid SSR HMR for HTML files (#​19193) (3bd55bc), closes #​19193
• fix: build time display 7m 60s (#​19108) (cf0d2c8), closes #​19108
• fix: don't resolve URL starting with double slash (#​19059) (35942cd), closes #​19059
• fix: ensure server.close() only called once (#​19204) (db81c2d), closes #​19204
• fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#​19174) (ad75c56), closes #​19174
• fix: tree shake stringified JSON imports (#​19189) (f2aed62), closes #​19189
• fix: use shared sigterm callback (#​19203) (47039f4), closes #​19203
• fix(deps): update all non-major dependencies (#​19098) (8639538), closes #​19098
• fix(optimizer): use correct default install state path for yarn PnP (#​19119) (e690d8b), closes #​19119
• fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #​19146
• chore(deps): update dependency pathe to v2 (#​19139) (71506f0), closes #​19139

v6.0.7

Compare Source

• fix: fix minify when builder.sharedPlugins: true (#​19025) (f7b1964), closes #​19025
• fix: skip the plugin if it has been called before with the same id and importer (#​19016) (b178c90), closes #​19016
• fix(html): error while removing vite-ignore attribute for inline script (#​19062) (a492253), closes #​19062
• fix(ssr): fix semicolon injection by ssr transform (#​19097) (1c102d5), closes #​19097
• perf: skip globbing for static path in warmup (#​19107) (677508b), closes #​19107
• feat(css): show lightningcss warnings (#​19076) (b07c036), closes #​19076

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@sxzz/[email protected] 🔁 npm/@sxzz/[email protected]	Transitive: eval, filesystem, shell, unsafe	+258	34.8 MB	sxzz
npm/@sxzz/[email protected] 🔁 npm/@sxzz/[email protected]	None	0	3.35 kB	sxzz
npm/@types/[email protected] 🔁 npm/@types/[email protected]	None	+1	2.37 MB	types
npm/[email protected] 🔁 npm/[email protected]	filesystem, unsafe Transitive: environment, network, shell	+61	5.19 MB	antfu
npm/[email protected] 🔁 npm/[email protected]	Transitive: eval, filesystem, shell, unsafe	+84	10.7 MB	eslintbot, openjsfoundation
npm/[email protected] 🔁 npm/[email protected]	None	+1	2.64 MB	lukastaegert
npm/[email protected] 🔁 npm/[email protected]	None	0	22.7 MB	typescript-bot
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment, filesystem	+4	3.23 MB	antfu, patak, soda, ...2 more

View full report↗︎