fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sxzz/eslint-config	^7.2.5 -> ^7.4.0
@sxzz/prettier-config	^2.2.4 -> ^2.2.6
@sxzz/test-utils	^0.5.11 -> ^0.5.13
@types/node (source)	^24.5.2 -> ^24.10.1
bumpp	^10.2.3 -> ^10.3.2
eslint (source)	^9.36.0 -> ^9.39.1
lightningcss	^1.30.1 -> ^1.30.2
magic-string	^0.30.19 -> ^0.30.21
pnpm (source)	10.17.1 -> 10.24.0
prettier (source)	^3.6.2 -> ^3.7.3
rollup (source)	^4.52.2 -> ^4.53.3
tsdown (source)	^0.15.4 -> ^0.16.8
tsx (source)	^4.20.6 -> ^4.21.0
typescript (source)	^5.9.2 -> ^5.9.3
unplugin (source)	^2.3.10 -> ^2.3.11
vite (source)	^7.1.7 -> ^7.2.6
vue (source)	^3.5.22 -> ^3.5.25

---

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v7.4.0

Compare Source

   🚀 Features

• baseline:
  • Custom ignoreFeatures  -  by @​sxzz (d0b1f)
  • Expose options  -  by @​sxzz (9932e)

    View changes on GitHub

v7.3.2

Compare Source

   🐞 Bug Fixes

• Baseline order  -  by @​sxzz (2fd87)

    View changes on GitHub

v7.3.1

Compare Source

   🐞 Bug Fixes

• Disable baseline in markdown  -  by @​sxzz (e4899)

    View changes on GitHub

v7.3.0

Compare Source

   🚀 Features

• Add baseline plugin  -  by @​sxzz (e9e51)

    View changes on GitHub

v7.2.10

Compare Source

   🚀 Features

• Sort overrides  -  by @​sxzz (6a452)

    View changes on GitHub

v7.2.9

Compare Source

   🐞 Bug Fixes

• Sort all pnpm workspace fields  -  by @​sxzz (4fed2)

    View changes on GitHub

v7.2.8

Compare Source

No significant changes

    View changes on GitHub

v7.2.7

Compare Source

No significant changes

    View changes on GitHub

v7.2.6

Compare Source

   🐞 Bug Fixes

• Allow return in computed  -  by @​sxzz (f724b)

    View changes on GitHub

sxzz/prettier-config (@​sxzz/prettier-config)

v2.2.6

Compare Source

   🐞 Bug Fixes

• Upgrade oxc plugin  -  by @​sxzz (05d2c)

    View changes on GitHub

v2.2.5

Compare Source

No significant changes

    View changes on GitHub

sxzz/test-utils (@​sxzz/test-utils)

v0.5.13

Compare Source

   🚀 Features

• Add createVueProgram  -  by @​sxzz (c6554)

    View changes on GitHub

v0.5.12

Compare Source

   🚀 Features

• Support vitest v4  -  by @​sxzz (ccc4b)

   🐞 Bug Fixes

• Support string cwd only  -  by @​sxzz (e315e)

    View changes on GitHub

antfu-collective/bumpp (bumpp)

v10.3.2

Compare Source

   🐞 Bug Fixes

• Resolve the options in config file correctly  -  by @​liangmiQwQ in #​101 (f5887)

    View changes on GitHub

v10.3.1

Compare Source

No significant changes

    View changes on GitHub

v10.3.0

Compare Source

   🚀 Features

• Support --release for release type  -  by @​luoling8192 in #​97 (5af7b)

    View changes on GitHub

eslint/eslint (eslint)

v9.39.1

Compare Source

v9.39.0

Compare Source

v9.38.0

Compare Source

Features

• ce40f74 feat: update complexity rule to only highlight function header (#​20048) (Atul Nair)
• e37e590 feat: correct no-loss-of-precision false positives with e notation (#​20187) (Francesco Trotta)

Bug Fixes

• 50c3dfd fix: improve type support for isolated dependencies in pnpm (#​20201) (Francesco Trotta)
• a1f06a3 fix: correct SourceCode typings (#​20114) (Pixel998)

Documentation

• 462675a docs: improve web accessibility by hiding non-semantic character (#​20205) (루밀LuMir)
• c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#​20203) (루밀LuMir)
• b39e71a docs: Update README (GitHub Actions Bot)
• cd39983 docs: move custom-formatters type descriptions to nodejs-api (#​20190) (Percy Ma)

Chores

• d17c795 chore: upgrade @​eslint/js@​9.38.0 (#​20221) (Milos Djermanovic)
• 25d0e33 chore: package.json update for @​eslint/js release (Jenkins)
• c82b5ef refactor: Use types from @​eslint/core (#​20168) (Nicholas C. Zakas)
• ff31609 ci: add Node.js 25 to ci.yml (#​20220) (루밀LuMir)
• 004577e ci: bump github/codeql-action from 3 to 4 (#​20211) (dependabot[bot])
• eac71fb test: remove use of nodejsScope option of eslint-scope from tests (#​20206) (Milos Djermanovic)
• 4168a18 chore: fix typo in legacy-eslint.js (#​20202) (Sweta Tanwar)
• 205dbd2 chore: fix typos (#​20200) (ntnyq)
• dbb200e chore: use team member's username when name is not available in data (#​20194) (Milos Djermanovic)
• 8962089 chore: mark deprecated rules as available until v11.0.0 (#​20184) (Pixel998)

v9.37.0

Compare Source

Features

• 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#​20163) (Pixel998)
• f81eabc feat: support TS syntax in no-restricted-imports (#​19562) (Nitin Kumar)

Bug Fixes

• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#​20164) (Francesco Trotta)
• 09e04fc fix: add missing AST token types (#​20172) (Pixel998)
• 861c6da fix: correct ESLint typings (#​20122) (Pixel998)

Documentation

• b950359 docs: fix typos across the docs (#​20182) (루밀LuMir)
• 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#​20181) (Percy Ma)
• 29ea092 docs: Update README (GitHub Actions Bot)
• 5c97a04 docs: show availableUntil in deprecated rule banner (#​20170) (Pixel998)
• 90a71bf docs: update README files to add badge and instructions (#​20115) (루밀LuMir)
• 1603ae1 docs: update references from master to main (#​20153) (루밀LuMir)

Chores

• afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#​20183) (Francesco Trotta)
• abee4ca chore: package.json update for @​eslint/js release (Jenkins)
• fc9381f chore: fix typos in comments (#​20175) (overlookmotel)
• e1574a2 chore: unpin jiti (#​20173) (renovate[bot])
• e1ac05e refactor: mark ESLint.findConfigFile() as async, add missing docs (#​20157) (Pixel998)
• 347906d chore: update eslint (#​20149) (renovate[bot])
• 0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#​20146) (Milos Djermanovic)
• bb99566 ci: pin jiti to version 2.5.1 (#​20151) (Pixel998)
• 177f669 perf: improve worker count calculation for "auto" concurrency (#​20067) (Francesco Trotta)
• 448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#​20144) (Milos Djermanovic)

parcel-bundler/lightningcss (lightningcss)

v1.30.2

Compare Source

Fixes

• Fix installing on android
• Don't warn on ::grammar-error and ::spelling-error selectors
• Update browser compat data

Rust crate changes

• Bump browserslist-rs to 0.19.0
• migrate to maintained library instead of deprecated paste
• Use serde-content instead of private serde types

Rich-Harris/magic-string (magic-string)

v0.30.21

Compare Source

pnpm/pnpm (pnpm)

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:is-odd@3.0.1) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - chokidar@4.0.3
    - webpack@4.47.0 || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

v10.20.0

Compare Source

Minor Changes

• Support --all option in pnpm --help to list all commands #​8628.

Patch Changes

• When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #​10100.
• create command should not verify patch info.
• Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #​10063.

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  onlyBuiltDependencies:
    - nx@21.6.4 || 21.6.5
    - esbuild@0.25.1

  Related PR: #​10104.

• Added support for exact versions in minimumReleaseAgeExclude #​9985.

  You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - nx@21.6.5
    - webpack@4.47.0 || 5.102.1

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #​8748.
• pnpm dlx should not fail when minimumReleaseAge is set #​10037.

prettier/prettier (prettier)

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

rollup/rollup (rollup)

v4.53.3

Compare Source

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#​6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#​6183)

Pull Requests

• #​6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #​6174: Re-enable TypeScript test (@​lukastaegert)
• #​6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #​6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

v4.53.2

Compare Source

2025-11-10

Bug Fixes

• Do not throw when using invalid escape sequences in template literals (#​6177)

Pull Requests

• #​6177: handle TemplateElement with null cooked value (@​TrickyPi)

v4.53.1

Compare Source

2025-11-07

Bug Fixes

• Fix install script (#​6172)

Pull Requests

• #​6172: fix: move patch-package from postinstall to prepare script (@​mshima)

v4.53.0

Compare Source

2025-11-07

Features

• Improve rendering performance by caching generated variable names (#​5947)

Pull Requests

• #​5947: refactor: store safe variable names in cache for subsequent usage (@​Aslemammad, @​lukastaegert, @​Service account user)
• #​6149: chore(deps): update dependency vite to v7.1.11 [security] (@​renovate[bot], @​Service account user)
• #​6151: fix(deps): update swc monorepo (major) (@​renovate[bot], @​Service account user)
• #​6152: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #​6153: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #​6155: Fix tests: Do not swallow warnings for multi-format tests (@​lukastaegert, @​Service account user)
• #​6159: chore(deps): update dependency eslint-plugin-unicorn to v62 (@​renovate[bot])
• #​6160: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #​6161: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6164: chore(deps): update dependency @​rollup/plugin-alias to v6 (@​renovate[bot])
• #​6165: chore(deps): update dependency @​rollup/plugin-commonjs to v29 (@​renovate[bot])
• #​6166: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6167: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

v4.52.5

Compare Source

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#​6144)

Pull Requests

• #​6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #​6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #​6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6143: chore: eslint enable concurrency option (@​btea)
• #​6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #​6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

v4.52.4

Compare Source

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#​6133)

Pull Requests

• #​6128: Enable npm OIDC publishing (@​lukastaegert)
• #​6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #​6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

v4.52.3

Compare Source

2025-09-27

Bug Fixes

• Fix check in native loader for environments that do not support reports (#​6123)

Pull Requests

• #​6123: fix(native-loader): safely handle report.getReport() on Termux/Android (@​Jobians, @​lukastaegert)
• #​6124: chore(deps): pin msys2/setup-msys2 action to fb197b7 (@​renovate[bot])
• #​6125: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6126: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

rolldown/tsdown (tsdown)

v0.16.8

Compare Source

   🚀 Features

• Up

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.