fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@rollup/pluginutils (source)	^5.1.0 -> ^5.1.3
@sxzz/eslint-config	^4.1.0 -> ^4.4.0
@types/node (source)	^20.14.10 -> ^20.17.2
bumpp	^9.4.1 -> ^9.8.0
esbuild	^0.23.0 -> ^0.24.0
eslint (source)	^9.7.0 -> ^9.13.0
pnpm (source)	9.5.0 -> 9.12.3
rollup (source)	^4.18.1 -> ^4.24.2
tsup (source)	^8.1.0 -> ^8.3.5
tsx (source)	^4.16.2 -> ^4.19.2
typescript (source)	^5.5.3 -> ^5.6.3
unplugin	^1.11.0 -> ^1.15.0
vite (source)	^5.3.4 -> ^5.4.10
vitest (source)	^2.0.3 -> ^2.1.4

---

Release Notes

rollup/plugins (@​rollup/pluginutils)

v5.1.3

2024-10-23

Bugfixes

• fix: upgrade picomatch (#​1796)

v5.1.2

2024-09-23

Bugfixes

• fix: optimize createFilter and normalizePath (#​1750)

v5.1.1

2024-09-22

Bugfixes

• fix: improve regex performance (#​1753)

sxzz/eslint-config (@​sxzz/eslint-config)

v4.4.0

Compare Source

   🚀 Features

• Enable unicorn consistent-existence-index-check & prefer-math-min-max  -  by @​sxzz (21c73)

   🐞 Bug Fixes

• Allow console info&clear  -  by @​sxzz (013e5)
• deps: Update dependency eslint-plugin-unicorn to v56  -  in https://github.com/sxzz/eslint-config/issues/108 (4b2bc)

    View changes on GitHub

v4.3.0

Compare Source

   🚀 Features

• Upgrade comments eslint plugin  -  by @​sxzz (a13a4)

    View changes on GitHub

v4.2.1

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/105 (d6288)
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/106 (4e9bd)

    View changes on GitHub

v4.2.0

Compare Source

   🚀 Features

• Enable sxzz/prefer-string-function  -  by @​sxzz (d6264)

    View changes on GitHub

v4.1.6

Compare Source

No significant changes

    View changes on GitHub

v4.1.5

Compare Source

   🐞 Bug Fixes

• Upgrade deps, fix import @eslint/markdown  -  by @​sxzz (36683)

    View changes on GitHub

v4.1.4

Compare Source

No significant changes

    View changes on GitHub

v4.1.3

Compare Source

   🐞 Bug Fixes

• Disable unicorn/consistent-function-scoping for unit test files of typescript  -  by @​sxzz (47090)

    View changes on GitHub

v4.1.2

Compare Source

   🐞 Bug Fixes

• Disable unicorn/consistent-function-scoping for unit test files  -  by @​sxzz (f7d3c)

    View changes on GitHub

v4.1.1

Compare Source

   🐞 Bug Fixes

• Skip arrow function for consistent-function-scoping  -  by @​sxzz (ff38c)

    View changes on GitHub

antfu/bumpp (bumpp)

v9.8.0

Compare Source

   🚀 Features

• Execute could receive a function  -  by @​s3xysteak in https://github.com/antfu-collective/bumpp/issues/54 (e05fa)

    View changes on GitHub

v9.7.1

Compare Source

   🐞 Bug Fixes

• Remove debug console log  -  by @​antfu (b207d)

    View changes on GitHub

v9.7.0

Compare Source

   🚀 Features

• Ignore manifest files without version property  -  by @​nekomeowww in https://github.com/antfu-collective/bumpp/issues/49 (24c49)
• Check git status before bump if option.all is falsy  -  by @​litingyes in https://github.com/antfu-collective/bumpp/issues/44 (5f781)
• cli: Support signing git commits and tags  -  by @​nekomeowww in https://github.com/antfu-collective/bumpp/issues/47 (312cf)

    View changes on GitHub

v9.6.1

Compare Source

   🚀 Features

• Improve commit printing  -  by @​antfu (aaad5)

    View changes on GitHub

v9.6.0

Compare Source

   🚀 Features

• Print recent commits since last tag  -  by @​antfu (0e377)

   🐞 Bug Fixes

• The recursive option is not working in the bump.config.ts file  -  by @​gz65555 in https://github.com/antfu-collective/bumpp/issues/42 (4fda6)
• Improve printed commit messages  -  by @​antfu (2e634)

    View changes on GitHub

v9.5.2

Compare Source

   🐞 Bug Fixes

• Check file exists before update  -  by @​ryoppippi in https://github.com/antfu-collective/bumpp/issues/40 (cf526)

    View changes on GitHub

v9.5.1

Compare Source

   🚀 Features

• Read deno.jsonc for version check  -  by @​ryoppippi in https://github.com/antfu-collective/bumpp/issues/39 (6f4cb)

    View changes on GitHub

v9.5.0

Compare Source

v9.4.2

Compare Source

evanw/esbuild (esbuild)

v0.24.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.23.0 or ~0.23.0. See npm's documentation about semver for more information.

• Drop support for older platforms (#​3902)

  This release drops support for the following operating system:

  • macOS 10.15 Catalina

  This is because the Go programming language dropped support for this operating system version in Go 1.23, and this release updates esbuild from Go 1.22 to Go 1.23. Go 1.23 now requires macOS 11 Big Sur or later.

  Note that this only affects the binary esbuild executables that are published to the esbuild npm package. It's still possible to compile esbuild's source code for these older operating systems. If you need to, you can compile esbuild for yourself using an older version of the Go compiler (before Go version 1.23). That might look something like this:

  git clone https://github.com/evanw/esbuild.git
  cd esbuild
  go build ./cmd/esbuild
  ./esbuild --version
  

• Fix class field decorators in TypeScript if useDefineForClassFields is false (#​3913)

  Setting the useDefineForClassFields flag to false in tsconfig.json means class fields use the legacy TypeScript behavior instead of the standard JavaScript behavior. Specifically they use assign semantics instead of define semantics (e.g. setters are triggered) and fields without an initializer are not initialized at all. However, when this legacy behavior is combined with standard JavaScript decorators, TypeScript switches to always initializing all fields, even those without initializers. Previously esbuild incorrectly continued to omit field initializers for this edge case. These field initializers in this case should now be emitted starting with this release.

• Avoid incorrect cycle warning with tsconfig.json multiple inheritance (#​3898)

  TypeScript 5.0 introduced multiple inheritance for tsconfig.json files where extends can be an array of file paths. Previously esbuild would incorrectly treat files encountered more than once when processing separate subtrees of the multiple inheritance hierarchy as an inheritance cycle. With this release, tsconfig.json files containing this edge case should work correctly without generating a warning.

• Handle Yarn Plug'n'Play stack overflow with tsconfig.json (#​3915)

  Previously a tsconfig.json file that extends another file in a package with an exports map could cause a stack overflow when Yarn's Plug'n'Play resolution was active. This edge case should work now starting with this release.

• Work around more issues with Deno 1.31+ (#​3917)

  This version of Deno broke the stdin and stdout properties on command objects for inherited streams, which matters when you run esbuild's Deno module as the entry point (i.e. when import.meta.main is true). Previously esbuild would crash in Deno 1.31+ if you ran esbuild like that. This should be fixed starting with this release.

  This fix was contributed by @​Joshix-1.

v0.23.1

Compare Source

• Allow using the node: import prefix with es* targets (#​3821)

  The node: prefix on imports is an alternate way to import built-in node modules. For example, import fs from "fs" can also be written import fs from "node:fs". This only works with certain newer versions of node, so esbuild removes it when you target older versions of node such as with --target=node14 so that your code still works. With the way esbuild's platform-specific feature compatibility table works, this was added by saying that only newer versions of node support this feature. However, that means that a target such as --target=node18,es2022 removes the node: prefix because none of the es* targets are known to support this feature. This release adds the support for the node: flag to esbuild's internal compatibility table for es* to allow you to use compound targets like this:

  // Original code
  import fs from 'node:fs'
  fs.open
  
  // Old output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "fs";
  fs.open;
  
  // New output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "node:fs";
  fs.open;

• Fix a panic when using the CLI with invalid build flags if --analyze is present (#​3834)

  Previously esbuild's CLI could crash if it was invoked with flags that aren't valid for a "build" API call and the --analyze flag is present. This was caused by esbuild's internals attempting to add a Go plugin (which is how --analyze is implemented) to a null build object. The panic has been fixed in this release.

• Fix incorrect location of certain error messages (#​3845)

  This release fixes a regression that caused certain errors relating to variable declarations to be reported at an incorrect location. The regression was introduced in version 0.18.7 of esbuild.

• Print comments before case clauses in switch statements (#​3838)

  With this release, esbuild will attempt to print comments that come before case clauses in switch statements. This is similar to what esbuild already does for comments inside of certain types of expressions. Note that these types of comments are not printed if minification is enabled (specifically whitespace minification).

• Fix a memory leak with pluginData (#​3825)

  With this release, the build context's internal pluginData cache will now be cleared when starting a new build. This should fix a leak of memory from plugins that return pluginData objects from onResolve and/or onLoad callbacks.

eslint/eslint (eslint)

v9.13.0

Compare Source

v9.12.0

Compare Source

Features

• 5a6a053 feat: update to jiti v2 (#​18954) (Arya Emami)
• 17a07fb feat: Hooks for test cases (RuleTester) (#​18771) (Anna Bocharova)
• 2ff0e51 feat: Implement alternate config lookup (#​18742) (Nicholas C. Zakas)
• 2d17453 feat: Implement modified cyclomatic complexity (#​18896) (Dmitry Pashkevich)

Bug Fixes

• ea380ca fix: Upgrade retry to avoid EMFILE errors (#​18986) (Nicholas C. Zakas)
• fdd6319 fix: Issues with type definitions (#​18940) (Arya Emami)

Documentation

• ecbd522 docs: Mention code explorer (#​18978) (Nicholas C. Zakas)
• 7ea4ecc docs: Clarifying the Use of Meta Objects (#​18697) (Amaresh S M)
• d3e4b2e docs: Clarify how to exclude .js files (#​18976) (Milos Djermanovic)
• 57232ff docs: Mention plugin-kit in language docs (#​18973) (Nicholas C. Zakas)
• b80ed00 docs: Update README (GitHub Actions Bot)
• cb69ab3 docs: Update README (GitHub Actions Bot)
• 7fb0d95 docs: Update README (GitHub Actions Bot)
• 493348a docs: Update README (GitHub Actions Bot)
• 87a582c docs: fix typo in id-match rule (#​18944) (Jay)

Chores

• 555aafd chore: upgrade to @eslint/[email protected] (#​18987) (Francesco Trotta)
• 873ae60 chore: package.json update for @​eslint/js release (Jenkins)
• d0a5414 refactor: replace strip-ansi with native module (#​18982) (Cristopher)
• b827029 chore: Enable JSON5 linting (#​18979) (Milos Djermanovic)
• 8f55ca2 chore: Upgrade espree, eslint-visitor-keys, eslint-scope (#​18962) (Nicholas C. Zakas)
• c1a2725 chore: update dependency mocha to ^10.7.3 (#​18945) (Milos Djermanovic)

v9.11.1

Compare Source

v9.11.0

Compare Source

Features

• ec30c73 feat: add "eslint/universal" to export Linter (#​18883) (唯然)
• c591da6 feat: Add language to types (#​18917) (Nicholas C. Zakas)
• 492eb8f feat: limit the name given to ImportSpecifier in id-length (#​18861) (Tanuj Kanti)
• 19c6856 feat: Add no-useless-constructor suggestion (#​18799) (Jordan Thomson)
• a48f8c2 feat: add type FormatterFunction, update LoadedFormatter (#​18872) (Francesco Trotta)

Bug Fixes

• 5e5f39b fix: add missing types for no-restricted-exports rule (#​18914) (Kristóf Poduszló)
• 8f630eb fix: add missing types for no-param-reassign options (#​18906) (Kristóf Poduszló)
• d715781 fix: add missing types for no-extra-boolean-cast options (#​18902) (Kristóf Poduszló)
• 2de5742 fix: add missing types for no-misleading-character-class options (#​18905) (Kristóf Poduszló)
• c153084 fix: add missing types for no-implicit-coercion options (#​18903) (Kristóf Poduszló)
• fa11b2e fix: add missing types for no-empty-function options (#​18901) (Kristóf Poduszló)
• a0deed1 fix: add missing types for camelcase options (#​18897) (Kristóf Poduszló)

Documentation

• e4e5709 docs: correct prefer-object-has-own type definition comment (#​18924) (Nitin Kumar)
• 91cbd18 docs: add unicode abbreviations in no-irregular-whitespace rule (#​18894) (Alix Royere)
• 59cfc0f docs: clarify resultsMeta in LoadedFormatter type (#​18881) (Milos Djermanovic)
• adcc50d docs: Update README (GitHub Actions Bot)
• 4edac1a docs: Update README (GitHub Actions Bot)

Build Related

• 959d360 build: Support updates to previous major versions (#​18871) (Milos Djermanovic)

Chores

• ca21a64 chore: upgrade @​eslint/js@​9.11.0 (#​18927) (Milos Djermanovic)
• a10f90a chore: package.json update for @​eslint/js release (Jenkins)
• e4e02cc refactor: Extract processor logic into ProcessorService (#​18818) (Nicholas C. Zakas)
• 6d4484d chore: updates for v8.57.1 release (Jenkins)
• 71f37c5 refactor: use optional chaining when validating config rules (#​18893) (lucasrmendonca)
• 2c2805f chore: Add PR note to all templates (#​18892) (Nicholas C. Zakas)
• 7b852ce refactor: use Directive class from @eslint/plugin-kit (#​18884) (Milos Djermanovic)
• d594ddd chore: update dependency @​eslint/core to ^0.6.0 (#​18863) (renovate[bot])
• 78b2421 chore: Update change.yml (#​18882) (Nicholas C. Zakas)
• a416f0a chore: enable $ExpectType comments in .ts files (#​18869) (Francesco Trotta)

v9.10.0

Compare Source

v9.9.1

Compare Source

v9.9.0

Compare Source

Features

• 41d0206 feat: Add support for TS config files (#​18134) (Arya Emami)
• 3a4eaf9 feat: add suggestion to require-await to remove async keyword (#​18716) (Dave)

Documentation

• 9fe068c docs: how to author plugins with configs that extend other configs (#​18753) (Alec Gibson)
• 48117b2 docs: add version support page in the side navbar (#​18738) (Amaresh S M)
• fec2951 docs: add version support page to the dropdown (#​18730) (Amaresh S M)
• 38a0661 docs: Fix typo (#​18735) (Zaina Al Habash)
• 3c32a9e docs: Update yarn command for creating ESLint config (#​18739) (Temitope Ogunleye)
• f9ac978 docs: Update README (GitHub Actions Bot)

Chores

• 461b2c3 chore: upgrade to @eslint/[email protected] (#​18765) (Francesco Trotta)
• 59dba1b chore: package.json update for @​eslint/js release (Jenkins)
• fea8563 chore: update dependency @​eslint/core to ^0.3.0 (#​18724) (renovate[bot])
• aac191e chore: update dependency @​eslint/json to ^0.3.0 (#​18760) (renovate[bot])
• b97fa05 chore: update wdio dependencies for more stable tests (#​18759) (Christian Bromann)

v9.8.0

Compare Source

pnpm/pnpm (pnpm)

v9.12.3

Compare Source

Patch Changes

• Don't purge node_modules, when typing "n" in the prompt that asks whether to remove node_modules before installation #​8655.
• Fix a bug causing pnpm to infinitely spawn itself when manage-package-manager-versions=true is set and the .tools directory is corrupt.
• Use crypto.hash, when available, for improved performance #​8629.
• Fixed a race condition in temporary file creation in the store by including worker thread ID in filename. Previously, multiple worker threads could attempt to use the same temporary file. Temporary files now include both process ID and thread ID for uniqueness #​8703.
• All commands should read settings from the package.json at the root of the workspace #​8667.
• When manage-package-manager-versions is set to true, errors spawning a self-managed version of pnpm will now be shown (instead of being silent).
• Pass the find command to npm, it is an alias for npm search

v9.12.2

Compare Source

Patch Changes

• When checking whether a file in the store has executable permissions, the new approach checks if at least one of the executable bits (owner, group, and others) is set to 1. Previously, a file was incorrectly considered executable only when all the executable bits were set to 1. This fix ensures that files with any executable permission, regardless of the user class, are now correctly identified as executable #​8546.

v9.12.1

Compare Source

Patch Changes

• pnpm update --latest should not update the automatically installed peer dependencies #​6657.
• pnpm publish should be able to publish from a local tarball #​7950.
• The pnpx command should work correctly on Windows, when pnpm is installed via the standalone installation script #​8608.
• Prevent EBUSY errors caused by creating symlinks in parallel dlx processes #​8604.
• Fix maximum call stack size exceeded error related to circular workspace dependencies #​8599.

v9.12.0

Compare Source

Minor Changes

• Fix peer dependency resolution dead lock #​8570. This change might change some of the keys in the snapshots field inside pnpm-lock.yaml but it should happen very rarely.

• pnpm outdated command supports now a --sort-by=name option for sorting outdated dependencies by package name #​8523.

• Added the ability for overrides to remove dependencies by specifying "-" as the field value #​8572. For example, to remove lodash from the dependencies, use this configuration in package.json:

  {
    "pnpm": {
      "overrides": {
        "lodash": "-"
      }
    }
  }

Patch Changes

• Fixed an issue where pnpm list --json pkg showed "private": false for a private package #​8519.
• Packages with libc that differ from pnpm.supportedArchitectures.libc are not downloaded #​7362.
• Prevent ENOENT errors caused by running store prune in parallel #​8586.
• Add issues alias to pnpm bugs #​8596.

v9.11.0

Compare Source

Minor Changes

• Experimental: added pnpm cache commands for inspecting the metadata cache #​8512.

Patch Changes

• Fix a regression in which pnpm deploy with node-linker=hoisted produces an empty node_modules directory #​6682.
• Don't print a warning when linking packages globally #​4761.
• pnpm deploy should work in workspace with shared-workspace-lockfile=false #​8475.

v9.10.0

Compare Source

Minor Changes

• Support for a new CLI flag, --exclude-peers, added to the list and why commands. When --exclude-peers is used, peer dependencies are not printed in the results, but dependencies of peer dependencies are still scanned #​8506.

• Added a new setting to package.json at pnpm.auditConfig.ignoreGhsas for ignoring vulnerabilities by their GHSA code #​6838.

  For instance:

  {
    "pnpm": {
      "auditConfig": {
        "ignoreGhsas": [
          "GHSA-42xw-2xvc-qx8m",
          "GHSA-4w2v-q235-vp99",
          "GHSA-cph5-m8f7-6c5x",
          "GHSA-vh95-rmgr-6w4m"
        ]
      }
    }
  }

Patch Changes

• Throw an exception if pnpm switches to the same version of itself.
• Reduce memory usage during peer dependencies resolution.

v9.9.0

Compare Source

Minor Changes

• Minor breaking change. This change might result in resolving your peer dependencies slightly differently but we don't expect it to introduce issues.

  We had to optimize how we resolve peer dependencies in order to fix some infinite loops and out-of-memory errors during peer dependencies resolution.

  When a peer dependency is a prod dependency somewhere in the dependency graph (with the same version), pnpm will resolve the peers of that peer dependency in the same way across the subgraph.

  For example, we have react-dom in the peer deps of the form and button packages. card has react-dom and react as regular dependencies and card is a dependency of form.

  These are the direct dependencies of our example project:

  form
  react@16
  react-dom@16
  

  These are the dependencies of card:

  button
  react@17
  react-dom@16
  

  When resolving peers, pnpm will not re-resolve react-dom for card, even though card shadows react@16 from the root with react@17. So, all 3 packages (form, card, and button) will use react-dom@16, which in turn uses react@16. form will use react@16, while card and button will use react@17.

  Before this optimization react-dom@16 was duplicated for the card, so that card and button would use a react-dom@16 instance that uses react@17.

  Before the change:

  form
  -> react-dom@16(react@16)
  -> react@16
  card
  -> react-dom@16(react@17)
  -> react@17
  button
  -> react-dom@16(react@17)
  -> react@17
  

  After the change

  form
  -> react-dom@16(react@16)
  -> react@16
  card
  -> react-dom@16(react@16)
  -> react@17
  button
  -> react-dom@16(react@16)
  -> react@17
  

Patch Changes

• pnpm deploy should write the node_modules/.modules.yaml to the node_modules directory within the deploy directory #​7731.
• Don't override a symlink in node_modules if it already points to the right location pnpm/symlink-dir#54.

v9.8.0

Compare Source

Minor Changes

• Added a new command for upgrading pnpm itself when it isn't managed by Corepack: pnpm self-update. This command will work, when pnpm was installed via the standalone script from the pnpm installation page #​8424.

  When executed in a project that has a packageManager field in its package.json file, pnpm will update its version in the packageManager field.

Patch Changes

• CLI tools installed in the root of the workspace should be added to the PATH, when running scripts and use-node-version is set.

• pnpm setup should never switch to another version of pnpm.

  This fixes installation with the standalone script from a directory that has a package.json with the packageManager field. pnpm was installing the version of pnpm specified in the packageManager field due to this issue.

• Ignore non-string value in the os, cpu, libc fields, which checking optional dependencies #​8431.

• Remember the state of edit dir, allow running pnpm patch-commit the second time without having to re-run pnpm patch.

v9.7.1

Compare Source

Patch Changes

• Fixed passing public-hoist-pattern and hoist-pattern via env variables #​8339.
• pnpm setup no longer creates Batch/Powershell scripts on Linux and macOS #​8418.
• When dlx uses cache, use the real directory path not the symlink to the cache #​8421.
• pnpm exec now supports executionEnv #​8356.
• Remove warnings for non-root pnpm field, add warnings for non-root pnpm subfields that aren't executionEnv #​8143.
• Replace semver in "peerDependency" with workspace protocol #​8355.
• Fix a bug in patch-commit in which relative path is rejected #​8405.
• Update Node.js in @pnpm/exe to v20.

v9.7.0

Compare Source

Minor Changes

• Added pnpm version management to pnpm. If the manage-package-manager-versions setting is set to true, pnpm will switch to the version specified in the packageManager field of package.json #​8363. This is the same field used by Corepack. Example:

  {
    "packageManager": "[email protected]"
  }

• Added the ability to apply patch to all versions:
  If the key of pnpm.patchedDependencies is a package name without a version (e.g. pkg), pnpm will attempt to apply the patch to all versions of
  the package. Failures will be skipped.
  If it is a package name and an exact version (e.g. [email protected]), pnpm will attempt to apply the patch to that exact version only. Failures will
  cause pnpm to fail.

  If there's only one version of

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.