chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/eslint-config	^6.2.0 → ^6.7.3
@sxzz/prettier-config	^2.2.6 → ^2.3.1
@tsconfig/node24 (source)	^24.0.0 → ^24.0.4
@types/node (source)	^24.10.1 → ^24.11.0
@vue/tsconfig	^0.8.1 → ^0.9.0
bumpp	^10.3.2 → ^10.4.1
eslint (source)	^9.39.1 → ^9.39.3
happy-dom	^20.0.11 → ^20.8.3
lint-staged	^16.2.7 → ^16.3.2
pnpm (source)	10.24.0 → 10.30.3
prettier (source)	^3.7.3 → ^3.8.1
tsdown (source)	^0.16.8 → ^0.20.3
vitest (source)	^4.0.14 → ^4.0.18
vue (source)	^3.5.25 → ^3.5.29
vue-router (source)	^5.0.2 → ^5.0.3

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v6.7.3

Compare Source

   🐞 Bug Fixes

• pnpm: Remove catalogMode in the enforced settings  -  by @​antfu (4fc09)

    View changes on GitHub

v6.7.2

Compare Source

   🐞 Bug Fixes

• Update react rules to match eslint-react v2  -  by @​Rel1cx in #​795 (6b425)
• pnpm: Add ignore for @​types/vscode in json-enforce-catalog  -  by @​jinghaihan in #​794 (95685)

    View changes on GitHub

v6.7.1

Compare Source

   🐞 Bug Fixes

• pnpm: Do not set catalogMode when catalogs is not enabled  -  by @​antfu (0471e)

    View changes on GitHub

v6.7.0

Compare Source

   🚀 Features

• Add more options to toggle configs  -  by @​antfu (203b8)

   🐞 Bug Fixes

• pnpm: Respect yaml and jsonc config in the factory, close #​791  -  by @​antfu in #​791 (3e0c5)

    View changes on GitHub

v6.6.1

Compare Source

   🐞 Bug Fixes

• pnpm: Detection  -  by @​antfu (e649f)

    View changes on GitHub

v6.6.0

Compare Source

   🐞 Bug Fixes

• pnpm: Enforce catalog usage based on smart detection  -  by @​antfu (654c0)

    View changes on GitHub

v6.5.1

Compare Source

   🐞 Bug Fixes

• Adopt to tsdown extension change, close #​786, close #​787  -  by @​antfu in #​786 and #​787 (c16d3)

    View changes on GitHub

v6.5.0

Compare Source

   🚀 Features

• react: React compiler preset  -  by @​hyoban in #​784 (663e0)

   🐞 Bug Fixes

• Spelling of required-scrpts  -  by @​christopher-buss in #​785 (26185)
• pnpm: Remove cleanupUnusedCatalogs setting  -  by @​antfu (f712a)

    View changes on GitHub

v6.4.2

Compare Source

   🐞 Bug Fixes

• pnpm: Move pnpm-workspace.yaml sorting config from yaml to pnpm  -  by @​antfu (fc2b1)

    View changes on GitHub

v6.4.1

Compare Source

No significant changes

    View changes on GitHub

v6.3.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (2d2b6)

   🐞 Bug Fixes

• Ts error from cb29b1a  -  by @​daflyinbed in #​782 (b4e49)

    View changes on GitHub

sxzz/prettier-config (@​sxzz/prettier-config)

v2.3.1

Compare Source

   🐞 Bug Fixes

• Missing dist  -  by @​sxzz (e1152)

    View changes on GitHub

v2.3.0

Compare Source

No significant changes

    View changes on GitHub

v2.2.7

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in #​83 (4484b)
  • Update all non-major dependencies  -  in #​84 (1a098)

    View changes on GitHub

tsconfig/bases (@​tsconfig/node24)

v24.0.4

Compare Source

vuejs/tsconfig (@​vue/tsconfig)

v0.9.0

Compare Source

Noticeable Changes

• feat: update lib to ES2022 by @​Slessi in #​41
• chore: move noUncheckedIndexedAccess from base config to the lib config [fa4423b]
  • This is because noUncheckedIndexedAccess may have false positives, making it hard for existing codebases to upgrade.
  • But for new codebases, it’s still recommended to enable this flag from the beginning.

New Contributors

• @​Slessi made their first contribution in #​41

Full Changelog: vuejs/tsconfig@v0.8.1...v0.9.0

antfu-collective/bumpp (bumpp)

v10.4.1

Compare Source

   🚀 Features

• Add custom path to config  -  by @​OskarLebuda in #​107 (0f2e4)

    View changes on GitHub

v10.4.0

Compare Source

No significant changes

    View changes on GitHub

eslint/eslint (eslint)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

v9.39.2

Compare Source

capricorn86/happy-dom (happy-dom)

v20.8.3

Compare Source

👷‍♂️ Patch fixes

• Throw error if event is not of type Event in dispatchEvent - By @​capricorn86 in task #​2054

v20.8.2

Compare Source

👷‍♂️ Patch fixes

• Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @​capricorn86 in task #​2090

v20.8.1

Compare Source

👷‍♂️ Patch fixes

• Make "inert" attribute block focus interactions - By @​coffeeandwork in task #​1422

v20.8.0

Compare Source

v20.7.2

Compare Source

👷‍♂️ Patch fixes

• Properly decode CSS escape sequences in attribute selector values - By @​silverwind

v20.7.1

Compare Source

v20.7.0

Compare Source

🎨 Features

• Adds support for Window.getScreenDetails() - By @​TrevorBurnham in task #​1923
• Extends Screen from EventTarget - By @​TrevorBurnham in task #​1923

v20.6.5

Compare Source

👷‍♂️ Patch fixes

• Add clearImmediate to Jest environment global scope - By @​TrevorBurnham in task #​1927

v20.6.4

Compare Source

👷‍♂️ Patch fixes

• Normalize invalid input type attribute to "text" per HTML spec - By @​atzzCokeK in task #​2053

v20.6.3

Compare Source

👷‍♂️ Patch fixes

• Refactors query selector parser to be able to handle complex rules - By @​capricorn86 in task #​1910
• Fixes issue related to using query selector for attribute in XML document - By @​capricorn86 in task #​1912
• Fixes issue with using quotes within quotes for attribute query selector (e.g. [data-value="it's a test"]) - By @​capricorn86 in task #​2034

v20.6.2

Compare Source

👷‍♂️ Patch fixes

• Update entities package version to resolve missing export for vue and vue-compat v3.5 - By @​acollins1991 in task #​2066

v20.6.1

Compare Source

v20.6.0

Compare Source

v20.5.5

Compare Source

v20.5.4

Compare Source

👷‍♂️ Patch fixes

• Implement Text.wholeText property - By @​aki05162525 in task #​1959

v20.5.3

Compare Source

v20.5.2

Compare Source

v20.5.1

Compare Source

v20.5.0

Compare Source

v20.4.0

Compare Source

🎨 Features

• Adds support for caching the compiled code of EcmaScript modules - By @​capricorn86 in task #​2049
• Improves the way nodes are destroyed and garbage collected - By @​capricorn86 in task #​2049

v20.3.9

Compare Source

👷‍♂️ Patch fixes

• Accept Document nodes as valid boundary points in Selection API - By @​skoch13 in task #​1952

v20.3.8

Compare Source

👷‍♂️ Patch fixes

• The getters for the properties focusNode and focusOffset in the Selection API returned incorrect values - By @​skoch13 in task #​1850

v20.3.7

Compare Source

👷‍♂️ Patch fixes

• Updates README.md for the "@​happy-dom/server-renderer" package - By @​capricorn86 in task #​2035

v20.3.6

Compare Source

👷‍♂️ Patch fixes

• Fixes issue where it wasn't possible to toggle the "open" attribute of <details> by clicking on a child of the <summary> element - By @​Nxooah in task #​1928

v20.3.5

Compare Source

👷‍♂️ Patch fixes

• Use internal property for "location" in BrowserFrameURL to avoid mock interference - By @​marchaos in task #​1964
• Add optional chaining to the "hostname" and pathname" properties to check if they are undefined in CookieURLUtility - By @​marchaos in task #​1968

v20.3.4

Compare Source

v20.3.3

Compare Source

v20.3.2

Compare Source

v20.3.1

Compare Source

👷‍♂️ Patch fixes

• Normalizes the "format" parameter according to the HTML specification in DataTransfer.getData() - By @​marchaos in task #​1965
• Handle partial responses in XMLHttpRequest - By @​rexxars in task #​1890

v20.3.0

Compare Source

🎨 Features

• Use RegExp to convert ASCII character casing to improve performance - By @​TrevorBurnham in task #​1886

v20.2.0

Compare Source

🎨 Features

• Use Element.classList.contains() instead of splitting className in query selectors to improve performance as it's cached - By @​TrevorBurnham in task #​1884

v20.1.1

Compare Source

👷‍♂️ Patch fixes

• Fixes caching in querySelector() - By @​TrevorBurnham in task #​1882
• Avoid sort in querySelector() to improve performance - By @​TrevorBurnham in task #​1882

v20.1.0

Compare Source

🎨 Features

• Adds support for BrowserPage.evaluateModule() and BrowserFrame.evaluateModule() - By @​capricorn86 in task #​1944
• Adds support for module to the browser settings - By @​capricorn86 in task #​1944
  • This makes it possible to add a custom resolver or a node module resolver
• Adds support for dynamic import() to JavaScript evaluation - By @​capricorn86 in task #​1944
  • It was previously only supported when using type="module" on script elements
• Adds support for WebSocket - By @​capricorn86 in task #​1944
• Adds support for CloseEvent - By @​capricorn86 in task #​1944
• Adds support for render.setupScript and render.mode to the configuration in @​happy-dom/server-renderer - By @​capricorn86 in task #​1944
• Changes name from urls to renderItems in the configuration in @​happy-dom/server-renderer - By @​capricorn86 in task #​1944
• Adds support for rendering strings in @​happy-dom/server-renderer - By @​capricorn86 in task #​1944
• Makes JavaScript evaluation disabled by default in @​happy-dom/server-renderer - By @​capricorn86 in task #​1944

👷‍♂️ Patch fixes

• Several fixed to the EcmaScript module compiler (esm) - By @​capricorn86 in task #​1944
• Fixes issue where rendering using Worker's didn't work in @​happy-dom/server-renderer - By @​capricorn86 in task #​1944

lint-staged/lint-staged (lint-staged)

v16.3.2

Compare Source

Patch Changes

• #​1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Compare Source

Patch Changes

• #​1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Compare Source

Minor Changes

• #​1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #​1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #​1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

pnpm/pnpm (pnpm)

v10.30.3

Compare Source

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

config help if that's undesired. If you want to rebase/retry this PR, check this box This PR was generated by Mend Renovate. View the repository job log.