Package	Change	Age	Confidence
@sxzz/eslint-config	`^7.2.5` ->`^7.4.3`
@sxzz/prettier-config	`^2.2.4` ->`^2.2.6`
@sxzz/test-utils	`^0.5.11` ->`^0.5.15`
@types/node (source)	`^24.5.2` ->`^24.10.4`
bumpp	`^10.2.3` ->`^10.3.2`
eslint (source)	`^9.36.0` ->`^9.39.2`
lightningcss	`^1.30.1` ->`^1.30.2`
magic-string	`^0.30.19` ->`^0.30.21`
pnpm (source)	`10.17.1` ->`10.26.0`
prettier (source)	`^3.6.2` ->`^3.7.4`
rollup (source)	`^4.52.2` ->`^4.53.5`
tsdown (source)	`^0.15.4` ->`^0.18.1`
tsx (source)	`^4.20.6` ->`^4.21.0`
typescript (source)	`^5.9.2` ->`^5.9.3`
unplugin (source)	`^2.3.10` ->`^2.3.11`
vite (source)	`^7.1.7` ->`^7.3.0`
vue (source)	`^3.5.22` ->`^3.5.26`

Release Notes

sxzz/eslint-config (@sxzz/eslint-config)

`v7.4.3`

Compare Source

No significant changes

View changes on GitHub

`v7.4.2`

Compare Source

No significant changes

View changes on GitHub

`v7.4.1`

Compare Source

🐞 Bug Fixes

Re-sort package.json - by@sxzz (29b46)
Re-sort tsconfig.json - by@sxzz (d640c)
Sort exports - by@sxzz (0569f)

View changes on GitHub

`v7.4.0`

Compare Source

🚀 Features

baseline:
- CustomignoreFeatures - by@sxzz (d0b1f)
- Expose options - by@sxzz (9932e)

View changes on GitHub

`v7.3.2`

Compare Source

🐞 Bug Fixes

Baseline order - by@sxzz (2fd87)

View changes on GitHub

`v7.3.1`

Compare Source

🐞 Bug Fixes

Disable baseline in markdown - by@sxzz (e4899)

View changes on GitHub

`v7.3.0`

Compare Source

🚀 Features

Add baseline plugin - by@sxzz (e9e51)

View changes on GitHub

`v7.2.10`

Compare Source

🚀 Features

Sortoverrides - by@sxzz (6a452)

View changes on GitHub

`v7.2.9`

Compare Source

🐞 Bug Fixes

Sort all pnpm workspace fields - by@sxzz (4fed2)

View changes on GitHub

`v7.2.8`

Compare Source

No significant changes

View changes on GitHub

`v7.2.7`

Compare Source

No significant changes

View changes on GitHub

`v7.2.6`

Compare Source

🐞 Bug Fixes

Allowreturn in computed - by@sxzz (f724b)

View changes on GitHub

sxzz/prettier-config (@sxzz/prettier-config)

`v2.2.6`

Compare Source

🐞 Bug Fixes

Upgrade oxc plugin - by@sxzz (05d2c)

View changes on GitHub

`v2.2.5`

Compare Source

No significant changes

View changes on GitHub

sxzz/test-utils (@sxzz/test-utils)

`v0.5.15`

Compare Source

🐞 Bug Fixes

rolldown: Defaultchecks.pluginTimings to false - by@sxzz (77a49)

View changes on GitHub

`v0.5.14`

Compare Source

🐞 Bug Fixes

Support object input for rollup/rolldown - by@sxzz (87839)

View changes on GitHub

`v0.5.13`

Compare Source

🚀 Features

Add createVueProgram - by@sxzz (c6554)

View changes on GitHub

`v0.5.12`

Compare Source

🚀 Features

Support vitest v4 - by@sxzz (ccc4b)

🐞 Bug Fixes

Support string cwd only - by@sxzz (e315e)

View changes on GitHub

antfu-collective/bumpp (bumpp)

`v10.3.2`

Compare Source

🐞 Bug Fixes

Resolve the options in config file correctly - by@liangmiQwQ in#101 (f5887)

View changes on GitHub

`v10.3.1`

Compare Source

No significant changes

View changes on GitHub

`v10.3.0`

Compare Source

🚀 Features

Support--release for release type - by@luoling8192 in#97 (5af7b)

View changes on GitHub

eslint/eslint (eslint)

Features

ce40f74 feat: updatecomplexity rule to only highlight function header (#20048) (Atul Nair)
e37e590 feat: correctno-loss-of-precision false positives withe notation (#20187) (Francesco Trotta)

Bug Fixes

50c3dfd fix: improve type support for isolated dependencies in pnpm (#20201) (Francesco Trotta)
a1f06a3 fix: correct SourceCode typings (#20114) (Pixel998)

Documentation

462675a docs: improve web accessibility by hiding non-semantic character (#20205) (루밀LuMir)
c070e65 docs: correct formatting inno-irregular-whitespace rule documentation (#20203) (루밀LuMir)
b39e71a docs: Update README (GitHub Actions Bot)
cd39983 docs: movecustom-formatters type descriptions tonodejs-api (#20190) (Percy Ma)

Chores

d17c795 chore: upgrade@eslint/js@9.38.0 (#20221) (Milos Djermanovic)
25d0e33 chore: package.json update for@eslint/js release (Jenkins)
c82b5ef refactor: Use types from@eslint/core (#20168) (Nicholas C. Zakas)
ff31609 ci: add Node.js 25 toci.yml (#20220) (루밀LuMir)
004577e ci: bump github/codeql-action from 3 to 4 (#20211) (dependabot[bot])
eac71fb test: remove use ofnodejsScope option of eslint-scope from tests (#20206) (Milos Djermanovic)
4168a18 chore: fix typo in legacy-eslint.js (#20202) (Sweta Tanwar)
205dbd2 chore: fix typos (#20200) (ntnyq)
dbb200e chore: use team member's username when name is not available in data (#20194) (Milos Djermanovic)
8962089 chore: mark deprecated rules as available until v11.0.0 (#20184) (Pixel998)

`v9.37.0`

Compare Source

Features

39f7fb4 feat:preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
f81eabc feat: support TS syntax inno-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

a129cce fix: correctno-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
09e04fc fix: add missing AST token types (#20172) (Pixel998)
861c6da fix: correctESLint typings (#20122) (Pixel998)

Documentation

b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
29ea092 docs: Update README (GitHub Actions Bot)
5c97a04 docs: showavailableUntil in deprecated rule banner (#20170) (Pixel998)
90a71bf docs: updateREADME files to add badge and instructions (#20115) (루밀LuMir)
1603ae1 docs: update references frommaster tomain (#20153) (루밀LuMir)

Chores

afe8a13 chore: update@eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
abee4ca chore: package.json update for@eslint/js release (Jenkins)
fc9381f chore: fix typos in comments (#20175) (overlookmotel)
e1574a2 chore: unpin jiti (#20173) (renovate[bot])
e1ac05e refactor: markESLint.findConfigFile() asasync, add missing docs (#20157) (Pixel998)
347906d chore: update eslint (#20149) (renovate[bot])
0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#20146) (Milos Djermanovic)
bb99566 ci: pinjiti to version 2.5.1 (#20151) (Pixel998)
177f669 perf: improve worker count calculation for"auto" concurrency (#20067) (Francesco Trotta)
448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#20144) (Milos Djermanovic)

parcel-bundler/lightningcss (lightningcss)

`v1.30.2`

Compare Source

Fixes

Rust crate changes

Rich-Harris/magic-string (magic-string)

`v0.30.21`

Compare Source

pnpm/pnpm (pnpm)

`v10.26.0`

Compare Source

`v10.25.0`

Compare Source

`v10.24.0`

Compare Source

`v10.23.0`: pnpm 10.23

Compare Source

Minor Changes

Added--lockfile-only option topnpm list#10020.

Patch Changes

pnpm self-update should download pnpm from the configured npm registry#10205.
pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the@pnpm/exe package, when installing v11 or newer. We currently cannot ship@pnpm/exe aspkg doesn't work with ESM#10190.
Node.js runtime is not added to "dependencies" onpnpm add, if there's aengines.runtime setting declared inpackage.json#10209.
The installation should fail if an optional dependency cannot be installed due to a trust policy check failure#10208.
pnpm list andpnpm why now display npm: protocol for aliased packages (e.g.,foo npm:is-odd@3.0.1)#8660.
Don't add an extra slash to the Node.js mirror URL#10204.
pnpm store prune should not fail if the store contains Node.js packages#10131.

Platinum Sponsors

Gold Sponsors

`v10.22.0`: pnpm 10.22

Compare Source

Minor Changes

Added support fortrustPolicyExclude#10164.
You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:
```
trustPolicy:no-downgradetrustPolicyExclude:  -chokidar@4.0.3  -webpack@4.47.0 || 5.102.1
```
Allow to override theengines field on publish by thepublishConfig.engines field.

Patch Changes

Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously#10179.

Platinum Sponsors

Gold Sponsors

`v10.21.0`

Compare Source

`v10.20.0`

Compare Source

Minor Changes

Support--all option inpnpm --help to list all commands#8628.

Patch Changes

When thelatest version doesn't satisfy the maturity requirement configured byminimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version#10100.
create command should not verify patch info.
SetmanagePackageManagerVersions tofalse, when switching to a different version of pnpm CLI, in order to avoid subsequent switches#10063.

`v10.19.0`

Compare Source

Minor Changes

You can now allow specific versions of dependencies to run postinstall scripts.onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:
```
onlyBuiltDependencies:  -nx@21.6.4 || 21.6.5  -esbuild@0.25.1
```
Related PR:#10104.
Added support for exact versions inminimumReleaseAgeExclude#9985.
You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set byminimumReleaseAge. For example:
```
minimumReleaseAge:1440minimumReleaseAgeExclude:  -nx@21.6.5  -webpack@4.47.0 || 5.102.1
```

`v10.18.3`

Compare Source

Patch Changes

Fix a bug where pnpm would infinitely recurse when usingverifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts#10060.
Fixed scoped registry keys (e.g.,@scope:registry) being parsed as property paths inpnpm config get when--location=project is used#9362.
Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings#9646.
Fixed EISDIR error when bin field points to a directory#9441.
Preserve version and hasBin for variations packages#10022.
Fixedpnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings)#9884.
When bothpnpm-workspace.yaml and.npmrc exist,pnpm config set --location=project now writes topnpm-workspace.yaml (matching read priority)#10072.
Prevent a table width error inpnpm outdated --long#10040.
Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects#10057.

`v10.18.2`

Compare Source

Patch Changes

pnpm outdated --long should work#10040.
Replace ndjson with split2. Reduce the bundle size of pnpm CLI#10054.
pnpm dlx should request the full metadata of packages, whenminimumReleaseAge is set#9963.
pnpm version switching should work when the pnpm home directory is in a symlinked directory#9715.
FixEPIPE errors when piping output to other commands#10027.

`v10.18.1`

Compare Source

Patch Changes

Don't print a warning, when--lockfile-only is used#8320.
pnpm setup creates a command shim to the pnpm executable. This is needed to be able to runpnpm self-update on Windows#5700.
When using pnpm catalogs and running a normalpnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when usingpnpm add --save-catalog as originally intended.

`v10.18.0`

Compare Source

Minor Changes

Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.
Added configuration options for warning thresholds:fetchWarnTimeoutMs andfetchMinSpeedKiBps.
Warning messages are displayed when requests exceed time thresholds or fall below speed minimums
Related PR:#10025.

Patch Changes

Retry filesystem operations on EAGAIN errors#9959.
Outdated command respectsminimumReleaseAge configuration#10030.
Correctly apply thecleanupUnusedCatalogs configuration when removing dependent packages.
Don't fail with a meaningless error whenscriptShell is set tofalse#8748.
pnpm dlx should not fail whenminimumReleaseAge is set#10037.

prettier/prettier (prettier)

`v3.7.4`

Compare Source

diff

LWC: Avoid quote around interpolations (#18383 by@kovsu)

<!-- Input --><divfoo={bar}></div><!-- Prettier 3.7.3 (--embedded-language-formatting off) --><divfoo="{bar}"></div><!-- Prettier 3.7.4 (--embedded-language-formatting off) --><divfoo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#18393 by@fisker)

// InputtypeFoo=(/** comment */a|b)|c;// Prettier 3.7.3typeFoo=/** comment */(/** comment */a|b)|c;// Prettier 3.7.4typeFoo=/** comment */(a|b)|c;

TypeScript: Fix unstable comment print in union type comments (#18395 by@fisker)

// InputtypeX=(A|B)&(// commentA|B);// Prettier 3.7.3 (first format)typeX=(A|B)&(// commentA|B);// Prettier 3.7.3 (second format)typeX=(|A|B// comment)&(A|B);// Prettier 3.7.4typeX=(A|B)&// comment(A|B);

`v3.7.3`

Compare Source

diff

API: Fix`prettier.getFileInfo()` change that breaks VSCode extension (#18375 by@fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

`v3.7.2`

Compare Source

diff

#"https://redirect.github.com/prettier/prettier/pull/18351">#18351 by@fisker)

// Inputconsole.log("A descriptor\\'s .kind must be \"method\" or \"field\".")// Prettier 3.7.1console.log('A descriptor\\'s.kindmustbe"method"or"field".');// Prettier 3.7.2console.log('A descriptor\\\'s .kind must be "method" or "field".');

#"https://redirect.github.com/prettier/prettier/pull/18352">#18352 by@kovsu)

// Inputconsthtml=/* HTML */` <divpl-s1">${styles.banner}"></div> `;// Prettier 3.7.1consthtml=/* HTML */` <div class=${styles.banner}></div> `;// Prettier 3.7.2consthtml=/* HTML */` <divpl-s1">${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#18364 by@fisker)

// InputexporttypeXXX={// tbd};// Prettier 3.7.1exporttypeXXX={// tbd};// Prettier 3.7.2exporttypeXXX={// tbd};

`v3.7.1`

Compare Source

diff

API: Fix performance regression in doc printer (#18342 by@fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

`v3.7.0`

Compare Source

diff

🔗Release Notes

rollup/rollup (rollup)

`v4.53.5`

Compare Source

2025-12-16

Bug Fixes

Fix wrong semicolon insertion position when using JSX (#6206)
Generate spec-compliant sourcemaps when sources content is excluded (#6196)

Pull Requests

#6196: fix: set sourcesContent to undefined instead of null when excluding sources content (@TrickyPi)
#6206: Fix semicolon order in JSX (@TrickyPi)

`v4.53.4`

Compare Source

2025-12-15

Bug Fixes

EnsureSymbol.dispose andSymbol.asyncDispose properties are never removed with(await) using declarations. (#6209)

Pull Requests

#6185: chore(deps): update dependency@inquirer/prompts to v8 (@renovate[bot],@lukastaegert)
#6186: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])
#6187: chore(deps): lock file maintenance (@renovate[bot])
#6188: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
#6190: Fix syntax error in manualChunks example (@jonnyeom)
#6194: chore(deps): update actions/checkout action to v6 (@renovate[bot])
#6195: fix(deps): lock file maintenance minor/patch updates (@renovate[bot],@lukastaegert)
#6202: fix(deps): update swc monorepo (major) (@renovate[bot])
#6203: fix(deps): lock file maintenance minor/patch updates (@renovate[bot],@lukastaegert)
#6209: Do not tree-shake handlers for "using" (@lukastaegert)

`v4.53.3`

Compare Source

2025-11-19

Bug Fixes

Fix an error where too many modules where flagged for having an unused external import (#6182)
Fix an error where an assignment was wrongly tree-shaken when mutating it (#6183)

Pull Requests

#6171: Add test-install CI job to test packaging, installation and importing of rollup package (@antoninkriz,@lukastaegert)
#6174: Re-enable TypeScript test (@lukastaegert)
#6180: fix(deps): lock file maintenance minor/patch updates (@renovate[bot],@lukastaegert)
#6182: Tracing the importers chain for exported variables in external module (@TrickyPi,@lukastaegert)
#6183: Check if left side is included when checking if assigning to an assignment has side effects (@lukastaegert)

`v4.53.2`

Compare Source

2025-11-10

Bug Fixes

Do not throw when using invalid escape sequences in template literals (#6177)

Pull Requests

#6177: handle TemplateElement with null cooked value (@TrickyPi)

`v4.53.1`

Compare Source

2025-11-07

Bug Fixes

Fix install script (#6172)

Pull Requests

#6172: fix: move patch-package from postinstall to prepare script (@mshima)

`v4.53.0`

Compare Source

2025-11-07

Features

Improve rendering performance by caching generated variable names (#5947)

Pull Requests

#5947: refactor: store safe variable names in cache for subsequent usage (@Aslemammad,@lukastaegert,@Service account user)
#6149: chore(deps): update dependency vite to v7.1.11 [security] (@renovate[bot],@Service account user)
#6151: fix(deps): update swc monorepo (major) (@renovate[bot],@Service account user)
#6152: fix(deps): lock file maintenance minor/patch updates (@renovate[bot],@Service account user)
#6153: chore(deps): lock file maintenance minor/patch updates (@renovate[bot],@Service account user)
#6155: Fix tests: Do not swallow warnings for multi-format tests ([@lukastaegert](https://redirect.github.com/lukastaegert

Configuration

📅Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻Immortal: This PR will be recreated if closed unmerged. Getconfig help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated byMend Renovate. View therepository job log.

renovatebot added the dependencies label

May 5, 2025

Copy link

bolt-new-by-stackblitzbot commentedMay 5, 2025

Run & review this pull request inStackBlitz Codeflow.

renovatebotforce-pushed therenovate/all-minor-patch branch 12 times, most recently fromc3e02a4 to0b0cdc9Compare

May 8, 2025 15:04

renovatebot changed the title~~chore(deps): update all non-major dependencies~~chore(deps): update all non-major dependencies - autoclosed

May 9, 2025

renovatebot closed this

May 9, 2025

renovatebot deleted the renovate/all-minor-patch branch

May 9, 2025 01:09

renovatebot changed the title~~chore(deps): update all non-major dependencies - autoclosed~~chore(deps): update all non-major dependencies

May 12, 2025

renovatebot reopened this

May 12, 2025

renovatebotforce-pushed therenovate/all-minor-patch branch fromc05dac2 to0b0cdc9Compare

May 12, 2025 02:34

renovatebot changed the title~~chore(deps): update all non-major dependencies~~fix(deps): update all non-major dependencies

May 12, 2025

renovatebotforce-pushed therenovate/all-minor-patch branch 9 times, most recently fromb7634bc to352e6d9Compare

May 16, 2025 02:29

renovatebotforce-pushed therenovate/all-minor-patch branch 11 times, most recently from78284c7 tofb55fc0Compare

December 3, 2025 18:44

renovatebotforce-pushed therenovate/all-minor-patch branch 5 times, most recently from81cb605 to4574766Compare

December 10, 2025 19:58

renovatebotforce-pushed therenovate/all-minor-patch branch 6 times, most recently fromc18e225 toe74d498Compare

December 14, 2025 09:51

Copy link

socket-securitybot commentedDec 14, 2025•
edited
Loading

Review the following changes in direct dependencies. Learn more aboutSocket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
@sxzz/prettier-config@2.2.4 ⏵ 2.2.6	⁺¹³	⁺²	⁺²
@types/node@24.5.2 ⏵ 24.10.4	⁺¹	⁺¹
tsx@4.20.6 ⏵ 4.21.0
bumpp@10.2.3 ⏵ 10.3.2	^-2	⁺¹	⁺³
lightningcss@1.30.1 ⏵ 1.30.2
unplugin@2.3.10 ⏵ 2.3.11
magic-string@0.30.19 ⏵ 0.30.21
typescript@5.9.2 ⏵ 5.9.3		⁺¹
prettier@3.6.2 ⏵ 3.7.4	^-7	⁺¹
eslint@9.36.0 ⏵ 9.39.2	^-3