fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sxzz/eslint-config	^7.2.8 -> ^7.4.0
@sxzz/prettier-config	^2.2.4 -> ^2.2.6
@types/node (source)	^24.10.0 -> ^24.10.1
bumpp	^10.3.1 -> ^10.3.2
pnpm (source)	10.20.0 -> 10.24.0
prettier (source)	^3.6.2 -> ^3.7.3
rollup (source)	^4.53.0 -> ^4.53.3
tsdown (source)	^0.16.1 -> ^0.16.8
unplugin (source)	^2.3.10 -> ^2.3.11
vite (source)	^7.2.2 -> ^7.2.6
vitest (source)	^4.0.8 -> ^4.0.14

---

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v7.4.0

Compare Source

   🚀 Features

• baseline:
  • Custom ignoreFeatures  -  by @​sxzz (d0b1f)
  • Expose options  -  by @​sxzz (9932e)

    View changes on GitHub

v7.3.2

Compare Source

   🐞 Bug Fixes

• Baseline order  -  by @​sxzz (2fd87)

    View changes on GitHub

v7.3.1

Compare Source

   🐞 Bug Fixes

• Disable baseline in markdown  -  by @​sxzz (e4899)

    View changes on GitHub

v7.3.0

Compare Source

   🚀 Features

• Add baseline plugin  -  by @​sxzz (e9e51)

    View changes on GitHub

v7.2.10

Compare Source

   🚀 Features

• Sort overrides  -  by @​sxzz (6a452)

    View changes on GitHub

v7.2.9

Compare Source

   🐞 Bug Fixes

• Sort all pnpm workspace fields  -  by @​sxzz (4fed2)

    View changes on GitHub

sxzz/prettier-config (@​sxzz/prettier-config)

v2.2.6

Compare Source

   🐞 Bug Fixes

• Upgrade oxc plugin  -  by @​sxzz (05d2c)

    View changes on GitHub

v2.2.5

Compare Source

No significant changes

    View changes on GitHub

antfu-collective/bumpp (bumpp)

v10.3.2

Compare Source

   🐞 Bug Fixes

• Resolve the options in config file correctly  -  by @​liangmiQwQ in #​101 (f5887)

    View changes on GitHub

pnpm/pnpm (pnpm)

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

prettier/prettier (prettier)

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

rollup/rollup (rollup)

v4.53.3

Compare Source

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#​6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#​6183)

Pull Requests

• #​6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #​6174: Re-enable TypeScript test (@​lukastaegert)
• #​6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #​6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

v4.53.2

Compare Source

2025-11-10

Bug Fixes

• Do not throw when using invalid escape sequences in template literals (#​6177)

Pull Requests

• #​6177: handle TemplateElement with null cooked value (@​TrickyPi)

v4.53.1

Compare Source

2025-11-07

Bug Fixes

• Fix install script (#​6172)

Pull Requests

• #​6172: fix: move patch-package from postinstall to prepare script (@​mshima)

rolldown/tsdown (tsdown)

v0.16.8

Compare Source

   🚀 Features

• Upgrade rolldown to 1.0.0-beta.52  -  by @​sxzz (1ff67)
• Add enabled option to feature options  -  by @​sxzz (0b244)

Deprecation

• Deprecate attw.profile = 'esmOnly', use esm-only instead.

    View changes on GitHub

v0.16.7

Compare Source

   🚀 Features

• Support ci-only / local-only on addon features  -  by @​sxzz (8bbf0)

    View changes on GitHub

v0.16.6

Compare Source

   🚀 Features

• Upgrade rolldown to beta 51  -  by @​sxzz (f502b)

    View changes on GitHub

v0.16.5

Compare Source

   🚀 Features

• create-tsdown: Add react-compiler template  -  by @​elecmonkey and @​sxzz in #​604 (45229)

   🐞 Bug Fixes

• exports: Use correct indentation for output  -  by @​msigwart and @​sxzz in #​599 (4de70)

    View changes on GitHub

v0.16.4

Compare Source

   🚀 Features

• Upgrade rolldown to 1.0.0-beta.50  -  by @​sxzz (597d9)

    View changes on GitHub

v0.16.3

Compare Source

   🏎 Performance

• Replace debug with obug  -  by @​sxzz (222e9)

    View changes on GitHub

v0.16.2

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-beta.49  -  by @​sxzz (48181)
• entry: Auto enable glob, support infer entry extension  -  by @​sxzz and jinghaihan (2c525)

    View changes on GitHub

unjs/unplugin (unplugin)

v2.3.11

Compare Source

   🚀 Features

• Expose input source map for webpack-like bundlers  -  by @​sethfowler-datadog in #​565 (60ad4)

    View changes on GitHub

vitejs/vite (vite)

v7.2.6

Compare Source

7.2.6 (2025-12-01)

v7.2.4

Compare Source

Bug Fixes

• revert "perf(deps): replace debug with obug (#​21107)" (2d66b7b)

v7.2.3

Compare Source

Bug Fixes

• allow multiple bindCLIShortcuts calls with shortcut merging (#​21103) (5909efd)
• deps: update all non-major dependencies (#​21096) (6a34ac3)
• deps: update all non-major dependencies (#​21128) (4f8171e)

Performance Improvements

• deps: replace debug with obug (#​21107) (acfe939)

Miscellaneous Chores

• deps: update dependency @​rollup/plugin-commonjs to v29 (#​21099) (02ceaec)
• deps: update rolldown-related dependencies (#​21095) (39a0a15)
• deps: update rolldown-related dependencies (#​21127) (5029720)

vitest-dev/vitest (vitest)

v4.0.14

Compare Source

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in #​9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in #​9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in #​8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in #​9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in #​9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in #​9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in #​9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #​9018  -  by @​sheremet-va in #​9072 and #​9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in #​9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in #​9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in #​9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in #​9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in #​9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in #​9057 (acc51)

    View changes on GitHub

v4.0.13

Compare Source

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in #​9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in #​9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in #​9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in #​9076 (6b9a1)

    View changes on GitHub

v4.0.12

Compare Source

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in #​9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in #​9066 (e944a)

    View changes on GitHub

v4.0.11

Compare Source

   🚀 Experimental Features

• api: Add extensible test artifact API  -  by @​macarie in #​8987 (77292)
  • See more at https://vitest.dev/api/advanced/artifacts
• expect: Provide task in MatchState  -  by @​macarie in #​9022 (afd1f)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in #​8994 (d6d33)
  • See more at https://vitest.dev/guide/open-telemetry

   🏎 Performance

• experimental: Add file system cache  -  by @​sheremet-va in #​9026 (1b147)
  • See more at https://vitest.dev/config/experimental#experimental-fsmodulecache

    View changes on GitHub

v4.0.10

Compare Source

   🐞 Bug Fixes

• Remove onCancel when worker is terminated  -  by @​sheremet-va in #​9033 (6d7f0)
• browser:
  • Don't scale the iframe if UI is disabled  -  by @​sheremet-va in #​9018 (5406e)
  • Handle dependency stack traces with external source maps. Resolves: #​9003  -  by @​iclectic in #​9016 and #​9003 (57ae5)
• bun:
  • Parsing of stack trace for bun runtime  -  by @​nazarhussain in #​9032 (f3ec6)
• core:
  • Prevent starting new run when cancelling  -  by @​AriPerkkio in #​8991 (eb98d)
• pool:
  • Prevent writing to closed worker  -  by @​AriPerkkio and @​sheremet-va in #​9023 (042c6)
• reporters:
  • Report correct test run duration at the end  -  by @​sheremet-va in #​8969 (bc3a6)
• ui:
  • Use execution time from ws reporter (onFinished)  -  by @​userquin in #​8975 (f56dc)

    View changes on GitHub

v4.0.9

Compare Source

   🚀 Experimental Features

• expect: Add Set support to toBeOneOf  -  by @​tim-we and @​sheremet-va in #​8906 (a415d)

   🐞 Bug Fixes

• browser: Add favicon icons to the browser mode ui  -  by @​userquin in #​8972 (353ee)
• forks: Increase worker start timeout  -  by @​AriPerkkio in #​9027 (5e750)
• jsdom: Cloned request is an instance of Request  -  by @​sheremet-va in #​8985 (506a9)
• ui: Collect file/suite/test duration correctly  -  by @​userquin in #​8976 (8016d)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​sxzz/​prettier-config@​2.2.4 ⏵ 2.2.6	+13		+2	+2
	vitest@​4.0.8 ⏵ 4.0.14	+1		+1
	@​types/​node@​24.10.0 ⏵ 24.10.1			+1
	bumpp@​10.3.1 ⏵ 10.3.2			+1	+1
	@​sxzz/​eslint-config@​7.2.8 ⏵ 7.4.0	-1			+1
	vite@​7.2.2 ⏵ 7.2.6	-1		+1	+2
	unplugin@​2.3.10 ⏵ 2.3.11				-1
	prettier@​3.6.2 ⏵ 3.7.3	-8		-3
	tsdown@​0.16.1 ⏵ 0.16.8	-2		-8	-4
	rollup@​4.53.0 ⏵ 4.53.3	-3			-2

View full report

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/unplugin-ast@107

commit: 7311c1b