fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@antfu/utils	^8.0.0 -> ^8.1.0
@babel/generator (source)	^7.26.3 -> ^7.26.5
@babel/parser (source)	^7.26.3 -> ^7.26.7
@babel/types (source)	^7.26.3 -> ^7.26.7
@sxzz/eslint-config	^4.5.1 -> ^4.6.0
@sxzz/prettier-config	^2.0.2 -> ^2.1.0
@types/node (source)	^22.10.2 -> ^22.10.10
ast-kit	^1.3.2 -> ^1.4.0
bumpp	^9.9.1 -> ^9.11.1
eslint (source)	^9.17.0 -> ^9.19.0
magic-string-ast	^0.6.3 -> ^0.7.0
pnpm (source)	9.15.0 -> 9.15.4
rollup (source)	^4.28.1 -> ^4.32.0
tsup (source)	^8.3.5 -> ^8.3.6
typescript (source)	^5.7.2 -> ^5.7.3
unplugin	^2.1.0 -> ^2.1.2
vite (source)	^6.0.4 -> ^6.0.11

---

Release Notes

antfu/utils (@​antfu/utils)

v8.1.0

Compare Source

   🚀 Features

• array: New filterInPlace function  -  by @​antfu (a47b8)

    View changes on GitHub

babel/babel (@​babel/generator)

v7.26.5

Compare Source

👓 Spec Compliance

• babel-parser
  • #​17011 Allow the dynamic import.defer() form of import defer (@​babel-bot)

🐛 Bug Fix

• babel-plugin-transform-block-scoped-functions
  • #​17024 chore: Avoid calling isInStrictMode in Babel 7 (@​liuxingbaoyu)
• babel-plugin-transform-typescript
  • #​17026 fix: Correctly generate exported const enums in namespace (@​liuxingbaoyu)
• babel-parser
  • #​17045 [estree] Unify method type parameters handling (@​JLHwung)
  • #​17013 fix: Correctly set position for @(a.b)() (@​liuxingbaoyu)
  • #​16996 [estree] Adjust the start loc of class methods with type params (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-plugin-transform-flow-strip-types, babel-types
  • #​17028 Support flow jsx opening element type arguments (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #​17031 fix: More accurate transform-typeof-symbol compat data (@​liuxingbaoyu)
• babel-generator, babel-parser, babel-types
  • #​17019 Fix incomplete visitor keys (@​JLHwung)

🔬 Output optimization

• babel-plugin-transform-nullish-coalescing-operator
  • #​16612 Improve nullish coalescing operator output (@​liuxingbaoyu)

babel/babel (@​babel/parser)

v7.26.7

Compare Source

v7.26.7 (2025-01-24)

Thanks @​branchseer and @​tquetano-netflix for your first PRs!

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #​17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #​17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #​17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #​17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #​17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #​17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Tony Quetano (@​tquetano-netflix)
• @​branchseer
• @​liuxingbaoyu

v7.26.5

Compare Source

v7.26.5 (2025-01-10)

👓 Spec Compliance

• babel-parser
  • #​17011 Allow the dynamic import.defer() form of import defer (@​babel-bot)

🐛 Bug Fix

• babel-plugin-transform-block-scoped-functions
  • #​17024 chore: Avoid calling isInStrictMode in Babel 7 (@​liuxingbaoyu)
• babel-plugin-transform-typescript
  • #​17026 fix: Correctly generate exported const enums in namespace (@​liuxingbaoyu)
• babel-parser
  • #​17045 [estree] Unify method type parameters handling (@​JLHwung)
  • #​17013 fix: Correctly set position for @(a.b)() (@​liuxingbaoyu)
  • #​16996 [estree] Adjust the start loc of class methods with type params (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-plugin-transform-flow-strip-types, babel-types
  • #​17028 Support flow jsx opening element type arguments (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #​17031 fix: More accurate transform-typeof-symbol compat data (@​liuxingbaoyu)
• babel-generator, babel-parser, babel-types
  • #​17019 Fix incomplete visitor keys (@​JLHwung)

🔬 Output optimization

• babel-plugin-transform-nullish-coalescing-operator
  • #​16612 Improve nullish coalescing operator output (@​liuxingbaoyu)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

sxzz/eslint-config (@​sxzz/eslint-config)

v4.6.0

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/116 (bbf24)
  • Update all non-major dependencies  -  by @​sxzz in https://github.com/sxzz/eslint-config/issues/117 (df2d8)

    View changes on GitHub

sxzz/prettier-config (@​sxzz/prettier-config)

v2.1.0

Compare Source

sxzz/ast-kit (ast-kit)

v1.4.0

Compare Source

   🚀 Features

• Add isDeclarationType  -  by @​sxzz (22e36)

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in https://github.com/sxzz/ast-kit/issues/82 (d816e)
  • Update dependency pathe to v2  -  in https://github.com/sxzz/ast-kit/issues/87 (0fbef)
  • Update all non-major dependencies  -  in https://github.com/sxzz/ast-kit/issues/88 (a22cc)

    View changes on GitHub

antfu-collective/bumpp (bumpp)

v9.11.1

Compare Source

   🚀 Features

• Cjs path  -  by @​antfu (5b238)

    View changes on GitHub

v9.11.0

Compare Source

   🚀 Features

• Inferring the semver version according to Conventional Commit  -  by @​northword in https://github.com/antfu-collective/bumpp/issues/71 (7d044)

    View changes on GitHub

v9.10.2

Compare Source

   🐞 Bug Fixes

• Version update issue  -  by @​Blithe-Chiang and jiangzs in https://github.com/antfu-collective/bumpp/issues/70 (8f082)

    View changes on GitHub

v9.10.1

Compare Source

   🚀 Features

• More colors for semantic commit tags  -  by @​antfu (40b4e)

    View changes on GitHub

v9.10.0

Compare Source

   🚀 Features

• Support --install flag  -  by @​antfu (96a47)

    View changes on GitHub

v9.9.3

Compare Source

   🐞 Bug Fixes

• Throw on exec error, fix #​67  -  by @​antfu in https://github.com/antfu-collective/bumpp/issues/67 (52816)

    View changes on GitHub

v9.9.2

Compare Source

No significant changes

    View changes on GitHub

eslint/eslint (eslint)

v9.19.0

Compare Source

v9.18.0

Compare Source

sxzz/magic-string-ast (magic-string-ast)

v0.7.0

Compare Source

   🚀 Features

• Support native magic-string offset  -  by @​zhiyuanzmj in https://github.com/sxzz/magic-string-ast/issues/50 (5886e)

   🐞 Bug Fixes

• deps: Update all non-major dependencies  -  in https://github.com/sxzz/magic-string-ast/issues/49 (7f814)

    View changes on GitHub

pnpm/pnpm (pnpm)

v9.15.4: pnpm 9.15.4

Compare Source

Patch Changes

• Ensure that recursive pnpm update --latest <pkg> updates only the specified package, with dedupe-peer-dependents=true.

Platinum Sponsors

Gold Sponsors

v9.15.3

Compare Source

v9.15.2: pnpm 9.15.2

Compare Source

Patch Changes

• Fixed publish/pack error with workspace dependencies with relative paths #​8904. It was broken in v9.4.0 (398472c).
• Use double quotes in the command suggestion by pnpm patch on Windows #​7546.
• Do not fall back to SSH, when resolving a git-hosted package if git ls-remote works via HTTPS #​8906.
• Improve how packages with blocked lifecycle scripts are reported during installation. Always print the list of ignored scripts at the end of the output. Include a hint about how to allow the execution of those packages.

Platinum Sponsors

Gold Sponsors

v9.15.1

Compare Source

rollup/rollup (rollup)

v4.32.0

Compare Source

2025-01-24

Features

• Add watch.onInvalidate option to trigger actions immediately when a file is changed (#​5799)

Bug Fixes

• Fix incorrect urls in CLI warnings (#​5809)

Pull Requests

• #​5799: Feature/watch on invalidate (@​drebrez, @​lukastaegert)
• #​5808: chore(deps): update dependency vite to v6.0.9 [security] (@​renovate[bot])
• #​5809: fix: avoid duplicate rollupjs.org prefix (@​GauBen, @​lukastaegert)
• #​5810: chore(deps): update dependency @​shikijs/vitepress-twoslash to v2 (@​renovate[bot])
• #​5811: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.31.0

Compare Source

2025-01-19

Features

• Do not immediately quit when trying to use watch mode from within non-TTY environments (#​5803)

Bug Fixes

• Handle files with more than one UTF-8 BOM header (#​5806)

Pull Requests

• #​5792: fix(deps): update rust crate swc_compiler_base to v8 (@​renovate[bot])
• #​5793: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5794: chore(deps): lock file maintenance (@​renovate[bot])
• #​5801: chore(deps): update dependency eslint-config-prettier to v10 (@​renovate[bot])
• #​5802: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5803: Support watch mode in yarn, gradle and containers (@​lukastaegert)
• #​5806: fix: strip all BOMs (@​TrickyPi)

v4.30.1

Compare Source

2025-01-07

Bug Fixes

• Prevent invalid code when simplifying unary expressions in switch cases (#​5786)

Pull Requests

• #​5786: fix: consider that literals cannot following switch case. (@​TrickyPi)

v4.30.0

Compare Source

2025-01-06

Features

• Inline values of resolvable unary expressions for improved tree-shaking (#​5775)

Pull Requests

• #​5775: feat: enhance the treehshaking for unary expression (@​TrickyPi)
• #​5783: Improve CI caching for node_modules (@​lukastaegert)

v4.29.2

Compare Source

2025-01-05

Bug Fixes

• Keep import attributes when using dynamic ESM import() expressions from CommonJS (#​5781)

Pull Requests

• #​5772: Improve caching on CI (@​lukastaegert)
• #​5773: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5780: feat: use picocolors instead of colorette (@​re-taro)
• #​5781: fix: keep import attributes for cjs format (@​TrickyPi)

v4.29.1

Compare Source

2024-12-21

Bug Fixes

• Fix crash from deoptimized logical expressions (#​5771)

Pull Requests

• #​5769: Remove unnecessary lifetimes (@​lukastaegert)
• #​5771: fix: do not optimize the literal value if the cache is deoptimized (@​TrickyPi)

v4.29.0

Compare Source

2024-12-20

Features

• Treat objects as truthy and always check second argument to better simplify logical expressions (#​5763)

Pull Requests

• #​5759: docs: add utf-8 encoding to JSON file reading (@​chouchouji)
• #​5760: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5763: fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (@​TrickyPi)
• #​5766: chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (@​renovate[bot])
• #​5767: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

egoist/tsup (tsup)

v8.3.6

Compare Source

   🐞 Bug Fixes

• Don't await sub-process of onSuccess  -  by @​laat in https://github.com/egoist/tsup/issues/1256 (314a6)

    View changes on GitHub

microsoft/TypeScript (typescript)

v5.7.3

Compare Source

unjs/unplugin (unplugin)

v2.1.2

Compare Source

   🐞 Bug Fixes

• esbuild: Fix again 9f85a26  -  by @​sxzz (4abab)

    View changes on GitHub

v2.1.1

Compare Source

   🐞 Bug Fixes

• esbuild: Pass original build for custom esbuild setup  -  by @​sxzz (9f85a)

    View changes on GitHub

vitejs/vite (vite)

v6.0.11

Compare Source

• fix: preview.allowedHosts with specific values was not respected (#​19246) (aeb3ec8), closes #​19246
• fix: allow CORS from loopback addresses by default (#​19249) (3d03899), closes #​19249

v6.0.10

Compare Source

• fix: try parse server.origin URL (#​19241) (2495022), closes #​19241

v6.0.9

Compare Source

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

v6.0.8

Compare Source

• fix: avoid SSR HMR for HTML files (#​19193) (3bd55bc), closes #​19193
• fix: build time display 7m 60s (#​19108) (cf0d2c8), closes #​19108
• fix: don't resolve URL starting with double slash (#​19059) (35942cd), closes #​19059
• fix: ensure server.close() only called once (#​19204) (db81c2d), closes #​19204
• fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#​19174) (ad75c56), closes #​19174
• fix: tree shake stringified JSON imports (#​19189) (f2aed62), closes #​19189
• fix: use shared sigterm callback (#​19203) (47039f4), closes #​19203
• fix(deps): update all non-major dependencies (#​19098) (8639538), closes #​19098
• fix(optimizer): use correct default install state path for yarn PnP (#​19119) (e690d8b), closes #​19119
• fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #​19146
• chore(deps): update dependency pathe to v2 (#​19139) (71506f0), closes #​19139

v6.0.7

Compare Source

• fix: fix minify when builder.sharedPlugins: true (#​19025) (f7b1964), closes #​19025
• fix: skip the plugin if it has been called before with the same id and importer (#​19016) (b178c90), closes #​19016
• fix(html): error while removing vite-ignore attribute for inline script (#​19062) (a492253), closes #​19062
• fix(ssr): fix semicolon injection by ssr transform (#​19097) (1c102d5), closes #​19097
• perf: skip globbing for static path in warmup (#​19107) (677508b), closes #​19107
• feat(css): show lightningcss warnings (#​19076)

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@antfu/[email protected] 🔁 npm/@antfu/[email protected]	None	0	111 kB	antfu
npm/@babel/[email protected] 🔁 npm/@babel/[email protected]	None	+6	1.02 MB	nicolo-ribaudo
npm/@babel/[email protected] 🔁 npm/@babel/[email protected]	None	0	1.91 MB	nicolo-ribaudo
npm/@babel/[email protected] 🔁 npm/@babel/[email protected]	None	+2	2.64 MB	nicolo-ribaudo
npm/@sxzz/[email protected] 🔁 npm/@sxzz/[email protected]	Transitive: eval, filesystem, network, shell, unsafe	+258	36.9 MB	sxzz
npm/@sxzz/[email protected] 🔁 npm/@sxzz/[email protected]	None	0	3.35 kB	sxzz
npm/@types/[email protected] 🔁 npm/@types/[email protected]	None	+1	2.37 MB	types
npm/[email protected] 🔁 npm/[email protected]	None	+1	145 kB	sxzz
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment, network, shell	+62	7.34 MB	antfu
npm/[email protected] 🔁 npm/[email protected]	Transitive: eval, filesystem, shell, unsafe	+84	10.7 MB	eslintbot, openjsfoundation
npm/[email protected] 🔁 npm/[email protected]	None	+2	593 kB	sxzz
npm/[email protected] 🔁 npm/[email protected]	None	+1	2.64 MB	lukastaegert
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment, network, shell, unsafe	+74	7.47 MB	egoist
npm/[email protected] 🔁 npm/[email protected]	None	0	22.7 MB	typescript-bot
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment	+2	759 kB	antfu, sxzz
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment, filesystem, network, shell	+5	3.37 MB	antfu, patak, soda, ...2 more

View full report↗︎