fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@commitlint/cli (source)	19.7.1 -> 19.8.1
@commitlint/config-conventional (source)	19.7.1 -> 19.8.1
@types/node (source)	22.15.3 -> 22.15.18
@vitest/coverage-v8 (source)	3.1.2 -> 3.1.3
browserslist	^4.24.4 -> ^4.24.5
esbuild	0.25.3 -> 0.25.4
esbuild	^0.25.3 -> ^0.25.4
eslint (source)	9.25.1 -> 9.26.0
execa	^9.5.2 -> ^9.5.3
knip (source)	5.43.6 -> 5.56.0
lefthook	1.10.10 -> 1.11.12
lightningcss	^1.29.3 -> ^1.30.1
type-fest	4.40.1 -> 4.41.0
vitest (source)	3.1.2 -> 3.1.3
zod (source)	3.24.3 -> 3.24.4
zod (source)	^3.24.3 -> ^3.24.4

---

Release Notes

conventional-changelog/commitlint (@​commitlint/cli)

v19.8.1

Compare Source

Bug Fixes

• update dependency tinyexec to v1 (#​4332) (e49449f)

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/cli

19.6.1 (2024-12-15)

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.8.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/config-conventional

vitest-dev/vitest (@​vitest/coverage-v8)

v3.1.3

Compare Source

   🐞 Bug Fixes

• Correctly resolve vitest import if inline: true is set  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7856 (a83f3)
• Fix fixture parsing with lowered async with esbuild 0.25.3  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/7921 (c5c85)
• Remove event-catcher code  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7898 (deb1b)
• Reset mocks on test retry/repeat  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7897 (2fa76)
• Ignore failures on writeToCache  -  by @​orgads in https://github.com/vitest-dev/vitest/issues/7893 (8c7f7)
• browser: Correctly inherit CLI options  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/7858 (03660)
• deps: Update all non-major dependencies  -  in https://github.com/vitest-dev/vitest/issues/7867 (67ef7)
• reporters: --merge-reports to show each total run times  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/7877 (d613b)

    View changes on GitHub

evanw/esbuild (esbuild)

v0.25.4

Compare Source

• Add simple support for CORS to esbuild's development server (#​4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

  To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

  Some examples:

  • CLI:

    esbuild --servedir=. --cors-origin=https://example.com
    

  • JS:

    const ctx = await esbuild.context({})
    await ctx.serve({
      servedir: '.',
      cors: {
        origin: 'https://example.com',
      },
    })

  • Go:

    ctx, _ := api.Context(api.BuildOptions{})
    ctx.Serve(api.ServeOptions{
      Servedir: ".",
      CORS: api.CORSOptions{
        Origin: []string{"https://example.com"},
      },
    })

  The special origin * can be used to allow any origin to access esbuild's development server. Note that this means any website you visit will be able to read everything served by esbuild.

• Pass through invalid URLs in source maps unmodified (#​4169)

  This fixes a regression in version 0.25.0 where sources in source maps that form invalid URLs were not being passed through to the output. Version 0.25.0 changed the interpretation of sources from file paths to URLs, which means that URL parsing can now fail. Previously URLs that couldn't be parsed were replaced with the empty string. With this release, invalid URLs in sources should now be passed through unmodified.

• Handle exports named __proto__ in ES modules (#​4162, #​4163)

  In JavaScript, the special property name __proto__ sets the prototype when used inside an object literal. Previously esbuild's ESM-to-CommonJS conversion didn't special-case the property name of exports named __proto__ so the exported getter accidentally became the prototype of the object literal. It's unclear what this affects, if anything, but it's better practice to avoid this by using a computed property name in this case.

  This fix was contributed by @​magic-akari.

eslint/eslint (eslint)

v9.26.0

Compare Source

webpro-nl/knip (knip)

v5.56.0

Compare Source

• Add explicit process.exit(0) (e52b129)
• Fix contributors link in README.md (#​1077) (a28448b) - thanks @​BreakBB!
• feat: add Docusaurus plugin (#​1055) (ccb9a5f) - thanks @​cylewaitforit!
• Improve naming in --performance realm, add --performance-fn (677252b)
• Always timerify resolveSync (6d1d364)
• Remove unused file (f71470e)
• Fix reported unused files in watch mode (0f72418)
• Add test files so they're picked up in watch mode (a287453)
• Minor refactor/housekeeping (9d3da2e)
• Refactor reporters and reuse getTableForType (9d976cd)
• Edit docs (91d3949)
• Remove incorrect create-plugin script error message (3643374)
• Migrate enhanced-resolve to oxc-resolver (#​1081) (fdfd859) - thanks @​agneym!
• Flag --memory-leak implies -no-progress (8344a2e)
• Fix up memory usage related logic/names (4798474)
• Update docs (2ef3621)
• Separate production mode cache (9502323)

v5.55.1

Compare Source

• Update Node.js versions in CI (09a158b)
• Update plugin authoring guide (b9bf354)
• Update sponsors info (2014ac0)
• Leverage isProduction better in webpack config (779948d)
• Add smoke test command to dev guide (59b23cf)
• Consistent messages in streamer.cast (1b2866b)
• Add exports to ignored binaries list (7073b68)
• Edit docs (ffc3cac)
• Remove obsolete installed-check flag (61b65eb)
• Use minimum supported node version in CI (almost!) (7787123)

v5.55.0

Compare Source

• Add quotes (e7b4546)
• Marvellous (9292e4a)
• Accept prefix string in toAlias (59c9e89)
• Fix webpack ts issue (wut?) (bb62995)
• That's enough for today (5cde7d5)
• Support custom srcDir in Astro plugin (#​1067) (49f8582) - thanks @​azat-io!
• Add support for Babel plugins used in Vite/React config (#​1075) (407e625) - thanks @​mbacalan!
• Narrow down package/workspace handling in getReferencedInputsHandler (ffa3ca9)
• feat: add prisma plugin (#​1073) (5b49bde) - thanks @​nissy-dev!
• Improve truncated/padded table cells (6a05c41)
• feat(vitest): add mocks to entry files (#​1070) (200eaf8) - thanks @​narthur!

v5.54.1

Compare Source

• Fix add aliases crashing on obj (#​1074) (1b9c8c9) - thanks @​tancredi!
• Restore and fix Windows coverage in CI (61d09ab)
• Format (9689d9e)

v5.54.0

Compare Source

• (PostCSS plugin): Add postcss to used dependencies when using @tailwindcss/postcss plugin (#​1069) (3d48004) - thanks @​karmatys8!
• Support size-limit plugins usage (#​1061) (e88d7f0) - thanks @​azat-io!
• Add Formatly and --format flag to autofix mode (#​1029) (268a30b)
• Add/update articles (17f0b05)
• Minor refactor glob core (fd5ef3e)
• Merge resolveEntryPaths into resolveConfig (8c599b2)
• Improve test titles (5c4df67)
• Add name to console output (7ca3823)
• Refactor compilerOptions.paths and add alias input (1bccd59)
• Housekeeping a few plugins after recent refactor (9e82776)
• Fix path alias prefix in Windows (22b5464)
• Update docs (c8b6970)

v5.53.0

Compare Source

• Remove unused script (d6484de)
• Add --force and --graceful options to create-plugin script (063db24)
• Add SVGO plugin (#​1065) (5d68767) - thanks @​azat-io!
• Replace pretty-ms with prettyMilliseconds fn (d383899)
• Add mem flags, observer & table to Performance (dabb874)
• Fix --isolate-workspaces flag to gc principals (b75c872)
• Fix and optimize git-ignore cache (c1c8e8c)

v5.52.0

Compare Source

• Use default entries w/o config file (fixes #​1063) (01a8e65)
• Fix negated glob pattern for ignored workspacea (28d9b4c)
• Don't bail out early for --filter if also -r in pnpm resolver (48e49a7)
• Replace easy-table with new Table (cd70e95)

v5.51.1

Compare Source

• Support Prettier TypeScript configs (#​1059) (6717595) - thanks @​azat-io!
• Expand astro.config.* and reuse in starlight plugin (859a16b)
• Improve pnpm cmd resolver (844d7a8)
• Split and improve source map functions (ae89d67)

v5.51.0

Compare Source

• Add 'instrumentation-client' to next plugin entry points (#​1035) (b739fcc) - thanks @​matbour!
• Upgrade release-it (4ac1897)
• Handle catch prop access when returning named bindings (resolves #​1039) (e940835)
• Housekeeping imports fixture (4fe4099)
• Add treatConfigHintsAsErrors to config file options (resolves #​1026) (cafff6e)
• Refactor exec test helper + callsites (e8b642d)
• Organize quick test:smoke runs (exclude cli & fs tests) (949fe5a)
• Add bun plugin (resolves #​1038) (36e30f6)
• Document allowIncludeExports and start using it a few plugins (resolves #​1043) (755f689)
• Re-generate plugins.md (4f6f8fe)
• Split bun test cases between plugin and binary resolver (5d3673d)
• Fix and skip a few test (to circumvent issues in Windows) (8f8e4c2)
• Add oxlint plugin (#​1042) (0f85615) - thanks @​PatrykWalach!
• feat: add nano-staged plugin (#​1045) (a05726c) - thanks @​cylewaitforit!
• Migrate some odd astro pages to mdx content (04aa73a)
• Update favicon (736c05e)
• 100 (65dc8f9)
• Update astro/starlight (a9fba6f)
• Refactor OG images (508fa39)
• refactor(lint-staged): remove unneeded default packageJsonPath value (#​1049) (77dedbc) - thanks @​cylewaitforit!
• Quickfix light theme colors (d297259)
• Concise and consistent description (f33684b)
• Add astro to integration suite and sort jobs a-z (c2afe4e)
• Add Astro to projects using knip (4661469)
• Mark mdx-components as an entry file for Next.js (#​1050) (3e7df18) - thanks @​remcohaszing!
• Fix tanstack router function call without arguments (1b8acc7)
• Try remove eslint | prettier | xo in config check in enablers (03790bd)
• Update ecosystem pipeline (c95c303)
• Unleash biome on fixtures (94fa4ee)
• Fix order and add types in codeclimate specs (f1d4845)
• Fix order in json reporter specs (b0a3b86)
• add relay plugin (#​1047) (1e65c29) - thanks @​PatrykWalach!
• Simplify git ignore cache and fix --dir ancestor case (b09eaff)
• Remove tanstack-router plugin (7dca60e)
• Work around bun test pattern issue (20823cf)
• Update docs (d3009bd)
• Exclude dir that doesn't contain tests (d4c7379)
• Allow to force-enable built-in sync compilers (b868c2e)
• Refactor and simplify glob-core a bit (5c91dfa)
• Ignore imports inside tagged template literals (#​1041) (1ff6db9) - thanks @​azat-io!
• Include members for default-exported enums/classes (beae106)
• Fix cache in glob, reuse name (82ca298)
• Skip runAsyncCompilers if no async compilers (c418cf1)
• Add compiler extensions to source mapper (cb2735d)

v5.50.5

Compare Source

• Add jiti to "positionals" (resolves #​1033) (08a4688)
• Group some scripts tests (edf56e0)
• Fix starlight social config (cc51eaa)
• Support ignoreUnresolved from top-level and root ws config (resolves #​1032) (852298b)
• Update docs re. production mode (3b142b1)

v5.50.4

Compare Source

• Don't exclude (dist) files with js ext from being source mapped (b39ac44)
• Mark simple-git-hooks as used dependency when config exists (#​1027) (78f8cf4) - thanks @​azat-io!
• Update docs dependencies (a8b44f6)

v5.50.3

Compare Source

• Include empty named import declaration (d958e90)
• Use pnpm workspaces over package.json workspaces (330e918)
• Update comment (e8fcd87)
• Revert and improve fix for #​1024 (3db59f7)

v5.50.2

Compare Source

• Add i18next-parser plugin (#​1023) (6b6536b) - thanks @​robinvdvleuten!
• Fix recursion in config file handling (resolves #​1024) (1966c23)

v5.50.1

Compare Source

• Revert "Remove unused TS config options"

This reverts commit d1686e2. (731fe7e)

v5.50.0

Compare Source

• Add missing git-ignored files in fixture (bf4fd5b)
• feat: add create-typescript-app plugin (#​1022) (0dfed33) - thanks @​JoshuaKGoldberg!
• Remove unused TS config options (d1686e2)
• Add "source mapping" docs (3bdf5ab)
• Minor refactor json reporter types (58cc662)

v5.49.0

Compare Source

• Fix TS Router plugin name (d350725)
• Remove a wrong "not" in handling-issues.mdx (#​1021) (6132bf7) - thanks @​dyedwiper!
• Improve support for package.json#exports (closes #​853) (3378d60)
• Improve handling/skipping of exports in entry files (d4df794)
• Simplify toSourcePath a bit (5efde33)
• Fix up toEntry callsites (898c18e)

v5.48.0

Compare Source

• Upgrade release-it (8017157)
• Use strict config validation (resolves #​966) (7476337)
• fix: escape react-router route paths (#​988) - thanks @​rossipedia!
• Add support for resolveFromAST in plugins (#​1005) (17a6f3c)
• Don't add entry files from nodemon positional arg (closes #​1019) (e51ef34)
• Sync up @​nodelib/fs.walk version with fast-glob (8cf2247)
• Replace codeowners dependency with internal helpers + tests (c9c9211)
• Replace summary dependency with internal helper (450a565)
• Report unused re-exports (resolves #​874) (6630e39)
• Fix typos in test (aab0962)
• Improve SST plugin (ba917c3)

v5.47.0

Compare Source

• Always consider husky inputs non-production (resolves #​1017) (1113957)
• Housekeeping (cc20ce9)
• Always consider lint-staged inputs non-production (#​1017) (69f81eb)
• Add GitHub Action plugin (resolves #​1018) (4ced243)
• Update ecosystem pipeline (f1c4015)
• Fix up qa command (cea22e4)
• feat: handle vitest workspace configuration (#​1003) (3323602) - thanks @​codepunkt!
• Add pnpm version to pnpm commands (#​1020) (0b2cef7) - thanks @​thomasballinger!
• Update docs (50b10bd)
• Update dependencies (046b0fb)

v5.46.5

Compare Source

• Revert 7ba16e1 and add fixtures (resolves #​1015) (5464a4b)
• Topologically sort workspaces (#​1015) (e5ca159)
• Move root workspace to start and improve sorterer (#​1015) (990f292)
• No longer need to force-install in eslint repo (93ec53f)
• Fix getAvailableWorkspaceNames (6ec2226)
• Let's go safe here (eb68ec0)
• Update sponsorships chart (8d22178)
• Add patterns to exclude descendant workspaces for expensive globs (bab315b)

v5.46.4

Compare Source

• fix: Fix the issue where the built-in Vue compiler only supports <scr… (#​997)
• Update dependencies (16667d1)

v5.46.3

Compare Source

• Add support for webpack.ProvidePlugin (resolves #​840) (6a69543)
• Add cache to pnpm commands (resolves #​1010) (5f2efd4)
• Don't reuse principals with rootDir set (resolves #​1007) (7ba16e1)

v5.46.2

Compare Source

• npm pkg fix (52e2f1f)
• Upgrade release-it (80281f7)
• Make server.js production entry in node plugin (89f59f1)
• Make entry points coming from plugins optional in production mode (resolves #​1000) (f26f95f)

v5.46.1

Compare Source

• Migrate Bun lockfile (cd8ffbb)
• Format docs (76d4760)
• Temporarily use --legacy-peer-deps (for release-it@next) (11344c3)
• Update dependencies (9d4f456)
• Restore repo.url (release-it wasn't too fond of it yet) (670ed17)
• Fix up a few deprecated Astro thingies (3f26627)
• Just build the docs please (93c724a)
• Pin @​types/bun@​1.2.4 (97a7465)
• Allow for windows cmd commands ([#​992](https://redirect.github.com/web

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​vitest/​coverage-v8@​3.1.2 ⏵ 3.1.3				+1
	npm/​@​commitlint/​cli@​19.7.1 ⏵ 19.8.1	+1		+1	-1
	npm/​esbuild@​0.25.3 ⏵ 0.25.4
	npm/​vitest@​3.1.2 ⏵ 3.1.3	+1		+1	+2
	npm/​@​types/​node@​22.15.3 ⏵ 22.15.18	+1		+1	+1
	npm/​knip@​5.43.6 ⏵ 5.56.0	+1		+1
	npm/​@​commitlint/​config-conventional@​19.7.1 ⏵ 19.8.1				-1
	npm/​lefthook@​1.10.10 ⏵ 1.11.12	+1			-1
	npm/​type-fest@​4.40.1 ⏵ 4.41.0	+1		+1
	npm/​zod@​3.24.3 ⏵ 3.24.4
	npm/​eslint@​9.25.1 ⏵ 9.26.0				+1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report