Skip to content

Bump the packages group with 7 updates #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 8, 2025
Merged

Bump the packages group with 7 updates #182

merged 1 commit into from
Jun 8, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 8, 2025

Bumps the packages group with 7 updates:

Package From To
pnpm 10.11.1 10.12.1
@napi-rs/wasm-runtime 0.2.10 0.2.11
acorn 8.14.1 8.15.0
entities 6.0.0 6.0.1
rollup 4.41.1 4.42.0
style-to-object 1.0.8 1.0.9
zod 3.25.51 3.25.56

Updates pnpm from 10.11.1 to 10.12.1

Release notes

Sourced from pnpm's releases.

pnpm 10.12.1

Minor Changes

  • Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather than to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path).

    In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available.

    This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories.

    To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via:

    pnpm config -g set enable-global-virtual-store true

    NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI.

    Short demo of the speed of installation with this new setting enabled: https://www.youtube.com/watch?v=pNDFfJvaubY&ab_channel=pnpm

    Related PR: #8190

  • The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml.

  • A new catalogMode setting is available for controlling if and how dependencies are added to the default catalog. It can be configured to several modes:

    • strict: Only allows dependency versions from the catalog. Adding a dependency outside the catalog's version range will cause an error.
    • prefer: Prefers catalog versions, but will fall back to direct dependencies if no compatible version is found.
    • manual (default): Does not automatically add dependencies to the catalog.

  • Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #9425.

  • Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #9605.

  • Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not.

Patch Changes

  • Sort versions printed by pnpm patch using semantic versioning rules.
  • Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #9598.
  • Revert #9574 to fix a regression #9596.

Platinum Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.12.1

Minor Changes

  • Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path).

    In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available.

    This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories.

    To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via:

    pnpm config -g set enable-global-virtual-store true

    NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI.

    Related PR: #8190

  • The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml.
  • Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #9425.
  • Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #9605.
  • Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not.

Patch Changes

  • Sort versions printed by pnpm patch using semantic versioning rules.
  • Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #9598.
  • Revert #9574 to fix a regression #9596.
Commits

Updates @napi-rs/wasm-runtime from 0.2.10 to 0.2.11

Release notes

Sourced from @​napi-rs/wasm-runtime's releases.

@​napi-rs/wasm-runtime@​0.2.11

What's Changed

New Contributors

Full Changelog: https://github.com/napi-rs/napi-rs/compare/@​napi-rs/cli@​3.0.0-alpha.87...@​napi-rs/wasm-runtime@​0.2.11

Commits

Updates acorn from 8.14.1 to 8.15.0

Commits
  • 6dc5374 Mark version 8.15.0
  • c8d954a Make linter happy
  • 71d942e Fix a crash when running the CLI tool on code with a bigint
  • 551a680 Fix the format of bigint property on bigint literal
  • 24baa2a Show logo in readme.md
  • b4ae0d2 Add support for using and await using
  • fdfb45a Bump test262
  • b27ce74 Make sure the loose parser skips number literals with invalid separators
  • 82233bf Remove outdated comment
  • f6c9e12 Remove trailing whitespace, semicolon
  • Additional commits viewable in compare view

Updates entities from 6.0.0 to 6.0.1

Release notes

Sourced from entities's releases.

v6.0.1

What's Changed

Full Changelog: fb55/entities@v6.0.0...v6.0.1

Commits
  • 9f7ca4c 6.0.1
  • d10dbb9 chore(package): Publish {en,de}code.d.ts
  • 665a232 fix: add types for old node entry points (#1861)
  • c5821e4 chore(deps-dev): Bump @​types/node from 22.15.29 to 22.15.30 (#1862)
  • 0f41e50 chore(deps): Bump github/codeql-action from 3.28.18 to 3.28.19 (#1859)
  • 834c628 chore(deps-dev): Bump @​typescript-eslint/eslint-plugin (#1857)
  • e6f4a53 chore(deps-dev): Bump @​typescript-eslint/parser from 8.33.0 to 8.33.1 (#1856)
  • 3715f43 chore(deps-dev): Bump eslint-plugin-n from 17.18.0 to 17.19.0 (#1855)
  • 97ba898 chore(deps-dev): Bump @​types/node from 22.15.24 to 22.15.29 (#1854)
  • 6826840 chore(deps-dev): Bump @​types/node from 22.15.23 to 22.15.24 (#1852)
  • Additional commits viewable in compare view

Updates rollup from 4.41.1 to 4.42.0

Release notes

Sourced from rollup's releases.

v4.42.0

4.42.0

2025-06-06

Features

  • Add option to allow the input to be located in the output in watch mode (#5966)

Pull Requests

v4.41.2

4.41.2

2025-06-06

Bug Fixes

  • Detect named export usages in dynamic imports with then and non-arrow function expressions (#5977)
  • Do not replace usages of constant variables with their values for readability (#5968)

Pull Requests

Changelog

Sourced from rollup's changelog.

4.42.0

2025-06-06

Features

  • Add option to allow the input to be located in the output in watch mode (#5966)

Pull Requests

4.41.2

2025-06-06

Bug Fixes

  • Detect named export usages in dynamic imports with then and non-arrow function expressions (#5977)
  • Do not replace usages of constant variables with their values for readability (#5968)

Pull Requests

Commits
  • f763394 4.42.0
  • dddc00d feat: watch mode add allowInputInsideOutputPath option (#5966)
  • 13b4669 4.41.2
  • 149d94c Debug/fix watch pipeline (#5982)
  • 13992f2 Update README.md (#5976)
  • 224c900 fix: preserve constant identifiers in unary expressions instead of magic numb...
  • da88626 fix: consider function expression in thenable when tree-shaking dynamic impor...
  • 8f0dbc9 fix(deps): lock file maintenance minor/patch updates (#5981)
  • 4f69d33 chore(deps): update dependency yargs-parser to v22 (#5969)
  • 0fbd796 chore(deps): lock file maintenance (#5971)
  • Additional commits viewable in compare view

Updates style-to-object from 1.0.8 to 1.0.9

Release notes

Sourced from style-to-object's releases.

v1.0.9

1.0.9 (2025-06-06)

Miscellaneous Chores

Changelog

Sourced from style-to-object's changelog.

1.0.9 (2025-06-06)

Miscellaneous Chores

Commits
  • 36a7d48 Merge pull request #642 from remarkablemark/release-please--branches--master-...
  • db3442a chore(master): release 1.0.9
  • 2f9f7cf build(package): fix 1 moderate severity vulnerability
  • 216aab1 chore: release 1.0.9
  • 3a0c2eb build(deps-dev): bump rollup from 4.41.1 to 4.42.0 (#641)
  • 0f046c4 build(deps-dev): bump @​types/node from 22.15.29 to 22.15.30 (#640)
  • ccdf237 build(deps-dev): bump the typescript-eslint group with 2 updates (#639)
  • c38b833 build(deps-dev): bump @​eslint/js in the eslint group (#638)
  • 0baf714 build(deps-dev): bump @​types/node from 22.15.28 to 22.15.29 (#637)
  • b48efad build(deps-dev): bump eslint from 9.27.0 to 9.28.0 (#636)
  • Additional commits viewable in compare view

Updates zod from 3.25.51 to 3.25.56

Release notes

Sourced from zod's releases.

v3.25.56

Commits:

  • 64bfb7001cf6f2575bf38b5e6130bc73b4b0e371 3.25.56

v3.25.55

Commits:

  • 44141ea1dbd48403f14704386119884aeda5cb27 3.25.55

v3.25.54

Commits:

  • 8ab237423cd8fdca58dc9e18f45d48d56ca2a24d fix(util): cross realm IsPlainObject check (#4627)
  • 2be1c6ad909a9d0598d9f45fedc9038213130529 Fix generic assignability issue. 3.25.54

v3.25.53

Commits:

  • a6adb148012f59d734245c637a577ed413a484e7 zod mini internals (#4631)
  • da4f92170ac838029178c4622015dbdae4a1de7c 3.25.53

v3.25.52

Commits:

  • 2954f40a4e41f61e835ba211ff084467dca1f41e Fix json (#4630)
  • 51dc6f9361851e64a925c3f4ee9364ce4da4c4e7 3.25.52
  • e479ea76ae1571064c3dade621b3af0ea2dff942 Add test cast for deferred self-recursion
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the packages group with 7 updates
2938677 
Bumps the packages group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `10.11.1` | `10.12.1` |
| [@napi-rs/wasm-runtime](https://github.com/napi-rs/napi-rs/tree/HEAD/wasi-runtime) | `0.2.10` | `0.2.11` |
| [acorn](https://github.com/acornjs/acorn) | `8.14.1` | `8.15.0` |
| [entities](https://github.com/fb55/entities) | `6.0.0` | `6.0.1` |
| [rollup](https://github.com/rollup/rollup) | `4.41.1` | `4.42.0` |
| [style-to-object](https://github.com/remarkablemark/style-to-object) | `1.0.8` | `1.0.9` |
| [zod](https://github.com/colinhacks/zod) | `3.25.51` | `3.25.56` |


Updates `pnpm` from 10.11.1 to 10.12.1
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/main/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.12.1/pnpm)

Updates `@napi-rs/wasm-runtime` from 0.2.10 to 0.2.11
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](https://github.com/napi-rs/napi-rs/commits/@napi-rs/wasm-runtime@0.2.11/wasi-runtime)

Updates `acorn` from 8.14.1 to 8.15.0
- [Commits](acornjs/acorn@8.14.1...8.15.0)

Updates `entities` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/fb55/entities/releases)
- [Commits](fb55/entities@v6.0.0...v6.0.1)

Updates `rollup` from 4.41.1 to 4.42.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.41.1...v4.42.0)

Updates `style-to-object` from 1.0.8 to 1.0.9
- [Release notes](https://github.com/remarkablemark/style-to-object/releases)
- [Changelog](https://github.com/remarkablemark/style-to-object/blob/master/CHANGELOG.md)
- [Commits](remarkablemark/style-to-object@v1.0.8...v1.0.9)

Updates `zod` from 3.25.51 to 3.25.56
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.51...v3.25.56)

---
updated-dependencies:
- dependency-name: pnpm
  dependency-version: 10.12.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: packages
- dependency-name: "@napi-rs/wasm-runtime"
  dependency-version: 0.2.11
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: packages
- dependency-name: acorn
  dependency-version: 8.15.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: packages
- dependency-name: entities
  dependency-version: 6.0.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: packages
- dependency-name: rollup
  dependency-version: 4.42.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: packages
- dependency-name: style-to-object
  dependency-version: 1.0.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: packages
- dependency-name: zod
  dependency-version: 3.25.56
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot assigned poad Jun 8, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 8, 2025
@vercel
Copy link

vercel bot commented Jun 8, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
github-rest-api-executor ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 8, 2025 10:52pm

@amazon-q-developer
Copy link

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

@github-actions github-actions bot merged commit f1f59e5 into main Jun 8, 2025
4 of 5 checks passed
@github-actions github-actions bot deleted the dependabot/npm_and_yarn/packages-b134201b6a branch June 8, 2025 22:52
@amazon-q-developer
Copy link

✅ I finished the code review, and didn't find any security or code quality issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@poad poad

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@poad