chore(deps): update non-major

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@changesets/changelog-github (source)	^0.5.2 → ^0.7.0			devDependencies	minor
@changesets/cli (source)	^2.29.8 → ^2.31.0			devDependencies	minor
@sanity/tsdown-config (source)	^0.5.8 → ^0.6.1			devDependencies	minor
oxfmt (source)	^0.36.0 → ^0.50.0			devDependencies	minor
oxlint (source)	^1.51.0 → ^1.65.0			devDependencies	minor
oxlint-tsgolint	^0.16.0 → ^0.23.0			devDependencies	minor
portabletext/.github	→ 4d2d3a0			action	pinDigest
tsdown (source)	^0.20.3 → ^0.22.0			devDependencies	minor
typedoc (source)	^0.28.17 → ^0.28.19			devDependencies	patch

---

Release Notes

changesets/changesets (@​changesets/changelog-github)

v0.7.0

Compare Source

Minor Changes

• #​1255 94578cf Thanks @​Kauhsa! - Added disableThanks option

v0.6.0

Compare Source

Minor Changes

• #​1850 fd0bc2e Thanks @​mixelburg! - Linkify issue references in changelog entries.

Patch Changes

• #​1810 27fd8f4 Thanks @​hirasso! - Replace deprecated String.prototype.trimRight with String.prototype.trimEnd

• Updated dependencies [d4b8ad8, e462d89]:

  • @​changesets/get-github-info@​0.8.0

sanity-io/pkg-utils (@​sanity/tsdown-config)

v0.6.1

Compare Source

Patch Changes

• #​2755 a2246f5 Thanks @​renovate! - fix(deps): update dependency tsdown to v0.21.10

• Updated dependencies [a2246f5]:

  • @​sanity/parse-package-json@​2.1.4

v0.6.0

Compare Source

Minor Changes

• #​2737 a630af5 Thanks @​copilot-swe-agent! - Upgrade tsdown peer dependency from 0.20.x to 0.21.x

Patch Changes

• Updated dependencies []:
  • @​sanity/parse-package-json@​2.1.3

oxc-project/oxc (oxfmt)

v0.50.0

Compare Source

🐛 Bug Fixes

• 43b9978 formatter/sort_imports: Treat subpath imports as internal (#​22440) (leaysgur)

v0.49.0

Compare Source

🚀 Features

• 6e8e818 oxfmt: Experimental .svelte support (#​21700) (leaysgur)

v0.48.0

Compare Source

v0.47.0

Compare Source

v0.46.0

Compare Source

v0.45.0

Compare Source

🐛 Bug Fixes

• 50c389b oxfmt: Support .editorconfig quote_type (#​20989) (leaysgur)

v0.44.0

Compare Source

🐛 Bug Fixes

• dd2df87 npm: Export package.json for oxlint and oxfmt (#​20784) (kazuya kawaguchi)
• 4216380 oxfmt: Support .editorconfig tab_width fallback (#​20988) (leaysgur)

v0.43.0

Compare Source

🚀 Features

• 6ef440a oxfmt: Support bool for object style options (#​20853) (leaysgur)

v0.42.0

Compare Source

🚀 Features

• 416865a formatter,oxfmt: Add doc comments for JsdocConfig (#​20644) (leaysgur)
• 4fec907 formatter: Add JSDoc comment formatting support (#​19828) (Dunqing)

v0.41.0

Compare Source

v0.40.0

Compare Source

🐛 Bug Fixes

• bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#​20273) (leaysgur)

v0.39.0

Compare Source

v0.38.0

Compare Source

v0.37.0

Compare Source

oxc-project/oxc (oxlint)

v1.65.0

Compare Source

🚀 Features

• 5478fb5 linter/jsdoc: Implement require-throws-description rule (#​22386) (Mikhail Baev)
• c73225e linter/eslint: Implement prefer-arrow-callback rule (#​22312) (박천(Cheon Park))
• de82b59 linter: Add support for eslint-plugin-jsx-a11y-x (#​22356) (mehm8128)
• f44b6c8 linter: Fill schemas DummyRuleMap with built-in rules (#​22288) (Sysix)

v1.64.0

Compare Source

🚀 Features

• fbb8f22 linter: Support ignores in overrides (#​22148) (camc314)

🐛 Bug Fixes

• 25b7017 linter: Undocument override ignores option (#​22213) (camc314)

v1.63.0

Compare Source

📚 Documentation

• cacbc4a linter: Fix jest settings docs. (#​22127) (connorshea)

v1.62.0

Compare Source

🚀 Features

• 348f46c linter: Add respectEslintDisableDirectives option (#​21384) (Christian Vuerings)

🐛 Bug Fixes

• 8c425db linter: Allow string for jest version in config schema (#​21649) (camc314)

v1.61.1

Compare Source

v1.61.0

Compare Source

🚀 Features

• 38d8090 linter/jest: Implemented jest version settings in config file. (#​21522) (Said Atrahouch)

v1.60.0

Compare Source

📚 Documentation

• cfd8a4f linter: Don't rely on old eslint doc for available globals (#​21334) (Nicolas Le Cam)

v1.59.0

Compare Source

v1.58.0

Compare Source

v1.57.0

Compare Source

v1.56.0

Compare Source

v1.55.0

Compare Source

🐛 Bug Fixes

• bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#​20273) (leaysgur)

📚 Documentation

• f339f10 linter/plugins: Promote JS plugins to alpha status (#​20281) (overlookmotel)

v1.54.0

Compare Source

📚 Documentation

• 0c7da4f linter: Fix extra closing brace in example config. (#​20253) (connorshea)

v1.53.0

Compare Source

v1.52.0

Compare Source

🚀 Features

• 61bf388 linter: Add options.reportUnusedDisableDirectives to config file (#​19799) (Peter Wagenet)
• 2919313 linter: Introduce denyWarnings config options (#​19926) (camc314)
• a607119 linter: Introduce maxWarnings config option (#​19777) (camc314)

📚 Documentation

• 6c0e0b5 linter: Add oxlint.config.ts to the config docs. (#​19941) (connorshea)
• 160e423 linter: Add a note that the typeAware and typeCheck options require oxlint-tsgolint (#​19940) (connorshea)

oxc-project/tsgolint (oxlint-tsgolint)

v0.23.0

Compare Source

v0.22.1

Compare Source

What's Changed

• fix: clarify AGENTS.md submodule guidance by @​camc314 in #​909
• feat(no-unsafe-enum-comparison): implement suggestion by @​camc314 in #​910
• feat(no-unnecessary-template-expression): implement fix by @​camc314 in #​911
• chore(deps): update dependency vitest to v4.1.5 by @​renovate[bot] in #​912
• chore(deps): update github-actions by @​renovate[bot] in #​913
• fix(prefer-optional-chain): avoid access comparison false positive by @​camc314 in #​914

Full Changelog: oxc-project/tsgolint@v0.22.0...v0.22.1

v0.22.0

Compare Source

What's Changed

• chore: convert renovate config to json by @​Boshen in #​893
• chore: update typescript-go submodule by @​camc314 in #​895
• ci: replace OXC_BOT_PAT with GitHub App tokens by @​Boshen in #​894
• ci: add security analysis workflow by @​Boshen in #​898
• chore(deps): update github-actions by @​renovate[bot] in #​899
• chore(deps): update module github.com/dlclark/regexp2 to v1.12.0 by @​renovate[bot] in #​900
• chore(deps): update dependency typescript to v6.0.3 by @​renovate[bot] in #​901
• ci: make security analysis required-check friendly by @​Boshen in #​902
• feat(require-await): implement suggestions by @​younggglcy in #​896
• fix: add warning for unsupported tsgolint CLI entrypoint by @​camc314 in #​903
• fix: resolve ancestor tsconfig for excluded nearest config by @​camc314 in #​904
• chore: update typescript-go submodule by @​camc314 in #​905
• fix: handle UTF-16 diagnostics by @​camc314 in #​906
• fix(no-useless-default-assignment): make default assignment removal a suggestion by @​camc314 in #​907
• fix(no-unnecessary-type-arguments): preserve shadowed type arguments by @​camc314 in #​908

Full Changelog: oxc-project/tsgolint@v0.21.1...v0.22.0

v0.21.1

Compare Source

What's Changed

• fix(no-unnecessary-condition): handle null overlap in narrowed generic intersections by @​camc314 in #​891
• revert(no-unnecessary-type-arguments): drop inference reporting by @​camc314 in #​892

Full Changelog: oxc-project/tsgolint@v0.21.0...v0.21.1

v0.21.0

Compare Source

What's Changed

• chore: migrate gen-json-schemas to TS by @​camc314 in #​874
• chore: update typescript-go submodule by @​camc314 in #​879
• chore(deps): update github-actions by @​renovate[bot] in #​883
• chore(deps): update gomod by @​renovate[bot] in #​884
• chore(deps): update npm packages by @​renovate[bot] in #​885
• feat: improve consistent-type-exports diagnostics quality by @​camchenry in #​880
• chore(deps): update softprops/action-gh-release action to v3 by @​renovate[bot] in #​886
• feat: enrich the no-array-delete diagnostic by @​camchenry in #​881
• feat: enrich no-duplicate-type-constituents diagnostic by @​camchenry in #​882
• fix(no-meaningless-void-operator): align with typescript-eslint union handling by @​camc314 in #​887
• chore(deps): update crate-ci/typos action to v1.45.1 by @​renovate[bot] in #​888
• fix(no-deprecated): avoid false positive on array destructuring bindings by @​camc314 in #​890

Full Changelog: oxc-project/tsgolint@v0.20.0...v0.21.0

v0.20.0

Compare Source

v0.19.0

Compare Source

What's Changed

• chore(deps): update npm packages by @​renovate[bot] in #​846
• chore(deps): update github-actions by @​renovate[bot] in #​847
• chore(deps): update dependency typescript to v6 by @​renovate[bot] in #​848
• chore: fix schema generator drift by @​camc314 in #​850
• feat(await-thenable): port promise aggregator checks and upstream tests by @​camc314 in #​851
• test(e2e): make fixtures modules so they are processed in isolation by @​camc314 in #​854
• chore(deps): update pnpm to v10.33.0 by @​renovate[bot] in #​855
• feat(no-unnecessary-type-arguments): port upstream inference reporting by @​camc314 in #​853
• feat(strict-void-return): sync overload-safe callback typing with upstream by @​camc314 in #​856
• feat(prefer-promise-reject-errors): add allow specifiers and upstream test parity by @​camc314 in #​857
• fix(prefer-readonly-parameter-types): preserve alias-aware parameter types by @​camc314 in #​858
• feat(no-useless-default-assignment): skip unresolved type parameters by @​camc314 in #​859

Full Changelog: oxc-project/tsgolint@v0.18.1...v0.19.0

v0.18.1

Compare Source

What's Changed

• perf(linter): use batch API for semantic diagnostics by @​camc314 in #​844

Full Changelog: oxc-project/tsgolint@v0.18.0...v0.18.1

v0.18.0

Compare Source

What's Changed

• fix(lint): suppress unparam on toStaticValue by @​camc314 in #​834
• fix(promise-function-async): place async fix after export modifiers by @​camc314 in #​839
• chore: improve assertion diagnostic msg by @​camc314 in #​842
• fix(dot-notation): ignore non-ascii property names by @​camc314 in #​840
• chore: update typescript-go submodule by @​camc314 in #​841

Full Changelog: oxc-project/tsgolint@v0.17.4...v0.18.0

v0.17.4

Compare Source

What's Changed

• chore(deps): remove vite override, update vitest by @​camc314 in #​827
• fix(prefer-optional-chain): false positive on tricky condition by @​camc314 in #​831
• fix(no-base-to-string): memoize recursive stringification checks by @​camc314 in #​832

Full Changelog: oxc-project/tsgolint@v0.17.3...v0.17.4

v0.17.3

Compare Source

What's Changed

• fix(no-unnecessary-type-assertion): avoid inferring generic defaults from assertions by @​camc314 in #​826

Full Changelog: oxc-project/tsgolint@v0.17.2...v0.17.3

v0.17.2

Compare Source

What's Changed

• chore: update typescript-go to latest upstream by @​camc314 in #​814
• refactor(no-unnecessary-condition): more closely align rule implementation with upstream by @​camc314 in #​809
• chore(deps): update dependency dprint-json to v0.21.3 by @​renovate[bot] in #​819
• chore(deps): update github-actions by @​renovate[bot] in #​820
• chore(deps): update npm packages by @​renovate[bot] in #​821
• fix(no-unnecessary-type-assertion): avoid contextual generic inference for call expressions by @​camc314 in #​824
• refactor(no-unnecessary-condition): remove unused isLiteralValue by @​camc314 in #​825

Full Changelog: oxc-project/tsgolint@v0.17.1...v0.17.2

v0.17.1

Compare Source

What's Changed

• chore(deps): update github-actions by @​renovate[bot] in #​793
• chore(deps): update gomod by @​renovate[bot] in #​794
• chore(deps): update npm packages by @​renovate[bot] in #​795
• chore(deps): update softprops/action-gh-release action to v2.6.0 by @​renovate[bot] in #​798
• fix prefer-optional-chain parenthesized call panic by @​camc314 in #​800
• fix(no-base-to-string): check base types for ignoredTypeNames by @​younggglcy in #​796
• refactor: move matchesTypeOrBaseType function to utils package by @​camc314 in #​803
• fix(restrict-template-expressions): allow inherited types in allow list by @​camc314 in #​804
• fix(prefer-optional-chain): avoid false positives for instanceof and redundant nullish checks by @​wagenet in #​753
• fix(no-unnecessary-condition): skip no-overlap checks for indeterminate generic intersections by @​camc314 in #​806
• fix: crash on JS await property lookup by @​camc314 in #​812
• chore: remove deprecated vitest config option by @​camc314 in #​813

Full Changelog: oxc-project/tsgolint@v0.17.0...v0.17.1

v0.17.0

Compare Source

What's Changed

• refactor: make E2E benchmark more realistic by @​camchenry in #​763
• docs: improve README positioning by @​Boshen in #​767
• Revise oxlint command examples in README by @​connorshea in #​768
• chore(deps): update dependency vitest>vite to v8.0.0-beta.16 by @​renovate[bot] in #​770
• chore(deps): update github-actions by @​renovate[bot] in #​771
• chore(deps): update module golang.org/x/sys to v0.42.0 by @​renovate[bot] in #​772
• chore(deps): update taiki-e/install-action action to v2.68.25 by @​renovate[bot] in #​773
• fix(dot-notation): optional chaining autofix by @​camc314 in #​775
• fix(no-unnecessary-condition): avoid false positive for unresolved conditional null checks by @​camc314 in #​776
• fix(prefer-optional-chain): false positive on unrelated comparisons by @​camc314 in #​778
• chore(justfile): add alias r for ready by @​younggglcy in #​782
• chore(justfile): add pnpm install steps to init recipe by @​younggglcy in #​783
• fix(no-base-to-string): handle overloaded toString declarations by @​camc314 in #​779
• chore: update typescript-go submodule by @​camc314 in #​785
• fix(restrict-plus-operands): report actual type instead of always reporting RegExp by @​younggglcy in #​786
• fix(no-unnecessary-condition): handle IndexedAccess types in ?? and ??= paths by @​younggglcy in #​784
• fix(no-unnecessary-type-assertion): handle JSDoc autofix ranges by @​Jkker in #​781
• fix(no-unnecessary-condition): handle branded record keys in nullish checks by @​camc314 in #​791
• chore: update typescript-go submodule by @​camc314 in #​788
• fix(no-unnecessary-condition): use resolved call types for optional chains by @​camc314 in #​792

New Contributors

• @​younggglcy made their first contribution in #​782
• @​Jkker made their first contribution in #​781

Full Changelog: oxc-project/tsgolint@v0.16.0...v0.17.0

rolldown/tsdown (tsdown)

v0.22.0

Compare Source

   🚨 Breaking Changes

• Drop Node.js < 22.18.0 support, make unrun optional, add tsx config loader  -  by @​sxzz (a1042)
• dts: Auto-enable dts when tsconfig declaration is true  -  by @​sxzz in #​872 (085f0)
• publint: Use pkg from publint results, require publint v0.3.8+  -  by @​sxzz (413bb)

   🚀 Features

• Upgrade rolldown to 1.0.0-rc.18  -  by @​sxzz (66085)
• Upgrade rolldown to v1.0.0  -  by @​sxzz (fabba)
• exports: Auto-enable bin detection by default  -  by @​sxzz in #​873 (abda9)

   🐞 Bug Fixes

• Explicitly drop node 23 support  -  by @​sxzz (85e65)
• debug: Enhance debug logging for pack tarball  -  by @​sxzz and Copilot (5de04)
• exports: Detect types fields nested in conditional exports  -  by @​sxzz (82fa1)
• pkg: Fix duplicate configuration warning logic  -  by @​ho991217 and @​sxzz in #​935 (6a0d9)

🔄 Migration Guide

Node.js version

Upgrade to Node.js 22.18.0 or later. Bun and Deno remain supported (experimental).

unrun is no longer bundled

If your environment relies on the unrun config loader (i.e. you're on a Node version without native TypeScript support and use the default auto loader), install it manually:

npm i -D unrun

# or, alternatively, the new tsx loader:
npm i -D tsx

If you use Node.js 22.18.0+ with native TypeScript support, no change is needed — the auto loader will pick native.

dts auto-enabled from tsconfig

If your tsconfig.json has compilerOptions.declaration: true but you do not want tsdown to emit .d.ts files, opt out explicitly:

// tsdown.config.ts
export default defineConfig({
  dts: false,
})

exports.bin auto-detection

Any entry chunk containing a shebang (e.g. #!/usr/bin/env node) now causes tsdown to write a bin field in package.json automatically. The semantics differ slightly from explicit bin: true:

Value	Single shebang	Multiple shebangs	No shebangs
(unset)	Auto-set bin	Warn, skip	Silent
true	Auto-set bin	Throw	Warn
false	No bin	No bin	No bin

To opt out entirely:

export default defineConfig({
  exports: { bin: false },
})

Links

• tsdown Documentation
• v0.22.0-beta.1 Release
• v0.22.0-beta.2 Release
• v0.22.0-beta.3 Release
• Full diff from v0.21.10

v0.21.10

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (8a449)

    View changes on GitHub

v0.21.9

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (2d74e)
• config: Track transitive config dependencies for watch reload  -  by @​sxzz in #​919 (16e27)
• exports: Add bin to publishConfig when devExports is enabled  -  by @​sxzz in #​911 (60592)
• plugin: Add tsdownConfig and tsdownConfigResolved plugin hooks  -  by @​sxzz in #​918 (665e5)

   🐞 Bug Fixes

• Skip package.json writting when content is deeply equal  -  by @​ocavue and @​sxzz in #​913 (d8e1c)
• Skip Node.js version check in Bun  -  by @​sxzz (38afd)
• css: Detect css modules from full id for vue virtual sfc styles  -  by @​sxzz in #​917 (e6021)

    View changes on GitHub

v0.21.8

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (7f887)
• attw: Improve ignoreRules type to autocomplete known values  -  by @​mrlubos in #​892 (c8f5c)
• create-tsdown: Add Vite Plus template option  -  by @​sxzz (daed0)
• exports: Add extensions option for subpath export keys  -  by @​SinhSinhAn and @​sxzz in #​899 (1bb7a)
• target: Add support for baseline-widely-available target  -  by @​sxzz in #​896 (d6a16)

   🐞 Bug Fixes

• Export type only for cjs dts re-export  -  by @​sxzz (25510)
• Exclude shim file from bundled dependency hint  -  by @​sxzz in #​909 (3f8de)
• dts: Skip cjs dts reexport for non-entry chunks  -  by @​sxzz (5fee2)

    View changes on GitHub

v0.21.7

Compare Source

   🚀 Features

• Add module option for attw and publint to allow passing imported modules directly  -  by @​sxzz (31e90)

   🐞 Bug Fixes

• deps: Add skipNodeModulesBundle dep subpath e2e tests and fix docs  -  by @​sxzz (deff7)

    View changes on GitHub

v0.21.6

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-rc.12  -  by @​sxzz (51292)
• config:
  • Pass root config to workspace config functions  -  by @​sxzz (76169)
  • Use mergeConfig for workspace config merging and support variadic overrides  -  by @​sxzz (148aa)
• dts:
  • Add cjsReexport option to eliminate dual module type hazard  -  by @​mandarini and @​sxzz in #​856 (875c1)
• exports:
  • Add bin option to auto-generate package.json bin field  -  by @​sxzz in #​869 (7ebd6)

   🐞 Bug Fixes

• css:
  • Compile preprocessor langs in virtual CSS modules  -  by @​sxzz in #​865 (7b2e0)
  • Strip .module from CSS output filenames  -  by @​sxzz in #​866 (03ade)
  • Default splitting to true in unbundle mode for CSS inject  -  by @​sxzz in #​867 (a4da6)
  • Split CSS plugin into pre/post phases for scoped CSS support  -  by @​sxzz in #​870 (ff0c4)
• entry:
  • Correctly output relative paths in logger output  -  by @​sxzz (00050)

    View changes on GitHub

v0.21.5

Compare Source

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in #​845 (41411)
• Support typescript v6  -  by @​ocavue in [#​858](https://redirect.github.com/rolldown/tsdow

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on the first day of the month"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[changeset-bot]

⚠️ No Changeset found

Latest commit: e3b42e9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​sanity/​tsdown-config@​0.6.1
	@​changesets/​changelog-github@​0.7.0
	tsdown@​0.22.0
	oxlint@​1.65.0
	oxfmt@​0.50.0
	typedoc@​0.28.19
	oxlint-tsgolint@​0.23.0
	@​changesets/​cli@​2.31.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/typedoc@0.28.19 → npm/markdown-it@14.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report