chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@types/estree (source)	^0.0.48 -> ^0.0.52
@​types/lru-cache	^5.1.0 -> ^5.1.1
@types/node (source)	^16.4.7 -> ^16.18.52
conventional-changelog-cli (source)	^2.0.31 -> ^2.2.2
csstype	^3.1.1 -> ^3.1.2
enquirer	^2.3.2 -> ^2.4.1
execa	^4.0.2 -> ^4.1.0
lodash (source)	^4.17.15 -> ^4.17.21
marked (source)	^4.0.10 -> ^4.3.0
minimatch	^9.0.0 -> ^9.0.3
minimist	^1.2.0 -> ^1.2.8
pnpm (source)	8.6.2 -> 8.7.6
pug (source)	^3.0.1 -> ^3.0.2
sass	^1.26.9 -> ^1.67.0
semver	^7.3.2 -> ^7.5.4
todomvc-app-css	^2.3.0 -> ^2.4.2
tslib (source)	^2.5.0 -> ^2.6.2
tsx	^3.12.7 -> ^3.12.10

---

Release Notes

frenic/csstype (csstype)

v3.1.2

Compare Source

enquirer/enquirer (enquirer)

v2.4.1

Compare Source

v2.4.0

Compare Source

isaacs/minimatch (minimatch)

v9.0.3

Compare Source

v9.0.2

Compare Source

v9.0.1

Compare Source

minimistjs/minimist (minimist)

v1.2.8

Compare Source

Merged

• [Fix] Fix long option followed by single dash #17
• [Tests] Remove duplicate test #12
• [Fix] opt.string works with multiple aliases #10

Fixed

• [Fix] Fix long option followed by single dash (#​17) #15
• [Tests] Remove duplicate test (#​12) #8
• [Fix] Fix long option followed by single dash #15
• [Fix] opt.string works with multiple aliases (#​10) #9
• [Fix] Fix handling of short option with non-trivial equals #5
• [Tests] Remove duplicate test #8
• [Fix] opt.string works with multiple aliases #9

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

pnpm/pnpm (pnpm)

v8.7.6

Compare Source

Patch Changes

• Don't run the prepublishOnly scripts of git-hosted dependencies #​7026.
• Fix a bug in which use-node-version or node-version isn't passed down to checkEngine when using pnpm workspace, resulting in an error #​6981.
• Don't print out each deprecated subdependency separately with its deprecation message. Just print out a summary of all the deprecated subdependencies #​6707.
• Fixed an ENOENT error that was sometimes happening during install with "hoisted" node_modules #​6756.

Our Gold Sponsors

Our Silver Sponsors

v8.7.5

Compare Source

Patch Changes

• Improve performance of installation by using a worker for creating the symlinks inside node_modules/.pnpm #​7069.
• Tarballs that have hard links are now unpacked successfully. This fixes a regression introduced in v8.7.0, which was shipped with our new in-house tarball parser #​7062.

Our Gold Sponsors

Our Silver Sponsors

v8.7.4

Compare Source

Patch Changes

• Fix a bug causing the pnpm server to hang if a tarball worker was requested while another worker was exiting #​7041.
• Fixes a regression published with pnpm v8.7.3. Don't hang while reading package.json from the content-addressable store #​7051.
• Allow create scoped package with preferred version. #​7053
• Reverting a change shipped in v8.7 that caused issues with the pnpm deploy command and "injected dependencies" #​6943.

Our Gold Sponsors

Our Silver Sponsors

v8.7.3

Compare Source

Patch Changes

• Fix a bug causing errors to be printed as "Cannot read properties of undefined (reading 'code')" instead of the underlying reason when using the pnpm store server #​7032

Our Gold Sponsors

Our Silver Sponsors

v8.7.2

Compare Source

v8.7.1

Compare Source

Patch Changes

• Fixed an issue with extracting some old versions of tarballs #​6991.
• Side-effects cache will now be leveraged when running install in a workspace that uses dedicated lockfiles for each project #​6890.
• Reduce concurrency in the pnpm -r publish command #​6968.
• Improved the pnpm update --interactive output by grouping dependencies by type. Additionally, a new column has been added with links to the documentation for outdated packages #​6978.

Our Gold Sponsors

Our Silver Sponsors

v8.7.0

Compare Source

Minor Changes

• Improve performance of installation by using a worker pool for extracting packages and writing them to the content-addressable store #​6850
• The default value of the resolution-mode setting is changed to highest. This setting was changed to lowest-direct in v8.0.0 and some users were not happy with the change. A twitter poll concluded that most of the users want the old behaviour (resolution-mode set to highest by default). This is a semi-breaking change but should not affect users that commit their lockfile #​6463.

Patch Changes

• Warn when linking a package with peerDependencies #​615.
• Add support for npm lockfile v3 in pnpm import #​6233.
• Override peerDependencies in pnpm.overrides #​6759.
• Respect workspace alias syntax in pkg graph #​6922
• Emit a clear error message when users attempt to specify an undownloadable node version #​6916.
• pnpm patch should write patch files with a trailing newline #​6905.
• Dedupe deps with the same alias in direct dependencies 6966
• Don't prefix install output for the dlx command.
• Performance optimizations. Package tarballs are now download directly to memory and built to an ArrayBuffer. Hashing and other operations are avoided until the stream has been fully received #​6819.

Our Gold Sponsors

Our Silver Sponsors

v8.6.12

Compare Source

Patch Changes

• Make the error message friendlier when a user attempts to run a command that does not exist #​6887.
• pnpm patch should work correctly when shared-workspace-file is set to false #​6885.
• pnpm env use should retry deleting the previous Node.js executable #​6587.
• pnpm dlx should not print an error stack when the underlying script execution fails #​6698.
• When showing the download progress of large tarball files, always display the same number of digits after the decimal point #​6901.
• Report download progress less frequently to improve performance #​6906.
• pnpm install --frozen-lockfile --lockfile-only should fail if the lockfile is not up to date with the package.json files #​6913.

Our Gold Sponsors

Our Silver Sponsors

v8.6.11

Compare Source

Patch Changes

• Change the install error message when a lockfile is wanted but absent to indicate the wanted lockfile is absent, not present. This now reflects the actual error #​6851.
• When dealing with a local dependency that is a path to a symlink, a new symlink should be created to the original symlink, not to the actual directory location.
• The length of the temporary file names in the content-addressable store reduced in order to prevent ENAMETOOLONG errors from happening #​6842.
• Don't print "added" stats, when installing with --lockfile-only.
• Installation of a git-hosted dependency should not fail if the pnpm-lock.yaml file of the installed dependency is not up-to-date #​6865.
• Don't ignore empty strings in params #​6594.
• Always set dedupe-peer-dependents to false, when running installation during deploy #​6858.
• When several containers use the same store simultaneously, there's a chance that multiple containers ma

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Size Report

Bundles

File	Size	Gzip	Brotli
runtime-dom.global.prod.js	85.9 kB	32.6 kB	29.5 kB
vue.global.prod.js	132 kB	49.3 kB	44.4 kB

Usages

Name	Size	Gzip	Brotli
createApp	47.9 kB	18.8 kB	17.2 kB
createSSRApp	50.6 kB	19.9 kB	18.2 kB
defineCustomElement	50.3 kB	19.6 kB	17.9 kB
overall	61.2 kB	23.7 kB	21.6 kB