chore(deps): update all non-major dependencies#2874
Merged
Conversation
✅ Deploy Preview for vue-test-utils-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
dd314b8 to
de98477
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
de98477 to
94b52d5
Compare
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.0.6→6.0.717.0.4→17.0.51.64.0→1.65.011.1.1→11.1.24.60.3→4.60.48.0.12→8.0.13Release Notes
vitejs/vite-plugin-vue (@vitejs/plugin-vue)
v6.0.7Features
@rolldown/pluginutilsversion (#776) (941b651)Bug Fixes
lint-staged/lint-staged (lint-staged)
v17.0.5Compare Source
Patch Changes
1f67271- Correctly set the--max-arg-lengthdefault value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.oxc-project/oxc (oxlint)
v1.65.0Compare Source
🚀 Features
5478fb5linter/jsdoc: Implementrequire-throws-descriptionrule (#22386) (Mikhail Baev)c73225elinter/eslint: Implementprefer-arrow-callbackrule (#22312) (박천(Cheon Park))de82b59linter: Add support foreslint-plugin-jsx-a11y-x(#22356) (mehm8128)f44b6c8linter: Fill schemasDummyRuleMapwith built-in rules (#22288) (Sysix)pnpm/pnpm (pnpm)
v11.1.2Compare Source
Patch Changes
convertEnginesRuntimeToDependencies: switch the runtime-dependency write toObject.definePropertyso the CodeQLjs/prototype-polluting-assignmentrule treats the assignment as safe regardless of the property name (follow-up to #11609).Address CodeQL static-analysis findings: guard manifest dependency writes against prototype-polluting keys (
__proto__,constructor,prototype), and replace a potentially super-linear semver-detection regex in registry 404 hints with an O(n) parser.Strip
sec-fetch-*headers from outgoing HTTP requests. These headers are automatically added by undici'sfetch()implementation per the Fetch spec but cause Azure DevOps Artifacts to return HTTP 400 for uncached upstream packages, as ADO interprets them as browser requests #11572.Fix
minimumReleaseAgehandling for cached abbreviated metadata.The version-spec cache fast path no longer rethrows
ERR_PNPM_MISSING_TIMEunderstrictPublishedByCheck; it now falls through to the registry-fetch path, consistent with the adjacent mtime-gated cache block.When the registry returns 304 Not Modified for a package whose cached metadata is abbreviated (no per-version
time), pnpm now re-fetches withfullMetadata: trueifminimumReleaseAgeis active and the package was modified after the cutoff. The upgraded metadata is persisted to disk so subsequent installs don't repeat the fetch. Previously the abbreviated meta was used as-is and the maturity check fell back to its warn-and-skip path, silently bypassing the quarantine and emitting a misleading "metadata is missing the time field" warning.Closes #11619.
Fix
pnpm upgrade --interactive --latest -rnot respecting named catalog groups. Previously, upgrading a dependency using a named catalog (e.g."catalog:foo") would incorrectly rewritepackage.jsonto"catalog:"and place the updated version in the default catalog instead of the named one #10115.Fixed
optimisticRepeatInstallskippingpnpm-lock.yamlmerge conflict resolution when the existingnode_modulesstate appears up to date.Fix
minimumReleaseAge/resolutionMode: time-basedinstalls failing on lockfiles whosetime:block is missing entries. The npm-resolver's peek-from-store fast path now surfacespublishedAtfrom the lockfile rather than discarding it, and falls through to a registry metadata fetch when the time-based cutoff can't be computed from the data on hand.rollup/rollup (rollup)
v4.60.4Compare Source
2026-05-14
Bug Fixes
Pull Requests
vitejs/vite (vite)
v8.0.13Compare Source
Features
onEnd(#22357) (47071ce)Bug Fixes
write=false(#22328) (158e8ae)name/originalFileNamein syntheticassetFileNamescall (#22439) (8e59c97)isBundledper environment (#22257) (a576326)Miscellaneous Chores
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.