fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@microsoft/api-extractor (source)	^7.50.0 -> ^7.52.1
@swc/core (source)	1.10.18 -> 1.11.9
@types/node (source)	22.13.4 -> 22.13.10
bumpp	^10.0.3 -> ^10.1.0
esbuild	^0.25.0 -> ^0.25.1
pnpm (source)	10.4.1 -> 10.6.3
postcss (source)	8.5.2 -> 8.5.3
prettier (source)	3.5.1 -> 3.5.3
rollup (source)	^4.34.8 -> ^4.35.0
sass	1.85.0 -> 1.85.1
svelte (source)	5.19.9 -> 5.23.0
tinyglobby	^0.2.11 -> ^0.2.12
tsup (source)	8.3.6 -> 8.4.0
typescript (source)	5.7.3 -> 5.8.2
vitest (source)	3.0.6 -> 3.0.8

---

Release Notes

microsoft/rushstack (@​microsoft/api-extractor)

v7.52.1

Compare Source

Tue, 11 Mar 2025 02:12:34 GMT

Version update only

v7.52.0

Compare Source

Tue, 11 Mar 2025 00:11:25 GMT

Minor changes

• Upgrade the bundled compiler engine to TypeScript 5.8.2

v7.51.1

Compare Source

Sat, 01 Mar 2025 05:00:09 GMT

Patches

• Include triple-slash references marked with preserve="true" from files that only contain re-exports. There was a behavior change in TypeScript 5.5, where only triple-slash references that are explicitly marked with preserve="true" are emitted into declaration files. This change adds support for placing these references in files that only contain re-exports, like the API entrypoint file.

v7.51.0

Compare Source

Thu, 27 Feb 2025 01:10:39 GMT

Minor changes

• Add a docModel.releaseTagsToTrim property to api-extractor.json to specify which release tags should be trimmed when the doc model is produced.

v7.50.1

Compare Source

Sat, 22 Feb 2025 01:11:11 GMT

Patches

• Upgrade the bundled compiler engine to TypeScript 5.7.3

swc-project/swc (@​swc/core)

v1.11.9

Compare Source

Bug Fixes

• (es/compat) Hoist arguments in object method while lowering async functions (#​10167) (e764df2)

• (es/minifier) Check array inline for indexed with dynamic key (#​10184) (c2fe4bf)

Features

• (es/module) Support more import.meta properties (#​10179) (11727a6)

• (ts/fast-strip) Throw js object instead of map (#​10186) (2da0142)

Performance

• (es/fast-lexer) Optimize read_identifier (#​10170) (d97f7b2)

• (es/fast-lexer) Use memchr for skip_line_comments (#​10173) (35194e3)

• (es/fast-lexer) Use SIMD properly for string literals (#​10172) (be60338)

• (es/fast-lexer) Add length-based fast path for keywords (#​10176) (1f70af8)

• (es/fast-lexer) Optimize memory layout of cursor (#​10175) (aa20494)

• (es/fast-lexer) Remove bound checks (#​10174) (bccdafc)

• (es/fast-lexer) Replace PHF with static keyword lookup table (#​10181) (56d065e)

• (es/fast-lexer) Optimize SIMD vector initialization with initialing u8x16 once. (#​10183) (435197c)

v1.11.8

Compare Source

Bug Fixes

• (es/fast-lexer) Fix lexing of numeric literals (#​10153) (65d23fe)

• (es/parser) Rescan << in new expression (#​10159) (35bd6d9)

Features

• (ts/fast-strip) Throw an object instead of string (#​10162) (241b881)

Performance

• (es/fast-lexer) Optimize lexing of keywords (#​10155) (fb610b0)

• (es/fast-lexer) Optimize bound checks (#​10157) (d74360e)

• (es/fast-lexer) Make whitespace skipper use SIMD properly (#​10158) (15ea059)

• (es/lexer) Optimize whitespace scanning (#​10136) (8a59753)

• (es/lexer) Optimize comment scanning (#​10137) (9676c9a)

Refactor

• (es/lexer) Add fast lexer implementation (#​10145) (b993f86)

• Drop unused crates (#​10151) (58e4279)

• Drop unused js interop bindings (#​10161) (0ceefaf)

Ci

• Add swc_plugins test to ecosystem CI (#​10164) (b23d133)

v1.11.7

Compare Source

Features

• (ts/fast-strip) Emit json errors (#​10144) (740bd57)

v1.11.6

Compare Source

Bug Fixes

• (es/minifier) Fix regression due to #​10056 (#​10134) (b145275)

• (es/typescript) Remove empty statements that const enum decls are folded into (#​10128) (7bea830)

v1.11.5

Compare Source

Bug Fixes

• (es/lints) Capture errors and emit from the original thread (#​10119) (2304cd8)

• (es/minifier) Skip inlining if the referential identity of a function matters (#​10123) (c08fe8d)

• (ts/fast-strip) Throw object consistently (#​10122) (010ff2a)

Miscellaneous Tasks

• (deps) Update dependency base64 to v0.22.1 (#​10124) (edea2c5)

Performance

• (es/resolver) Remove needless allocations (#​10120) (f019d53)

v1.11.4

Compare Source

Bug Fixes

• (es/decorators) Support negative numbers (#​10114) (5044580)

• (es/minifier) Fix cargo feature debug (#​10090) (48f68db)

• (es/minifier) Fix insufficient logging (#​10091) (9ee79c9)

• (es/minifier) Inline before cost analysis (#​10092) (1425b56)

• (es/minifier) Remove needless println (b1e5b2d)

• (es/resolver) Analyze variable declarations with declare (#​10102) (cff6a64)

• (swc_malloc) Fix build issue due to malloc, really (#​10117) (207a13f)

• (swc_malloc) Add target_env = "gnu" check (#​10118) (da81e11)

• Use jemalloc on platforms that mimalloc fails to build (#​10116) (fb75b98)

Miscellaneous Tasks

• (deps) Update dependency jsonc-parser to v0.26.2 (#​10112) (8c5f7ef)

Performance

• (es/minifier) Improve arrow function inlining cost analysis (#​10093) (e74929c)

• (es/resolver) Remove some vector allocations (#​10101) (b65387a)

• Use mimalloc on linux (#​10113) (3334932)

Refactor

• (es/react) Remove Lrc from parse_expr_for_jsx (#​10098) (bab7704)

v1.11.1

Compare Source

Bug Fixes

• (error-reporters) Store diagnostics in TransformOutput (#​10027) (52caf23)

• (es/loader) Fix the absolute path check when resolving modules (#​10080) (a3894ae)

• (es/minifier) Fix the order of match arms to inline correctly (#​10053) (f0f842d)

• (es/types) Add transform.verbatimModuleSyntax (#​10079) (a883cdc)

• (swc_common) Fix build with swc_allocator/nightly (#​10067) (6a90b1f)

Documentation

• (swc_core) Add ChangeLog for swc_core (#​10072) (608bc69)

Features

• (es/ast) Add explicit namespace field to distinguish namespace and module declarations (#​10023) (76c2cba)

• (es/ast) Add import attributes to TsImportType (#​9796) (7d297be)

• (es/minifier) Inline across side-effect-free member exprs, (#​10056) (19d01d7)

• (es/minifier) Make seq inliner inline into var without init (#​10077) (c4a839b)

• (es/visit) Introduce core-only visitors (#​10049) (bc666be)

• (swc_allocator) Provide allocators (#​10061) (d4362f7)

Miscellaneous Tasks

• (deps) Update dependency swc-plugin-coverage-instrument to ^0.0.26 (#​10051) (d3fbd21)

• (swc_allocator) Remove nightly from default feature (#​10058) (e78b9d1)

• (swc_allocator) Add #[inline] to allocator methods (#​10066) (853eb53)

Performance

• (es/lints) Remove needless locks (#​10086) (43458e9)

• (es/minifier) Prevent double boxing (#​10074) (29bd286)

Refactor

• (atoms) Rename FastAtom to UnsafeAtom (#​10070) (1771222)

• (atoms) Remove JsWord alias (#​10071) (f33b0bc)

• (es/minifier) Remove CompileUnit to simplify (#​10055) (c75578b)

antfu-collective/bumpp (bumpp)

v10.1.0

Compare Source

   🚀 Features

• Replace picocolors with ansis  -  by @​webdiscus in https://github.com/antfu-collective/bumpp/issues/74 (6f836)
• Update deps  -  by @​antfu (7f208)

    View changes on GitHub

evanw/esbuild (esbuild)

v0.25.1

Compare Source

• Fix incorrect paths in inline source maps (#​4070, #​4075, #​4105)

  This fixes a regression from version 0.25.0 where esbuild didn't correctly resolve relative paths contained within source maps in inline sourceMappingURL data URLs. The paths were incorrectly being passed through as-is instead of being resolved relative to the source file containing the sourceMappingURL comment, which was due to the data URL not being a file URL. This regression has been fixed, and this case now has test coverage.

• Fix invalid generated source maps (#​4080, #​4082, #​4104, #​4107)

  This release fixes a regression from version 0.24.1 that could cause esbuild to generate invalid source maps. Specifically under certain conditions, esbuild could generate a mapping with an out-of-bounds source index. It was introduced by code that attempted to improve esbuild's handling of "null" entries in source maps (i.e. mappings with a generated position but no original position). This regression has been fixed.

  This fix was contributed by @​jridgewell.

• Fix a regression with non-file source map paths (#​4078)

  The format of paths in source maps that aren't in the file namespace was unintentionally changed in version 0.25.0. Path namespaces is an esbuild-specific concept that is optionally available for plugins to use to distinguish paths from file paths and from paths meant for other plugins. Previously the namespace was prepended to the path joined with a : character, but version 0.25.0 unintentionally failed to prepend the namespace. The previous behavior has been restored.

• Fix a crash with switch optimization (#​4088)

  The new code in the previous release to optimize dead code in switch statements accidentally introduced a crash in the edge case where one or more switch case values include a function expression. This is because esbuild now visits the case values first to determine whether any cases are dead code, and then visits the case bodies once the dead code status is known. That triggered some internal asserts that guard against traversing the AST in an unexpected order. This crash has been fixed by changing esbuild to expect the new traversal ordering. Here's an example of affected code:

  switch (x) {
    case '':
      return y.map(z => z.value)
    case y.map(z => z.key).join(','):
      return []
  }

• Update Go from 1.23.5 to 1.23.7 (#​4076, #​4077)

  This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses.

  This PR was contributed by @​MikeWillCook.

pnpm/pnpm (pnpm)

v10.6.3

Compare Source

v10.6.2

Compare Source

Patch Changes

• pnpm self-update should always update the version in the packageManager field of package.json.
• Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable #​8971.
• pnpm patch-commit will now use the same filesystem as the store directory to compare and create patch files.
• Don't show info output when --loglevel=error is used.
• peerDependencyRules should be set in pnpm-workspace.yaml to take effect.

v10.6.1

Compare Source

Patch Changes

• The pnpm CLI process should not stay hanging, when --silent reporting is used.
• When --loglevel is set to error, don't show installation summary, execution time, and big tarball download progress.
• Don't ignore pnpm.patchedDependencies from package.json #​9226.
• When executing the approve-builds command, if package.json contains onlyBuiltDependencies or ignoredBuiltDependencies, the selected dependency package will continue to be written into package.json.
• When a package version cannot be found in the package metadata, print the registry from which the package was fetched.

v10.6.0

Compare Source

Minor Changes

• pnpm-workspace.yaml can now hold all the settings that .npmrc accepts. The settings should use camelCase #​9211.

  pnpm-workspace.yaml example:

  verifyDepsBeforeRun: install
  optimisticRepeatInstall: true
  publicHoistPattern:
    - "*types*"
    - "!@​types/react"

• Projects using a file: dependency on a local tarball file (i.e. .tgz, .tar.gz, .tar) will see a performance improvement during installation. Previously, using a file: dependency on a tarball caused the lockfile resolution step to always run. The lockfile will now be considered up-to-date if the tarball is unchanged.

Patch Changes

• pnpm self-update should not leave a directory with a broken pnpm installation if the installation fails.
• fast-glob replace with tinyglobby to reduce the size of the pnpm CLI dependencies #​9169.
• pnpm deploy should not remove fields from the deployed package's package.json file #​9215.
• pnpm self-update should not read the pnpm settings from the package.json file in the current working directory.
• Fix pnpm deploy creating a package.json without the imports and license field #​9193.
• pnpm update -i should list only packages that have newer versions #​9206.
• Fix a bug causing entries in the catalogs section of the pnpm-lock.yaml file to be removed when dedupe-peer-dependents=false on a filtered install. #​9112

v10.5.2

Compare Source

Patch Changes

• The pnpm config set command should change the global .npmrc file by default.
  This was a regression introduced by #​9151 and shipped in pnpm v10.5.0.

v10.5.1

Compare Source

Patch Changes

• Throw an error message if a pnpm-workspaces.yaml or pnpm-workspaces.yml file is found instead of a pnpm-workspace.yaml #​9170.
• Fix the update of pnpm-workspace.yaml by the pnpm approve-builds command #​9168.
• Normalize generated link paths in package.json #​9163
• Specifying overrides in pnpm-workspace.yaml should work.
• pnpm dlx should ignore settings from the package.json file in the current working directory #​9178.

v10.5.0

Compare Source

Minor Changes

• Allow to set the "pnpm" settings from package.json via the pnpm-workspace.yaml file #​9121.

• Added support for automatically syncing files of injected workspace packages after pnpm run #​9081. Use the sync-injected-deps-after-scripts setting to specify which scripts build the workspace package. This tells pnpm when syncing is needed. The setting should be defined in a .npmrc file at the root of the workspace. Example:

  sync-injected-deps-after-scripts[]=compile

• The packages field in pnpm-workspace.yaml became optional.

Patch Changes

• pnpm link with no parameters should work as if --global is specified #​9151.
• Allow scope registry CLI option without --config. prefix such as --@​scope:registry=https://scope.example.com/npm #​9089.
• pnpm link <path> should calculate relative path from the root of the workspace directory #​9132.
• Fix a bug causing catalog snapshots to be removed from the pnpm-lock.yaml file when using --fix-lockfile and --filter. #​8639
• Fix a bug causing catalog protocol dependencies to not re-resolve on a filtered install #​8638.

postcss/postcss (postcss)

v8.5.3

Compare Source

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

prettier/prettier (prettier)

v3.5.3

Compare Source

v3.5.2

Compare Source

diff

Remove module-sync condition (#​17156 by @​fisker)

In Prettier 3.5.0, we added module-sync condition to package.json, so that require("prettier") can use ESM version, but turns out it doesn't work if CommonJS and ESM plugins both imports builtin plugins. To solve this problem, we decide simply remove the module-sync condition, so require("prettier") will still use the CommonJS version, we'll revisit until require(ESM) feature is more stable.

rollup/rollup (rollup)

v4.35.0

Compare Source

2025-03-08

Features

• Pass build errors to the closeBundle hook (#​5867)

Pull Requests

• #​5852: chore(deps): update dependency eslint-plugin-unicorn to v57 (@​renovate[bot], @​lukastaegert)
• #​5862: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​5867: feat(5858): make closeBundle hook receive the last error (@​GauBen)
• #​5872: chore(deps): update dependency builtin-modules to v5 (@​renovate[bot])
• #​5873: chore(deps): update uraimo/run-on-arch-action action to v3 (@​renovate[bot])
• #​5874: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.34.9

Compare Source

2025-03-01

Bug Fixes

• Support JSX modes in WASM (#​5866)
• Allow the CustomPluginOptions to be extended (#​5850)

Pull Requests

• #​5850: Revert CustomPluginOptions to be an interface (@​sapphi-red, @​lukastaegert)
• #​5851: Javascript to JavaScript (@​dasa, @​lukastaegert)
• #​5853: chore(deps): update dependency pinia to v3 (@​renovate[bot])
• #​5854: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #​5855: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​5860: chore(deps): update dependency @​shikijs/vitepress-twoslash to v3 (@​renovate[bot])
• #​5861: chore(deps): update dependency globals to v16 (@​renovate[bot])
• #​5863: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5864: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5866: Add jsx parameter to parseAsync in native.wasm.js (@​TrickyPi)

sass/dart-sass (sass)

v1.85.1

Compare Source

• Fix a bug where global Sass functions whose names overlap with CSS math
  functions could incorrectly be treated as CSS math functions even though they
  used Sass-only features, causing compilation failures. For example,
  round(-$var / 2) previously threw an error but now works as intended.

sveltejs/svelte (svelte)

v5.23.0

Compare Source

Minor Changes

• fix: make values consistent between effects and their cleanup functions (#​15469)

v5.22.6

Compare Source

Patch Changes

• fix: skip log_if_contains_state if only logging literals (#​15468)

• fix: Add closedby property to HTMLDialogAttributes type (#​15458)

• fix: null and warnings for local handlers (#​15460)

v5.22.5

Compare Source

Patch Changes

• fix: memoize clsx calls (#​15456)

• fix: respect svelte-ignore hydration_attribute_changed on elements with spread attributes (#​15443)

• fix: always use setAttribute when setting style (#​15323)

• fix: make style: directive and CSS handling more robust (#​15418)

v5.22.4

Compare Source

Patch Changes

• fix: never deduplicate expressions in templates (#​15451)

v5.22.3

Compare Source

Patch Changes

• fix: run effect roots in tree order (#​15446)

v5.22.2

Compare Source

Patch Changes

• fix: correctly set is_updating before flushing root effects (#​15442)

v5.22.1

Compare Source

Patch Changes

• chore: switch acorn-typescript plugin (#​15393)

v5.22.0

Compare Source

Minor Changes

• feat: Add idPrefix option to render (#​15428)

Patch Changes

• fix: make dialog element and role interactive (#​15429)

v5.21.0

Compare Source

Minor Changes

• chore: Reduce hydration comment for {:else if} (#​15250)

Patch Changes

• fix: disallow bind:group to snippet parameters (#​15401)

v5.20.5

Compare Source

Patch Changes

• fix: allow double hyphen css selector names (#​15384)

• fix: class:directive not working with $restProps #​15386 (#​15389)
  fix: spread add an useless cssHash on non-scoped element

• fix: catch error on @​const tag in svelte:boundary in DEV mode (#​15369)

• fix: allow for duplicate var declarations (#​15382)

• fix : bug "$0 is not defined" on svelte:element with a function call on class (#​15396)

v5.20.4

Compare Source

Patch Changes

• fix: update types and inline docs for flushSync (#​15348)

v5.20.3

Compare Source

Patch Changes

• fix: allow @const inside #key (#​15377)

• fix: remove unnecessary ?? '' on some expressions (#​15287)

• fix: correctly override class attributes with class directives (#​15352)

v5.20.2

Compare Source

Patch Changes

• chore: remove unused options.uid in render (#​15302)

• fix: do not warn for binding_property_non_reactive if binding is a store in an each (#​15318)

• fix: prevent writable store value from becoming a proxy when reassigning using $-prefix (#​15283)

• fix: muted reactive without bind and select/autofocus attributes working with function calls (#​15326)

• fix: ensure input elements and elements with dir attribute are marked as non-static (#​15259)

• fix: fire delegated events on target even it was disabled in the meantime (#​15319)

v5.20.1

Compare Source

Patch Changes

• fix: ensure AST analysis on svelte.js modules succeeds (#​15297)

• fix: ignore typescript abstract methods (#​15267)

• fix: correctly ssr component in svelte:head with $props.id() or css='injected' (#​15291)

v5.20.0

Compare Source

Minor Changes

• feat: SSR-safe ID generation with $props.id() (#​15185)

Patch Changes

• fix: take private and public into account for constant_assignment of derived state (#​15276)

• fix: value/checked not correctly set using spread (#​15239)

• chore: tweak effect self invalidation logic, run transition dispatches without reactive context (#​15275)

• fix: use importNode to clone templates for Firefox (#​15272)

• fix: recurse into $derived for ownership validation (#​15166)

v5.19.10

Compare Source

Patch Changes

• fix: when re-connecting unowned deriveds, re

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
tsup	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 13, 2025 7:47pm

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[pkg-pr-new]

Open in Stackblitz

npm i https://pkg.pr.new/egoist/tsup@1306

commit: b2d012f

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@microsoft/[email protected] ➜ 7.52.1	Transitive: environment, eval, filesystem, shell, unsafe	+38	13.6 MB	microsoft1es, odspnpm
npm/@swc/[email protected] ➜ 1.11.9	None	+2	78 kB
npm/@types/[email protected] ➜ 22.13.10	None	+1	2.4 MB	types
npm/[email protected] ➜ 10.1.0	environment Transitive: filesystem	+24	2.93 MB	antfu
npm/[email protected], 0.25.0 ➜ 0.25.1	None	0	134 kB	evanw
npm/[email protected] ➜ 3.5.3	None	0	0 B
npm/[email protected] ➜ 4.35.0	None	+1	2.72 MB	eventualbuddha, lukastaegert, rich_harris, ...2 more
npm/[email protected] ➜ 1.85.1	None	+2	6.51 MB	hcatlin, nex3, sassbot
npm/[email protected] ➜ 5.23.0	None	+18	4.61 MB	conduitry, rich_harris, svelte-admin
npm/[email protected] ➜ 0.2.12	Transitive: filesystem	+2	130 kB
npm/[email protected] ➜ 8.4.0	None	0	390 kB	egoist
npm/[email protected], 5.7.3 ➜ 5.8.2	None	0	22.9 MB	typescript-bot
npm/[email protected] ➜ 3.0.8	Transitive: filesystem, shell, unsafe	+30	3.49 MB	vitestbot

🚮 Removed packages: npm/[email protected]

View full report↗︎