chore(deps): update all non-major dependencies - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sxzz/eslint-config	^7.4.3 → ^7.4.4
pnpm (source)	10.26.0 → 10.27.0
rolldown (source)	^1.0.0-beta.55 → ^1.0.0-beta.58
rollup (source)	^4.53.5 → ^4.54.0
tsdown (source)	^0.18.1 → ^0.18.4

---

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v7.4.4

Compare Source

No significant changes

    View changes on GitHub

pnpm/pnpm (pnpm)

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

• Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

• Fix installation of Git dependencies using annotated tags #​10335.

  Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

• Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

• Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

• Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
• Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.

Platinum Sponsors

Gold Sponsors

rolldown/rolldown (rolldown)

v1.0.0-beta.58

Compare Source

💥 BREAKING CHANGES

• experimental/devtools: rename InputOptions#debug to InputOptions#devtools (#​7686) by @​Copilot

🚀 Features

• implement target feature check in should_transform_js for raw options (#​7697) by @​shulaoda
• support output.dynamicImportInCjs option (#​7677) by @​shulaoda
• types: expose ChecksOptions type (#​7653) by @​sapphi-red

🐛 Bug Fixes

• export runtime helpers for cross-chunk access (#​7658) by @​shulaoda
• cjs namespace merging regression (#​7665) by @​IWANABETHATGUY
• replace panic with proper error handling for hash placeholder generation (#​7661) by @​shulaoda
• remove the blank line between shebang and postBanner (#​7643) by @​btea
• rolldown_plugin_vite_reporter: apply padding before ANSI coloring for proper size column alignment (#​7649) by @​shulaoda

🚜 Refactor

• rust: use StableModuleId as the map key if possible (#​7718) by @​hyf0
• rust: return StableModuleId instead of &str from Module#stable_id() (#​7717) by @​hyf0
• rust: return correct stable id of external module from Module#stable_id() (#​7716) by @​hyf0
• rust: introduce StableModuleId type (#​7715) by @​hyf0
• rust: reduce unnecessary id.as_arc_str().clone().into() (#​7714) by @​hyf0
• rust: remove ModuleId#resource_id and use as_arc_str directly (#​7710) by @​hyf0
• rust: remove unused Module#id_clone (#​7709) by @​hyf0
• rust: remove Module#id_as_str and use Module#id directly (#​7708) by @​hyf0
• consolidate namespace call analysis into import analyzer (#​7657) by @​IWANABETHATGUY
• rust: make ExternalModule#id have the type ModuleId (#​7707) by @​hyf0
• rust: rename Module#id to Module#id_as_str (#​7706) by @​hyf0
• rust: use ModuleId instead of raw ArcStr for ScanStageCache (#​7701) by @​hyf0
• simplify error propagation in cache merge (#​7702) by @​shulaoda
• use ModuleId as the type of ResolvedId#id (#​7694) by @​hyf0
• types: rename resolved_request_info.rs to resolved_id.rs and move its contents (#​7687) by @​hyf0
• devtools: emit data to <CWD>/node_modules/.rolldown (#​7692) by @​hyf0
• use InvalidOption for hash placeholder generation errors (#​7674) by @​shulaoda
• rolldown_error: remove dependency on rolldown_utils (#​7672) by @​shulaoda
• use nodejs-built-in-modules v1.0.0 directly in callsites (#​7667) by @​Boshen

📚 Documentation

• migrate input options content from options to auto gen docs (#​7663) by @​mdong1909
• create reference index page (#​7659) by @​mdong1909
• tweak auto-generated reference output (#​7654) by @​sapphi-red
• initialize auto-gen docs (#​7252) by @​mdong1909

⚙️ Miscellaneous Tasks

• deps: update napi (#​7705) by @​renovate[bot]
• pin Node.js version to 24.12.0 LTS in .node-version file (#​7713) by @​Copilot
• update esbuild test reasons (#​7703) by @​sapphi-red
• deps: update crate-ci/typos action to v1.40.1 (#​7696) by @​renovate[bot]
• deps: update oxc to v0.106.0 (#​7512) by @​renovate[bot]
• js: replace dprint with oxfmt (#​7214) by @​Boshen
• deps: update dependency oxlint to v1.36.0 (#​7691) by @​renovate[bot]
• deps: update github-actions (#​7679) by @​renovate[bot]
• deps: update npm packages (#​7680) by @​renovate[bot]
• deps: update rust crates (#​7678) by @​renovate[bot]
• deps: update oxc resolver to v11.16.2 (#​7668) by @​renovate[bot]
• add API reference files to knip entry points (#​7669) by @​Copilot
• deps: update notify (#​7651) by @​sapphi-red
• add homepage field to package.json (#​7648) by @​trivikr
• deps: update oxc resolver to v11.16.1 (#​7647) by @​renovate[bot]
• deps: update rolldown-plugin-dts to 0.20.0 (#​7645) by @​shulaoda

v1.0.0-beta.57

Compare Source

💥 BREAKING CHANGES

• tsconfig: enable project references support in manual mode (#​7545) by @​shulaoda

🚀 Features

• add CANNOT_CALL_NAMESPACE warning (#​7636) by @​sapphi-red
• add import path for unresolved import diagnostics (#​7625) by @​sapphi-red
• optimize dynamic entry facade chunks by merging with common chunks when they are captured by common chunks (#​7486) by @​IWANABETHATGUY

🐛 Bug Fixes

• rename __export to __exportAll to be compatible with cjs-module-lexer (#​7640) by @​IWANABETHATGUY
• strip UTF-8 BOM when using text loader (#​7635) by @​sapphi-red
• rolldown_plugin_replace: avoid crashing with invalid delimiters (#​7621) by @​sapphi-red

🚜 Refactor

• export all filter functions (#​7622) by @​sxzz
• allow multiple help messages in diagnostics (#​7624) by @​sapphi-red

📚 Documentation

• add README.md to packages/rolldown (#​7556) by @​Copilot

⚡ Performance

• use fsevents on macOS for file watching (#​7596) by @​sapphi-red

🧪 Testing

• handle re-exports of external modules in CJS format (#​7641) by @​IWANABETHATGUY
• update integration to use vite's rolldown-canary branch (#​7633) by @​shulaoda

⚙️ Miscellaneous Tasks

• docs: fix Netlify ignore condition to detect docs changes across all PR commits (#​7637) by @​Copilot
• deps: update rollup submodule for tests to v4.54.0 (#​7630) by @​sapphi-red
• skip benchmarks for PRs with 'graphite: merge-when-ready' label (#​7631) by @​Boshen
• deps: update esbuild for tests to 0.27.2 (#​7629) by @​sapphi-red
• fix "update-test-dependencies" workflow (#​7628) by @​sapphi-red
• deps: update test262 submodule for tests (#​7626) by @​sapphi-red
• deps: update dependency oxlint to v1.35.0 (#​7623) by @​renovate[bot]

v1.0.0-beta.56

Compare Source

💥 BREAKING CHANGES

• rename MIXED_EXPORT error to MIXED_EXPORTS (#​7565) by @​sapphi-red

🚀 Features

• rename id property to exporter in CIRCULAR_REEXPORT error (#​7592) by @​sapphi-red
• add ids property to CIRCULAR_DEPENDENCY error (#​7591) by @​sapphi-red
• node/dev: expose devMode.lazy (#​7549) by @​hyf0
• set log and pos properties for parseAst function errors (#​7568) by @​sapphi-red
• set log and pos properties for logs (#​7567) by @​sapphi-red
• test-dev-sever: support to manually configure port, run tests in concurrent (#​7576) by @​hyf0
• add exporter property to MISSING_EXPORT error (#​7564) by @​sapphi-red
• add id property to PARSE_ERROR error (#​7563) by @​sapphi-red
• support ImporterId hook filter (#​7540) by @​IWANABETHATGUY

🐛 Bug Fixes

• types: better "go to definition" experience for interface OutputPlugin (#​7610) by @​KazariEX
• postBanner content should be placed after shebang (#​7583) by @​btea
• use sanitized filename for preserve modules chunk name (#​7603) by @​IWANABETHATGUY
• correct filter out unused cjs namespace (#​7602) by @​IWANABETHATGUY
• watch: property respect notify.pollInternal and notify.compareContents (#​7595) by @​sapphi-red
• make cleanDir work with default output directory (#​7579) by @​shulaoda
• merge MISSING_NAME_OPTION_FOR_UMD_EXPORT error to MISSING_NAME_OPTION_FOR_IIFE_EXPORT error (#​7566) by @​sapphi-red
• dev/hmr: ensure cjs modules with no exports reference correct module identifier (#​7544) by @​leegeunhyeok

🚜 Refactor

• remove stable_id field from PARSE_ERROR error (#​7593) by @​sapphi-red
• make include_runtime_symbol reuseable after linking stage (#​7580) by @​IWANABETHATGUY
• rust/dev: construct the bundler within itself (#​7553) by @​hyf0
• rust/watcher: polish API of Watcher struct (#​7551) by @​hyf0
• use LinkingMetadata::stmt_info_included to check if a stmt_info is included (#​7572) by @​IWANABETHATGUY
• use LinkingMetadata::is_included to check if a module is included (#​7571) by @​IWANABETHATGUY
• store module and stmt_info is included info to module meta (#​7570) by @​IWANABETHATGUY
• make include_* method reunsable after linking stage (#​7552) by @​IWANABETHATGUY
• rust/watcher: construct the bundler within watcher itself (#​7550) by @​hyf0
• extract make include_runtime_symbol reusable (#​7546) by @​IWANABETHATGUY

⚙️ Miscellaneous Tasks

• renovate: add kill-port in ignoreDeps in renovate.json (#​7619) by @​sapphi-red
• deps: update rust crates (#​7617) by @​renovate[bot]
• deps: update npm packages (#​7616) by @​renovate[bot]
• deps: update github-actions (#​7615) by @​renovate[bot]
• ci: skip benchmark workflows on draft PRs (#​7611) by @​Copilot
• deps: update dependency rolldown-plugin-dts to ^0.19.0 (#​7607) by @​renovate[bot]
• deps: update dependency oxlint-tsgolint to v0.10.0 (#​7601) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to v0.18.4 (#​7599) by @​renovate[bot]
• deps: update notify (#​7594) by @​sapphi-red
• test-dev-server: add retry mechanism to hmr-full-bundle-mode tests (#​7588) by @​Copilot
• deps: update napi to v3.7.1 (#​7590) by @​renovate[bot]
• add JSDoc documentation for memfs type (#​7587) by @​Copilot
• deps: update dependency oxlint to v1.34.0 (#​7589) by @​renovate[bot]
• move some tests in ignored-by-unsupported-features that are passing (#​7569) by @​sapphi-red
• deps: update dependency oxlint-tsgolint to v0.9.2 (#​7582) by @​renovate[bot]
• deps: update oxc resolver to v11.16.0 (#​7574) by @​renovate[bot]
• test/dev-server: don't run pnpm install during tests (#​7560) by @​hyf0
• test/dev-server: use kill-port@1 to improve performance (#​7575) by @​hyf0
• normalize error object to make some Rollup tests pass (#​7562) by @​sapphi-red
• ci: separate dev-server(hmr) tests and normal tests (#​7558) by @​hyf0
• ci: make native rolldown build reusable (#​7557) by @​hyf0
• resolve some TODOs (#​7561) by @​sapphi-red

❤️ New Contributors

• @​KazariEX made their first contribution in #​7610
• @​leegeunhyeok made their first contribution in #​7544

rollup/rollup (rollup)

v4.54.0

Compare Source

2025-12-20

Features

• Enable tree-shaking for Symbol.hasInstance, Symbol.dispose and Symbol.asyncDispose properties if unused (#​6046)

Bug Fixes

• Ensure that well-known-Symbol-valued properties are not tree-shaken except in select cases (#​6046)
• Ensure namespace properties are included when referenced only from a try-catch (#​6216)

Pull Requests

• #​6046: fix: correctly handle wellknown protocols (@​cyyynthia, @​lukastaegert)
• #​6201: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #​6211: chore(deps): update msys2/setup-msys2 digest to 4f806de (@​renovate[bot], @​lukastaegert)
• #​6212: chore(deps): update actions/cache action to v5 (@​renovate[bot])
• #​6213: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #​6214: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6215: chore(deps): lock file maintenance (@​renovate[bot])
• #​6216: fix: include namespace variable paths during try-catch deoptimization (@​schwing)

rolldown/tsdown (tsdown)

v0.18.4

Compare Source

   🚀 Features

• Export mergeConfig  -  by @​sxzz (ccd17)
• Warn deprecated removeNodeProtocol  -  by @​sxzz (90cd6)
• css: Add CSS code splitting support  -  by @​jinghaihan and @​sxzz in #​654 (0525f)
• entry: Support multiple patterns with same base  -  by @​sxzz (cee1b)
• exports: Add packageJson option  -  by @​sxzz (6d220)

    View changes on GitHub

v0.18.3

Compare Source

   🚀 Features

• Upgrade rolldown to 1.0.0-beta.57  -  by @​sxzz (525c0)
• Add envFile & envPrefix option  -  by @​toto6038 and @​sxzz in #​664 (d5493)
• attw: Add ignoreRules option to filter specified rule  -  by @​zyyv and Copilot in #​665 (450b0)

   🐞 Bug Fixes

• Inline PackageJson type  -  by @​sxzz (dfc43)

    View changes on GitHub

v0.18.2

Compare Source

   🚀 Features

• Support globs for noExternal / inlineOnly / exports.exclude  -  by @​sxzz and @​TheAlexLichter (84b68)
• entry: Support glob negation patterns in object entry  -  by @​Doctor-wu and @​sxzz in #​662 (8ed1b)

   🐞 Bug Fixes

• Preserve import cache for node_modules  -  by @​sxzz (426ab)
• skipNodeModulesBundle for monorepo  -  by @​sxzz (9a34f)
• attw: Show full entrypoint  -  by @​sxzz (c89c4)
• clean: Remove dot files  -  by @​sxzz (0430b)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/unplugin-raw@25

commit: e53ec40

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​sxzz/​eslint-config@​7.4.3 ⏵ 7.4.4				+1
	rollup@​4.53.5 ⏵ 4.54.0	+1			-1
	tsdown@​0.18.1 ⏵ 0.18.4			+1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report