Skip to content

chore: bump up all non-major dependencies #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: bump up all non-major dependencies #2

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Nov 12, 2025
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@oxc-node/core ^0.0.32^0.0.35 age confidence devDependencies patch
cross-platform-actions/action v0.29.0v0.32.0 age confidence action minor
pnpm (source) 10.18.010.28.2 age confidence packageManager minor
rolldown (source) 1.0.0-beta.431.0.0-rc.2 age confidence devDependencies patch
rolldown-plugin-dts ^0.16.12^0.21.0 age confidence devDependencies minor
tree-sitter (source) 0.25.100.26.0 age confidence dependencies minor
tsdown (source) ^0.15.6^0.20.0 age confidence devDependencies minor

Release Notes

oxc-project/oxc-node (@​oxc-node/core)

v0.0.35

Compare Source

Bug Fixes

v0.0.34

Compare Source

Note: Version bump only for package oxc-node

v0.0.33

Compare Source

What's Changed

New Contributors

Full Changelog: oxc-project/oxc-node@v0.0.32...v0.0.33

cross-platform-actions/action (cross-platform-actions/action)

v0.32.0

Compare Source

Added
  • Initial release

v0.31.0

Compare Source

Added
  • Initial release

v0.30.0

Compare Source

Added
  • Initial release
pnpm/pnpm (pnpm)

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

  • Security fix: prevent path traversal in directories.bin field.

  • When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

    This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

    Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

  • Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

v10.28.1

Compare Source

v10.28.0

Compare Source

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

  • Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

  • Fix installation of Git dependencies using annotated tags #​10335.

    Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

  • Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

  • Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

  • Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
  • Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

v10.26.0

Compare Source

v10.25.0

Compare Source

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

  • Added --lockfile-only option to pnpm list #​10020.

Patch Changes

  • pnpm self-update should download pnpm from the configured npm registry #​10205.
  • pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
  • Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
  • The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
  • pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:is-odd@3.0.1) #​8660.
  • Don't add an extra slash to the Node.js mirror URL #​10204.
  • pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

  • Added support for trustPolicyExclude #​10164.

    You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

    trustPolicy: no-downgrade
trustPolicyExclude:
  - chokidar@4.0.3
  - webpack@4.47.0 || 5.102.1

  • Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

  • Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

v10.21.0

Compare Source

v10.20.0

Compare Source

Minor Changes
  • Support --all option in pnpm --help to list all commands #​8628.
Patch Changes
  • When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #​10100.
  • create command should not verify patch info.
  • Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #​10063.

v10.19.0

Compare Source

Minor Changes

  • You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

    onlyBuiltDependencies:
  - nx@21.6.4 || 21.6.5
  - esbuild@0.25.1

    Related PR: #​10104.

  • Added support for exact versions in minimumReleaseAgeExclude #​9985.

    You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

    minimumReleaseAge: 1440
minimumReleaseAgeExclude:
  - nx@21.6.5
  - webpack@4.47.0 || 5.102.1

v10.18.3

Compare Source

Patch Changes
  • Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
  • Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from c9642a8 to b36b220 Compare November 20, 2025 07:27
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from c7a8fce to 799d603 Compare November 27, 2025 08:04
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from d7bebd9 to 1a946f3 Compare December 4, 2025 22:22
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 4413be8 to 151418b Compare December 14, 2025 15:56
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 2cbdb7b to 18844e0 Compare December 22, 2025 15:58
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 386cf8b to 5a4b663 Compare December 31, 2025 07:37
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 14adc9f to e1d6821 Compare January 15, 2026 03:55
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 72fdca3 to 919f035 Compare January 23, 2026 23:59
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 7284747 to ccb2071 Compare January 27, 2026 00:05
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 899b1f0 to c82ae72 Compare January 30, 2026 04:06
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from c82ae72 to 676f01f Compare February 2, 2026 03:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants