chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sxzz/eslint-config	^4.4.0 -> ^4.5.1
@types/node (source)	^22.8.7 -> ^22.10.1
eslint (source)	^9.14.0 -> ^9.16.0
pnpm (source)	9.12.3 -> 9.14.4
prettier (source)	^3.3.3 -> ^3.4.2
rollup (source)	^4.24.4 -> ^4.28.0
typescript (source)	^5.6.3 -> ^5.7.2
unplugin	^1.15.0 -> ^1.16.0
vite (source)	^5.4.10 -> ^5.4.11
vitest (source)	^2.1.4 -> ^2.1.8

---

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v4.5.1

Compare Source

   🐞 Bug Fixes

• Allow default export for farm.ts  -  by @​sxzz (555ad)

    View changes on GitHub

v4.5.0

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/113 (3f665)
  • Update dependency eslint-plugin-perfectionist to v4  -  in https://github.com/sxzz/eslint-config/issues/115 (16bc7)

    View changes on GitHub

v4.4.1

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/107 (144fc)
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/110 (71fda)
  • Update all non-major dependencies  -  in https://github.com/sxzz/eslint-config/issues/111 (13e4a)

    View changes on GitHub

eslint/eslint (eslint)

v9.16.0

Compare Source

Features

• 8f70eb1 feat: Add ignoreComputedKeys option in sort-keys rule (#​19162) (Milos Djermanovic)

Documentation

• 9eefc8f docs: fix typos in use-isnan (#​19190) (루밀LuMir)
• 0c8cea8 docs: switch the order of words in no-unreachable (#​19189) (루밀LuMir)
• 0c19417 docs: add missing backtick to no-async-promise-executor (#​19188) (루밀LuMir)
• 8df9276 docs: add backtick in -0 in description of no-compare-neg-zero (#​19186) (루밀LuMir)
• 7e16e3f docs: fix caseSensitive option's title of sort-keys (#​19183) (Tanuj Kanti)
• 0c6b842 docs: fix typos in migration-guide.md (#​19180) (루밀LuMir)
• 353266e docs: fix a typo in debug.md (#​19179) (루밀LuMir)
• 5ff318a docs: delete unnecessary horizontal rule(---) in nodejs-api (#​19175) (루밀LuMir)
• 576bcc5 docs: mark more rules as handled by TypeScript (#​19164) (Tanuj Kanti)
• 742d054 docs: note that no-restricted-syntax can be used with any language (#​19148) (Milos Djermanovic)

Chores

• feb703b chore: upgrade to @eslint/js@9.16.0 (#​19195) (Francesco Trotta)
• df9bf95 chore: package.json update for @​eslint/js release (Jenkins)
• f831893 chore: add type for ignoreComputedKeys option of sort-keys (#​19184) (Tanuj Kanti)
• 3afb8a1 chore: update dependency @​eslint/json to ^0.8.0 (#​19177) (Milos Djermanovic)
• 1f77c53 chore: add repository.directory property to package.json (#​19165) (루밀LuMir)
• d460594 chore: update dependency @​arethetypeswrong/cli to ^0.17.0 (#​19147) (renovate[bot])
• 45cd4ea refactor: update default options in rules (#​19136) (Milos Djermanovic)

v9.15.0

Compare Source

pnpm/pnpm (pnpm)

v9.14.4

Compare Source

v9.14.3

Compare Source

v9.14.2

Compare Source

Patch Changes

• pnpm publish --json should work #​8788.

Platinum Sponsors

Gold Sponsors

v9.14.1

Compare Source

Minor Changes

• Added support for pnpm pack --json to print packed tarball and contents in JSON format #​8765.

Patch Changes

• pnpm exec should print a meaningful error message when no command is provided #​8752.
• pnpm setup should remove the CLI from the target location before moving the new binary #​8173.
• Fix ERR_PNPM_TARBALL_EXTRACT error while installing a dependency from GitHub having a slash in branch name #​7697.
• Don't crash if the use-node-version setting is used and the system has no Node.js installed #​8769.
• Convert settings in local .npmrc files to their correct types. For instance, child-concurrency should be a number, not a string #​5075.
• pnpm should fail if a project requires a different package manager even if manage-package-manager-versions is set to true.
• pnpm init should respect the --dir option #​8768.

Platinum Sponsors

Gold Sponsors

v9.14.0

Compare Source

v9.13.2: pnpm 9.13.2

Compare Source

Patch Changes

• Detection of circular peer dependencies should not crash with aliased dependencies #​8759. Fixes a regression introduced in the previous version.
• Fix race condition of symlink creations caused by multiple parallel dlx processes.

Platinum Sponsors

Gold Sponsors

Silver Sponsors

v9.13.1: pnpm 9.13.1

Compare Source

Patch Changes

• Fixed some edge cases where resolving circular peer dependencies caused a dead lock #​8720.

Platinum Sponsors

Gold Sponsors

Silver Sponsors

v9.13.0: pnpm 9.13

Compare Source

Minor Changes

• The self-update now accepts a version specifier to install a specific version of pnpm. E.g.:

  pnpm self-update 9.5.0
  

  or

  pnpm self-update next-10
  

Patch Changes

• Fix Cannot read properties of undefined (reading 'name') that is printed while trying to render the missing peer dependencies warning message #​8538.

Platinum Sponsors

Gold Sponsors

Silver Sponsors

prettier/prettier (prettier)

v3.4.2

Compare Source

diff

Treat U+30A0 & U+30FB in Katakana Block as CJK (#​16796 by @​tats-u)

Prettier doesn't treat U+30A0 & U+30FB as Japanese. U+30FB is commonly used in Japanese to represent the delimitation of first and last names of non-Japanese people or “and”. The following “C言語・C++・Go・Rust” means “C language & C++ & Go & Rust” in Japanese.

<!-- Input (--prose-wrap=never) -->

C言
語
・
C++
・
Go
・
Rust

<!-- Prettier 3.4.1 -->
C言語・ C++ ・ Go ・ Rust

<!-- Prettier 3.4.2 -->
C言語・C++・Go・Rust

U+30A0 can be used as the replacement of the - in non-Japanese names (e.g. “Saint-Saëns” (Charles Camille Saint-Saëns) can be represented as “サン゠サーンス” in Japanese), but substituted by ASCII hyphen (U+002D) or U+FF1D (full width hyphen) in many cases (e.g. “サン=サーンス” or “サン＝サーンス”).

Fix comments print on class methods with decorators (#​16891 by @​fisker)

// Input
class A {
  @​decorator
  /** 
   * The method description
   *
  */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.1
class A {
  @​decorator
  async /**
   * The method description
   *
   */
  method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.2
class A {
  @​decorator
  /**
   * The method description
   *
   */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

Fix non-idempotent formatting (#​16899 by @​seiyab)

This bug fix is not language-specific. You may see similar change in any languages. This fixes regression in 3.4.0 so change caused by it should yield same formatting as 3.3.3.

// Input
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.1 (first)
<div>
  foo
  <span>
    longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo
  </span>, abc
</div>;

// Prettier 3.4.1 (second)
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.2
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

v3.4.1

Compare Source

diff

Remove unnecessary parentheses around assignment in v-on (#​16887 by @​fisker)

<!-- Input -->
<template>
  <button @&#8203;click="foo += 2">Click</button>
</template>

<!-- Prettier 3.4.0 -->
<template>
  <button @&#8203;click="(foo += 2)">Click</button>
</template>

<!-- Prettier 3.4.1 -->
<template>
  <button @&#8203;click="foo += 2">Click</button>
</template>

v3.4.0

Compare Source

diff

🔗 Release Notes

rollup/rollup (rollup)

v4.28.0

Compare Source

2024-11-30

Features

• Allow to specify how to handle import attributes when transpiling Rollup config files (#​5743)

Pull Requests

• #​5743: fix: supports modify the import attributes key in the config file (@​TrickyPi, @​lukastaegert)
• #​5747: chore(deps): update codecov/codecov-action action to v5 (@​renovate[bot])
• #​5748: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.4

Compare Source

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#​5740)

Pull Requests

• #​5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.3

Compare Source

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#​5736)

Pull Requests

• #​5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

v4.27.2

Compare Source

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#​5728)

Pull Requests

• #​5728: Fix more variable deconflicting issues (@​lukastaegert)

v4.27.1

Compare Source

2024-11-15

Bug Fixes

• Fix some situations where parameter declarations could put Rollup into an infinite loop (#​5727)

Pull Requests

• #​5727: Debug out-of-memory issues with Rollup v4.27.0 (@​lukastaegert)

v4.27.0

Compare Source

2024-11-15

Features

• Tree

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@sxzz/eslint-config@4.5.1	environment Transitive: eval, filesystem, shell, unsafe	+252	37.8 MB	sxzz
npm/@types/node@22.10.1	None	+1	2.37 MB	types
npm/eslint@9.16.0	Transitive: environment, eval, filesystem, shell, unsafe	+84	10.7 MB	eslintbot
npm/prettier@3.4.2	None	0	7.83 MB	prettier-bot
npm/rollup@4.28.0	environment, filesystem	+1	2.63 MB	lukastaegert
npm/typescript@5.7.2	None	0	22.7 MB	typescript-bot
npm/unplugin@1.16.0	Transitive: environment	+2	786 kB	antfu, sxzz
npm/vite@5.4.11	environment, eval, filesystem, network, shell, unsafe	+5	3.77 MB	vitebot
npm/vitest@2.1.8	Transitive: environment, filesystem, shell, unsafe	+33	4.37 MB	antfu, oreanno, patak, ...1 more

🚮 Removed packages: npm/@sxzz/eslint-config@4.4.0, npm/@types/node@22.8.7, npm/eslint@9.14.0, npm/prettier@3.3.3, npm/rollup@4.24.4, npm/typescript@5.6.3, npm/unplugin@1.15.0, npm/vite@5.4.10, npm/vitest@2.1.4

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Possible typosquat attack	npm/eslint-plugin-import-x@4.5.0	Did you mean: eslint-plugin-import~~-x~~	package.json pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/eslint-plugin-import-x@4.5.0