Skip to content

chore(deps): update all non-major dependencies#210

Closed
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all-minor-patch
Closed

chore(deps): update all non-major dependencies#210
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence Type Update
@rubiin/tsconfig ^2.1.5^2.2.0 age confidence devDependencies minor
@types/node (source) ^24.12.2^24.12.3 age confidence devDependencies patch
node 24.x24.15.0 age confidence uses-with minor
pnpm (source) 10.33.210.33.4 age confidence uses-with patch
tsdown (source) ^0.21.10^0.22.0 age confidence devDependencies minor

Release Notes

rubiin/tsconfig (@​rubiin/tsconfig)

v2.2.0

Compare Source

actions/node-versions (node)

v24.15.0: 24.15.0

Compare Source

Node.js 24.15.0

v24.14.1: 24.14.1

Compare Source

Node.js 24.14.1

v24.14.0: 24.14.0

Compare Source

Node.js 24.14.0

v24.13.1: 24.13.1

Compare Source

Node.js 24.13.1

v24.13.0: 24.13.0

Compare Source

Node.js 24.13.0

v24.12.0: 24.12.0

Compare Source

Node.js 24.12.0

v24.11.1: 24.11.1

Compare Source

Node.js 24.11.1

v24.11.0: 24.11.0

Compare Source

Node.js 24.11.0

v24.10.0: 24.10.0

Compare Source

Node.js 24.10.0

v24.9.0: 24.9.0

Compare Source

Node.js 24.9.0

v24.8.0: 24.8.0

Compare Source

Node.js 24.8.0

v24.7.0: 24.7.0

Compare Source

Node.js 24.7.0

v24.6.0: 24.6.0

Compare Source

Node.js 24.6.0

v24.5.0: 24.5.0

Compare Source

Node.js 24.5.0

v24.4.1: 24.4.1

Compare Source

Node.js 24.4.1

v24.4.0: 24.4.0

Compare Source

Node.js 24.4.0

v24.3.0: 24.3.0

Compare Source

Node.js 24.3.0

v24.2.0: 24.2.0

Compare Source

Node.js 24.2.0

v24.1.0: 24.1.0

Compare Source

Node.js 24.1.0

v24.0.2: 24.0.2

Compare Source

Node.js 24.0.2

v24.0.1: 24.0.1

Compare Source

Node.js 24.0.1

pnpm/pnpm (pnpm)

v10.33.4: pnpm 10.33.4

Compare Source

Patch Changes

  • Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

    A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.

  • Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #​11341.

Platinum Sponsors

Bit

Gold Sponsors

Sanity Discord Vite
SerpApi CodeRabbit Stackblitz
Workleap Nx

v10.33.3

Compare Source

rolldown/tsdown (tsdown)

v0.22.0

Compare Source

   🚨 Breaking Changes
  • Drop Node.js < 22.18.0 support, make unrun optional, add tsx config loader  -  by @​sxzz (a1042)
  • dts: Auto-enable dts when tsconfig declaration is true  -  by @​sxzz in #​872 (085f0)
  • publint: Use pkg from publint results, require publint v0.3.8+  -  by @​sxzz (413bb)
   🚀 Features
   🐞 Bug Fixes

🔄 Migration Guide

Node.js version

Upgrade to Node.js 22.18.0 or later. Bun and Deno remain supported (experimental).

unrun is no longer bundled

If your environment relies on the unrun config loader (i.e. you're on a Node version without native TypeScript support and use the default auto loader), install it manually:

npm i -D unrun

# or, alternatively, the new tsx loader:
npm i -D tsx

If you use Node.js 22.18.0+ with native TypeScript support, no change is needed — the auto loader will pick native.

dts auto-enabled from tsconfig

If your tsconfig.json has compilerOptions.declaration: true but you do not want tsdown to emit .d.ts files, opt out explicitly:

// tsdown.config.ts
export default defineConfig({
  dts: false,
})
exports.bin auto-detection

Any entry chunk containing a shebang (e.g. #!/usr/bin/env node) now causes tsdown to write a bin field in package.json automatically. The semantics differ slightly from explicit bin: true:

Value Single shebang Multiple shebangs No shebangs
(unset) Auto-set bin Warn, skip Silent
true Auto-set bin Throw Warn
false No bin No bin No bin

To opt out entirely:

export default defineConfig({
  exports: { bin: false },
})
Links

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 11, 2026
@rubiin rubiin closed this May 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rubiin