Skip to content

chore(deps): update all non-major dependencies#347

Merged
chenjiahan merged 1 commit into
mainfrom
renovate/all-non-major
Sep 15, 2025
Merged

chore(deps): update all non-major dependencies#347
chenjiahan merged 1 commit into
mainfrom
renovate/all-non-major

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Sep 15, 2025

This PR contains the following updates:

Package Change Age Confidence
@biomejs/biome (source) ^2.2.3 -> ^2.2.4 age confidence
@module-federation/enhanced (source) ^0.18.4 -> ^0.19.1 age confidence
@module-federation/rsbuild-plugin (source) ^0.18.4 -> ^0.19.1 age confidence
@rsbuild/core (source) ^1.5.4 -> ^1.5.6 age confidence
@rspack/cli (source) 1.5.2 -> 1.5.3 age confidence
@rspack/core (source) 1.5.2 -> 1.5.3 age confidence
@rspack/plugin-react-refresh ^1.5.0 -> ^1.5.1 age confidence
@rstest/core (source) 0.3.2 -> 0.3.4 age confidence
@stylexjs/stylex ^0.15.3 -> ^0.15.4 age confidence
@types/node (source) ^22.18.1 -> ^22.18.3 age confidence
@types/react (source) ^19.1.12 -> ^19.1.13 age confidence
@typescript-eslint/eslint-plugin (source) ^8.42.0 -> ^8.43.0 age confidence
@typescript-eslint/parser (source) ^8.42.0 -> ^8.43.0 age confidence
lucide-react (source) ^0.542.0 -> ^0.544.0 age confidence
monaco-editor ^0.52.2 -> ^0.53.0 age confidence
next (source) 15.5.2 -> 15.5.3 age confidence
next-rspack (source) 15.5.2 -> 15.5.3 age confidence
pnpm (source) 10.15.1 -> 10.16.1 age confidence
preact (source) 10.27.1 -> 10.27.2 age confidence
preact (source) ^10.27.1 -> ^10.27.2 age confidence
rspress (source) ^1.45.3 -> ^1.45.5 age confidence
taze ^19.5.0 -> ^19.6.0 age confidence

Release Notes

biomejs/biome (@​biomejs/biome)

v2.2.4

Compare Source

Patch Changes

  • #​7453 aa8cea3 Thanks @​arendjr! - Fixed #​7242: Aliases specified in
    package.json's imports section now support having multiple targets as part of an array.

  • #​7454 ac17183 Thanks @​arendjr! - Greatly improved performance of
    noImportCycles by eliminating allocations.

    In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

  • #​7447 7139aad Thanks @​rriski! - Fixes #​7446. The GritQL
    $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

  • #​6710 98cf9af Thanks @​arendjr! - Fixed #​4723: Type inference now recognises
    index signatures and their accesses when they are being indexed as a string.

Example
type BagOfPromises = {
  // This is an index signature definition. It declares that instances of type
  // `BagOfPromises` can be indexed using arbitrary strings.
  [property: string]: Promise<void>;
};

let bag: BagOfPromises = {};
// Because `bag.iAmAPromise` is equivalent to `bag["iAmAPromise"]`, this is
// considered an access to the string index, and a Promise is expected.
bag.iAmAPromise;

  • #​7415 d042f18 Thanks @​qraqras! - Fixed #​7212, now the useOptionalChain rule recognizes optional chaining using
    typeof (e.g., typeof foo !== 'undefined' && foo.bar).

  • #​7419 576baf4 Thanks @​Conaclos! - Fixed #​7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript
    private members if the rule encounters a computed access on this.

    In the following example, member as previously reported as unused. It is no longer reported.

    class TsBioo {
  private member: number;

  set_with_name(name: string, value: number) {
    this[name] = value;
  }
}

  • 351bccd Thanks @​ematipico! - Added the new nursery lint rule
    noJsxLiterals, which disallows the use of string literals inside JSX.

    The rule catches these cases:

    <>
  <div>test</div> {/* test is invalid */}
  <>test</>
  <div>
    {/* this string is invalid */}
    asdjfl test foo
  </div>
</>

  • #​7406 b906112 Thanks @​mdevils! - Fixed an issue (#​6393) where the useHookAtTopLevel rule reported excessive diagnostics for nested hook calls.

    The rule now reports only the offending top-level call site, not sub-hooks of composite hooks.

    // Before: reported twice (useFoo and useBar).
function useFoo() {
  return useBar();
}
function Component() {
  if (cond) useFoo();
}
// After: reported once at the call to useFoo().

  • #​7461 ea585a9 Thanks @​arendjr! - Improved performance of
    noPrivateImports by eliminating allocations.

    In one repository, the total runtime of Biome with only noPrivateImports enabled went from ~3.2s down to ~1.4s.

  • 351bccd Thanks @​ematipico! - Fixed #​7411. The Biome Language Server had a regression where opening an editor with a file already open wouldn't load the project settings correctly.

  • #​7142 53ff5ae Thanks @​Netail! - Added the new nursery rule noDuplicateDependencies, which verifies that no dependencies are duplicated between the
    bundledDependencies, bundleDependencies, dependencies, devDependencies, overrides,
    optionalDependencies, and peerDependencies sections.

    For example, the following snippets will trigger the rule:

    {
  "dependencies": {
    "foo": ""
  },
  "devDependencies": {
    "foo": ""
  }
}
    {
  "dependencies": {
    "foo": ""
  },
  "optionalDependencies": {
    "foo": ""
  }
}
    {
  "dependencies": {
    "foo": ""
  },
  "peerDependencies": {
    "foo": ""
  }
}

  • 351bccd Thanks @​ematipico! - Fixed #​3824. Now the option CLI
    --color is correctly applied to logging too.

module-federation/core (@​module-federation/enhanced)

v0.19.1

What's Changed
New Features 🎉
  • Refactor(retry-plugin): unify retry behavior and improve resilience by @​danpeen in #​4043
Bug Fixes 🐞
  • fix: using addQuery option in retry-plugin query parameters will accumulating across retries by @​danpeen in #​4055
Document 📖
Other Changes
New Contributors

Full Changelog: module-federation/core@v0.18.4...0.19.1

web-infra-dev/rsbuild (@​rsbuild/core)

v1.5.6

Compare Source

What's Changed
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rsbuild@v1.5.5...v1.5.6

v1.5.5

Compare Source

What's Changed
New Features 🎉
Performance 🚀
Bug Fixes 🐞
Refactor 🔨
Document 📖
Other Changes
New Contributors

Full Changelog: web-infra-dev/rsbuild@v1.5.4...v1.5.5

web-infra-dev/rspack (@​rspack/cli)

v1.5.3

Compare Source

Highlights 💡
Advanced tree-shaking

Rspack v1.5.3 ships advanced tree-shaking for dynamic imports via member expression analysis.

Ongoing improvements are in progress, and upcoming releases will continue to improve static analysis to cover more syntax patterns, such as dynamic import with a subsequent .then().

image
What's Changed
Performance Improvements ⚡
New Features 🎉
Bug Fixes 🐞
Refactor 🔨
Document Updates 📖
Other Changes
New Contributors

Full Changelog: web-infra-dev/rspack@v1.5.2...v1.5.3

rspack-contrib/rspack-plugin-react-refresh (@​rspack/plugin-react-refresh)

v1.5.1

Compare Source

What's Changed

New Contributors

Full Changelog: rstackjs/rspack-plugin-react-refresh@v1.5.0...v1.5.1

web-infra-dev/rstest (@​rstest/core)

v0.3.4

Compare Source

What's Changed

Bug Fixes 🐞
  • fix: support use rstest global APIs in external modules by @​9aoy in #​554

Full Changelog: web-infra-dev/rstest@v0.3.3...v0.3.4

v0.3.3

Compare Source

What's Changed

Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rstest@v0.3.2...v0.3.3

facebook/stylex (@​stylexjs/stylex)

v0.15.4

Compare Source

  • Add configuration modes to processStylexRules.
  • Support local resolved constants, positionTry, and '0' values in valid-styles ESLint rule.
  • Implement defineConsts for dynamic styles.
  • Create .transformed file extension for preresolved variables.
typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.43.0

Compare Source

🚀 Features
  • typescript-estree: disallow empty type parameter/argument lists (#​11563)
🩹 Fixes
  • eslint-plugin: [prefer-return-this-type] don't report an error when returning a union type that includes a classType (#​11432)
  • eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#​11359)
  • eslint-plugin: [no-floating-promises] allowForKnownSafeCalls now supports function names (#​11423, #​11430)
  • eslint-plugin: [consistent-type-exports] fix declaration shadowing (#​11457)
  • eslint-plugin: [no-unnecessary-type-conversion] only report ~~ on integer literal types (#​11517)
  • scope-manager: exclude Program from DefinitionBase node types (#​11469)
  • eslint-plugin: [no-non-null-assertion] do not suggest optional chain on LHS of assignment (#​11489)
  • type-utils: add union type support to TypeOrValueSpecifier (#​11526)
❤️ Thank You

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.43.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

lucide-icons/lucide (lucide-react)

v0.544.0: Version 0.544.0

Compare Source

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.543.0...0.544.0

v0.543.0: Version 0.543.0

Compare Source

What's Changed

Full Changelog: lucide-icons/lucide@0.542.0...0.543.0

microsoft/monaco-editor (monaco-editor)

v0.53.0

Compare Source

  • ⚠️ This release deprecates the AMD build and ships with significant changes of the AMD build. The AMD build will still be shipped for a while, but we don't offer support for it anymore. Please migrate to the ESM build.
New Features
  • Next Edit Suggestion support.
  • Scroll On Middle Click
  • Edit Context Support
Breaking Changes
  • Internal AMD modules are no longer accessible. Accessing internal AMD modules was never supported. While this is still possible in the ESM build, we don't encourage this usage pattern.
  • The browser-script-editor scenario for unbundled synchronous script import and editor creation no longer works. Instead, a the ESM build should be used with a bundler, such as vite or webpack.
  • Custom AMD workers don't work anymore out of the box.
vercel/next.js (next)

v15.5.3

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
  • fix: validation return types of pages API routes (#​83069)
  • fix: relative paths in dev in validator.ts (#​83073)
  • fix: remove satisfies keyword from type validation to preserve old TS compatibility (#​83071)
Credits

Huge thanks to @​bgub for helping!

pnpm/pnpm (pnpm)

v10.16.1

Compare Source

Patch Changes
  • The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #​9963.
  • Forcibly disable ANSI color codes when generating patch diff #​9914.

v10.16.0

Compare Source

Minor Changes

  • There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

    The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

    If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

    minimumReleaseAgeExclude:
  - webpack

    Related issue: #​9921.

  • Added support for finders #​9946.

    In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:

    pnpm why minimist

    prints the chain of dependencies to any installed instance of minimist:

    verdaccio 5.20.1
├─┬ handlebars 4.7.7
│ └── minimist 1.2.8
└─┬ mv 2.1.1
  └─┬ mkdirp 0.5.6
    └── minimist 1.2.8

    What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

    This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

    Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:

    module.exports = {
  finders: {
    react17: (ctx) => {
      return ctx.readManifest().peerDependencies?.react === "^17.0.0";
    },
  },
};

    Now we can use this finder function by running:

    pnpm why --find-by=react17

    pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
└── graphql-tag 2.12.6

    It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:

    module.exports = {
  finders: {
    react17: (ctx) => {
      const manifest = ctx.readManifest();
      if (manifest.peerDependencies?.react === "^17.0.0") {
        return `license: ${manifest.license}`;
      }
      return false;
    },
  },
};

    Every matched package

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@chenjiahan chenjiahan merged commit e908022 into main Sep 15, 2025
4 checks passed
@chenjiahan chenjiahan deleted the renovate/all-non-major branch September 15, 2025 01:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenjiahan chenjiahan chenjiahan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chenjiahan