Skip to content

chore(deps): update all non-major dependencies#144

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#144
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 22, 2026

This PR contains the following updates:

Package Change Age Confidence
@fastify/http-proxy ^11.4.2^11.4.4 age confidence
@types/node (source) ^25.9.0^25.9.1 age confidence
@typescript/native-preview (source) ^7.0.0-dev.20260518.1^7.0.0-dev.20260519.1 age confidence
@vitest/coverage-v8 (source) ^4.1.6^4.1.7 age confidence
fastify (source) ^5.8.4^5.8.5 age confidence
oxfmt (source) ^0.50.0^0.51.0 age confidence
oxlint (source) ^1.65.0^1.66.0 age confidence
pnpm (source) 11.1.311.2.1 age confidence
vitest (source) ^4.1.6^4.1.7 age confidence

Release Notes

microsoft/typescript-go (@​typescript/native-preview)

v7.0.0-dev.20260519.1

Compare Source

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.7

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
oxc-project/oxc (oxfmt)

v0.51.0

Compare Source

oxc-project/oxc (oxlint)

v1.66.0

Compare Source

🚀 Features
  • 0440b0f linter/eslint: Implement id-match rule (#​22379) (Vladislav Sayapin)
  • 65bf119 linter: Implement react no-object-type-as-default-prop (#​22481) (uhyo)
  • 2a6ddce linter/eslint: Implement no-implied-eval rule (#​22391) (Vladislav Sayapin)
  • 625758a linter/vitest: Implement padding-around-after-all-blocks rule (#​21788) (kapobajza)
  • 37680b0 linter: Implement react no-unstable-nested-components (#​22248) (Jovi De Croock)
  • d8d9c74 linter: Implement import/newline-after-import rule (#​19142) (Ryuya Yanagi)
pnpm/pnpm (pnpm)

v11.2.1

Compare Source

Patch Changes
  • Mark optional subdependency snapshots of config dependencies with optional: true in the env lockfile, matching how optional dependencies are recorded elsewhere in pnpm-lock.yaml. Previously, snapshots for the platform-specific subdeps pulled in via a config dep's optionalDependencies were written as empty objects, which was inconsistent with the rest of the lockfile and made it look like those non-host platform variants were required.
  • Fix pickRegistryForPackage returning the wrong registry for an unscoped npm: alias under a scoped local name. A manifest entry like "@​private/foo": "npm:lodash@^1" was routing the lodash fetch through registries["@​private"], even though lodash is unscoped and doesn't live on that registry. The npm-alias branch now returns the alias target's own scope (or null for an unscoped target, falling through to registries.default) instead of leaking into the local key's scope.
  • Don't print "Installing config dependencies..." when config dependencies are already installed and nothing needs to be fetched, re-linked, or removed.

v11.2.0

Compare Source

Minor Changes

  • Experimental: Adding @pnpm/pacquet (the Rust port of pnpm) to configDependencies in pnpm-workspace.yaml now delegates the materialization phase of pnpm install to the pacquet binary. pnpm still owns dependency resolution; pacquet only fetches and imports from the freshly-written lockfile. This is an opt-in preview of the Rust install engine #​11723.

    To configure pacquet in a project, run:

    pnpm add @​pnpm/pacquet --config

    You'll see changes in pnpm-workspace.yaml and pnpm-lock.yaml that should be committed. If you experience any issues with pacquet, please let us know by mentioning this in the GitHub issue you create.

  • configDependencies now resolve and install one level of optionalDependencies declared by the config dependency, with os/cpu/libc platform filtering applied at install time. This unlocks the esbuild/swc-style pattern where a package ships platform-specific binaries via optionalDependencies — a config dependency can now do the same and have the matching binary symlinked next to it in the global virtual store, so require('pkg-platform-arch') from inside the config dependency resolves correctly.

    The env lockfile records all platform variants regardless of host platform, so it remains portable across machines. Each entry in a config dependency's optionalDependencies must declare an exact version — ranges and tags are rejected to keep installs reproducible.

  • Implement the documented pnpm login --scope <scope> flag. The scope is normalized (a leading @ is added if missing; blank values are ignored) and an @<scope>:registry=<registry> mapping is written to the pnpm auth file alongside the auth token. Subsequent installs of @<scope>/* packages then route to the chosen registry. Previously pnpm login --scope foo errored with Unknown option: 'scope' despite the flag being listed in the online documentation #​11716.

  • pnpm outdated and pnpm update --interactive now report Node.js, Deno, and Bun runtimes installed as project dependencies (runtime: specifiers). Previously these were silently skipped.

Patch Changes

  • Fix cafile=<relative-path> in .npmrc being read from the wrong directory when pnpm is invoked from a different cwd (e.g. pnpm --dir <project> install from a CI wrapper or monorepo script). The path is now resolved against the directory of the .npmrc that declared it, not process.cwd(). Before this fix the CA file silently failed to load — the install proceeded without the configured CA and the user only saw TLS errors against a private registry, with no log line tying back to the wrongly resolved path #​11624.

  • Fix config.registry getting a trailing slash appended when registry is set in .npmrc and no registries.default is provided by pnpm-workspace.yaml. The sync from registries.default to config.registry introduced in #​11744 now only fires when the workspace manifest actually contributes a different default.

  • Fix global add/update to handle minimumReleaseAge policy violations instead of surfacing an internal resolver guardrail error.

  • Fix two crashes with injectWorkspacePackages: true when the lockfile has been pruned (e.g. by turbo prune --docker):

    • Cannot use 'in' operator to search for 'directory' in undefined: a peer-dependency-variant injected snapshot inherits its resolution from the base packages: entry; when a pruner drops that base entry the readers crash. convertToLockfileObject now reconstructs the directory resolution from the file: depPath at load time — a single normalization point, so every reader sees a fully-formed snapshot.
    • ERR_PNPM_ENOENT on node_modules/.bin/<tool>: after prepare/postinstall, runLifecycleHooksConcurrently re-imported each injected workspace package; the scanDir-into-filesMap workaround fed target-internal paths to the importer, which the makeEmptyDir fast path (#​11088) then wiped. Drop the workaround and pass keepModulesDir: true so the importer preserves the target's existing node_modules (bin links + transitive deps) and source files keep their hardlinks.

  • Fixed pnpm login and pnpm logout ignoring registries.default from pnpm-workspace.yaml #​10099.

  • Fix the minimumReleaseAge (publishedBy) maturity shortcut to be inclusive at the cutoff. Previously, abbreviated metadata whose modified field equalled the cutoff fell off the fast path and triggered a full-metadata re-fetch (or a MISSING_TIME error when full metadata wasn't permitted). Since modified is an upper bound on every version's publish time, modified == publishedBy already implies every version passes the per-version <= filter in filterPkgMetadataByPublishDate, so the shortcut now accepts the boundary case directly. Strictly > (was >=) at the rejection branch.

  • Honor publishConfig.access when publishing packages.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "after 1am and before 5am"
  • Automerge
    • "after 2am and before 5am"

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 22, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.94%. Comparing base (ff3c3d3) to head (2aceacb).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #144   +/-   ##
=======================================
  Coverage   94.94%   94.94%           
=======================================
  Files           8        8           
  Lines         791      791           
  Branches      325      325           
=======================================
  Hits          751      751           
  Misses         35       35           
  Partials        5        5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants