chore(deps): update node-based dev tools

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@lerna-lite/cli (source)	4.10.5 → 4.11.5
@lerna-lite/publish (source)	4.10.5 → 4.11.5
@lerna-lite/version (source)	4.10.5 → 4.11.5
jsdom	27.4.0 → 29.0.1
publint (source)	0.3.16 → 0.3.18
tsdown (source)	0.18.4 → 0.21.7

---

Release Notes

lerna-lite/lerna-lite (@​lerna-lite/cli)

v4.11.5

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.4

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.3

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.2

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.0

Compare Source

✨ Features

• add customizable remote Release Header & Footer messages (#​1243) (5ad8425) - by @​ghiscoding

lerna-lite/lerna-lite (@​lerna-lite/publish)

v4.11.5

Compare Source

Bug Fixes

• core: remove p-pipe, p-reduce (#​1280) (d298ef1) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#​1277) (819c5c9) - by @​ghiscoding
• deps: update all non-major dependencies (#​1274) (9351be2) - by @​renovate[bot]
• deps: update dependency tar to v7.5.11 [security] (#​1273) (6ac77a9) - by @​ghiscoding

v4.11.4

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1269) (6c82fab) - by @​renovate[bot]
• deps: update dependency tar to v7.5.10 [security] (#​1272) (f2e9bbf) - by @​renovate[bot]

v4.11.3

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1266) (9cbf1c5) - by @​renovate[bot]
• deps: update all non-major dependencies (#​1267) (28b1984) - by @​renovate[bot]
• deps fix(deps): update dependency tar to v7.5.8 [security] (#​1264) (0b694f7) - by @​renovate[bot]

v4.11.2

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1251) (597828f) - by @​renovate[bot]
• deps: update all non-major dependencies (#​1263) (4b05ca2) - by @​renovate[bot]
• deps: update dependency tar to v7.5.7 [security] (#​1254) (a18a25e) - by @​renovate[bot]

v4.11.1

Compare Source

🐞 Bug Fixes

• deps: update all non-major dependencies (#​1248) (541fe07) - by @​renovate[bot]

v4.11.0

Compare Source

Note: Version bump only for package @​lerna-lite/publish

lerna-lite/lerna-lite (@​lerna-lite/version)

v4.11.5

Compare Source

Bug Fixes

• core: remove p-pipe, p-reduce (#​1280) (d298ef1) - by @​ghiscoding
• deps: remove set-blocking, is-stream (#​1276) (8f0d1e3) - by @​ghiscoding
• deps: replace uuid, pify with native Node.js APIs (#​1275) (7bd09e2) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#​1277) (819c5c9) - by @​ghiscoding

v4.11.4

Compare Source

Bug Fixes

• deps: update conventional-changelog packages (#​1270) (dcd5910) - by @​renovate[bot]

v4.11.3

Compare Source

Note: Version bump only for package @​lerna-lite/version

v4.11.2

Compare Source

Bug Fixes

• add missing Comment issues/PRs count in --dry-run mode (#​1261) (5226ad1) - by @​ghiscoding
• deps: update all non-major dependencies (#​1251) (597828f) - by @​renovate[bot]

v4.11.1

Compare Source

🐞 Bug Fixes

• should comment on all linked issues/PRs (#​1245) (39e0f55) - by @​ghiscoding

v4.11.0

Compare Source

✨ Features

• add customizable remote Release Header & Footer messages (#​1243) (5ad8425) - by @​ghiscoding

jsdom/jsdom (jsdom)

v29.0.1

Compare Source

v29.0.0

Compare Source

Breaking changes:

• Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

• Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
• Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
• Added cssMediaRule.matches and cssSupportsRule.matches getters.
• Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
• Added cssKeyframeRule.keyText getter/setter validation.
• Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
• Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
• Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
• Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (thypon)
• Fixed a memory leak when stylesheets were removed from the document.
• Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
• Fixed nested @media rule parsing.
• Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
• Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
• Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
• Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

Compare Source

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

v28.0.0

Compare Source

• Overhauled resource loading customization. See the new README for details on the new API.
• Added MIME type sniffing to <iframe> and <frame> loads.
• Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
• Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
• Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
• Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
• Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
• Fixed require("url").parse() deprecation warning when using WebSockets.
• Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.
• Fixed many small issues in XMLHttpRequest.

publint/publint (publint)

v0.3.18

Compare Source

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

v0.3.17

Compare Source

Patch Changes

• Fix packing packages with pnpm when publishConfig.directory is set (#​216)

• Updated dependencies [2dcb107]:

  • @​publint/pack@​0.1.3

rolldown/tsdown (tsdown)

v0.21.7

Compare Source

   🚀 Features

• Add module option for attw and publint to allow passing imported modules directly  -  by @​sxzz (31e90)

   🐞 Bug Fixes

• deps: Add skipNodeModulesBundle dep subpath e2e tests and fix docs  -  by @​sxzz (deff7)

    View changes on GitHub

v0.21.6

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-rc.12  -  by @​sxzz (51292)
• config:
  • Pass root config to workspace config functions  -  by @​sxzz (76169)
  • Use mergeConfig for workspace config merging and support variadic overrides  -  by @​sxzz (148aa)
• dts:
  • Add cjsReexport option to eliminate dual module type hazard  -  by @​mandarini and @​sxzz in #​856 (875c1)
• exports:
  • Add bin option to auto-generate package.json bin field  -  by @​sxzz in #​869 (7ebd6)

   🐞 Bug Fixes

• css:
  • Compile preprocessor langs in virtual CSS modules  -  by @​sxzz in #​865 (7b2e0)
  • Strip .module from CSS output filenames  -  by @​sxzz in #​866 (03ade)
  • Default splitting to true in unbundle mode for CSS inject  -  by @​sxzz in #​867 (a4da6)
  • Split CSS plugin into pre/post phases for scoped CSS support  -  by @​sxzz in #​870 (ff0c4)
• entry:
  • Correctly output relative paths in logger output  -  by @​sxzz (00050)

    View changes on GitHub

v0.21.5

Compare Source

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in #​845 (41411)
• Support typescript v6  -  by @​ocavue in #​858 (bffc4)

   🐞 Bug Fixes

• css:
  • Run final minification on merged CSS output  -  by @​sxzz in #​853 (475df)
  • Don't override internal importer  -  by @​Laupetin in #​860 (af40e)
  • Use aliased exports for CSS module keys  -  by @​wChenonly and @​sxzz in #​840 (bb6de)
• deps:
  • External optionalDependencies by default  -  by @​sxzz (cd24d)
  • Resolve subpath extensions for packages without exports field  -  by @​sxzz in #​863 (c5150)
  • Correctly resolve root @types packages for dts deep imports  -  by @​brc-dd and @​sxzz in #​852 (0b276)

    View changes on GitHub

v0.21.4

Compare Source

   🚀 Features

• css: Add CSS modules support  -  by @​sxzz in #​834 (2a88a)

   🐞 Bug Fixes

• exports: Preserve CRLF line endings in package.json  -  by @​sxzz (a4d4e)

    View changes on GitHub

v0.21.3

Compare Source

   🚀 Features

• copy: Add support for watching copy source files  -  by @​schplitt in #​721 (7c23a)

   🐞 Bug Fixes

• css: Watch inline CSS files in watch mode  -  by @​sxzz (2051a)
• exports: Sort inlined dependencies by package name  -  by @​sxzz (0ec71)
• publint: Support Yarn v1  -  by @​sxzz (4a291)
• unbundle: Root should be lowest common ancestor of entry files  -  by @​sxzz (f1823)

    View changes on GitHub

v0.21.2

Compare Source

   🚨 Breaking Changes

• exe: Add exe.outDir for separate executable output dir, defaults to build  -  by @​sxzz (d49ef)

Note: Executable is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

• Add root option for controlling output directory structure  -  by @​sxzz (bad2d)
• deps: Rename onlyAllowBundle to onlyBundle  -  by @​peaklabs-dev and @​sxzz in #​819 (cbd7b)

   🐞 Bug Fixes

• css: Skip data URIs and external URLs in CSS url() rebasing  -  by @​sxzz (13907)

    View changes on GitHub

v0.21.1

Compare Source

   🚨 Breaking Changes

• css: Move all CSS support to @tsdown/css package  -  by @​sxzz in #​809 (1b1a1)

[!IMPORTANT]
If you are using CSS features (e.g., CSS imports), you now need to manually install the @tsdown/css package:

npm install @​tsdown/css -D
# or
pnpm add @​tsdown/css -D

Note: CSS support is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

• css:
  • Add css.inject option to preserve CSS imports in JS output  -  by @​sxzz and Claude Haiku 4.5 in #​808 (ad745)
  • Support ?inline query for CSS imports  -  by @​sxzz in #​810 (b7379)
  • Support node_modules package resolution  -  by @​sxzz and Claude Haiku 4.5 in #​812 (b06b4)

   🐞 Bug Fixes

• Generate correct filename for sass files when dts is enabled  -  by @​ocavue in #​802 (848a7)
• css:
  • Handle virtual module IDs from framework plugins  -  by @​sxzz (c421f)
  • Ignore css imports with URL query  -  by @​ocavue and @​sxzz in #​806 (c1d23)

    View changes on GitHub

v0.21.0

Compare Source

v0.21.0 - Notable Changes

Breaking Changes

Dependency options renamed to deps namespace

The dependency-related options have been moved under a new deps namespace with clearer names:

• external -> deps.neverBundle
• noExternal -> deps.alwaysBundle
• inlineOnly -> deps.onlyAllowBundle
• skipNodeModulesBundle -> deps.skipNodeModulesBundle

Before:

export default defineConfig({
  external: ['vue'],
  noExternal: ['lodash'],
})

After:

export default defineConfig({
  deps: {
    neverBundle: ['vue'],
    alwaysBundle: ['lodash'],
  },
})

The old options still work but are deprecated and will emit warnings.

failOnWarn default changed from 'ci-only' to false

If you relied on the previous behavior where warnings would fail the build in CI environments, you now need to explicitly set failOnWarn: true or failOnWarn: 'ci-only' in your config.

Node.js < 22.18.0 deprecated

tsdown now emits a deprecation warning when running on Node.js versions below 22.18.0. Plan to upgrade your Node.js version accordingly.

New Features

Experimental Node.js SEA executable bundling (exe)

tsdown can now bundle your TypeScript project into a standalone executable using Node.js Single Executable Applications (SEA). A new @tsdown/exe package provides cross-platform executable building support. See the exe documentation for details.

export default defineConfig({
  exe: true, // or { useCodeCache: true, useSnapshot: true }
})

Full CSS pipeline with @tsdown/css

CSS handling has been reimplemented as a native Rolldown plugin and extracted into the @tsdown/css package, providing a complete CSS pipeline with Lightning CSS and PostCSS support via the css.transformer option. See the CSS documentation for details.

inlinedDependencies field in package.json

When using the exports feature, tsdown now auto-generates an inlinedDependencies field in your package.json, listing dependencies that are bundled into the output.

Object option for customExports

customExports now supports an object format for more fine-grained control over the generated exports field.

Migration Guide

1. Update dependency options: Rename external -> deps.neverBundle, noExternal -> deps.alwaysBundle, etc.
2. Check failOnWarn: If you need warnings to fail the build in CI, explicitly set failOnWarn: 'ci-only' or failOnWarn: true.
3. Upgrade Node.js: Ensure you're running Node.js >= 22.18.0 to avoid deprecation warnings.

Links

• tsdown Documentation
• v0.21.0-beta.1 Release
• v0.21.0-beta.2 Release
• v0.21.0-beta.3 Release
• v0.21.0-beta.4 Release
• v0.21.0-beta.5 Release
• Full diff from v0.20.3

---

   🚨 Breaking Changes

• Change failOnWarn default from 'ci-only' to false  -  by @​sxzz (ad8db)
• exe: Require Node >=25.7 and default format to esm  -  by @​sxzz in #​798 (0173c)

   🚀 Features

• Rename dependency options to deps namespace  -  by @​sxzz (7f509)
• Upgrade rolldown  -  by @​sxzz (7a528)
• Deprecate Node.js versions below 22.18.0  -  by @​sxzz (439f1)
• Support bundling .node files by default  -  by @​sxzz (944e9)
• css:
  • Implement full CSS pipeline as Rolldown plugin  -  by @​sxzz in #​787 (dbe3c)
  • Extract CSS pipeline into @tsdown/css package  -  by @​sxzz in #​790 (e4cbe)
  • Add PostCSS support with css.transformer option  -  by @​sxzz in #​791 (35bef)
  • Default css.transformer to lightningcss  -  by @​sxzz in #​797 (288a5)
• exe:
  • Add experimental Node.js SEA executable bundling  -  by @​sxzz in #​777 (418d5)
  • Add cross-platform executable building via @tsdown/exe  -  by @​sxzz in #​786 (b6833)
  • Support latest and latest-lts for nodeVersion  -  by @​sxzz (ce7ab)
• exports:
  • Support object option for customExports  -  by @​Joery-M and @​sxzz in #​769 (7fb72)
  • Add inlinedDependencies field to package.json  -  by @​sxzz in #​785 (5c71f)
• migrate:
  • Migrate external/noExternal to deps namespace  -  by @​sxzz (c59e7)

   🐞 Bug Fixes

• Apply failOnWarn to rolldown logs  -  by @​sxzz (149dc)
• Debounce onSuccess in watch mode to prevent duplicate execution  -  by @​sxzz (af748)
• Don't fail on PLUGIN_TIMINGS warnings when failOnWarn is enabled  -  by @​sxzz (9872a)
• Resolve css files in node_modules  -  by @​ocavue, @​sxzz and Rei in #​795 (d8a1f)
• config: Handle known Node.js bug in nativeImport error handling  -  by @​sxzz (e4230)
• copy: Don't warn if no files specified  -  by @​adamlohner, @​cursoragent and @​sxzz in #​780 (afaab)
• css: Remove empty js chunks  -  by @​ocavue and @​sxzz in #​799 (1183a)
• exe: Use runtime semver check for ESM SEA default format  -  by @​sxzz (5321c)
• exports: Include non-entry chunks in exports when all is true  -  by @​sxzz (79492)
• hooks: Set cwd for onSuccess  -  by @​sxzz (c114a)
• node-protocol: Respect alias and tsconfig paths when stripping node: prefix  -  by @​lazuee in #​773 (b1dd2)
• watch: Re-glob entry files on create/delete events  -  by @​sxzz (a1969)

    View changes on GitHub

v0.20.3

Compare Source

   🐞 Bug Fixes

• package: Ignore scripts when packing  -  by @​sxzz (0b10b)

    View changes on GitHub

v0.20.2

Compare Source

   🚀 Features

• Upgrade rolldown to 1.0.0-rc.3  -  by @​sxzz (0beea)
• dep: Keep inlineOnly clean with hint message on unused  -  by @​jycouet and @​sxzz in #​725 (13f1c)
• pkg: Optimize attw and publint packing  -  by @​sxzz in #​736 (375cf)

   🐞 Bug Fixes

• Throw error when skipNodeModulesBundle and noExternal are used together  -  by @​sxzz in #​746 (656d5)
• External type only packages @types/*  -  by @​kalvenschraut (0be7c)
• exports: Move import before require  -  by @​sxzz (3027a)

    View changes on GitHub

v0.20.1

Compare Source

   🚀 Features

• inline-only: Show warnings if bundled deps  -  by @​sxzz (1e0e7)

    View changes on GitHub

v0.20.0

Compare Source

   🚨 Breaking Changes

• Upgrade dts plugin, remove dts.resolve option  -  by @​sxzz (16655)

   🚀 Features

• Add option to disable legacy CJS warning  -  by @​sxzz (9fada)
• Apply inlineOnly option for dts files  -  by @​sxzz (7d89d)
• Upgrade rolldown to 1.0.0-beta.60  -  by @​sxzz (bb3ee)
• Upgrade rolldown to rc 1  -  by @​sxzz (1959f)
• entry: Support mixed array and object entries  -  by @​sxzz (a8083)

   🐞 Bug Fixes

• Optional parseEnv  -  by @​sxzz (be1b6)
• Reload config on restart  -  by @​sxzz (1756b)
• Config extensions typo  -  by @​aryaemami59 in #​722 (d2bb7)
• windows: Normalize path separators in build output  -  by @​ryuapp in #​719 (c4525)

   🏎 Performance

• Native filter for external plugin  -  by @​sxzz (8764e)

    View changes on GitHub

v0.19.0

Compare Source

   🚨 Breaking Changes

• Rename debugLogs to debug  -  by @​sxzz (bb4e7)
• Remove deprecated silent option  -  by @​sxzz (59015)
• devtools:
  • Rename debug to devtools, rename debug.devtools to devtools.ui  -  by @​sxzz (63e6f)
• exports:
  • Add legacy option, remove main & module fields if pure ESM  -  by @​sxzz (16841)
  • Exclude extension name for exports.exclude  -  by @​sxzz (53d38)
  • Only auto-fill types when exports.legacy  -  by @​lishaduck and @​sxzz in #​685 (7be6b)

   🚀 Features

• Add typeAssert util back  -  by @​sxzz (1d385)
• Generate CSS exports when css.splitting is disabled  -  by @​jinghaihan and @​sxzz in #​680 (b737c)
• Upgrade rolldown to 1.0.0-beta.58  -  by @​sxzz (48036)
• Expose enableDebug  -  by @​sxzz (2d922)
• Expose resolveUserConfig  -  by @​sxzz (c9acb)
• Upgrade rolldown to 1.0.0-beta.59  -  by @​sxzz (d564f)
• Clear console on rebuild start  -  by @​sxzz (78efd)
• migrate: Add monorepo support  -  by @​lauigi and @​sxzz in #​659 (efba2)

   🐞 Bug Fixes

• Print blank line only when the log level is info  -  by @​tomgao365 in #​689 (96d82)
• attw: Add --ignore-scripts to avoid lifecycle output  -  by @​Doctor-wu in #​661 (1c8b1)
• cjs: Update version check for require ESM support  -  by @​sxzz (beeff)

   🏎 Performance

• Optimize hot paths  -  by @​sxzz (7925d)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.