chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@types/node (source)	^20.12.8 -> ^20.17.24
@vitest/coverage-v8 (source)	^1.5.3 -> ^1.6.1
changelogen	^0.5.5 -> ^0.6.1
eslint (source)	^8.57.0 -> ^8.57.1
eslint-config-unjs	^0.2.1 -> ^0.4.2
pnpm (source)	9.0.6 -> 9.15.9
prettier (source)	^3.2.5 -> ^3.5.3
typescript (source)	^5.4.5 -> ^5.8.2
vitest (source)	^1.5.3 -> ^1.6.1

---

Release Notes

vitest-dev/vitest (@​vitest/coverage-v8)

v1.6.1

Compare Source

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport https://github.com/vitest-dev/vitest/issues/7317 to v1 - by @​hi-ogawa in https://github.com/vitest-dev/vitest/pull/7319

    View changes on GitHub

v1.6.0

Compare Source

   🚀 Features

• Support standalone mode  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5565 (bdce0)
• Custom "snapshotEnvironment" option  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5449 (30f72)
• benchmark: Support comparing benchmark result  -  by @​hi-ogawa and @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5398 (f8d3d)
• browser: Allow injecting scripts  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5656 (21e58)
• reporter: Support includeConsoleOutput and addFileAttribute in junit  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5659 (2f913)
• ui: Sort items by file name  -  by @​btea in https://github.com/vitest-dev/vitest/issues/5652 (1f726)

   🐞 Bug Fixes

• Keep order of arguments for .each in custom task collectors  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5640 (7d57c)
• Call resolveId('vitest') after buildStart  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5646 (f5faf)
• Hash the name of the file when caching  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5654 (c9e68)
• Don't panic on empty files in node_modules  -  by @​sheremet-va (40c29)
• Use toJSON for error serialization  -  by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5526 (19a21)
• coverage:
  • Exclude *.test-d.* by default  -  by @​MindfulPol in https://github.com/vitest-dev/vitest/issues/5634 (bfe8a)
  • Apply vite-node's wrapper only to executed files  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/5642 (c9883)
• vm:
  • Support network imports  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5610 (103a6)

   🏎 Performance

• Improve performance of forks pool  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5592 (d8304)
• Unnecessary rpc call when coverage is disabled  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/5658 (c5712)

    View changes on GitHub

unjs/changelogen (changelogen)

v0.6.1

Compare Source

compare changes

🩹 Fixes

• Pass cwd in more places before running commands (#​266)

🏡 Chore

• Update deps (f728b52)
• Update tsconfig (e5dced7)

✅ Tests

• Update snapshot (ec2618f)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Daniel Roe (@​danielroe)

v0.6.0

Compare Source

compare changes

🚀 Enhancements

• Update jiti to v2 (6e85d32)
• Add check for breaking changes in commit body (#​228)
• Hide author email address via flag (#​247)
• Add noAuthors option (#​183)

🩹 Fixes

• Use https proto for author's github link (#​225)
• Use https proto for author's github link in tests (#​226)
• Release version regex supporting pre versions (#​259)
• Use correct compare changes URL for Bitbucket (#​257)
• Use tag template for version title and compare change link (#​255)
• Render usernames in github changelog (#​265)

💅 Refactors

• Use consola for colors (49e0401)
• Use confbox for yaml parsing (19e940c)

📦 Build

• ⚠️ Esm-only dist (4a22de6)

🏡 Chore

• Lint (031cfd6)
• Update deps (b184f23)
• Update ci (8662c4e)
• Update esm-only deps (0d5e31d)

✅ Tests

• Add tests for parsing co-authors from commit body (#​229)

⚠️ Breaking Changes

• ⚠️ Esm-only dist (4a22de6)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Klein Petr (@​kleinpetr)
• Jasper Zonneveld (@​JaZo)
• Thorsten Seyschab (@​toddeTV)
• Philipp Kief (@​PKief)
• Jan-Henrik Damaschke [email protected]
• Damian Głowala (@​DamianGlowala)

v0.5.7

Compare Source

compare changes

🩹 Fixes

• bump: Avoid using + for canary suffix (#​224)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.5.6

Compare Source

compare changes

🚀 Enhancements

• Add option to sign git tags (#​117)
• git: Support parse git messages that have prefix emoji (#​146)

🩹 Fixes

• github: Use bearer token (#​180)
• Handle repo name with multiple segments (#​219)
• Lowercase scope when filtering (#​199)

💅 Refactors

• Replace execa with execSync (#​222)
• Use human readable date for canary versions (#​223)
• Update execCommand (68127be)

🏡 Chore

• Apply automated lint fixes (72c407f)
• Update ci (bcb16cb)
• Update non major deps (7f714c9)
• Update to eslint v9 (fd40be9)
• Apply automated lint fixes (673255b)
• Update deps (3cfbe27)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Klein Petr (@​kleinpetr)
• Wan Chiu (@​wan54)
• Jianqi Pan (@​Jannchie)
• Vasily Kuzin [email protected]
• Daniel Roe (@​danielroe)

eslint/eslint (eslint)

v8.57.1

Compare Source

Bug Fixes

• a19072f fix: add logic to handle fixTypes in the lintText() method (#​18900) (Francesco Trotta)
• 04c7188 fix: Don't lint same file multiple times (#​18899) (Francesco Trotta)
• 87ec3c4 fix: do not throw when defining a global named __defineSetter__ (#​18898) (Francesco Trotta)
• 60a1267 fix: Provide helpful error message for nullish configs (#​18889) (Milos Djermanovic)
• a0dea8e fix: allow name in global ignores, fix --no-ignore for non-global (#​18875) (Milos Djermanovic)
• 3836bb4 fix: do not crash on error in fs.walk filter (#​18886) (Milos Djermanovic)
• 2dec349 fix: skip processor code blocks that match only universal patterns (#​18880) (Milos Djermanovic)

Documentation

• 6a5add4 docs: v8.x Add EOL banner (#​18744) (Amaresh S M)
• b034575 docs: v8.x add version support page to the dropdown (#​18731) (Amaresh S M)
• 760ef7d docs: v8.x add version support page in the side navbar (#​18740) (Amaresh S M)
• 428b7ea docs: Add Powered by Algolia label to the search (#​18658) (Amaresh S M)
• c68c07f docs: version selectors synchronization (#​18265) (Milos Djermanovic)

Build Related

• 35d366a build: Support updates to previous major versions (#​18870) (Milos Djermanovic)

Chores

• 140ec45 chore: upgrade @​eslint/js@​8.57.1 (#​18913) (Milos Djermanovic)
• bcdfc04 chore: package.json update for @​eslint/js release (Jenkins)
• 3f6ce8d chore: pin [email protected] (#​18910) (Milos Djermanovic)
• 9f07549 chore: ignore /docs/v8.x in link checker (#​18660) (Milos Djermanovic)

unjs/eslint-config (eslint-config-unjs)

v0.4.2

Compare Source

compare changes

💅 Refactors

• Use Linter.Config as return type (2cce21a)
• Reflax markdown rules (587c6a7)

🏡 Chore

• Update deps (c179c22)
• release: V0.4.1 (a8fb144)
• Update deps (0431414)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.4.1

Compare Source

compare changes

💅 Refactors

• Use Linter.Config as return type (2cce21a)
• Reflax markdown rules (587c6a7)

🏡 Chore

• Update deps (c179c22)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.4.0

Compare Source

compare changes

🏡 Chore

• ⚠️ Update dependencies (ec5727e)
• Use eslint ts support with jiti (0d531f8)

⚠️ Breaking Changes

• ⚠️ Update dependencies (ec5727e)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.3.2

Compare Source

compare changes

🏡 Chore

• Update unicorn plugin to 53 (0a944e4)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.3.1

Compare Source

compare changes

🩹 Fixes

• markdown: Override default rules (4765dd5)

🏡 Chore

• Remove prerelease script (pnpm why ?!) (a98c465)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.3.0

Compare Source

compare changes

pnpm/pnpm (pnpm)

v9.15.9

Compare Source

v9.15.8

Compare Source

v9.15.7: pnpm 9.15.7

Compare Source

Patch Changes

• pnpm self-update should not leave a directory with a broken pnpm installation if the installation fails.
• Allow scope registry CLI option without --config. prefix such as --@​scope:registry=https://scope.example.com/npm #​9089.
• pnpm self-update should not read the pnpm settings from the package.json file in the current working directory.
• pnpm update -i should list only packages that have newer versions #​9206.
• Fix a bug causing entries in the catalogs section of the pnpm-lock.yaml file to be removed when dedupe-peer-dependents=false on a filtered install. #​9112

Platinum Sponsors

Gold Sponsors

v9.15.6: pnpm 9.15.6

Compare Source

Patch Changes

• Fix instruction for updating pnpm with corepack #​9101.
• Print pnpm's version after the execution time at the end of the console output.
• The pnpm version specified by packageManager cannot start with v.
• Fix a bug causing catalog snapshots to be removed from the pnpm-lock.yaml file when using --fix-lockfile and --filter. #​8639
• Fix a bug causing catalog protocol dependencies to not re-resolve on a filtered install #​8638.

v9.15.5: pnpm 9.15.5

Compare Source

Patch Changes

• Verify that the package name is valid when executing the publish command.
• When running pnpm install, the preprepare and postprepare scripts of the project should be executed #​8989.
• Quote args for scripts with shell-quote to support new lines (on POSIX only) #​8980.
• Proxy settings should be respected, when resolving Git-hosted dependencies #​6530.
• Replace strip-ansi with the built-in util.stripVTControlCharacters #​9009.

Platinum Sponsors

Gold Sponsors

v9.15.4: pnpm 9.15.4

Compare Source

Patch Changes

• Ensure that recursive pnpm update --latest <pkg> updates only the specified package, with dedupe-peer-dependents=true.

Platinum Sponsors

Gold Sponsors

v9.15.3: pnpm 9.15.3

Compare Source

Patch Changes

• Fixed the Regex used to find the package manifest during packing #​8938.
• pnpm update --filter <pattern> --latest <pkg> should only change the specified package for the specified workspace, when dedupe-peer-dependents is set to true #​8877.
• Exclude .DS_Store file at patch-commit #​8922.
• Fix a bug in which pnpm patch is unable to bring back old patch without specifying @version suffix #​8919.

Platinum Sponsors

Gold Sponsors

v9.15.2: pnpm 9.15.2

Compare Source

Patch Changes

• Fixed publish/pack error with workspace dependencies with relative paths #​8904. It was broken in v9.4.0 (398472c).
• Use double quotes in the command suggestion by pnpm patch on Windows #​7546.
• Do not fall back to SSH, when resolving a git-hosted package if git ls-remote works via HTTPS #​8906.
• Improve how packages with blocked lifecycle scripts are reported during installation. Always print the list of ignored scripts at the end of the output. Include a hint about how to allow the execution of those packages.

Platinum Sponsors

Gold Sponsors

v9.15.1: pnpm 9.15.1

Compare Source

Patch Changes

• pnpm remove should not link dependencies from the workspace, when link-workspace-packages is set to false [#​7674](https://r

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.