fix(deps): update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@refinist/eslint-config	^1.0.4 → ^1.2.0			devDependencies	minor
@types/node (source)	^22.18.0 → ^22.19.7			devDependencies	minor
bumpp	^10.2.3 → ^10.4.0			devDependencies	minor
c12	^3.2.0 → ^3.3.3			dependencies	minor
eslint (source)	^9.34.0 → ^9.39.2			devDependencies	minor
pnpm (source)	10.15.1 → 10.28.0			packageManager	minor
pnpm/action-setup	v4.1.0 → v4.2.0			action	minor
prettier (source)	^3.6.2 → ^3.8.0			devDependencies	minor
publint (source)	^0.3.12 → ^0.3.16			devDependencies	patch
sort-package-json	^3.4.0 → ^3.6.0			dependencies	minor
tsdown (source)	^0.14.2 → ^0.19.0			devDependencies	minor
tsx (source)	^4.20.5 → ^4.21.0			devDependencies	minor
typescript (source)	^5.9.2 → ^5.9.3			devDependencies	patch
unplugin-unused	^0.5.2 → ^0.5.6			devDependencies	patch

---

Release Notes

refinist/eslint-config (@​refinist/eslint-config)

v1.2.0

Compare Source

   🚀 Features

• Add sortKeys for imports, package.json, pnpm-workspace.yaml, and tsconfig files  -  by @​refinist (60711)
• Add sortKeys for imports, package.json, pnpm-workspace.yaml, and tsconfig files  -  by @​refinist (11817)

    View changes on GitHub

v1.1.0

Compare Source

   🚀 Features

• Add sort for imports, package.json, pnpm-workspace.yaml, and tsconfig files  -  by @​refinist (8393d)

    View changes on GitHub

v1.0.7

Compare Source

No significant changes

    View changes on GitHub

antfu-collective/bumpp (bumpp)

v10.4.0

Compare Source

No significant changes

    View changes on GitHub

v10.3.2

Compare Source

   🐞 Bug Fixes

• Resolve the options in config file correctly  -  by @​liangmiQwQ in #​101 (f5887)

    View changes on GitHub

v10.3.1

Compare Source

No significant changes

    View changes on GitHub

v10.3.0

Compare Source

   🚀 Features

• Support --release for release type  -  by @​luoling8192 in #​97 (5af7b)

    View changes on GitHub

unjs/c12 (c12)

v3.3.3

Compare Source

compare changes

📦 Build

• Update chokidar to 5.x (0dcf338)

🏡 Chore

• Update dev deps (78ca00b)

❤️ Contributors

• Pooya Parsa (@​pi0)

v3.3.2

Compare Source

compare changes

📖 Documentation

• Fix typo in globalRc option (#​281)

📦 Build

• Switch to obuild (rolldown) (9addbb1)
• Relax magicast peer dependency range (eae6be1)

🏡 Chore

• Update dev deps (26fe8fe)
• Update deps (16fd49d)
• Update deps (120c0e6)
• Update scripts (543b39c)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Jan T. Sott git@idleberg.com

v3.3.1

Compare Source

compare changes

🩹 Fixes

• Extend with explicit extensions only (#​268, #​276)

🏡 Chore

• Update lockfile (7dc6386)
• Update fixture (128f2f6)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Ígor Jacaúna (@​igorjacauna)

v3.3.0

Compare Source

compare changes

🚀 Enhancements

• Support loading config with array exports (#​272)
• Allow extends without extension (#​268)

🩹 Fixes

• loadDotenv: cwd is optional (#​273)

📖 Documentation

• Improve dotenv section with multiple files example (#​270)

🏡 Chore

• Update readme (5f803d6)
• Sort a-z (40207d2)
• Update lockfile (2cc4f5e)
• Update lockfile (38e04db)

✅ Tests

• Add missing await (63e5b5e)
• Update snapshot (bc671c4)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Devbro1 farzadk@gmail.com
• Carson (@​carson2222)
• Igal Klebanov igalklebanov@gmail.com

eslint/eslint (eslint)

v9.39.2

Compare Source

v9.39.1

Compare Source

v9.39.0

Compare Source

v9.38.0

Compare Source

Features

• ce40f74 feat: update complexity rule to only highlight function header (#​20048) (Atul Nair)
• e37e590 feat: correct no-loss-of-precision false positives with e notation (#​20187) (Francesco Trotta)

Bug Fixes

• 50c3dfd fix: improve type support for isolated dependencies in pnpm (#​20201) (Francesco Trotta)
• a1f06a3 fix: correct SourceCode typings (#​20114) (Pixel998)

Documentation

• 462675a docs: improve web accessibility by hiding non-semantic character (#​20205) (루밀LuMir)
• c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#​20203) (루밀LuMir)
• b39e71a docs: Update README (GitHub Actions Bot)
• cd39983 docs: move custom-formatters type descriptions to nodejs-api (#​20190) (Percy Ma)

Chores

• d17c795 chore: upgrade @​eslint/js@​9.38.0 (#​20221) (Milos Djermanovic)
• 25d0e33 chore: package.json update for @​eslint/js release (Jenkins)
• c82b5ef refactor: Use types from @​eslint/core (#​20168) (Nicholas C. Zakas)
• ff31609 ci: add Node.js 25 to ci.yml (#​20220) (루밀LuMir)
• 004577e ci: bump github/codeql-action from 3 to 4 (#​20211) (dependabot[bot])
• eac71fb test: remove use of nodejsScope option of eslint-scope from tests (#​20206) (Milos Djermanovic)
• 4168a18 chore: fix typo in legacy-eslint.js (#​20202) (Sweta Tanwar)
• 205dbd2 chore: fix typos (#​20200) (ntnyq)
• dbb200e chore: use team member's username when name is not available in data (#​20194) (Milos Djermanovic)
• 8962089 chore: mark deprecated rules as available until v11.0.0 (#​20184) (Pixel998)

v9.37.0

Compare Source

Features

• 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#​20163) (Pixel998)
• f81eabc feat: support TS syntax in no-restricted-imports (#​19562) (Nitin Kumar)

Bug Fixes

• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#​20164) (Francesco Trotta)
• 09e04fc fix: add missing AST token types (#​20172) (Pixel998)
• 861c6da fix: correct ESLint typings (#​20122) (Pixel998)

Documentation

• b950359 docs: fix typos across the docs (#​20182) (루밀LuMir)
• 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#​20181) (Percy Ma)
• 29ea092 docs: Update README (GitHub Actions Bot)
• 5c97a04 docs: show availableUntil in deprecated rule banner (#​20170) (Pixel998)
• 90a71bf docs: update README files to add badge and instructions (#​20115) (루밀LuMir)
• 1603ae1 docs: update references from master to main (#​20153) (루밀LuMir)

Chores

• afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#​20183) (Francesco Trotta)
• abee4ca chore: package.json update for @​eslint/js release (Jenkins)
• fc9381f chore: fix typos in comments (#​20175) (overlookmotel)
• e1574a2 chore: unpin jiti (#​20173) (renovate[bot])
• e1ac05e refactor: mark ESLint.findConfigFile() as async, add missing docs (#​20157) (Pixel998)
• 347906d chore: update eslint (#​20149) (renovate[bot])
• 0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#​20146) (Milos Djermanovic)
• bb99566 ci: pin jiti to version 2.5.1 (#​20151) (Pixel998)
• 177f669 perf: improve worker count calculation for "auto" concurrency (#​20067) (Francesco Trotta)
• 448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#​20144) (Milos Djermanovic)

v9.36.0

Compare Source

Features

• 47afcf6 feat: correct preserve-caught-error edge cases (#​20109) (Francesco Trotta)

Bug Fixes

• 75b74d8 fix: add missing rule option types (#​20127) (ntnyq)
• 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#​20116) (루밀LuMir)
• 7d61b7f fix: add missing scope types to Scope.type (#​20110) (Pixel998)
• 7a670c3 fix: correct rule option typings in rules.d.ts (#​20084) (Pixel998)

Documentation

• b73ab12 docs: update examples to use defineConfig (#​20131) (sethamus)
• 31d9392 docs: fix typos (#​20118) (Pixel998)
• c7f861b docs: Update README (GitHub Actions Bot)
• 6b0c08b docs: Update README (GitHub Actions Bot)
• 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

• 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#​20139) (Milos Djermanovic)
• 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
• bac82a2 ci: simplify renovate configuration (#​19907) (唯然)
• c00bb37 ci: bump actions/labeler from 5 to 6 (#​20090) (dependabot[bot])
• fee751d refactor: use defaultOptions in rules (#​20121) (Pixel998)
• 1ace67d chore: update example to use defineConfig (#​20111) (루밀LuMir)
• 4821963 test: add missing loc information to error objects in rule tests (#​20112) (루밀LuMir)
• b42c42e chore: disallow use of deprecated type property in core rule tests (#​20094) (Milos Djermanovic)
• 7bb498d test: remove deprecated type property from core rule tests (#​20093) (Pixel998)
• e10cf2a ci: bump actions/setup-node from 4 to 5 (#​20089) (dependabot[bot])
• 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#​20080) (Pixel998)
• f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
• 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#​20079) (Milos Djermanovic)

v9.35.0

Compare Source

Features

• 42761fa feat: implement suggestions for no-empty-function (#​20057) (jaymarvelz)
• 102f444 feat: implement suggestions for no-empty-static-block (#​20056) (jaymarvelz)
• e51ffff feat: add preserve-caught-error rule (#​19913) (Amnish Singh Arora)

Bug Fixes

• 10e7ae2 fix: update uncloneable options error message (#​20059) (soda-sorcery)
• bfa4601 fix: ignore empty switch statements with comments in no-empty rule (#​20045) (jaymarvelz)
• dfd11de fix: add before and after to test case types (#​20049) (Francesco Trotta)
• dabbe95 fix: correct types for no-restricted-imports rule (#​20034) (Milos Djermanovic)
• ea789c7 fix: no-loss-of-precision false positive with uppercase exponent (#​20032) (sethamus)

Documentation

• d265515 docs: improve phrasing - "if" → "even if" from getting-started section (#​20074) (jjangga0214)
• a355a0e docs: invert comparison logic for example in no-var doc page (#​20064) (OTonGitHub)
• 5082fc2 docs: Update README (GitHub Actions Bot)
• 99cfd7e docs: add missing "the" in rule deprecation docs (#​20050) (Josh Goldberg ✨)
• 6ad8973 docs: update --no-ignore and --ignore-pattern documentation (#​20036) (Francesco Trotta)
• 8033b19 docs: add documentation for --no-config-lookup (#​20033) (Francesco Trotta)

Chores

• da87f2f chore: upgrade @​eslint/js@​9.35.0 (#​20077) (Milos Djermanovic)
• af2a087 chore: package.json update for @​eslint/js release (Jenkins)
• 7055764 test: remove tests/lib/eslint/eslint.config.js (#​20065) (Milos Djermanovic)
• 84ffb96 chore: update @eslint-community/eslint-utils (#​20069) (Francesco Trotta)
• d5ef939 refactor: remove deprecated context.parserOptions usage across rules (#​20060) (sethamus)
• 1b3881d chore: remove redundant word (#​20058) (pxwanglu)

pnpm/pnpm (pnpm)

v10.28.0

Compare Source

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

• Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

• Fix installation of Git dependencies using annotated tags #​10335.

  Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

• Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

• Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

• Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
• Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.

Platinum Sponsors

Gold Sponsors

v10.26.0

Compare Source

v10.25.0

Compare Source

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:is-odd@3.0.1) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - chokidar@4.0.3
    - webpack@4.47.0 || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

v10.20.0

Compare Source

Minor Changes

• Support --all option in pnpm --help to list all commands #​8628.

Patch Changes

• When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #​10100.
• create command should not verify patch info.
• Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #​10063.

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  onlyBuiltDependencies:
    - nx@21.6.4 || 21.6.5
    - esbuild@0.25.1

  Related PR: #​10104.

• Added support for exact versions in minimumReleaseAgeExclude #​9985.

  You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - nx@21.6.5
    - webpack@4.47.0 || 5.102.1

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to `false

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (8112090) to head (c2e38cb).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main        #4   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            7         7           
  Lines          156       156           
  Branches        23        23           
=========================================
  Hits           156       156           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.