fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/eslint-config	^7.6.0 → ^7.7.3
@types/node (source)	^24.10.13 → ^24.12.0
@types/pg (source)	^8.16.0 → ^8.20.0
@typescript/native-preview (source)	7.0.0-dev.20260225.1 → 7.0.0-dev.20260323.1
axios (source)	^1.13.5 → ^1.13.6
eslint (source)	^10.0.2 → ^10.1.0
fs-extra	^11.3.3 → ^11.3.4
lint-staged	^16.2.7 → ^16.4.0
mssql	^12.2.0 → ^12.2.1
nodemailer (source)	^8.0.1 → ^8.0.3
pg (source)	^8.18.0 → ^8.20.0
pg-promise	^12.6.1 → ^12.6.2
pnpm (source)	10.30.2 → 10.32.1
ssh2-sftp-client	^12.0.1 → ^12.1.0
tsdown (source)	^0.20.3 → ^0.21.4
unrun (source)	^0.2.27 → ^0.2.32

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v7.7.3

Compare Source

   🐞 Bug Fixes

• Disable some e18e rules  -  by @​antfu (7edec)

    View changes on GitHub

v7.7.2

Compare Source

   🐞 Bug Fixes

• Exclude the zed terminal from editor detection  -  by @​mattmess1221 in #​834 (9484a)
• Enable typescript when tsgo installed  -  by @​9romise in #​833 (4665e)
• e18e: moduleReplacements should only enable in lib  -  by @​antfu (61658)

    View changes on GitHub

v7.7.0

Compare Source

   🚀 Features

• Zed support  -  by @​hyoban in #​827 (30fcb)
• Integrate @​e18e/eslint-plugin  -  by @​9romise in #​830 (ebd46)

   🐞 Bug Fixes

• markdown: Disable 'markdown/fenced-code-language' rule  -  by @​jinghaihan in #​831 (0c44d)

    View changes on GitHub

v7.6.1

Compare Source

   🐞 Bug Fixes

• Separate node plugins setup and rules, fix #​817  -  by @​antfu in #​817 (fa3b0)

    View changes on GitHub

microsoft/typescript-go (@​typescript/native-preview)

v7.0.0-dev.20260323.1

Compare Source

v7.0.0-dev.20260322.1

Compare Source

v7.0.0-dev.20260321.1

Compare Source

v7.0.0-dev.20260320.1

Compare Source

v7.0.0-dev.20260319.1

Compare Source

v7.0.0-dev.20260318.1

Compare Source

v7.0.0-dev.20260317.1

Compare Source

v7.0.0-dev.20260316.1

Compare Source

v7.0.0-dev.20260315.1

Compare Source

v7.0.0-dev.20260314.1

Compare Source

v7.0.0-dev.20260313.1

Compare Source

v7.0.0-dev.20260312.1

Compare Source

v7.0.0-dev.20260311.1

Compare Source

v7.0.0-dev.20260310.1

Compare Source

v7.0.0-dev.20260309.1

Compare Source

v7.0.0-dev.20260308.1

Compare Source

v7.0.0-dev.20260307.1

Compare Source

v7.0.0-dev.20260306.1

Compare Source

v7.0.0-dev.20260305.1

Compare Source

v7.0.0-dev.20260304.1

Compare Source

v7.0.0-dev.20260303.1

Compare Source

v7.0.0-dev.20260302.1

Compare Source

v7.0.0-dev.20260301.1

Compare Source

v7.0.0-dev.20260228.1

Compare Source

v7.0.0-dev.20260227.1

Compare Source

v7.0.0-dev.20260226.1

Compare Source

axios/axios (axios)

v1.13.6

Compare Source

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#​5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#​7385)

🐛 Bug Fixes

• Environment Compatibility:

  • Fixed module exports for React Native and Browserify environments. (#​7386)
  • Added safe FormData detection for the WeChat Mini Program environment. (#​7324)

• Error Handling:

  • AxiosError.message is now correctly enumerable. (#​7392)
  • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#​7403)

🔧 Maintenance & Chores

• Dependencies: Updated the development_dependencies group (5 updates). (#​7432)
• Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#​7424)
• Documentation: Added missing JSDoc comments to utilities. (#​7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

• @​Gudahtt (#​7386)
• @​ybbus (#​7392)
• @​Shiwaangee (#​7324)
• @​skrtheboss (#​7403)
• @​Janaka66 (#​7427)
• @​moh3n9595 (#​5764)
• @​digital-wizard48 (#​7424)

Full Changelog: v1.13.5...v1.13.6

eslint/eslint (eslint)

v10.1.0

Compare Source

Features

• ff4382b feat: apply fix for no-var in TSModuleBlock (#​20638) (Tanuj Kanti)
• 0916995 feat: Implement api support for bulk-suppressions (#​20565) (Blake Sager)

Bug Fixes

• 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#​20464) (Amaresh S M)
• e58b4bf fix: update eslint (#​20597) (renovate[bot])

Documentation

• b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#​20641) (mkemna-clb)
• 58e4cfc docs: add deprecation notice partial (#​20639) (Milos Djermanovic)
• 7143dbf docs: update v9 migration guide for @eslint/js usage (#​20540) (fnx)
• 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#​20630) (Milos Djermanovic)
• e972c88 docs: merge ESLint option descriptions into type definitions (#​20608) (Francesco Trotta)
• 7f10d84 docs: Update README (GitHub Actions Bot)
• aeed007 docs: open playground link in new tab (#​20602) (Tanuj Kanti)
• a0d1a37 docs: Add AI Usage Policy (#​20510) (Nicholas C. Zakas)

Chores

• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#​20584) (Milos Djermanovic)
• 1f42bd7 chore: update prettier to 3.8.1 (#​20651) (루밀LuMir)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#​20652) (renovate[bot])
• cc43f79 chore: update dependency c8 to v11 (#​20650) (renovate[bot])
• 2ce4635 chore: update dependency @​eslint/json to v1 (#​20649) (renovate[bot])
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#​20646) (renovate[bot])
• dbb4c95 chore: remove trunk (#​20478) (sethamus)
• c672a2a test: fix CLI test for empty output file (#​20640) (kuldeep kumar)
• c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#​20636) (dependabot[bot])
• 07c4b8b test: fix RuleTester test without test runners (#​20631) (Francesco Trotta)
• 079bba7 test: Add tests for isValidWithUnicodeFlag (#​20601) (Manish chaudhary)
• 5885ae6 ci: unpin Node.js 25.x in CI (#​20615) (Copilot)
• f65e5d3 chore: update pnpm/action-setup digest to b906aff (#​20610) (renovate[bot])

v10.0.3

Compare Source

jprichardson/node-fs-extra (fs-extra)

v11.3.4

Compare Source

• Fix bug where calling ensureSymlink/ensureSymlinkSync with a relative srcPath would fail if the symlink already existed (#​1038, #​1064)

lint-staged/lint-staged (lint-staged)

v16.4.0

Compare Source

Minor Changes

• #​1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Compare Source

Patch Changes

• #​1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Compare Source

Patch Changes

• #​1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

v16.3.2

Compare Source

Patch Changes

• #​1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Compare Source

Patch Changes

• #​1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Compare Source

Minor Changes

• #​1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #​1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #​1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

tediousjs/node-mssql (mssql)

v12.2.1

Compare Source

Bug Fixes

• instantiate ConnectionError with appropriate args (b163c09)

nodemailer/nodemailer (nodemailer)

v8.0.3

Compare Source

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

Compare Source

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

brianc/node-postgres (pg)

v8.20.0

Compare Source

• Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

v8.19.0

Compare Source

• Deprecate interal query queue.
• Pass connection parameters to password callback.

vitaly-t/pg-promise (pg-promise)

v12.6.2

Compare Source

• Driver version updated to the latest.

pnpm/pnpm (pnpm)

v10.32.1: pnpm 10.32.1

Compare Source

Patch Changes

• Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #​10909.

Platinum Sponsors

Gold Sponsors

v10.32.0: pnpm 10.32

Compare Source

Minor Changes

• Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #​10136.

Patch Changes

• Reverted change related to setting explicitly the npm config file path, which caused regressions.
• Reverted fix related to lockfile-include-tarball-url. Fixes #​10915.

Platinum Sponsors

Gold Sponsors

v10.31.0

Compare Source

v10.30.3

Compare Source

theophilusx/ssh2-sftp-client (ssh2-sftp-client)

v12.1.0: MS SFTP Server Fix

Compare Source

This release addresses an issue which arises when connecting to an MS sftp server whereby an exception would be raised whenever the remote MS server closed the connection, even when that closure was legitimate. Thanks to @​rhyswilliamsza for the fix.

rolldown/tsdown (tsdown)

v0.21.4

Compare Source

   🚀 Features

• css: Add CSS modules support  -  by @​sxzz in #​834 (2a88a)

   🐞 Bug Fixes

• exports: Preserve CRLF line endings in package.json  -  by @​sxzz (a4d4e)

    View changes on GitHub

v0.21.3

Compare Source

   🚀 Features

• copy: Add support for watching copy source files  -  by @​schplitt in #​721 (7c23a)

   🐞 Bug Fixes

• css: Watch inline CSS files in watch mode  -  by @​sxzz (2051a)
• exports: Sort inlined dependencies by package name  -  by @​sxzz (0ec71)
• publint: Support Yarn v1  -  by @​sxzz (4a291)
• unbundle: Root should be lowest common ancestor of entry files  -  by @​sxzz (f1823)

    View changes on GitHub

v0.21.2

Compare Source

   🚨 Breaking Changes

• exe: Add exe.outDir for separate executable output dir, defaults to build  -  by @​sxzz (d49ef)

Note: Executable is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

• Add root option for controlling output directory structure  -  by @​sxzz (bad2d)
• deps: Rename onlyAllowBundle to onlyBundle  -  by @​peaklabs-dev and @​sxzz in #​819 (cbd7b)

   🐞 Bug Fixes

• css: Skip data URIs and external URLs in CSS url() rebasing  -  by @​sxzz (13907)

    View changes on GitHub

v0.21.1

Compare Source

   🚨 Breaking Changes

• css: Move all CSS support to @tsdown/css package  -  by @​sxzz in #​809 (1b1a1)

[!IMPORTANT]
If you are using CSS features (e.g., CSS imports), you now need to manually install the @tsdown/css package:

npm install @​tsdown/css -D
# or
pnpm add @​tsdown/css -D

Note: CSS support is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

• css:
  • Add css.inject option to preserve CSS imports in JS output  -  by @​sxzz and Claude Haiku 4.5 in #​808 (ad745)
  • Support ?inline query for CSS imports  -  by @​sxzz in #​810 (b7379)
  • Support node_modules package resolution  -  by @​sxzz and Claude Haiku 4.5 in #​812 (b06b4)

   🐞 Bug Fixes

• Generate correct filename for sass files when dts is enabled  -  by @​ocavue in #​802 (848a7)
• css:
  • Handle virtual module IDs from framework plugins  -  by @​sxzz (c421f)
  • Ignore css imports with URL query  -  by @​ocavue and @​sxzz in #​806 (c1d23)

    View changes on GitHub

v0.21.0

Compare Source

v0.21.0 - Notable Changes

Breaking Changes

Dependency options renamed to deps namespace

The dependency-related options have been moved under a new deps namespace with clearer names:

• external -> deps.neverBundle
• noExternal -> deps.alwaysBundle
• inlineOnly -> deps.onlyAllowBundle
• skipNodeModulesBundle -> deps.skipNodeModulesBundle

Before:

export default defineConfig({
  external: ['vue'],
  noExternal: ['lodash'],
})

After:

export default defineConfig({
  deps: {
    neverBundle: ['vue'],
    alwaysBundle: ['lodash'],
  },
})

The old options still work but are deprecated and will emit warnings.

failOnWarn default changed from 'ci-only' to false

If you relied on the previous behavior where warnings would fail the build in CI environments, you now need to explicitly set failOnWarn: true or failOnWarn: 'ci-only' in your config.

Node.js < 22.18.0 deprecated

tsdown now emits a deprecation warning when running on Node.js versions below 22.18.0. Plan to upgrade your Node.js version accordingly.

New Features

Experimental Node.js SEA executable bundling (exe)

tsdown can now bundle your TypeScript project into a standalone executable using Node.js Single Executable Applications (SEA). A new @tsdown/exe package provides cross-platform executable building support. See the exe documentation for details.

export default defineConfig({
  exe: true, // or { useCodeCache: true, useSnapshot: true }
})

Full CSS pipeline with @tsdown/css

CSS handling has been reimplemented as a native Rolldown plugin and extracted into the @tsdown/css package, providing a complete CSS pipeline with Lightning CSS and PostCSS support via the css.transformer option. See the CSS documentation for details.

inlinedDependencies field in package.json

When using the exports feature, tsdown now auto-generates an inlinedDependencies field in your package.json, listing dependencies that are bundled into the output.

Object option for customExports

customExports now supports an object format for more fine-grained control over the generated exports field.

Migration Guide

1. Update dependency options: Rename external -> deps.neverBundle, noExternal -> deps.alwaysBundle, etc.
2. Check failOnWarn: If you need warnings to fail the build in CI, explicitly set failOnWarn: 'ci-only' or failOnWarn: true.
3. Upgrade Node.js: Ensure you're running Node.js

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.