chore: bump up all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@oxc-node/core	^0.0.32 → ^0.0.35			devDependencies	patch
cross-platform-actions/action	v0.29.0 → v0.32.0			action	minor
pnpm (source)	10.18.0 → 10.30.1			packageManager	minor
rolldown (source)	1.0.0-beta.43 → 1.0.0-rc.5			devDependencies	patch
rolldown-plugin-dts	^0.16.12 → ^0.22.0			devDependencies	minor
tree-sitter (source)	0.25.10 → 0.26.0			dependencies	minor
tsdown (source)	^0.15.6 → ^0.20.0			devDependencies	minor

---

Release Notes

oxc-project/oxc-node (@​oxc-node/core)

v0.0.35

Compare Source

Bug Fixes

• core: transform tla error (#​355) (3374ad1)
• sourcemaps for pirates hook. (#​350) (dc915e0)

v0.0.34

Compare Source

Note: Version bump only for package oxc-node

v0.0.33

Compare Source

What's Changed

• chore(deps): update github-actions by @​renovate[bot] in #​226
• chore(deps): update actions/download-artifact action to v5 by @​renovate[bot] in #​227
• chore(deps): lock file maintenance by @​renovate[bot] in #​228
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​229
• chore(deps): update oxc to ^0.82.0 by @​renovate[bot] in #​230
• chore(deps): update oxc to v0.82.1 by @​renovate[bot] in #​231
• chore(deps): update github-actions by @​renovate[bot] in #​233
• chore(deps): update oxc to v0.82.2 by @​renovate[bot] in #​232
• chore(deps): update actions/checkout action to v5 by @​renovate[bot] in #​234
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​237
• chore(deps): lock file maintenance by @​renovate[bot] in #​236
• chore(deps): update oxc by @​renovate[bot] in #​238
• chore(deps): update github-actions by @​renovate[bot] in #​239
• chore(deps): lock file maintenance rust crates by @​renovate[bot] in #​241
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​240
• chore(deps): update dependency tinybench to v5 by @​renovate[bot] in #​235
• chore(deps): lock file maintenance by @​renovate[bot] in #​242
• chore(deps): update rust crate oxc_resolver to v11.7.0 by @​renovate[bot] in #​243
• chore(deps): update rust crate oxc_resolver to v11.7.1 by @​renovate[bot] in #​244
• chore(deps): update oxc to ^0.83.0 by @​renovate[bot] in #​245
• fix: add shebang to index.ts for node execution by @​situ2001 in #​246
• chore(deps): update oxc to ^0.85.0 by @​renovate[bot] in #​248
• chore(deps): update rust crate tracing-subscriber to v0.3.20 [security] by @​renovate[bot] in #​247
• chore(deps): update oxc to ^0.86.0 by @​renovate[bot] in #​249
• chore(deps): update taiki-e/install-action action to v2.58.29 by @​renovate[bot] in #​250
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​252
• chore(deps): lock file maintenance by @​renovate[bot] in #​251
• chore(deps): update actions/setup-node action to v5 by @​renovate[bot] in #​254
• chore(deps): update github-actions by @​renovate[bot] in #​253
• chore(deps): lock file maintenance by @​renovate[bot] in #​255
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​256
• chore(deps): update oxc to ^0.87.0 by @​renovate[bot] in #​257
• chore(deps): update rust crate oxc_resolver to v11.7.2 by @​renovate[bot] in #​258
• chore(deps): update github-actions by @​renovate[bot] in #​259
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​260
• chore(deps): lock file maintenance rust crates by @​renovate[bot] in #​261
• chore(deps): lock file maintenance by @​renovate[bot] in #​262
• chore(deps): lock file maintenance by @​renovate[bot] in #​263
• chore(deps): update oxc to ^0.88.0 by @​renovate[bot] in #​264
• chore(deps): update oxc by @​renovate[bot] in #​265
• chore(deps): update rust crate oxc_resolver to v11.8.1 by @​renovate[bot] in #​266
• chore(deps): update github-actions by @​renovate[bot] in #​268
• fix(cli): use import.meta.resolve for register module path by @​fengmk2 in #​267
• chore(deps): update rust crate oxc_resolver to v11.8.2 by @​renovate[bot] in #​269
• chore(deps): update oxc to ^0.90.0 by @​renovate[bot] in #​270
• chore(deps): update dependency rust to v1.90.0 by @​renovate[bot] in #​271
• chore(deps): update dependency @​oxc-project/runtime to ^0.91.0 by @​renovate[bot] in #​272
• chore(deps): update dependency g-plane/pretty_yaml to v0.5.1 by @​renovate[bot] in #​273
• chore(deps): update dependency dprint/dprint-plugin-typescript to v0.95.11 by @​renovate[bot] in #​275
• chore(deps): update taiki-e/install-action action to v2.62.0 by @​renovate[bot] in #​276
• chore(deps): update dependency dprint/dprint-plugin-markdown to v0.19.0 by @​renovate[bot] in #​274
• chore(deps): update dependency p-timeout to v7 by @​renovate[bot] in #​277
• chore(deps): lock file maintenance by @​renovate[bot] in #​278
• chore(deps): update rust crate oxc_resolver to v11.8.3 by @​renovate[bot] in #​280
• chore(deps): update oxc to ^0.92.0 by @​renovate[bot] in #​281
• chore(deps): update oxc by @​renovate[bot] in #​282
• chore(deps): update github-actions by @​renovate[bot] in #​284
• chore(deps): update dependency lerna to v9 by @​renovate[bot] in #​285
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​286
• chore(deps): update oxc by @​renovate[bot] in #​287
• chore(deps): update rust crate oxc_resolver to v11.9.0 by @​renovate[bot] in #​288
• chore(deps): update github-actions by @​renovate[bot] in #​289
• chore(deps): lock file maintenance by @​renovate[bot] in #​291
• chore(deps): update github/codeql-action action to v4 by @​renovate[bot] in #​290
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​292
• chore(deps): lock file maintenance by @​renovate[bot] in #​293
• chore(deps): update oxc to ^0.95.0 by @​renovate[bot] in #​294
• chore(deps): update rust crate oxc_resolver to v11.10.0 by @​renovate[bot] in #​295
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in #​298
• chore(deps): update github-actions by @​renovate[bot] in #​296
• chore(deps): update dependency dprint-markdown to v0.20.0 by @​renovate[bot] in #​297
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​299
• chore(deps): lock file maintenance rust crates by @​renovate[bot] in #​300
• chore(deps): update dependency dprint-json to v0.21.0 by @​renovate[bot] in #​301
• chore(deps): lock file maintenance by @​renovate[bot] in #​302
• chore(deps): update rust crate oxc_resolver to v11.11.0 by @​renovate[bot] in #​303
• chore(deps): update rust crate oxc_resolver to v11.11.1 by @​renovate[bot] in #​304
• chore(deps): update github-actions (major) by @​renovate[bot] in #​310
• chore(deps): update github-actions by @​renovate[bot] in #​309
• chore(deps): lock file maintenance by @​renovate[bot] in #​311
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​312
• chore(deps): update rust crate oxc_resolver to v11.12.0 by @​renovate[bot] in #​313
• chore(deps): update oxc to ^0.96.0 by @​renovate[bot] in #​314
• chore(deps): update dependency rust to v1.91.0 by @​renovate[bot] in #​315
• chore(deps): update rust crate oxc_resolver to v11.13.0 by @​renovate[bot] in #​316
• chore(deps): update dependency dprint-typescript to v0.95.12 by @​renovate[bot] in #​317
• chore(deps): update dependency node to v24 by @​renovate[bot] in #​319
• chore(deps): update github-actions by @​renovate[bot] in #​318
• chore(deps): lock file maintenance by @​renovate[bot] in #​320
• chore(deps): lock file maintenance npm packages by @​renovate[bot] in #​321
• fix: fix build by @​Boshen in #​323
• chore(deps): update rust crate oxc_resolver to v11.13.1 by @​renovate[bot] in #​324
• chore(deps): bump napi to latest by @​Boshen in #​325
• chore: update linker config by @​Boshen in #​326
• chore: disable s390x-unknown-linux-gnu by @​Boshen in #​327

New Contributors

• @​situ2001 made their first contribution in #​246
• @​fengmk2 made their first contribution in #​267

Full Changelog: oxc-project/oxc-node@v0.0.32...v0.0.33

cross-platform-actions/action (cross-platform-actions/action)

v0.32.0

Compare Source

Added

• Initial release

v0.31.0

Compare Source

Added

• Initial release

v0.30.0

Compare Source

Added

• Initial release

pnpm/pnpm (pnpm)

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0

Compare Source

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

v10.28.1

Compare Source

v10.28.0

Compare Source

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

• Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

• Fix installation of Git dependencies using annotated tags #​10335.

  Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

• Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

• Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

• Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
• Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.

Platinum Sponsors

Gold Sponsors

	config help if that's undesired. If you want to rebase/retry this PR, check this box This PR was generated by Mend Renovate. View the repository job log.