chore(deps-dev): bump the development-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the development-dependencies group with 8 updates in the / directory:

Package	From	To
@types/node	25.9.1	25.9.2
@typescript/native-preview	7.0.0-dev.20260526.1	7.0.0-dev.20260608.1
oxfmt	0.52.0	0.53.0
oxlint	1.67.0	1.68.0
rolldown	1.0.2	1.1.0
tsx	4.22.3	4.22.4
vitest	4.1.7	4.1.8
vscode-languageserver-types	3.17.5	3.18.0

Updates @types/node from 25.9.1 to 25.9.2

Commits

• See full diff in compare view

Updates @typescript/native-preview from 7.0.0-dev.20260526.1 to 7.0.0-dev.20260608.1

Commits

• See full diff in compare view

Updates oxfmt from 0.52.0 to 0.53.0

Changelog

Sourced from oxfmt's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

Commits

• 964a758 release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (#22883)
• See full diff in compare view

Updates oxlint from 1.67.0 to 1.68.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.68.0] - 2026-06-01

🚀 Features

• e4b1f46 linter/typescript: Implement method-signature-style rule (#22679) (Mikhail Baev)
• bc462ca linter/vue: Implement no-reserved-component-names rule (#22741) (bab)
• ef9e751 linter/vue: Implement component-definition-name-casing rule (#22818) (bab)
• d67f51a linter/vue: Implement require-prop-type-constructor rule (#22708) (bab)
• 8422e8b linter/jsdoc: Implement require-yields-description rule (#22805) (Mikhail Baev)
• fe93f97 linter/eslint: Implement prefer-named-capture-group rule (#22759) (Sebastian Poxhofer)

Commits

• 964a758 release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (#22883)
• 3f05c5e feat(linter): expose override::exclude_files option (#22884)
• e4b1f46 feat(linter/typescript): implement method-signature-style rule (#22679)
• bc462ca feat(linter/vue): implement no-reserved-component-names rule (#22741)
• ef9e751 feat(linter/vue): implement component-definition-name-casing rule (#22818)
• d67f51a feat(linter/vue): implement require-prop-type-constructor rule (#22708)
• 8422e8b feat(linter/jsdoc): implement require-yields-description rule (#22805)
• fe93f97 feat(linter/eslint): implement prefer-named-capture-group rule (#22759)
• See full diff in compare view

Updates rolldown from 1.0.2 to 1.1.0

Release notes

Sourced from rolldown's releases.

v1.1.0

[!IMPORTANT] This is a minor release. Two changes alter default behavior compared to 1.0.3. Please read this section before upgrading. Everything else is additive (new features, fixes, deps).

⚠️ Notable behavior changes

1. experimental.lazyBarrel is now enabled by default (#9632)

What changed. experimental.lazyBarrel now defaults to true. When a barrel module is recognized as side-effect-free, Rolldown skips compiling the re-exported modules that are never actually used.

Impact. For codebases with large barrel files (component libraries such as Ant Design, @mui/icons-material, etc.) this is a meaningful build-time speedup, and for the vast majority of projects the emitted output is unchanged. In rare cases where a barrel is incorrectly treated as side-effect-free, the optimization could drop a module that was being relied on for its side effects.

How to opt out (backward compatible).

// rolldown.config.js
export default {
  experimental: { lazyBarrel: false },
}

Note: this opt-out flag is planned to be removed in a future release. If you have a case where you must turn it off, please open an issue so we can fix the underlying detection instead.

---

2. tsconfig project-reference resolution now aligns with TypeScript

Upgrading oxc_resolver (11.19.1 → 11.20.0 in #9549, then → 11.21.0 in #9634) changes how a solution-style tsconfig.json (one that only lists references and delegates the real settings to tsconfig.app.json / tsconfig.node.json, as Vite scaffolds) is resolved, bringing it in line with how TypeScript (tsc) itself behaves:

• Reference match priority (oxc-resolver #1151): when the root has references, a referenced project that includes the file now takes precedence over the root, instead of the root matching it first (this is what TypeScript already does). So that project's compilerOptions.paths now apply.
• allowJs (oxc-resolver #1198): whether a .js/.jsx/.mjs/.cjs file is included is now decided by each referenced project's own allowJs, not the root's (again matching TypeScript). So tsconfig.app.json with allowJs: true + paths now resolves aliases for .js files even when the root doesn't set allowJs.

For most projects this is a fix (the standard Vite paths aliases now resolve, closes rolldown/rolldown#8468), but it is a behavior change if you relied on the previous behavior, where the root's paths / allowJs took precedence.

If you relied on the old "root wins" behavior. There is no exact toggle back, because the old behavior was the bug being fixed. The recommended path is to align your config with TypeScript: declare the paths / allowJs on the referenced project that actually owns the files.

If you must keep the old precedence while still using references: a referenced project's match wins, and the first matching references entry takes priority (the root is only a fallback when no reference claims the file). So extract the old root settings into their own config and list it first:

// tsconfig.json (solution root)
{
  "files": [],
  "references": [
    { "path": "./tsconfig.base.json" }, // old root paths/allowJs — listed first, so it wins
    { "path": "./tsconfig.app.json" },
    { "path": "./tsconfig.node.json" }
  ]
}

... (truncated)

Changelog

Sourced from rolldown's changelog.

[1.1.0] - 2026-06-03

🚀 Features

• enable experimental.lazyBarrel by default (#9632) by @​shulaoda
• import.meta.glob support caseSensitive option (#9594) by @​btea
• add SOURCEMAP_BROKEN warning for renderChunk hook (#9601) by @​sapphi-red
• add SOURCEMAP_BROKEN warning for transform hook (#9600) by @​sapphi-red
• add @__NO_SIDE_EFFECTS__ hint for invalid @__PURE__ before function declarations (#9505) by @​Copilot
• code-splitting: support group-local includeDependenciesRecursively (#9587) by @​hyf0

🐛 Bug Fixes

• report TSCONFIG_ERROR instead of UNHANDLEABLE_ERROR for a missing tsconfig file (#9633) by @​shulaoda
• browser: add missing exports and ensure consistency with rolldown package (#9629) by @​sapphi-red
• should build test-dev-server when test-node (#9610) by @​situ2001
• chunk-optimizer: refuse asymmetric merge for cyclic dynamic entries (#9320) (#9322) by @​aminpaks
• dev: handle the remaining errors in dev (#9570) by @​h-a-n-a
• handle slash-normalized ids with preserveModulesRoot (#9595) by @​IWANABETHATGUY
• json: preserve .default access on JSON default imports (#9568) by @​IWANABETHATGUY
• testing: remove unintended trigger_full_build from test harness (#9573) by @​hyf0

🚜 Refactor

• js-regex: use regress native replace/replace_all (#9607) by @​IWANABETHATGUY
• remove never-constructed ImportStatus variants (#9606) by @​Boshen

📚 Documentation

• clarify that RolldownBuild::close method should be called in most cases (#9619) by @​sapphi-red

⚡ Performance

• avoid unnecessary intermediate sourcemaps (#9599) by @​sapphi-red

🧪 Testing

• add unit test for collapsing module sourcemap (#9626) by @​sapphi-red
• cover vite-alias regex capture-group expansion (#9602) (#9608) by @​IWANABETHATGUY

⚙️ Miscellaneous Tasks

• deps: update oxc_resolver to 11.21.0 (#9634) by @​shulaoda
• update invalid option diagnostic link to point to Rolldown docs (#9631) by @​sapphi-red
• deps: update vite+ to v0.1.24 (#9628) by @​renovate[bot]
• deps: update oxc resolver to v11.20.0 (#9549) by @​renovate[bot]
• deps: update dependency vite-plus to v0.1.24 (#9470) by @​renovate[bot]
• deps: update npm packages (#9614) by @​renovate[bot]
• deps: upgrade oxc to 0.134.0 (#9625) by @​shulaoda
• deps: update crate-ci/typos action to v1.47.0 (#9620) by @​renovate[bot]

... (truncated)

Commits

• c462c7c release: v1.1.0 (#9637)
• 432bac8 feat: enable experimental.lazyBarrel by default (#9632)
• 239ca4c feat: import.meta.glob support caseSensitive option (#9594)
• be8eacc fix(browser): add missing exports and ensure consistency with rolldown pack...
• 93632ab chore(deps): update dependency vite-plus to v0.1.24 (#9470)
• b403112 feat: add SOURCEMAP_BROKEN warning for renderChunk hook (#9601)
• 84b7ed1 feat: add SOURCEMAP_BROKEN warning for transform hook (#9600)
• 31ad110 perf: avoid unnecessary intermediate sourcemaps (#9599)
• 5e05eba feat(code-splitting): support group-local includeDependenciesRecursively (#...
• 4265367 fix(dev): handle the remaining errors in dev (#9570)
• Additional commits viewable in compare view

Updates tsx from 4.22.3 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• See full diff in compare view

Updates vitest from 4.1.7 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Updates vscode-languageserver-types from 3.17.5 to 3.18.0

Release notes

Sourced from vscode-languageserver-types's releases.

release/protocol/3.18.0

No release notes provided.

release/types/3.18.0

Changes:

Feature Requests:

• #1691: Use NoInfer for better typing
• #1692: setImmediate Implementation in browser RAL for json-rpc is not ideal.
• #1698: RenameParams does not reference TextDocumentPositionParams interface in the JSON metamodel

Bugs:

• #752: Edits are applied twice
• #1717: Client requests textDocument/diagnostics before textDocument/didOpen
• #1693: Output channel leak when stopping LanguageClient
• #1581: Client error 'Failed to determine file type' after undoing rename with Cmd+Z
• #1548: Extra true in the output log when a language server disconnects

Others:

• #1785: Allow returning null in SemanticTokensFeatureShape.on handler
• #1784: SemanticTokensFeatureShape.on handler does not allow returning null
• #1780: Add getMessageString function to Diagnostic namespace
• #1779: Add 3.17 version check method for Diagnostic
• #1778: Merge next release into main
• #1777: Update lock files for dependencies
• #1775: Update dependencies and improve compatibility
• #1774: Bump qs from 6.15.0 to 6.15.2
• #1773: Implement TextDocumentSnapshot for delay open notifications
• #1772: Prevent pulling diagnostics on untitled documents
• #1770: Update documentation and fix lint errors
• #1767: Inline value documentation improvements
• #1769: Fix glob pattern documentation
• #1768: Make document color requests consistent with the specification
• #1766: Add optional MarkupContent support to diagnostics
• #1751: forgetDocument is crashing the extension host
• #1765: Fixes #1751: Prevent crash in forgetDocument when disposed
• #1752: fix: random pipe path length extends limit on macos
• #1764: Fixes double application of edits during renaming
• #1762: Bump brace-expansion from 5.0.3 to 5.0.6 in /client

... (truncated)

Commits

• 2cc5bf0 Prepare 3.18 release
• f5e23e2 Add getMessageString function to Diagnostic namespace (#1780)
• 3e8ab80 Add 3.17 version check method for Diagnostic (#1779)
• b21577c Merge next release into main (#1778)
• c08bcae Update dependencies and improve compatibility (#1775)
• f168f85 Update documentation and fix lint errors (#1770)
• c54b2fd Merge pull request #1767 from microsoft/dbaeumer/straight-gazelle-plum
• 2cf625f Add optional MarkupContent support to diagnostics (#1766)
• 0aa488d Inline value clarifications
• 85a9202 Migrate to ESLint 9 (#1747)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for vscode-languageserver-types since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vscode-languageserver-types@​3.18.0
	rolldown@​1.1.0
	vitest@​4.1.8
	@​types/​node@​25.9.2
	tsx@​4.22.4
	@​typescript/​native-preview@​7.0.0-dev.20260608.1
	oxfmt@​0.52.0 ⏵ 0.53.0	-7		+1	+1
	oxlint@​1.67.0 ⏵ 1.68.0	+1		+1

View full report