Skip to content

chore(deps): update all non-major dependencies#63

Merged
chenjiahan merged 1 commit into
mainfrom
renovate/all-minor-patch
Jun 19, 2026
Merged

chore(deps): update all non-major dependencies#63
chenjiahan merged 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@rsbuild/core (source) ^2.0.9^2.0.15 age confidence
@rslib/core (source) ^0.22.0^0.23.0 age confidence
@rslint/core ^0.6.1^0.6.2 age confidence
@rstest/core (source) ^0.10.3^0.10.6 age confidence
@types/node (source) ^24.12.4^24.13.2 age confidence
pnpm (source) 11.5.011.8.0 age confidence
prettier (source) ^3.8.3^3.8.4 age confidence

Release Notes

web-infra-dev/rsbuild (@​rsbuild/core)

v2.0.15

Compare Source

What's Changed

New Features 🎉
Performance 🚀
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rsbuild@v2.0.14...v2.0.15

v2.0.14

Compare Source

What's Changed

Performance 🚀
Other Changes

Full Changelog: web-infra-dev/rsbuild@v2.0.13...v2.0.14

v2.0.13

Compare Source

What's Changed

New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rsbuild@v2.0.12...v2.0.13

v2.0.12

Compare Source

What's Changed

New Features 🎉
Performance 🚀
Bug Fixes 🐞
Refactor 🔨
Document 📖
Other Changes

Full Changelog: web-infra-dev/rsbuild@v2.0.11...v2.0.12

v2.0.11

Compare Source

What's Changed

Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rsbuild@v2.0.10...v2.0.11

v2.0.10

Compare Source

What's Changed

New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rsbuild@v2.0.9...v2.0.10

web-infra-dev/rslib (@​rslib/core)

v0.23.0

Compare Source

What's Changed

New Features 🎉
Performance 🚀
Other Changes

Full Changelog: web-infra-dev/rslib@v0.22.1...v0.23.0

v0.22.1

Compare Source

What's Changed
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.22.0...v0.22.1

web-infra-dev/rslint (@​rslint/core)

v0.6.2

Compare Source

What's Changed

New Features 🎉
Performance 🚀
Bug Fixes 🐞
Refactor 🔨
Other Changes

Full Changelog: web-infra-dev/rslint@v0.6.1...v0.6.2

web-infra-dev/rstest (@​rstest/core)

v0.10.6

Compare Source

What's Changed

Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rstest@v0.10.5...v0.10.6

v0.10.5

Compare Source

What's Changed

New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rstest@v0.10.4...v0.10.5

v0.10.4

Compare Source

What's Changed
New Features 🎉
Bug Fixes 🐞
Refactor 🔨
  • refactor(core): single-source RSTEST_* env-var names by @​fi3ework in #​1387
  • refactor(core, adapters): single-source adapter cache-key & target→env logic by @​fi3ework in #​1384
  • refactor(coverage): single-source provider contract and align collect error handling by @​fi3ework in #​1385
  • refactor(core): single-source reporter map and GitHub Actions detection by @​fi3ework in #​1383
  • refactor(core): single-source test-execution runtime contracts by @​fi3ework in #​1381
  • refactor(browser): deepen core↔browser seam and close browser-mode drift hazards by @​fi3ework in #​1382
  • refactor(core): consolidate runtime primitives (file task-id, env-loader registry, scoped-restore LIFO) by @​fi3ework in #​1379
  • refactor(browser): single-source the runner dispatch method vocabulary by @​fi3ework in #​1380
  • refactor(browser): single-source the snapshot RPC method/args contract by @​fi3ework in #​1377
  • refactor(core): single-source reporter run-count derivation and CLI/init owners by @​fi3ework in #​1374
  • refactor(core): gate global setup once and co-locate run verdict by @​fi3ework in #​1371
  • refactor(core): derive hook registration signatures from RunnerAPI by @​fi3ework in #​1370
  • refactor(core): own runtime-contract grammar for chunk names and worker import hooks by @​fi3ework in #​1366
  • refactor(core, browser): deepen core↔browser seams and dedupe shared primitives by @​fi3ework in #​1362
  • refactor(core): unify dynamic-import resolver across CJS/ESM worker loaders by @​fi3ework in #​1359
  • refactor(browser): drop unused internal browser surface by @​fi3ework in #​1360
  • refactor(core): move internal browser host subpaths under ./internal by @​fi3ework in #​1358
Document 📖
Other Changes

Full Changelog: web-infra-dev/rstest@v0.10.3...v0.10.4

pnpm/pnpm (pnpm)

v11.8.0

Compare Source

Minor Changes

  • c112b61: Added a --dry-run option to pnpm install. It runs a full dependency resolution and reports what an install would change, but writes nothing to disk (no lockfile, no node_modules) and always exits with code 0. This mirrors the preview semantics of npm install --dry-run #​7340.

  • 179ebc4: pnpm run --no-bail now exits with a non-zero exit code when any of the executed scripts fail, while still running every matched script to completion. This makes the exit-code behavior of --no-bail consistent between recursive and non-recursive runs (recursive runs already failed at the end). Previously, a non-recursive pnpm run --no-bail always exited with code 0, even when a script failed #​8013.

  • 0474a9c: Added support for generating Node.js package maps at node_modules/.package-map.json during isolated and hoisted installs. Added the node-experimental-package-map setting to inject the generated map into pnpm-managed Node.js script environments, and the node-package-map-type setting to choose between standard and loose package maps.

  • dcededc: pnpm sbom now marks components reachable only through devDependencies with CycloneDX scope: "excluded" and the cdx:npm:package:development property. The excluded scope documents "component usage for test and other non-runtime purposes", which matches the semantics of a devDependency; the property is the CycloneDX npm-taxonomy marker emitted by @cyclonedx/cyclonedx-npm, so both modern (scope) and existing (property) consumers are covered. Components reachable at runtime (including installed optionalDependencies) omit scope and default to required.

  • 1495cb0: Added per-package SBOM generation with --out and --split flags. Use --out out/%s.cdx.json to write one SBOM per workspace package to individual files, or --split for NDJSON output to stdout. When --filter selects a single package, the SBOM root component now uses that package's metadata. Workspace inter-dependencies (workspace: protocol) and their transitive dependencies are included. Author, repository, and license fall back to the root manifest when the package doesn't define them.

  • 293921a: feat(view): support searching project manifest upward when package name is omitted

    When running pnpm view without a package name, the command now searches
    upward for the nearest project manifest (package.json, package.yaml, or package.json5) and uses its name field.
    If the manifest exists but lacks a name field, an error is thrown.

    This change also replaces the find-up dependency with empathic for
    improved performance and consistency across workspace tools.

Patch Changes

  • 29ab905: Fixed pnpm update overriding the version range policy of a named catalog whose name parses as a version (e.g. catalog:express4-21). The catalog: reference carries no pinning of its own, so the prefix from the catalog entry (such as ~) is now preserved instead of being widened to ^ #​10321.

  • bee4bf4: Security: validate config dependency names and versions from the env lockfile (pnpm-lock.yaml) before using them to build filesystem paths. A committed lockfile with a traversal-shaped configDependencies name (such as ../../PWNED) or version (such as ../../../PWNED) could previously cause pnpm install to create symlinks or write package files outside node_modules/.pnpm-config and the store. Names must now be valid npm package names and versions must be exact semver versions; the same validation is applied to optional subdependencies of config dependencies, and to the legacy workspace-manifest format before any lockfile is written. See GHSA-qrv3-253h-g69c.

  • 96bdd57: Fix link: workspace protocol switching to file: after pnpm rm is run from inside a workspace package whose target workspace dependency has its own dependencies, when injectWorkspacePackages: true is set. Follow-up to #​10575, which fixed the same symptom for workspace packages without dependencies.

  • 302a2f7: No longer warn about using both packageManager and devEngines.packageManager when the two fields pin the same package manager at the same version with the same integrity hash (e.g. both pnpm@11.5.1+sha512.…). Previously the hash was stripped from the legacy packageManager field but not from devEngines.packageManager, so even identical specifications looked like a mismatch #​12028.

    The warning still fires on any genuine divergence, and several cases now state the specific reason instead of a single generic message: a different package manager, a different version, or contradictory integrity hashes for the same version.

  • 3f0fb21: Fixed the progress line showing leftover characters from external processes that write to the terminal between progress updates (e.g. an SSH passphrase prompt would leave a fragment like added 0sa':). The interactive reporter now redraws each frame in place, erasing to the end of the display before reprinting, so any such remnants are cleared #​12350.

  • 564619f: Fixed pnpm approve-builds reporting "no packages await

Note

PR body was truncated to here.

Configuration

📅 Schedule: (in timezone Asia/Shanghai)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, on day 1 and 15 of the month (* 0-3 1,15 * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@coderabbitai

coderabbitai Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Several devDependency version strings in package.json are bumped, including @rsbuild/core, @rslib/core, @rstest/core, @types/node, and prettier. The packageManager field is updated from pnpm@11.5.0 to pnpm@11.7.0. No source code, exports, or public API declarations are changed.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'chore(deps): update all non-major dependencies' accurately describes the main change, which is updating multiple non-major dependency versions in package.json.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The PR description is directly related to the changeset, providing detailed information about dependency updates and their release notes.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/all-minor-patch

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 09e22a6 to 5339ed4 Compare June 18, 2026 13:35
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 5339ed4 to 6a6d2ad Compare June 19, 2026 12:33
@chenjiahan chenjiahan merged commit 7817af9 into main Jun 19, 2026
7 checks passed
@chenjiahan chenjiahan deleted the renovate/all-minor-patch branch June 19, 2026 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenjiahan chenjiahan chenjiahan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chenjiahan