⬆️ deps: Update dependencies (non-major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@types/node (source)	22.18.6 -> 22.18.10			devDependencies	patch
node (source)	24.9.0 -> 24.10.0				minor
pnpm (source)	10.17.1 -> 10.18.2			packageManager	minor
rolldown (source)	1.0.0-beta.40 -> 1.0.0-beta.42			devDependencies	patch
typescript (source)	5.9.2 -> 5.9.3			devDependencies	patch

---

Release Notes

nodejs/node (node)

v24.10.0

Compare Source

pnpm/pnpm (pnpm)

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #​8748.
• pnpm dlx should not fail when minimumReleaseAge is set #​10037.

rolldown/rolldown (rolldown)

v1.0.0-beta.42

Compare Source

🚀 Features

• rolldown: oxc v0.94.0 (#​6428) by @​Boshen
• add CLI environment flag (#​6426) by @​IWANABETHATGUY
• dev: use RebuildStrategy#Auto by default (#​6420) by @​hyf0
• rolldown_plugin_vite_html: introduce html plugin state (#​6413) by @​shulaoda
• dev: expose build errors via DevOptions#on_output (#​6412) by @​hyf0
• dev: add binding for DevOptions#rebuild_strategy (#​6396) by @​hyf0
• dev: add RebuildStrategy::Auto to issue rebuild automatically if detecting full reload hmr update (#​6395) by @​hyf0
• debug: inject call_id for renderChunk hook (#​6392) by @​hyf0
• node/dev: add DevEngine#close (#​6377) by @​hyf0
• rust/dev: add DevEngine#close (#​6376) by @​hyf0

🐛 Bug Fixes

• rolldown_plugin_react_refresh_wrapper: register exports in next microtask (#​6423) by @​sapphi-red
• plugin/vite-resolve: try original extension before replacing with TS variants (#​6421) by @​sapphi-red
• node/resolve: take custom package json path into account (#​6419) by @​hyf0
• dev: call watchChange hook (#​6403) by @​sapphi-red
• use minify options for DCE for dce-only minify (#​6402) by @​sapphi-red
• respect package.json type field in plugin-resolved modules (#​6400) by @​hyf0
• returning result of this.resolve in resolveDynamicImport hook impacts bundle size (#​6397) by @​sapphi-red
• rolldown_plugin_json: avoid generating named exports for eval and arguments (#​6381) by @​sapphi-red
• use static property for namespace object (#​6383) by @​sapphi-red

🚜 Refactor

• rust: improve constuction of PackageJson and remove unused fields (#​6418) by @​hyf0
• introduce BindingResult to pass errors from rust to js (#​6390) by @​hyf0
• rust: rename eager_rebuild to rebuild_strategy with enum (#​6394) by @​hyf0
• rust/binding: use BindingError to cover JsError and NativeError (#​6388) by @​hyf0
• rust/binding: rename BindingError to NativeError (#​6387) by @​hyf0

📚 Documentation

• tweak built-in transforms section (#​6384) by @​sapphi-red

⚡ Performance

• dev: avoid frequent setTimeout -> clearTimeout (#​6375) by @​sapphi-red

🧪 Testing

• hmr: include generated bundle for full reloads in snapshots (#​6374) by @​sapphi-red
• dev: add test about doing hmr with not being affected by not executed modules (#​6360) by @​hyf0
• hmr: hmr patch file generation for this.addWatchFile (#​5219) by @​sapphi-red

⚙️ Miscellaneous Tasks

• deps: update crate-ci/typos action to v1.38.0 (#​6431) by @​renovate[bot]
• deps: update crate-ci/typos action to v1.37.3 (#​6429) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​6417) by @​renovate[bot]
• deps: update github-actions (#​6414) by @​renovate[bot]
• rust/test: sensible heading level for build snapshot of config variant (#​6408) by @​hyf0
• rust/test: introduce SnapshotSection to organize snapshot content (#​6407) by @​hyf0
• rust/test: extract ArtifactsSnapshot and BuildRoundOutput into standalone files (#​6406) by @​hyf0
• rust/test: introduce ArtifactsSnapshot to make generating snapshot more clear (#​6405) by @​hyf0
• deps: update crate-ci/typos action to v1.37.2 (#​6409) by @​renovate[bot]
• fix GitHub casing (#​6401) by @​iiio2
• rust: remove unused rolldown_binding_watcher crate (#​6386) by @​hyf0
• deps: update crate-ci/typos action to v1.37.1 (#​6391) by @​renovate[bot]
• node: rename normalizeErrors into aggregateBindingErrorsIntoError (#​6389) by @​hyf0
• fix typos (#​6382) by @​sapphi-red
• deps: update dependency tsdown to v0.15.6 (#​6379) by @​renovate[bot]
• deps: update crate-ci/typos action to v1.37.0 (#​6380) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to v0.16.11 (#​6378) by @​renovate[bot]
• add comment to add_watch_file that the path should be a normalized absolute path (#​6371) by @​sapphi-red
• deps: update dependency rolldown-plugin-dts to v0.16.10 (#​6373) by @​renovate[bot]

v1.0.0-beta.41

Compare Source

🚀 Features

• support output.generatedCode.symbols (#​6335) by @​IWANABETHATGUY
• rolldown: oxc v0.93.0 (#​6364) by @​Boshen
• rolldown_plugin_vite_html: finish script tag logic (#​6355) by @​shulaoda
• rolldown_plugin_vite_html: support inline html proxy (#​6353) by @​shulaoda
• rolldown_plugin_vite_html: transform script tag into js import (#​6351) by @​shulaoda
• rolldown_plugin_vite_html: overwrite script src url (#​6349) by @​shulaoda
• rolldown_plugin_vite_html: remove vite-ignore attribute (#​6348) by @​shulaoda
• rolldown_plugin_vite_html: use html5ever and markup5ever_rcdom (#​6327) by @​shulaoda
• rust/dev: support on_output callback (#​6330) by @​hyf0
• rust/dev: support disable_watcher (#​6329) by @​hyf0
• dev: introduce client/session concept into dev engine (#​6297) by @​hyf0

🐛 Bug Fixes

• 'asset' module type and CJS format produces warnings and wrong output (#​6369) by @​IWANABETHATGUY
• inlining constants in CJS by optimization.inlineConst incorrectly inlines non-constant values if the value is assigned more than once (#​6328) by @​IWANABETHATGUY
• dev: add hasLatestBuildOutput instead of scheduleBuildIfStale and add edit-reload test (#​6321) by @​sapphi-red

🚜 Refactor

• rust/dev: rename HmrManager to HmrState and tweak namings (#​6358) by @​hyf0
• rust/dev: use Bundler to expose hmr related methods (#​6356) by @​hyf0
• rolldown_plugin_vite_html: use html5gum instead (#​6343) by @​shulaoda
• dev: remove deprecated new field from HMR options and related configurations (#​6337) by @​hyf0
• dev: remove unused hmr API (#​6336) by @​hyf0
• make cjs_ast_analyzer immutable for better reuse (#​6326) by @​IWANABETHATGUY
• simplify logic for determining entry is_lived (#​6325) by @​IWANABETHATGUY

⚡ Performance

• dev: compute depended data incrementally (#​6357) by @​hyf0

🧪 Testing

• rust/hmr: use dev engine to test hmr (#​6334) by @​hyf0

⚙️ Miscellaneous Tasks

• deps: update notify (#​6368) by @​sapphi-red
• deps: lock file maintenance npm packages (#​6366) by @​renovate[bot]
• deps: update github-actions (#​6365) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to v0.16.9 (#​6354) by @​renovate[bot]
• deps: update dependency tsdown to v0.15.5 (#​6350) by @​renovate[bot]
• node: use catalog: to unify version of all dependencies (#​6339) by @​hyf0
• ci: unify node installation via oxc-project/setup-node (#​6338) by @​Boshen
• deps: update crate-ci/typos action to v1.36.3 (#​6341) by @​renovate[bot]
• remove unused snapshots (#​6331) by @​IWANABETHATGUY

microsoft/TypeScript (typescript)

v5.9.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.