chore(deps): update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@antfu/eslint-config	6.2.0 → 6.7.3
@inquirer/prompts (source)	7.9.0 → 7.10.1
@types/discord-rpc (source)	4.0.9 → 4.0.10
@types/lodash (source)	4.17.20 → 4.17.21
@types/node (source)	24.9.2 → 24.10.6
@vitest/coverage-v8 (source)	4.0.6 → 4.0.16
@vitest/ui (source)	4.0.6 → 4.0.16
esbuild	^0.25.11 → ^0.27.0
eslint (source)	9.38.0 → 9.39.2
eslint-plugin-format	1.0.2 → 1.2.0
eslint-plugin-json-schema-validator (source)	5.4.1 → 5.5.0
form-data	4.0.4 → 4.0.5
got	14.6.1 → 14.6.6
sharp (source, changelog)	0.34.4 → 0.34.5
vitest (source)	4.0.6 → 4.0.16
whatwg-url	14.1.1 → 14.2.0
ws	8.18.3 → 8.19.0

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v6.7.3

Compare Source

   🐞 Bug Fixes

• pnpm: Remove catalogMode in the enforced settings  -  by @​antfu (4fc09)

    View changes on GitHub

v6.7.2

Compare Source

   🐞 Bug Fixes

• Update react rules to match eslint-react v2  -  by @​Rel1cx in #​795 (6b425)
• pnpm: Add ignore for @​types/vscode in json-enforce-catalog  -  by @​jinghaihan in #​794 (95685)

    View changes on GitHub

v6.7.1

Compare Source

   🐞 Bug Fixes

• pnpm: Do not set catalogMode when catalogs is not enabled  -  by @​antfu (0471e)

    View changes on GitHub

v6.7.0

Compare Source

   🚀 Features

• Add more options to toggle configs  -  by @​antfu (203b8)

   🐞 Bug Fixes

• pnpm: Respect yaml and jsonc config in the factory, close #​791  -  by @​antfu in #​791 (3e0c5)

    View changes on GitHub

v6.6.1

Compare Source

   🐞 Bug Fixes

• pnpm: Detection  -  by @​antfu (e649f)

    View changes on GitHub

v6.6.0

Compare Source

   🐞 Bug Fixes

• pnpm: Enforce catalog usage based on smart detection  -  by @​antfu (654c0)

    View changes on GitHub

v6.5.1

Compare Source

   🐞 Bug Fixes

• Adopt to tsdown extension change, close #​786, close #​787  -  by @​antfu in #​786 and #​787 (c16d3)

    View changes on GitHub

v6.5.0

Compare Source

   🚀 Features

• react: React compiler preset  -  by @​hyoban in #​784 (663e0)

   🐞 Bug Fixes

• Spelling of required-scrpts  -  by @​christopher-buss in #​785 (26185)
• pnpm: Remove cleanupUnusedCatalogs setting  -  by @​antfu (f712a)

    View changes on GitHub

v6.4.2

Compare Source

   🐞 Bug Fixes

• pnpm: Move pnpm-workspace.yaml sorting config from yaml to pnpm  -  by @​antfu (fc2b1)

    View changes on GitHub

v6.4.1

Compare Source

No significant changes

    View changes on GitHub

v6.3.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (2d2b6)

   🐞 Bug Fixes

• Ts error from cb29b1a  -  by @​daflyinbed in #​782 (b4e49)

    View changes on GitHub

SBoudrias/Inquirer.js (@​inquirer/prompts)

v7.10.1

Compare Source

• [Node 18 compat] Downgraded to mute-stream@​2 to maintain Node 18 compatibility.

v7.10.0

Compare Source

• feat @inquirer/input: Now support simple RegExp validation with pattern/patternError.
• fix @inquirer/editor: Fix typo s/waitForUseInput/waitForUserInput
• Bump dependencies

vitest-dev/vitest (@​vitest/coverage-v8)

v4.0.16

Compare Source

   🐞 Bug Fixes

• Fix browser mode default testTimeout back to 15 seconds  -  by @​hi-ogawa in #​9167 (da0ad)
• Avoid crashing on process.versions stub  -  by @​AriPerkkio in #​9174 (78cfb)
• Reject calling suite function inside test  -  by @​hi-ogawa in #​9198 (1a259)
• Allow inlining fully dynamic import  -  by @​hi-ogawa in #​9137 (56851)
• Fix module graph UI on html reporter with headless browser mode  -  by @​hi-ogawa in #​9219 (60642)
• Log deprecated test.poolOptions if it's set  -  by @​sheremet-va in #​9226 (f7f6a)
• browser:
  • Import recordArtifact from the vitest package  -  by @​macarie in #​9186 (01c56)
  • Fix import.meta.env define  -  by @​hi-ogawa in #​9205 (01a9a)
  • String formatting bug when including placeholders in console.log  -  by @​michael-debs and @​hi-ogawa in #​9030 and #​9131 (84a30)
• coverage:
  • Istanbul untested files source maps are off  -  by @​AriPerkkio in #​9208 (372e8)
• experimental:
  • Export setupEnvironment for custom pools  -  by @​AriPerkkio in #​9187 (5d26b)

    View changes on GitHub

v4.0.15

Compare Source

   🚀 Experimental Features

• cache: Add opt-out on a plugin level, fix internal root cache  -  by @​sheremet-va in #​9154 (a68f7)
• reporters: Print import duration breakdown  -  by @​sheremet-va in #​9105 (122ff)

   🐞 Bug Fixes

• Keep built-in id as is in bun and deno  -  by @​sheremet-va in #​9117 (075ab)
• Use optimizeDeps.rolldownOptions to fix depreated warning + fix ssr.external: true  -  by @​hi-ogawa in #​9121 (fd8bd)
• Fix external behavior with deps.optimizer  -  by @​hi-ogawa in #​9125 (4c754)
• Very minor typo in "Chrome DevTools Protocol"  -  by @​HowToTestFrontend in #​9146 (20997)
• browser: Run toMatchScreenshot only once when used with expect.element  -  by @​macarie in #​9132 (0d2e7)
• coverage: Istanbul provider to not break source maps  -  by @​AriPerkkio in #​9040 (e4ca9)
• deps: Update dependency tinyexec to v1  -  in #​9122 (fd786)
• docs: Remove --browser.provider from docs  -  by @​sheremet-va in #​9115 (120b3)
• expect: Preserve currentTestName in extended matchers  -  by @​macarie in #​9106 (e4345)
• pool: Terminate workers on CTRL+c forceful exits  -  by @​AriPerkkio in #​9140 (d57d8)
• reporters: Show project in github reporter  -  by @​sheremet-va in #​9138 (bb65e)
• spy: Do not mock overriden method, if parent was automocked  -  by @​sheremet-va in #​9116 (1a246)
• web-worker: MessagePort objects passed to Worker.postMessage work when clone === "native"  -  by @​whitphx in #​9118 (deee8)

    View changes on GitHub

v4.0.14

Compare Source

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in #​9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in #​9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in #​8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in #​9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in #​9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in #​9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in #​9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #​9018  -  by @​sheremet-va in #​9072 and #​9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in #​9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in #​9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in #​9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in #​9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in #​9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in #​9057 (acc51)

    View changes on GitHub

v4.0.13

Compare Source

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in #​9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in #​9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in #​9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in #​9076 (6b9a1)

    View changes on GitHub

v4.0.12

Compare Source

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in #​9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in #​9066 (e944a)

    View changes on GitHub

v4.0.11

Compare Source

   🚀 Experimental Features

• api: Add extensible test artifact API  -  by @​macarie in #​8987 (77292)
  • See more at https://vitest.dev/api/advanced/artifacts
• expect: Provide task in MatchState  -  by @​macarie in #​9022 (afd1f)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in #​8994 (d6d33)
  • See more at https://vitest.dev/guide/open-telemetry

   🏎 Performance

• experimental: Add file system cache  -  by @​sheremet-va in #​9026 (1b147)
  • See more at https://vitest.dev/config/experimental#experimental-fsmodulecache

    View changes on GitHub

v4.0.10

Compare Source

   🐞 Bug Fixes

• Remove onCancel when worker is terminated  -  by @​sheremet-va in #​9033 (6d7f0)
• browser:
  • Don't scale the iframe if UI is disabled  -  by @​sheremet-va in #​9018 (5406e)
  • Handle dependency stack traces with external source maps. Resolves: #​9003  -  by @​iclectic in #​9016 and #​9003 (57ae5)
• bun:
  • Parsing of stack trace for bun runtime  -  by @​nazarhussain in #​9032 (f3ec6)
• core:
  • Prevent starting new run when cancelling  -  by @​AriPerkkio in #​8991 (eb98d)
• pool:
  • Prevent writing to closed worker  -  by @​AriPerkkio and @​sheremet-va in #​9023 (042c6)
• reporters:
  • Report correct test run duration at the end  -  by @​sheremet-va in #​8969 (bc3a6)
• ui:
  • Use execution time from ws reporter (onFinished)  -  by @​userquin in #​8975 (f56dc)

    View changes on GitHub

v4.0.9

Compare Source

   🚀 Experimental Features

• expect: Add Set support to toBeOneOf  -  by @​tim-we and @​sheremet-va in #​8906 (a415d)

   🐞 Bug Fixes

• browser: Add favicon icons to the browser mode ui  -  by @​userquin in #​8972 (353ee)
• forks: Increase worker start timeout  -  by @​AriPerkkio in #​9027 (5e750)
• jsdom: Cloned request is an instance of Request  -  by @​sheremet-va in #​8985 (506a9)
• ui: Collect file/suite/test duration correctly  -  by @​userquin in #​8976 (8016d)

    View changes on GitHub

v4.0.8

Compare Source

   🐞 Bug Fixes

• Workaround noExternal merging bug on Vite 6  -  by @​hi-ogawa in #​8950 (bcb13)
• Missed context.d.ts file  -  by @​termorey in #​8965 (9044d)
• Incorrect error message for non-awaited expect.element()  -  by @​StyleShit in #​8954 (9638d)
• browser: Cleanup frame-ancestors from CSP header at coverage middleware  -  by @​userquin in #​8941 (1f730)
• deps: Update all non-major dependencies  -  by @​sheremet-va in #​8636 (da8b9)
• forks: Do not fail with Windows Defender enabled  -  by @​sheremet-va in #​8967 (c79f4)
• runner: Properly encode Uint8Array body in annotations  -  by @​Livan-pro in #​8951 (997ca)
• spy: Copy static properties if spy is initialised with vi.fn(), fix types for vi.spyOn(obj, class)  -  by @​sheremet-va in #​8956 (75e7f)
• webdriverio: When no argument is passed to the .click interaction command, the webdriver command should also have no argument  -  by @​julienw in #​8937 (069e6)

    View changes on GitHub

v4.0.7

Compare Source

   🐞 Bug Fixes

• Bind process in case global is overwritten  -  by @​AriPerkkio in #​8916 (6240d)
• Create environment once per worker with isolate: false  -  by @​sheremet-va in #​8915 (c9078)
• Add Locator as a possible element type in toContainElement() matcher  -  by @​vitalybaev in #​8910 and #​8927 (35a27)
• browser: Inherit isolate option, deprecate browser.isolate/browser.fileParallelism  -  by @​sheremet-va in #​8890 (9d2b4)
• cli: Parse --execArgv as array  -  by @​AriPerkkio in #​8924 (751c3)
• jsdom: Support URL.createObjectURL, FormData.set(prop, blob)  -  by @​sheremet-va in #​8935 (a1b73)
• pool: Avoid --require argument when running in deno  -  by @​pi0 in #​8897 (d41fa)
• typecheck: Handle re-runs outside tsc  -  by @​AriPerkkio in #​8920 (fdb2e)

   🏎 Performance

• pool:
  • Sort test files by project by default  -  by @​AriPerkkio in #​8914 (680a6)
• reporters:
  • Optimize getting the tests stats  -  by @​Connormiha in #​8908 (06d62)
  • Remove unnecessary Array.from call  -  by @​Connormiha in #​8907 (b6014)

    View changes on GitHub

evanw/esbuild (esbuild)

v0.27.2

Compare Source

• Allow import path specifiers starting with #/ (#​4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#​4357, #​4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  
  /* Old output (with --target=chrome110) */
  main {
    mask: url(x.png) center/5rem no-repeat;
  }
  
  /* New output (with --target=chrome110) */
  main {
    -webkit-mask: url(x.png) center/5rem no-repeat;
    mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#​4176, #​4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}
  
  // New output (with --minify)
  x===0?foo():bar();

• Forbid using declarations inside switch clauses (#​4323)

  This is a rare change to remove something that was previously possible. The Explicit Resource Management proposal introduced using declarations. These were previously allowed inside case and default clauses in switch statements. This had well-defined semantics and was already widely implemented (by V8, SpiderMonkey, TypeScript, esbuild, and others). However, it was considered to be too confusing because of how scope works in switch statements, so it has been removed from the specification. This edge case will now be a syntax error. See tc39/proposal-explicit-resource-management#215 and rbuckton/ecma262#14 for details.

  Here is an example of code that is no longer allowed:

  switch (mode) {
    case 'read':
      using readLock = db.read()
      return readAll(readLock)
  
    case 'write':
      using writeLock = db.write()
      return writeAll(writeLock)
  }

  That code will now have to be modified to look like this instead (note the additional { and } block statements around each case body):

  switch (mode) {
    case 'read': {
      using readLock = db.read()
      return readAll(readLock)
    }
    case 'write': {
      using writeLock = db.write()
      return writeAll(writeLock)
    }
  }

  This is not being released in one of esbuild's breaking change releases since this feature hasn't been finalized yet, and esbuild always tracks the current state of the specification (so esbuild's previous behavior was arguably incorrect).

v0.27.1

Compare Source

• Fix bundler bug with var nested inside if (#​4348)

  This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

• Fix minifier bug with for inside try inside label (#​4351)

  This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

  // Original code
  d: {
    e: {
      try {
        while (1) { break d }
      } catch { break e; }
    }
  }
  
  // Old output (with --minify)
  a:try{e:for(;;)break a}catch{break e}
  
  // New output (with --minify)
  a:e:try{for(;;)break a}catch{break e}

• Inline IIFEs containing a single expression (#​4354)

  Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

  // Original code
  const foo = () => {
    const cb = () => {
      console.log(x())
    }
    return cb()
  }
  
  // Old output (with --minify)
  const foo=()=>(()=>{console.log(x())})();
  
  // New output (with --minify)
  const foo=()=>{console.log(x())};

• The minifier now strips empty finally clauses (#​4353)

  This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

  // Original code
  function foo(callback) {
    if (DEBUG) stack.push(callback.name);
    try {
      callback();
    } finally {
      if (DEBUG) stack.pop();
    }
  }
  
  // Old output (with --minify --define:DEBUG=false)
  function foo(a){try{a()}finally{}}
  
  // New output (with --minify --define:DEBUG=false)
  function foo(a){a()}

• Allow tree-shaking of the Symbol constructor

  With this release, calling Symbol is now considered to be side-effect free when the argument is known to be a primitive value. This means esbuild can now tree-shake module-level symbol variables:

  // Original code
  const a = Symbol('foo')
  const b = Symbol(bar)
  
  // Old output (with --tree-shaking=true)
  const a = Symbol("foo");
  const b = Symbol(bar);
  
  // New output (with --tree-shaking=true)
  const b = Symbol(bar);

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#​4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

[Compare Source](https://redirect.github.com/evanw/esbuild/compa

---

Configuration

📅 Schedule: Branch creation - Only on Friday ( * * * * 5 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: cli/package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code EOVERRIDE
npm error Override for [email protected] conflicts with direct dependency
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-01-13T05_36_48_264Z-debug-0.log

[github-actions]

📝 Documentation Preview

Your documentation changes are ready for preview!

🔍 View Preview

This preview will be automatically updated when you push new commits to this PR.