chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sxzz/eslint-config	^7.5.0 → ^7.5.1
pnpm (source)	10.28.1 → 10.28.2
rollup (source)	^4.56.0 → ^4.57.0
tsdown (source)	^0.20.0 → ^0.20.1
vitest (source)	^4.0.17 → ^4.0.18

---

Release Notes

sxzz/eslint-config (@​sxzz/eslint-config)

v7.5.1

Compare Source

   🐞 Bug Fixes

• Move import condition before require  -  by @​sxzz (c3ca1)

    View changes on GitHub

pnpm/pnpm (pnpm)

v10.28.2

Compare Source

rollup/rollup (rollup)

v4.57.0

Compare Source

2026-01-27

Features

• Add import attributes to all plugin hooks that did not provide them yet (#​5700)
• Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#​5700)

Pull Requests

• #​5700: extend more hooks to include import attributes and add warnings (@​TrickyPi, @​lukastaegert)
• #​6243: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6244: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6245: chore(deps): lock file maintenance (@​renovate[bot])
• #​6246: Refactor to reduce Rollup 5 upgrade diff (@​lukastaegert)

rolldown/tsdown (tsdown)

v0.20.1

Compare Source

   🚀 Features

• inline-only: Show warnings if bundled deps  -  by @​sxzz (1e0e7)

    View changes on GitHub

vitest-dev/vitest (vitest)

v4.0.18

Compare Source

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in #​9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in #​9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in #​9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in #​9472 (22543)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@​4.0.17 ⏵ 4.0.18	+1		+1	+1
	@​sxzz/​eslint-config@​7.5.0 ⏵ 7.5.1	+1
	rollup@​4.56.0 ⏵ 4.57.0				+1
	tsdown@​0.20.0 ⏵ 0.20.1	+1		+1	+1

View full report

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/unplugin-unused@81

commit: 9f69955

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/unplugin-unused@81

commit: 4dd8105