chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@changesets/cli (source)	2.28.1 -> 2.29.7			devDependencies	minor
@types/aws-lambda (source)	8.10.148 -> 8.10.156			devDependencies	patch
@types/node (source)	22.13.14 -> 22.18.12			devDependencies	minor
@vitest/coverage-v8 (source)	3.1.1 -> 3.2.4			devDependencies	minor
dotenv	16.4.7 -> 16.6.1			devDependencies	minor
nanoid	5.1.5 -> 5.1.6			devDependencies	patch
node	22.14.0 -> 22.21.0			uses-with	minor
pnpm (source)	10.7.0 -> 10.19.0			packageManager	minor
simple-git-hooks	2.12.1 -> 2.13.1			devDependencies	minor
tsup (source)	8.4.0 -> 8.5.0			devDependencies	minor
typescript (source)	5.8.2 -> 5.9.3			devDependencies	minor
vitest (source)	3.1.1 -> 3.2.4			devDependencies	minor

---

Release Notes

changesets/changesets (@​changesets/cli)

v2.29.7

Compare Source

Patch Changes

• Updated dependencies [957f24e]:
  • @​changesets/apply-release-plan@​7.0.13

v2.29.6

Compare Source

Patch Changes

• #​1712 a3563b0 Thanks @​benmccann! - Switch to maintained fork of external-editor

v2.29.5

Compare Source

Patch Changes

• #​1693 6352819 Thanks @​Andarist! - Fixed an issue with workspace:^ and workspace:~ dependency ranges not being semantically treated as, respectively, ^CURRENT_VERSION and ~CURRENT_VERSION. This led to dependent packages being, at times, bumped too often when their dependencies with those ranges were bumped.

• Updated dependencies [6352819]:

  • @​changesets/assemble-release-plan@​6.0.9
  • @​changesets/get-release-plan@​4.0.13

v2.29.4

Compare Source

Patch Changes

• #​1668 65d6632 Thanks @​Andarist! - Fixed a crash in pre mode when trying to version private packages when tagging for private package is disabled

• Updated dependencies [65d6632]:

  • @​changesets/assemble-release-plan@​6.0.8
  • @​changesets/get-release-plan@​4.0.12

v2.29.3

Compare Source

Patch Changes

• #​1589 de8bebc Thanks @​remorses, @​vzt7! - Fixed a crash in prerelease mode when a package misses the version field in its package.json

• #​1619 c1e8a78 Thanks @​manucorporat! - Support ../ in publishConfig.directory when publishing packages

• Updated dependencies [de8bebc]:

  • @​changesets/assemble-release-plan@​6.0.7
  • @​changesets/get-release-plan@​4.0.11

v2.29.2

Compare Source

Patch Changes

• #​1636 f73f84a Thanks @​Netail! - Correctly resolve new changesets with since option when the .changeset directory is not directly in the git root

• Updated dependencies [f73f84a]:

  • @​changesets/read@​0.6.5
  • @​changesets/git@​3.0.4
  • @​changesets/get-release-plan@​4.0.10
  • @​changesets/apply-release-plan@​7.0.12

v2.29.1

Compare Source

Patch Changes

• #​1620 b15e629 Thanks @​Netail! - Correctly fetch new changesets with since if the git option diff.relative has been set to true

• Updated dependencies [b15e629]:

  • @​changesets/git@​3.0.3
  • @​changesets/apply-release-plan@​7.0.11
  • @​changesets/read@​0.6.4
  • @​changesets/get-release-plan@​4.0.9

v2.29.0

Compare Source

Minor Changes

• #​1470 29f34a3 Thanks @​JounQin! - Support scoped registries configured using package.json#publishConfig

vitest-dev/vitest (@​vitest/coverage-v8)

v3.2.4

Compare Source

   🐞 Bug Fixes

• Use correct path for optimisation of strip-literal  -  by @​mrginglymus in #​8139 (44940)
• Print uint and buffer as a simple string  -  by @​sheremet-va in #​8141 (b86bf)
• browser:
  • Show a helpful error when spying on an export  -  by @​sheremet-va in #​8178 (56007)
• cli:
  • vitest run --watch should be watch-mode  -  by @​AriPerkkio in #​8128 (657e8)
  • Use absolute path environment on Windows  -  by @​colinaaa in #​8105 (85dc0)
  • Throw error when --shard x/<count> exceeds count of test files  -  by @​AriPerkkio in #​8112 (8a18c)
• coverage:
  • Ignore SCSS in browser mode  -  by @​sheremet-va in #​8161 (0c3be)
• deps:
  • Update all non-major dependencies  -  in #​8123 (93f32)
• expect:
  • Handle async errors in expect.soft  -  by @​lzl0304 in #​8145 (68699)
• pool:
  • Auto-adjust minWorkers when only maxWorkers specified  -  by @​AriPerkkio in #​8110 (14dc0)
• reporter:
  • task.meta should be available in custom reporter's errors  -  by @​AriPerkkio in #​8115 (27df6)
• runner:
  • Preserve handler wrapping on extend  -  by @​pengooseDev in #​8153 (a9281)
• ui:
  • Ensure ui config option works correctly  -  by @​lzl0304 in #​8147 (42eeb)

    View changes on GitHub

v3.2.3

Compare Source

   🚀 Features

• browser: Use base url instead of vitest  -  by @​sheremet-va in #​8126 (1d8eb)
• ui: Show test annotations and metadata in the test report tab  -  by @​sheremet-va in #​8093 (c69be)

   🐞 Bug Fixes

• Rerun tests when project's setup file is changed  -  by @​sheremet-va in #​8097 (0f335)
• Revert expect.any return type  -  by @​sheremet-va in #​8129 (47514)
• Run only the name plugin last, not all config plugins  -  by @​sheremet-va in #​8130 (83862)
• pool:
  • Throw if user's tests use process.send()  -  by @​AriPerkkio in #​8125 (dfe81)
• runner:
  • Fast sequential task updates missing  -  by @​AriPerkkio in #​8121 (7bd11)
  • Comments between fixture destructures  -  by @​AriPerkkio in #​8127 (dc469)
• vite-node:
  • Unable to handle errors where sourcemap mapping empty  -  by @​blake-newman and @​hi-ogawa in #​8071 (8aa25)

    View changes on GitHub

v3.2.2

Compare Source

   🚀 Features

• Support rolldown-vite  -  by @​sheremet-va and @​hi-ogawa in #​7509 (c8d62)

   🐞 Bug Fixes

• browser:
  • Calculate prepare time from createTesters call on the main thread  -  by @​sheremet-va in #​8101 (142c7)
  • Optimize build output and always prebundle vitest  -  by @​sheremet-va (00a39)
  • Make custom locators available in vitest-browser-* packages  -  by @​sheremet-va in #​8103 (247ef)
• expect:
  • Ensure we can always self toEqual  -  by @​dubzzz in #​8094 (02ec8)
• reporter:
  • Allow dot reporter to work in non interactive terminals  -  by @​bstephen1 and @​AriPerkkio in #​7994 (6db9f)

    View changes on GitHub

v3.2.1

Compare Source

   🐞 Bug Fixes

• Use sha1 instead of md5 for hashing  -  by @​sheremet-va (e4c73)
• expect:
  • Fix chai import in dts  -  by @​hi-ogawa in #​8077 (a7593)
  • Export DeeplyAllowMatchers  -  by @​sheremet-va in #​8078 (30ab4)

    View changes on GitHub

v3.2.0

Compare Source

   🚀 Features

• Provide ctx.signal  -  by @​sheremet-va in #​7878 (e761f)
• Support custom colors for test.name  -  by @​AriPerkkio in #​7809 (4af5d)
• Add vi.mockObject to automock any object  -  by @​hi-ogawa and @​sheremet-va in #​7761 (465bd)
• Introduce watchTriggerPatterns option  -  by @​sheremet-va in #​7778 (a0675)
• Deprecate workspace in favor of projects  -  by @​sheremet-va and @​AriPerkkio in #​7923 (41beb)
• Explicit Resource Management support in mocked functions  -  by @​EskiMojo14 in #​7927 (b67d3)
• Add sequence.groupOrder option  -  by @​sheremet-va in #​7852 (d1a1d)
• Initial support for Temporal equality  -  by @​dirkluijk in #​8007 (52bd7)
• Support Vite 7  -  by @​sheremet-va in #​8003 (1716b)
• Track module execution totalTime and selfTime  -  by @​abrenneke in #​8027 (95961)
• Annotation API  -  by @​sheremet-va in #​7953 (b03f2)
• browser:
  • Implement connect option for playwright browser provider  -  by @​egfx-notifications and @​sheremet-va in #​7915 (029c0)
  • Add screenshot.save option  -  by @​sheremet-va in #​7777 (d9f51)
  • Custom locators API  -  by @​sheremet-va in #​7993 (e6fbd)
• coverage:
  • V8 experimental AST-aware remapping  -  by @​AriPerkkio in #​7736 (78a3d)
• reporter:
  • Add onWritePath option to github-actions  -  by @​nwalters512 and @​AriPerkkio in #​8015 (abd3b)
• vitest:
  • Allow per-file and per-worker fixtures  -  by @​sheremet-va and @​AriPerkkio in #​7704 (9cbfc)

   🐞 Bug Fixes

• Replace micromatch with picomatch  -  by @​sapphi-red in #​7951 (df076)
• Try to catch unhandled error outside of a test  -  by @​sheremet-va in #​7968 (46421)
• Generate a separate config for "vitest init browser" instead of a workspace file  -  by @​sheremet-va in #​7934 (e84e2)
• Switch ExpectStatic any types to AsymmetricMatcher<unknown>, with DeeplyAllowMatchers<T>  -  by @​JoshuaKGoldberg in #​7016 (8ec44)
• Remove unused exports  -  by @​sheremet-va in #​7618 (33d05)
• Throw an error if typechecker failed to spawn  -  by @​sheremet-va in #​7990 (0e960)
• Ignore non-string stack properties  -  by @​sheremet-va in #​7995 (330f9)
• Apply browser CLI options only if the project has the browser set in the config already  -  by @​sheremet-va in #​7984 (70358)
• Ensure errors keep their message and stack after toJSON serialisation  -  by @​sheremet-va in #​8053 (3bdf0)
• browser:
  • Resolve FS commands relative to the project root  -  by @​sheremet-va in #​7896 (69ac9)
  • Run tests serially if provider doesn't provide a mocker  -  by @​sheremet-va in #​8032 (227a9)
  • Resolve upload files relative to the project root  -  by @​sheremet-va in #​8042 (b9a31)
  • Await mocker invalidation to avoid race condition with "mock wasn't registered"  -  by @​sheremet-va in #​8021 (b34ff)
  • Share vite cache with the project cache  -  by @​sheremet-va in #​8049 (0cbad)
  • Add this type to locators.extend  -  by @​sheremet-va in #​8069 (70fb0)
• cache:
  • Preserve test results from previous runs  -  by @​macko911 in #​8043 (d6ef0)
• cli:
  • Add built-in reporters list to --help output  -  by @​pengooseDev in #​7955 (ef6ef)
  • Parse --silent values properly  -  by @​AriPerkkio in #​8055 (8fad7)
• coverage:
  • Istanbul provider to not use Vite preserved query params  -  by @​AriPerkkio in #​7939 (a05d4)
  • Browser + v8 in source tests missing  -  by @​AriPerkkio in #​7946 (51cd8)
  • In-source test cases excluded  -  by @​AriPerkkio in #​7985 (407c0)
• dev:
  • Fix relay of custom equality testers  -  by @​StefanLiebscher in #​6140 (6dc1d)
• expect:
  • Unbundle @types/chai  -  by @​hi-ogawa in #​7937 (525f5)
  • Support type-safe declaration of custom matchers  -  by @​kettanaito and @​sheremet-va in #​7656 (e996b)
• reporters:
  • Check the test result again when tests are rerunning  -  by @​sheremet-va in #​8063 (35e31)
• spy:
  • Copy over static properties from the function  -  by @​sheremet-va in #​7780 (9b9f0)
• typecheck:
  • Don't panic during vitest list command  -  by @​sheremet-va in #​7933 (ba6da)
  • Avoid creating a temporary tsconfig file when typechecking  -  by @​sheremet-va in #​7967 (34f43)
• vite-node:
  • Add __vite_ssr_exportName__  -  by @​hi-ogawa in #​7925 (76091)
• vitest:
  • Adjust getWorkerMemoryLimit priority for vmForks  -  by @​pengooseDev in #​7960 (5a91e)
• wdio:
  • Don't scale browser in headless mode  -  by @​sheremet-va in #​8033 (c23b0)

    View changes on GitHub

v3.1.4

Compare Source

   🐞 Bug Fixes

• Apply browser CLI options only if the project has the browser set in the config already  -  by @​sheremet-va in #​8002 (64f2b)

    View changes on GitHub

v3.1.3

Compare Source

   🐞 Bug Fixes

• Correctly resolve vitest import if inline: true is set  -  by @​sheremet-va in #​7856 (a83f3)
• Fix fixture parsing with lowered async with esbuild 0.25.3  -  by @​hi-ogawa in #​7921 (c5c85)
• Remove event-catcher code  -  by @​sheremet-va in #​7898 (deb1b)
• Reset mocks on test retry/repeat  -  by @​sheremet-va in #​7897 (2fa76)
• Ignore failures on writeToCache  -  by @​orgads in #​7893 (8c7f7)
• browser: Correctly inherit CLI options  -  by @​sheremet-va in #​7858 (03660)
• deps: Update all non-major dependencies  -  in #​7867 (67ef7)
• reporters: --merge-reports to show each total run times  -  by @​AriPerkkio in #​7877 (d613b)

    View changes on GitHub

v3.1.2

Compare Source

   🐞 Bug Fixes

• Add global chai variable in vitest/globals (fix: #​7474)  -  by @​Jay-Karia in #​7771 and #​7474 (d9297)
• Prevent modifying test.exclude when same object passed in coverage.exclude  -  by @​AriPerkkio in #​7774 (c3751)
• Fix already hoisted mock  -  by @​hi-ogawa in #​7815 (773b1)
• Fix test.scoped inheritance  -  by @​hi-ogawa in #​7814 (db6c3)
• Remove pointer-events-none after resizing the left panel  -  by @​alexprudhomme in #​7811 (a7e77)
• Default to run mode when stdin is not a TTY  -  by @​kentonv, @​hi-ogawa and @​sheremet-va in #​7673 (6358f)
• Use happy-dom/jsdom types for envionmentOptions  -  by @​hi-ogawa in #​7795 (67430)
• browser:
  • Fix transform error before browser server initialization  -  by @​hi-ogawa in #​7783 (5f762)
  • Fix mocking from outside of root  -  by @​hi-ogawa in #​7789 (03f55)
  • Scale iframe for non ui case  -  by @​hi-ogawa in #​6512 (c3374)
• coverage:
  • await profiler calls  -  by @​AriPerkkio in #​7763 (795a6)
  • Expose profiling timers  -  by @​AriPerkkio in #​7820 (5652b)
• deps:
  • Update all non-major dependencies  -  in #​7765 (7c3df)
  • Update all non-major dependencies  -  in #​7831 (15701)
• runner:
  • Correctly call test hooks and teardown functions  -  by @​sheremet-va in #​7775 (3c00c)
  • Show stacktrace on test timeout error  -  by @​hi-ogawa in #​7799 (df33b)
• ui:
  • Load panel sizes from storage on initial load  -  by @​userquin in #​7265 (6555d)
• vite-node:
  • Named export should overwrite export all  -  by @​hi-ogawa in #​7846 (5ba0d)
  • Add ERR_MODULE_NOT_FOUND code error if module cannot be loaded  -  by @​sheremet-va in #​7776 (f9eac)

   🏎 Performance

• browser: Improve browser parallelisation  -  by @​sheremet-va in #​7665 (816a5)

    View changes on GitHub

motdotla/dotenv (dotenv)

v16.6.1

Compare Source

Changed

• Default quiet to true – hiding the runtime log message (#​874)
• NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
• And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@​dotenvx/dotenvx').config().

v16.6.0

Compare Source

Added

• Default log helpful message [dotenv@16.6.0] injecting env (1) from .env (#​870)
• Use { quiet: true } to suppress
• Aligns dotenv more closely with dotenvx.

v16.5.0

Compare Source

Added

• 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

• Remove _log method. Use _debug #​862

ai/nanoid (nanoid)

v5.1.6

Compare Source

• Fixed infinite loop on 0 size for customAlphabet.

actions/node-versions (node)

v22.21.0: 22.21.0

Compare Source

Node.js 22.21.0

v22.20.0: 22.20.0

Compare Source

Node.js 22.20.0

v22.19.0: 22.19.0

Compare Source

Node.js 22.19.0

v22.18.0: 22.18.0

Compare Source

Node.js 22.18.0

v22.17.1: 22.17.1

Compare Source

Node.js 22.17.1

v22.17.0: 22.17.0

Compare Source

Node.js 22.17.0

v22.16.0: 22.16.0

Compare Source

Node.js 22.16.0

v22.15.1: 22.15.1

Compare Source

Node.js 22.15.1

v22.15.0: 22.15.0

Compare Source

Node.js 22.15.0

pnpm/pnpm (pnpm)

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  onlyBuiltDependencies:
    - nx@21.6.4 || 21.6.5
    - esbuild@0.25.1

  Related PR: #​10104.

• Added support for exact versions in minimumReleaseAgeExclude #​9985.

  You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - nx@21.6.5
    - webpack@4.47.0 || 5.102.1

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This wa

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.69%. Comparing base (b6239a5) to head (b2d312f).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #214   +/-   ##
=======================================
  Coverage   71.69%   71.69%           
=======================================
  Files           1        1           
  Lines          53       53           
  Branches        6        6           
=======================================
  Hits           38       38           
  Misses         15       15           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.