Skip to content

chore(deps): update non-major#166

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major
Open

chore(deps): update non-major#166
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major

Conversation

@renovate

@renovate renovate Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@changesets/changelog-github (source) ^0.6.0^0.7.0 age confidence devDependencies minor
@changesets/cli (source) ^2.30.0^2.31.0 age confidence devDependencies minor
@sanity/tsconfig (source) ^2.1.0^2.2.0 age confidence devDependencies minor 2.2.1
@sanity/tsdown-config (source) ^0.5.8^0.14.2 age confidence devDependencies minor 0.19.0 (+6)
@types/node (source) ^24.12.2^24.13.3 age confidence devDependencies minor
@vitest/coverage-v8 (source) ^4.1.2^4.1.10 age confidence devDependencies patch
oxfmt (source) ^0.44.0^0.59.0 age confidence devDependencies minor
oxlint (source) ^1.59.0^1.74.0 age confidence devDependencies minor
oxlint-tsgolint ^0.20.0^0.24.0 age confidence devDependencies minor
peaceiris/actions-gh-pages (changelog) 4f9cc6684c30a8 action digest
portabletext/.github (changelog) 4d2d3a0a311e91 action digest
tsdown (source) ^0.21.7^0.22.7 age confidence devDependencies minor 0.22.8
typedoc (source) ^0.28.18^0.28.20 age confidence devDependencies patch
vitest (source) ^4.1.2^4.1.10 age confidence devDependencies patch

Release Notes

changesets/changesets (@​changesets/changelog-github)

v0.7.0

Compare Source

Minor Changes
sanity-io/pkg-utils (@​sanity/tsconfig)

v2.2.0

Compare Source

Minor Changes
  • #​2959 7a1e207 Thanks @​stipsan! - Add outDir: "${configDir}/dist" to the recommended preset

    Emitting to dist is already the default in @sanity/pkg-utils and tsdown, but every repo extending these presets had to repeat it in their own tsconfig. Since ${configDir} resolves to the directory of the tsconfig that extends the preset, output now lands in the dist folder next to your package.json by default, and the manual declaration can be removed:

    {
      "extends": "@​sanity/tsconfig/strictest",
    -  "compilerOptions": {
    -    "outDir": "${configDir}/dist"
    -  }
    }
sanity-io/pkg-utils (@​sanity/tsdown-config)

v0.14.2

Compare Source

Patch Changes

v0.14.1

Compare Source

Patch Changes
  • #​3029 b50944c Thanks @​stipsan! - Relax the tsdown peer dependency from an exact pin (0.22.5) to a range (^0.22.5), so newer tsdown patch releases like 0.22.7 no longer trigger unresolved peer dependency warnings on install.

  • #​3027 a16513b Thanks @​stipsan! - Only enable devExports: true by default when the project package manager is detected as pnpm, preventing npm and other package managers from publishing source-only exports.

v0.14.0

Compare Source

Minor Changes
  • #​3017 e73018a Thanks @​stipsan! - feat: expose tsdown's top-level target option, passed through as-is like format, dts and define. It downlevels JS syntax for the given runtimes and doubles as the default CSS syntax lowering target when vanillaExtract is enabled

  • #​3017 e73018a Thanks @​stipsan! - feat: the vanillaExtract option is now powered by @sanity/vanilla-extract-tsdown-plugin instead of @vanilla-extract/rollup-plugin, so enabling it no longer pulls rollup (a peer dependency of the rollup plugin) into tsdown projects. The alpha vanillaExtract options are now modeled after the css options of @tsdown/css: extract.name is now fileName, browserslist is now the esbuild-style target (defaulting to tsdown's top-level target when it includes browsers, then @sanity/browserslist-config), extract.compatMode is now inject: {nodeCompat: true} (the default here - inject: true injects a plain relative CSS import instead), and CSS sourcemaps (extract.sourcemap) are no longer emitted, aligned with @tsdown/css. The cwd, esbuildOptions and unstable_injectFilescopes options have been removed

  • #​3017 e73018a Thanks @​stipsan! - feat: forward tsdown's exports option with the Sanity defaults documented on PackageOptions (enabled: 'local-only' and devExports: true), applied with tsdown's mergeConfig semantics: an object deep-merges over the defaults, while any other value (false, a bare CI condition) replaces them. The tsconfig option no longer defaults to 'tsconfig.json' and is forwarded as-is, since tsdown auto-detects the project tsconfig. Options that aren't exposed on PackageOptions can be customized by merging over the returned config with tsdown's mergeConfig, now documented in the README

  • #​3021 acf844f Thanks @​stipsan! - Rely on tsdown's default hashed chunk filenames ([name]-[hash].<ext>) instead of setting hash: false and emitting shared chunks into _chunks-es, _chunks-cjs and _chunks-dts folders.

    The hash suffix keeps a shared (non-entry) chunk from ever taking an entry's filename, which is what the _chunks-* folders were guarding against: code shared between two entries forms a chunk that rolldown may name after one of the entries (e.g. theme), and without the hash the d.ts output could hand the entry's theme.d.ts filename to the chunk - which exports everything under minified aliases - breaking every named import from that entry with TS2460 (see sanity-io/ui#2262). Entries keep their stable, unhashed filenames, so public import paths are unaffected; only the internal chunk filenames change (e.g. _chunks-es/theme.js becomes theme-CYP9-xTb.js).

    Opting out of the hashing is possible by merging {hash: false} over the returned config with tsdown's mergeConfig (at the risk of reintroducing the filename collision on multi-entry packages, unless outputOptions.chunkFileNames keeps chunks away from the entries).

Patch Changes

v0.13.1

Compare Source

Patch Changes

v0.13.0

Compare Source

Minor Changes
  • #​2978 9caf824 Thanks @​stipsan! - feat: support TypeScript 7 (the Go-native compiler), require TypeScript 6 or later

    BREAKING: the typescript peer dependency range is now 6.x || 7.x — TypeScript 5.x is no longer supported. TypeScript 7 is not required yet, but 6.0 is the new minimum.

    • The classic JS compiler API (used for parsing tsconfig.json and the api-extractor dts pipeline) is now always loaded from the official @typescript/typescript6 compat package (a regular dependency), since TypeScript 7 no longer ships it. The installed typescript peer no longer affects that pipeline.
    • dts: 'rolldown' upgrades to rolldown-plugin-dts 0.27.x: with typescript v7 installed, type generation automatically uses the Go-native compiler (tsgo) from the typescript package itself, without needing @typescript/native-preview. With v6, the previous behavior is unchanged (tsgo is opt-in via the tsgo option or @typescript/native-preview in devDependencies, and tsgo: false still opts out).

v0.12.1

Compare Source

Patch Changes

v0.12.0

Compare Source

Minor Changes
  • #​2967 b5d524e Thanks @​stipsan! - Emit shared (non-entry) chunks into _chunks-es, _chunks-cjs and _chunks-dts folders, following the same naming convention as @sanity/pkg-utils, instead of placing them at the root of dist next to the entries.

    A chunk could otherwise take an entry's filename: code shared between two entries forms a chunk that rolldown may name after one of the entries (e.g. theme). The JS output deduplicates such filename collisions in favor of the entry, but the d.ts output could resolve them the other way around, handing the entry's .d.ts filename to the chunk - which exports everything under minified aliases like buildTheme as x - so every named import from that entry failed to type-check with TS2460 (see sanity-io/ui#2262). With chunks emitted into their own folders they can never collide with entry filenames.

v0.11.0

Compare Source

Minor Changes
  • #​2961 c32c11d Thanks @​stipsan! - Add dts and define options, passed through to tsdown as-is.

    The dts option customizes how .d.ts files are generated, for example to use tsgo for type generation (the same feature as the tsgo option in @sanity/pkg-utils, requires @typescript/native-preview to be installed):

    import {defineConfig} from '@&#8203;sanity/tsdown-config'
    
    export default defineConfig({
      tsconfig: 'tsconfig.dist.json',
      dts: {tsgo: true},
    })

    The define option replaces global identifiers with constant expressions at build time (the same feature as the define option in @sanity/pkg-utils):

    import {defineConfig} from '@&#8203;sanity/tsdown-config'
    
    export default defineConfig({
      tsconfig: 'tsconfig.dist.json',
      define: {'process.env.NODE_ENV': JSON.stringify('production')},
    })

v0.10.0

Compare Source

Minor Changes
  • #​2937 cfa9845 Thanks @​stipsan! - feat: add the vanillaExtract option known from @sanity/pkg-utils

    Enables @vanilla-extract/rollup-plugin to extract CSS from .css.ts files into a separate file that is optimized with lightningcss. Like in @sanity/pkg-utils, the compat mode (on by default) automatically injects the self-referential import "<pkg>/bundle.css" into the entry chunk, emits a no-op bundle.css.js shim (plus bundle.css.d.ts) for runtimes that cannot import .css files, and writes the conditional "./bundle.css" export (browser/style → the real CSS, node/default → the shim) to package.json.

    The feature is fully opt-in: neither @vanilla-extract/rollup-plugin nor the CSS toolchain (lightningcss, browserslist) is loaded unless vanillaExtract is enabled.

v0.9.0

Compare Source

Minor Changes
  • #​2954 ec35d61 Thanks @​stipsan! - Add reactCompiler option, the same feature as babel: {reactCompiler: true} in @sanity/pkg-utils.

    import {defineConfig} from '@&#8203;sanity/tsdown-config'
    
    export default defineConfig({
      tsconfig: 'tsconfig.dist.json',
      reactCompiler: true,
    })

    It runs babel-plugin-react-compiler on the source files before they are bundled, so published components are memoized automatically. Pass an object instead of true to configure the compiler with the same options as babel-plugin-react-compiler (e.g. reactCompiler: {target: '18'}). Requires babel-plugin-react-compiler to be installed.

v0.8.0

Compare Source

Minor Changes
  • #​2953 fd85068 Thanks @​stipsan! - Add styledComponents option, the same feature as babel: {styledComponents: true} in @sanity/pkg-utils.

    import {defineConfig} from '@&#8203;sanity/tsdown-config'
    
    export default defineConfig({
      tsconfig: 'tsconfig.dist.json',
      styledComponents: true,
    })

    It applies the styled-components transform (adding displayName for better debugging, componentId to avoid SSR hydration mismatches, and minifying the CSS in tagged template literals) with the same defaults as @sanity/pkg-utils. Unlike @sanity/pkg-utils it doesn't require installing babel-plugin-styled-components, as it uses oxc's native port of the babel plugin. Pass an object instead of true to customize the transform with the same options as babel-plugin-styled-components.

v0.7.3

Compare Source

Patch Changes
  • #​2934 d6cfe32 Thanks @​stipsan! - fix: preserve side-effect-only imports of external packages

    Tree-shaking no longer sets the equivalent of moduleSideEffects: 'no-external' and instead relies on the bundler's default (moduleSideEffects: true). Previously, binding-less side-effect imports of external package subpaths — e.g. import 'react-time-ago/locale/en' — were stripped from the output, breaking consumers that depended on those side effects. package.json sideEffects fields are still honored for bundled modules, so dead-code elimination is unaffected.

v0.7.2

Compare Source

Patch Changes

v0.7.1

Compare Source

Patch Changes

v0.7.0

Compare Source

Minor Changes
Patch Changes

v0.6.1

Compare Source

Patch Changes

v0.6.0

Compare Source

Minor Changes
Patch Changes
vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.10

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub

v4.1.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.1.7

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.1.6

Compare Source

   🐞 Bug Fixes
   🏎 Performance
    View changes on GitHub

v4.1.5

Compare Source

   🚀 Experimental Features
   🐞 Bug Fixes
    View changes on GitHub

v4.1.4

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
oxc-project/oxc (oxfmt)

v0.59.0

Compare Source

🐛 Bug Fixes
  • 415fe1e oxfmt: Error on ignorePatterns that cannot match files outside the config directory (#​24286) (leaysgur)

v0.58.0

Compare Source

v0.57.0

Compare Source

v0.56.0

Compare Source

v0.55.0

Compare Source

🚀 Features
  • 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)

v0.54.0

Compare Source

📚 Documentation
  • dadafe3 oxlint, oxfmt: Mention migrate skills in npm READMEs (#​22965) (Boshen)
  • f88961a oxfmt: Annotate each config option with supported languages (#​22953) (leaysgur)

v0.53.0

Compare Source

v0.52.0

Compare Source

🚀 Features
  • 16b8058 oxfmt: Support vite-plus/resolveConfig for vite.config.ts (#​22454) (leaysgur)

v0.51.0

Compare Source

v0.50.0

Compare Source

🐛 Bug Fixes
  • 43b9978 formatter/sort_imports: Treat subpath imports as internal (#​22440) (leaysgur)

v0.49.0

Compare Source

🚀 Features

v0.48.0

Compare Source

v0.47.0

Compare Source

v0.46.0

Compare Source

v0.45.0

Compare Source

🐛 Bug Fixes
oxc-project/oxc (oxlint)

v1.74.0

Compare Source

🚀 Features
  • 0433a83 linter/eslint/no-inner-declarations: Add namespaces option (#​24044) (Boshen)
🐛 Bug Fixes
  • 8337835 linter: Error on ignorePatterns that cannot match files aoutside the config directory (#​24341) (leaysgur)
  • 2ce5a33 linter: Resolve ignorePatterns relative to the config dir (#​24339) (leaysgur)
⚡ Performance
  • 7f80cac linter/vue/prop-name-casing: Precompile ignoreProps regex pattern (#​24413) (connorshea)
  • 6272051 linter/typescript/no-require-imports: Compile allow patterns once (#​24417) (connorshea)
  • 33805b9 linter/jsdoc/require-param: Compile checkTypesPattern regex once (#​24420) (connorshea)

v1.73.0

Compare Source

🚀 Features
  • a2c97f3 linter/unicorn: Implement explicit-timer-delay rule (#​23612) (Mikhail Baev)
  • 85735cb linter/unicorn: Implement no-confusing-array-with rule (#​23638) (Shekhu☺️)
  • cb4fbb9 linter/eslint: Implement no-unreachable-loop rule (#​23975) (Todor Andonov)
  • dc32112 linter/eslint/no-constant-binary-expression: Check relational comparisons (#​24088) (camc314)
  • d963967 linter/unicorn/no-array-sort: Add allowAfterSpread option (#​24043) (Boshen)
  • 0a75682 linter: Add per-rule timings for type-aware linting (#​22488) (camchenry)
  • 743e222 linter/react: Add disallowedValues option for forbid-dom-props rule (#​23970) (Mikhail Baev)
🐛 Bug Fixes
  • bdb51c7 linter/jest/prefer-ending-with-an-expect: Validate config patterns (#​24122) (camc314)
  • 45d607d linter/react/forbid-component-props: Make allow/disallow lists optional in schema (#​24024) (Boshen)

v1.72.0

Compare Source

🚀 Features
  • 1c8f50c linter: Add schema for eslint/no-restricted-import (#​23642) (Sysix)
🐛 Bug Fixes
  • 742be36 refactor/node/handle-callback-err: Reject invalid regex config (#​23740) (camc314)

v1.71.0

Compare Source

🚀 Features

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 3am on the first day of the month"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by Sanity. View repository job log here

@changeset-bot

changeset-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 901c94b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@socket-security

socket-security Bot commented Jul 1, 2026

Copy link
Copy Markdown

@socket-security

socket-security Bot commented Jul 1, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@sanity/tsdown-config@0.14.2npm/tsdown@0.22.8npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/non-major branch 9 times, most recently from bd0dbec to aca7094 Compare July 8, 2026 15:55
@renovate renovate Bot force-pushed the renovate/non-major branch 7 times, most recently from d08bfc6 to c10383e Compare July 15, 2026 12:56
@renovate renovate Bot force-pushed the renovate/non-major branch from c10383e to 901c94b Compare July 15, 2026 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants