fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/vite-plugin (source)	^1.11.5 -> ^1.11.7
@eslint/js (source)	^9.33.0 -> ^9.34.0
@playwright/test (source)	^1.54.2 -> ^1.55.0
@rolldown/pluginutils (source)	1.0.0-beta.32 -> 1.0.0-beta.34
@types/node (source)	^22.17.2 -> ^22.18.0
@types/react (source)	^19.1.9 -> ^19.1.11
@types/react (source)	^19.1.10 -> ^19.1.11
eslint (source)	^9.33.0 -> ^9.34.0
magic-string	^0.30.17 -> ^0.30.18
playwright-chromium (source)	^1.54.2 -> ^1.55.0
pnpm (source)	10.14.0 -> 10.15.0
react-router (source)	7.7.0 -> 7.8.2
rolldown (source)	1.0.0-beta.32 -> 1.0.0-beta.34
tsdown	^0.14.1 -> ^0.14.2
typescript-eslint (source)	^8.39.1 -> ^8.41.0
vite (source)	^7.1.3 -> ^7.1.5
vite (source)	^7.1.2 -> ^7.1.3
vite-plugin-inspect	^11.3.2 -> ^11.3.3
wrangler (source)	^4.30.0 -> ^4.32.0

---

Release Notes

cloudflare/workers-sdk (@​cloudflare/vite-plugin)

v1.11.7

Compare Source

Patch Changes

• #​10415 718fffc Thanks @​jamesopstad! - Exclude Cloudflare built-ins from client dependency optimization.
  Some frameworks allow users to mix client and server code in the same file and then extract the server code.
  As the dependency optimization may happen before the server code is extracted, we now exclude Cloudflare built-ins from client optimization.
• Updated dependencies [d304055, f534c0d, da40571, 0a96e69, f9f7519, 4728c68]:
  • wrangler@​4.32.0
  • miniflare@​4.20250816.1

v1.11.6

Compare Source

Patch Changes

• Updated dependencies [565c3a3, ddadb93, 9b09751, cadf19a, 20520fa, 875197a]:
  • miniflare@​4.20250816.0
  • wrangler@​4.31.0
  • @​cloudflare/unenv-preset@​2.6.2

eslint/eslint (@​eslint/js)

v9.34.0

Compare Source

microsoft/playwright (@​playwright/test)

v1.55.0

Compare Source

rolldown/rolldown (@​rolldown/pluginutils)

v1.0.0-beta.34

Compare Source

💥 BREAKING CHANGES

• improve merging of top-level transform option with tsconfig (#​5882) by @​shulaoda
• support top-level tsconfig (#​5842) by @​shulaoda

🚀 Features

• rolldown_plugin_esm_external_require: export namespace directly for Node builtin modules (#​5885) by @​shulaoda
• rolldown_plugin_dynamic_import_vars: warn by default when errors occur (#​5866) by @​shulaoda
• support adding note for diagnostic (#​5864) by @​IWANABETHATGUY
• rolldown_plugin_vite_css_post: align partial css chunk logic (#​5861) by @​shulaoda
• setup rolldown_binding_watcher (#​5859) by @​hyf0
• rolldown_plugin_vite_css_post: align css url replace logic (#​5857) by @​shulaoda
• node/dev: binding for DevEngine (#​5852) by @​hyf0
• dev: introduce DevEngine to support build for devlopement scenario (#​5808) by @​hyf0
• Show a information log to tell built-in features if a plugin covered by built-in features are used (#​5845) by @​IWANABETHATGUY
• rolldown_plugin_vite_css_post: align partial css url replace logic (#​5837) by @​shulaoda
• rolldown_plugin_vite_css_post: align CSS chunk concatenation logic (#​5836) by @​shulaoda
• rolldown_plugin_transform: support useDefineForClassFields=false with target>=es2022 (#​5841) by @​sapphi-red
• expose esmExternalRequirePlugin (#​5810) by @​shulaoda
• rolldown_plugin_esm_external_require: basic implementation (#​5809) by @​shulaoda
• rolldown: oxc v0.82.3 (#​5807) by @​Boshen
• expose oxc_minifier options (#​5804) by @​IWANABETHATGUY
• rolldown_plugin_require_to_import: initialize (#​5797) by @​shulaoda
• adjust codegen initial_indent for concatenateWrappedModule (#​5779) by @​IWANABETHATGUY
• rolldown: align default value of option.context (#​5745) by @​situ2001

🐛 Bug Fixes

• topLevelVar option removes class name, causing a TypeError in static block (#​5888) by @​IWANABETHATGUY
• a esm module required by other module can't be a inner module of concatenateModuleGroup (#​5875) by @​IWANABETHATGUY
• rolldown_plugin_transform: align lang logic correctly (#​5874) by @​shulaoda
• Runtime error occurs depending on the lazy import order. (#​5873) by @​IWANABETHATGUY
• when importee is ts or tsx adding potential false positive note for missing_export diagnostic (#​5862) by @​IWANABETHATGUY
• hmr: boundary and accept_via was reversed (#​5843) by @​sapphi-red
• returning result of this.resolve in resolveId hook impacts bundle size (#​5851) by @​IWANABETHATGUY
• rolldown_plugin_transform: set typescript.removeClassFieldsWithoutInitializer for useDefineForClassFields=false (#​5840) by @​sapphi-red
• hmr: import.meta.hot.accept in patch file should work (#​5823) by @​sapphi-red
• proper handle pife and profiler_names for concatenate_wrapped_modules (#​5835) by @​IWANABETHATGUY
• jsx preserve break component which is default export (#​5751) by @​shulaoda
• hmr: ensure patch file name to be unique (#​5825) by @​sapphi-red
• hmr: re-execute the boundary module rather than the accepted module (#​5822) by @​sapphi-red
• Rolldown cannot treeshake unused branch (#​5829) by @​IWANABETHATGUY
• inlineConst with constant propagation (#​5826) by @​IWANABETHATGUY
• don't mangle variable names when minify: 'dce-only' is used (#​5830) by @​sapphi-red
• return actual normalized minify options (#​5818) by @​IWANABETHATGUY
• plugin/vite-resolve: try non-prefixed index before prefixed index (#​5801) by @​sapphi-red
• throw a semantic error message instead of panic (#​5796) by @​AliceLanniste
• rolldown: run DCE on chunk when minify: dce-only (#​5792) by @​Boshen
• the import attribute has been removed. (#​5794) by @​IWANABETHATGUY
• don't match CRLF for /./ (#​5790) by @​IWANABETHATGUY
• node: allow output.topLevelVar by options validator (#​5789) by @​sapphi-red
• node: allow transform.jsx: 'preserve' by options validator (#​5781) by @​sapphi-red
• preserve default export for preserveModules (#​5780) by @​shulaoda
• browser: sync exports (#​5776) by @​sxzz
• rolldown_plugin_transform: skip builtin transform for module id with null byte (#​5775) by @​hi-ogawa

🚜 Refactor

• move common transform types into rolldown_common (#​5876) by @​shulaoda
• rolldown_plugin_vite_css_post: extract finalize_vite_css_urls (#​5860) by @​shulaoda
• rust: make NotifyWatcher WASM-compatible (#​5855) by @​hyf0
• rust/dev: remove improper deref for BuildDriver (#​5854) by @​hyf0
• incremental: use clone_in_with_semantic_ids for program cloning (#​5853) by @​shulaoda
• rolldown_plugin_esm_external_require: tweak code (#​5824) by @​shulaoda
• improve resolve_dependencies (#​5795) by @​shulaoda
• simplify method calls in PluginContext (#​5785) by @​situ2001

📚 Documentation

• builtin-plugins: clarify behavior of esmExternalRequirePlugin (#​5886) by @​sapphi-red
• builtin-plugins: add documentation for esmExternalRequirePlugin (#​5813) by @​shulaoda
• support extracting doc for reference type (#​5834) by @​IWANABETHATGUY
• optimization.inlineConst (#​5831) by @​IWANABETHATGUY
• update description for output.minify (#​5816) by @​IWANABETHATGUY
• plugins: extract plugins into a separate section (#​5812) by @​shulaoda

⚡ Performance

• string_wizard: reduce allocation (#​5793) by @​Brooooooklyn

🧪 Testing

• hmr: import.meta.hot.accept cases (#​5821) by @​sapphi-red
• hmr: static import cases (#​5820) by @​sapphi-red
• hmr: no boundary full reload case (#​5819) by @​sapphi-red

⚙️ Miscellaneous Tasks

• deps: update oxc-resolver to v11.7.0 (#​5889) by @​shulaoda
• deps: lock file maintenance (#​5880) by @​renovate[bot]
• deps: lock file maintenance rust crates (#​5881) by @​renovate[bot]
• deps: update github-actions (#​5877) by @​renovate[bot]
• deps: lock file maintenance rust crates (#​5879) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​5878) by @​renovate[bot]
• bump rolldown-ariadne (#​5863) by @​IWANABETHATGUY
• remove usage of quote_expr, quote_stmt (#​5858) by @​IWANABETHATGUY
• vite-tests: run all test suites even if some test suites failed (#​5828) by @​sapphi-red
• vite-tests: set _VITE_TEST_JS_PLUGIN instead of _VITE_TEST_NATIVE_PLUGIN (#​5827) by @​sapphi-red
• deps: use vitepress@^2.0.0-alpha.12 instead (#​5811) by @​shulaoda
• deps: update dependency rolldown-plugin-dts to v0.15.7 (#​5814) by @​renovate[bot]
• add example with oxc transform styled components plugin (#​5800) by @​IWANABETHATGUY
• deprecate top-level jsx option in favor of transform.jsx (#​5783) by @​shulaoda
• deps: update crate-ci/typos action to v1.35.5 (#​5786) by @​renovate[bot]
• update default value of options.context (#​5777) by @​IWANABETHATGUY

◀️ Revert

• "fix: jsx preserve break component which is default export (#​5764)" (#​5856) by @​shulaoda

v1.0.0-beta.33

Compare Source

💥 BREAKING CHANGES

• only call closeBundle hook when bundling actually happens (#​5715) by @​shulaoda

🚀 Features

• rolldown_plugin_vite_css_post: align transform logic except minify (#​5768) by @​shulaoda
• rolldown_plugin_vite_css_post: align html inline css logic (#​5767) by @​shulaoda
• support merge cjs ns in module group level (#​5760) by @​IWANABETHATGUY
• rolldown_plugin_vite_css_post: filter transform id (#​5766) by @​shulaoda
• rolldown: oxc v0.82.2 (#​5754) by @​Boshen
• rollup-test: log error when pringStatus (#​5744) by @​situ2001
• rolldown_plugin_vite_css_post: initialize (#​5743) by @​shulaoda
• rolldown_plugin_vite_css: align transform hook logic (#​5736) by @​shulaoda
• rolldown_plugin_vite_css: align partial transform hook logic (#​5733) by @​shulaoda
• add original wrap_kind (#​5729) by @​IWANABETHATGUY
• concatenateWrappedModule (#​5724) by @​IWANABETHATGUY
• rolldown: oxc v0.82.1 (#​5717) by @​Boshen
• improve error message for unresolved_import when platform is neutral (#​5700) by @​IWANABETHATGUY

🐛 Bug Fixes

• rolldown_plugin_transform: merge tsconfig jsx options even when oxc.jsx.runtime is set (#​5771) by @​hi-ogawa
• jsx preserve break component which is default export (#​5764) by @​shulaoda
• rolldown_plugin_asset: should directly stringify raw content (#​5749) by @​situ2001
• resolve symbol deconfliction order for cross-chunk imports by @​IWANABETHATGUY
• rolldown_error: improve resolve diagnostic message (#​5740) by @​shulaoda
• vitest ci failed (#​5741) by @​IWANABETHATGUY
• rolldown: options context should be available in renderStart (#​5672) by @​situ2001
• ensure lazy module eval order when import variable from other chunk (#​5727) by @​IWANABETHATGUY
• wasm build panic on stackblitz (#​5723) by @​shulaoda
• plugin/vite-resolve: try non-prefixed id before prefixed id (#​5711) by @​sapphi-red
• devtool: shouldn't filter out spans for devtool use case (#​5713) by @​hyf0
• plugin/vite-resolve: fallback on more resolution errors that happened when trying with prefix (#​5710) by @​sapphi-red
• plugin/vite-resolve: don't consider ids with npm: prefix as a built-in module (#​5709) by @​sapphi-red

🚜 Refactor

• rolldown_plugin_json: use common plugin utils (#​5769) by @​shulaoda
• hmr: remove unnecessary code of handling runtime module (#​5752) by @​hyf0
• hmr: enhance HMR update logic and improve clarity (#​5748) by @​hyf0
• improve ScopeHoistingFinalizerContext (#​5739) by @​shulaoda
• move finalize_normal_module into ScopeHoistingFinalizerContext (#​5738) by @​shulaoda
• private fields wrap_kind and original_wrap_kind and keep them sync (#​5730) by @​IWANABETHATGUY

📚 Documentation

• rolldown_plugin_data_uri: update README (#​5746) by @​situ2001
• install guide for minor platforms (#​5716) by @​sapphi-red
• update description for platform neutral (#​5701) by @​IWANABETHATGUY

⚡ Performance

• hmr: only refetch changed modules (#​5753) by @​hyf0
• rolldown_plugin_reporter: gzip size computation (#​5734) by @​IWANABETHATGUY
• hmr: reuse previous ast for non-changed modules (#​5725) by @​hyf0
• rolldown_ecmascript: do not run semantic twice for dce-only (#​5707) by @​Boshen

🧪 Testing

• rolldown: should await for toMatchFileSnapshot (#​5759) by @​situ2001
• hmr: improve test of import.meta.hot.invalidate (#​5747) by @​hyf0

⚙️ Miscellaneous Tasks

• deps: lock file maintenance (#​5765) by @​renovate[bot]
• deps: lock file maintenance rust crates (#​5763) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​5762) by @​renovate[bot]
• deps: update github-actions (#​5755) by @​renovate[bot]
• deps: update dependency tinybench to v5 (#​5756) by @​renovate[bot]
• deps: update github-actions (major) (#​5757) by @​renovate[bot]
• deps: update crate-ci/typos action to v1.35.4 (#​5714) by @​renovate[bot]
• prepare-release: regenerate binding.js after version bump (#​5704) by @​shulaoda
• deps: update dependency tsdown to v0.14.1 (#​5705) by @​renovate[bot]
• rollup-tests: skip occasionally failing test case (#​5703) by @​shulaoda
• update binding.js (#​5702) by @​shulaoda

eslint/eslint (eslint)

v9.34.0

Compare Source

rich-harris/magic-string (magic-string)

v0.30.18

Compare Source

Bug Fixes

• prevent infinite loop on empty input (#​302) (0fd6253)

pnpm/pnpm (pnpm)

v10.15.0

Compare Source

Minor Changes

• Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #​9793.
• Automatically load pnpmfiles from config dependencies that are named @*/pnpm-plugin-* #​9780.
• pnpm config get now prints an INI string for an object value #​9797.
• pnpm config get now accepts property paths (e.g. pnpm config get catalog.react, pnpm config get .catalog.react, pnpm config get 'packageExtensions["@​babel/parser"].peerDependencies["@​babel/types"]'), and pnpm config set now accepts dot-leading or subscripted keys (e.g. pnpm config set .ignoreScripts true).
• pnpm config get --json now prints a JSON serialization of config value, and pnpm config set --json now parses the input value as JSON.

Patch Changes

• Semi-breaking. When automatically installing missing peer dependencies, prefer versions that are already present in the direct dependencies of the root workspace package #​9835.
• When executing the pnpm create command, must verify whether the node version is supported even if a cache already exists #​9775.
• When making requests for the non-abbreviated packument, add */* to the Accept header to avoid getting a 406 error on AWS CodeArtifact #​9862.
• The standalone exe version of pnpm works with glibc 2.26 again #​9734.
• Fix a regression in which pnpm dlx pkg --help doesn't pass --help to pkg #​9823.

remix-run/react-router (react-router)

v7.8.2

Compare Source

Patch Changes

• [UNSTABLE] Remove Data Mode future.unstable_middleware flag from createBrowserRouter (#​14213)

  • This is only needed as a Framework Mode flag because of the route modules and the getLoadContext type behavior change
  • In Data Mode, it's an opt-in feature because it's just a new property on a route object, so there's no behavior changes that necessitate a flag

• [UNSTABLE] Add <RouterProvider unstable_onError>/<HydratedRouter unstable_onError> prop for client side error reporting (#​14162)

• server action revalidation opt out via $SKIP_REVALIDATION field (#​14154)

• Properly escape interpolated param values in generatePath() (#​13530)

• Maintain ReadonlyMap and ReadonlySet types in server response data. (#​13092)

• [UNSTABLE] Delay serialization of .data redirects to 202 responses until after middleware chain (#​14205)

• Fix TypeError if you throw from patchRoutesOnNavigation when no partial matches exist (#​14198)

• Fix basename usage without a leading slash in data routers (#​11671)

• [UNSTABLE] Update client middleware so it returns the data strategy results allowing for more advanced post-processing middleware (#​14151)

v7.8.1

Compare Source

Patch Changes

• Fix usage of optional path segments in nested routes defined using absolute paths (#​14135)
• Bubble client pre-next middleware error to the shallowest ancestor that needs to load, not strictly the shallowest ancestor with a loader (#​14150)
• Fix optional static segment matching in matchPath (#​11813)
• Fix prerendering when a basename is set with ssr:false (#​13791)
• Provide isRouteErrorResponse utility in react-server environments (#​14166)
• Propagate non-redirect Responses thrown from middleware to the error boundary on document/data requests (#​14182)
• Handle meta and links Route Exports in RSC Data Mode (#​14136)
• Properly convert returned/thrown data() values to Response instances via Response.json() in resource routes and middleware (#​14159, #​14181)

v7.8.0

Compare Source

Minor Changes

• Add nonce prop to Links & PrefetchPageLinks (#​14048)
• Add loaderData arguments/properties alongside existing data arguments/properties to provide consistency and clarity between loaderData and actionData across the board (#​14047)
  • Updated types: Route.MetaArgs, Route.MetaMatch, MetaArgs, MetaMatch, Route.ComponentProps.matches, UIMatch
  • @deprecated warnings have been added to the existing data properties to point users to new loaderData properties, in preparation for removing the data properties in a future major release

Patch Changes

• Prevent "Did not find corresponding fetcher result" console error when navigating during a fetcher.submit revalidation (#​14114)

• Bubble client-side middleware errors prior to next to the appropriate ancestor error boundary (#​14138)

• Switch Lazy Route Discovery manifest URL generation to usea standalone URLSearchParams instance instead of URL.searchParams to avoid a major performance bottleneck in Chrome (#​14084)

• Adjust internal RSC usage of React.use to avoid Webpack compilation errors when using React 18 (#​14113)

• Remove dependency on @types/node in TypeScript declaration files (#​14059)

• Fix types for UIMatch to reflect that the loaderData/data properties may be undefined (#​12206)

  • When an ErrorBoundary is being rendered, not all active matches will have loader data available, since it may have been their loader that threw to trigger the boundary
  • The UIMatch.data type was not correctly handing this and would always reflect the presence of data, leading to the unexpected runtime errors when an ErrorBoundary was rendered
  • ⚠️ This may cause some type errors to show up in your code for unguarded match.data accesses - you should properly guard for undefined values in those scenarios.

  // app/root.tsx
  export function loader() {
    someFunctionThatThrows(); // ❌ Throws an Error
    return { title: "My Title" };
  }
  
  export function Layout({ children }: { children: React.ReactNode }) {
    let matches = useMatches();
    let rootMatch = matches[0] as UIMatch<Awaited<ReturnType<typeof loader>>>;
    //  ^ rootMatch.data is incorrectly typed here, so TypeScript does not
    //    complain if you do the following which throws an error at runtime:
    let { title } = rootMatch.data; // 💥
  
    return <html>...</html>;
  }

• [UNSTABLE] Ensure resource route errors go through handleError w/middleware enabled (#​14078)

• [UNSTABLE] Propagate returned Response from server middleware if next wasn't called (#​14093)

• [UNSTABLE] Allow server middlewares to return data() values which will be converted into a Response (#​14093)

• [UNSTABLE] Update middleware error handling so that the next function never throws and instead handles any middleware errors at the proper ErrorBoundary and returns the Response up through the ancestor next function (#​14118)

• [UNSTABLE] When middleware is enabled, make the context parameter read-only (via Readonly<unstable_RouterContextProvider>) so that TypeScript will not allow you to write arbitrary fields to it in loaders, actions, or middleware. (#​14097)

• [UNSTABLE] Rename and alter the signature/functionality of the unstable_respond API in staticHandler.query/staticHandler.queryRoute (#​14103)

  • The API has been renamed to unstable_generateMiddlewareResponse for clarity
  • The main functional change is that instead of running the loaders/actions before calling unstable_respond and handing you the result, we now pass a query/queryRoute function as a parameter and you execute the loaders/actions inside your callback, giving you full access to pre-processing and error handling
  • The query version of the API now has a signature of (query: (r: Request) => Promise<StaticHandlerContext | Response>) => Promise<Response>
  • The queryRoute version of the API now has a signature of (queryRoute: (r: Request) => Promise<Response>) => Promise<Response>
  • This allows for more advanced usages such as running logic before/after calling query and direct error handling of errors thrown from query
  • ⚠️ This is a breaking change if you've adopted the staticHandler unstable_respond API

  let response = await staticHandler.query(request, {
    requestContext: new unstable_RouterContextProvider(),
    async unstable_generateMiddlewareResponse(query) {
      try {
        // At this point we've run middleware top-down so we need to call the
        // handlers and generate the Response to bubble back up the middleware
        let result = await query(request);
        if (isResponse(result)) {
          return result; // Redirects, etc.
        }
        return await generateHtmlResponse(result);
      } catch (error: unknown) {
        return generateErrorResponse(error);
      }
    },
  });

• [UNSTABLE] Convert internal middleware implementations to use the new unstable_generateMiddlewareResponse API (#​14103)

• [UNSTABLE] Change getLoadContext signature (type GetLoadContextFunction) when future.unstable_middleware is enabled so that it returns an unstable_RouterContextProvider instance instead of a Map used to contruct the instance internally (#​14097)

  • This also removes the type unstable_InitialContext export
  • ⚠️ This is a breaking change if you have adopted middleware and are using a custom server with a getLoadContext function

• [UNSTABLE] Run client middleware on client navigations even if no loaders exist (#​14106)

• [UNSTABLE] Change the unstable_getContext signature on RouterProvider/HydratedRouter/unstable_RSCHydratedRouter so that it returns an unstable_RouterContextProvider instance instead of a Map used to contruct the instance internally (#​14097)

  • ⚠️ This is a breaking change if you have adopted the unstable_getContext prop

• [UNSTABLE] proxy server action side-effect redirects from actions for document and callServer requests (#​14131)

• [UNSTABLE] Fix RSC Data Mode issue where routes that return false from shouldRevalidate would be replaced by an <Outlet /> (#​14071)

v7.7.1

Compare Source

Patch Changes

• In RSC Data Mode, fix bug where routes with errors weren't forced to revalidate when shouldRevalidate returned false (#​14026)
• In RSC Data Mode, fix Matched leaf route at location "/..." does not have an element or Component warnings when error boundaries are rendered. (#​14021)

rolldown/tsdown (tsdown)

v0.14.2

Compare Source

typescript-eslint/typescript-eslint (typescript-eslint)

v8.41.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and [releases](https://ma

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.