chore(deps): update all non-major dependencies

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@antfu/eslint-config	5.3.0 -> 5.4.1			devDependencies	minor
@types/node (source)	22.18.4 -> 22.18.6			devDependencies	patch
danielroe/provenance-action	v0.1.0 -> v0.1.1			action	patch
pnpm (source)	10.16.1 -> 10.17.0			packageManager	minor
rollup (source)	4.50.2 -> 4.52.0			devDependencies	minor

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v5.4.1

Compare Source

No significant changes

    View changes on GitHub

v5.4.0

Compare Source

No significant changes

    View changes on GitHub

danielroe/provenance-action (danielroe/provenance-action)

v0.1.1

Compare Source

compare changes

🚀 Enhancements

• Add support for bun.lock (#​12)

📖 Documentation

• Use @main constraint for example (237ceea)

❤️ Contributors

• Daniel Roe (@​danielroe)

pnpm/pnpm (pnpm)

v10.17.0

Compare Source

Minor Changes

• The minimumReleaseAgeExclude setting now supports patterns. For instance:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - "@​eslint/*"

  Related PR: #​9984.

Patch Changes

• Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #​9978.
• When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #​9979.

rollup/rollup (rollup)

v4.52.0

Compare Source

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#​6087)
• Add support for x86_64-pc-windows-gnu platform (#​6110)

Pull Requests

• #​6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #​6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #​6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

v4.51.0

Compare Source

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#​6108)

Bug Fixes

• Improve OpenHarmony build to work in more situations (#​6115)

Pull Requests

• #​6108: feat: support ROLLUP_FILE_URL_OBJ for URL object instead of string (@​guybedford, @​lukastaegert)
• #​6112: Disable Cargo cache for Android (@​lukastaegert)
• #​6113: fix(deps): update rust crate swc_compiler_base to v35 (@​renovate[bot])
• #​6114: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6115: Disable local_dynamic_tls for OpenHarmony (@​hqzing)
• #​6116: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6117: chore(deps): lock file maintenance (@​renovate[bot])

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

✨

Description by Callstackai

This PR updates various dependencies to their latest versions, including minor and patch updates for packages such as @antfu/eslint-config, @types/node, danielroe/provenance-action, pnpm, and rollup.

Diagrams of code changes

sequenceDiagram
    participant PM as Package Manager
    participant Build as Build System
    participant CI as CI/CD

    CI->>CI: Add provenance check action
    Note over CI: Uses danielroe/[email protected]

    PM->>PM: Update package manager spec
    Note over PM: Set [email protected] as package manager

    Build->>Build: Update build dependencies
    Note over Build: Update rollup to 4.52.0
    Note over Build: Add @antfu/eslint-config 5.4.1
    Note over Build: Update @types/node to 22.18.6

    Build->>Build: Configure rollup plugins
    Note over Build: Add multiple rollup platform plugins
    Note over Build: Configure platform-specific builds

Loading

Files Changed

File	Summary
.github/workflows/provenance.yml	Updated the version of danielroe/provenance-action from v0.1.0 to v0.1.1.
package.json	Updated packageManager from [email protected] to [email protected] and updated several devDependencies.
packages/vite-plugin-beasties/package.json	Updated packageManager from [email protected] to [email protected] and updated rollup from 4.50.2 to 4.52.0.
pnpm-lock.yaml	Updated various package versions in the lock file to reflect the changes in package.json.

This PR includes files in programming languages that we currently do not support. We have not reviewed files with the extensions .yml, .json, .yaml. See list of supported languages.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​node@​22.18.4 ⏵ 22.18.6			+1
	@​antfu/​eslint-config@​5.3.0 ⏵ 5.4.1	+1			+2

View full report

[codspeed-hq]

CodSpeed Performance Report

Merging #198 will not alter performance

_{Comparing renovate/all-minor-patch (d8fadec) with main (deb4697)}

Summary

✅ 9 untouched

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.14%. Comparing base (deb4697) to head (d8fadec).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #198   +/-   ##
=======================================
  Coverage   86.14%   86.14%           
=======================================
  Files           8        8           
  Lines        1314     1314           
  Branches      319      319           
=======================================
  Hits         1132     1132           
  Misses        182      182           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.