chore(deps): lock file maintenance npm packages

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
		lockFileMaintenance	All locks refreshed
pnpm (source)	packageManager	minor	10.12.1 -> 10.13.1
rolldown (source)	dependencies	patch	1.0.0-beta.27 -> 1.0.0-beta.29

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

pnpm/pnpm (pnpm)

v10.13.1

Compare Source

Patch Changes

• Run user defined pnpmfiles after pnpmfiles of plugins.

v10.13.0

Compare Source

Minor Changes

• Added the possibility to load multiple pnpmfiles. The pnpmfile setting can now accept a list of pnpmfile locations #​9702.

• pnpm will now automatically load the pnpmfile.cjs file from any config dependency named @pnpm/plugin-* or pnpm-plugin-* #​9729.

  The order in which config dependencies are initialized should not matter — they are initialized in alphabetical order. If a specific order is needed, the paths to the pnpmfile.cjs files in the config dependencies can be explicitly listed using the pnpmfile setting in pnpm-workspace.yaml.

Patch Changes

• When patching dependencies installed via pkg.pr.new, treat them as Git tarball URLs #​9694.
• Prevent conflicts between local projects' config and the global config in dangerouslyAllowAllBuilds, onlyBuiltDependencies, onlyBuiltDependenciesFile, and neverBuiltDependencies #​9628.
• Sort keys in pnpm-workspace.yaml with deep #​9701.
• The pnpm rebuild command should not add pkgs included in ignoredBuiltDependencies to ignoredBuilds in node_modules/.modules.yaml #​9338.
• Replaced shell-quote with shlex for quoting command arguments #​9381.

v10.12.4

Compare Source

Patch Changes

• Fix pnpm licenses command for local dependencies #​9583.

• Fix a bug in which pnpm ls --filter=not-exist --json prints nothing instead of an empty array #​9672.

• Fix a deadlock that sometimes happens during peer dependency resolution #​9673.

• Running pnpm install after pnpm fetch should hoist all dependencies that need to be hoisted.
  Fixes a regression introduced in [v10.12.2] by [#​9648]; resolves [#​9689].

  [v10.12.2]: https://redirect.github.com/pnpm/pnpm/releases/tag/v10.12.2Add commentMore actions
  [#​9648]: https://github.com/pnpm/pnpm/pull/9648
  [#​9689]: https://github.com/pnpm/pnpm/issues/9689

v10.12.3

Compare Source

Patch Changes

• Restore hoisting of optional peer dependencies when installing with an outdated lockfile.
  Regression introduced in v10.12.2 by #​9648; resolves #​9685.

v10.12.2

Compare Source

Patch Changes

• Fixed hoisting with enableGlobalVirtualStore set to true #​9648.
• Fix the --help and -h flags not working as expected for the pnpm create command.
• The dependency package path output by the pnpm licenses list --json command is incorrect.
• Fix a bug in which pnpm deploy fails due to overridden dependencies having peer dependencies causing ERR_PNPM_OUTDATED_LOCKFILE #​9595.

rolldown/rolldown (rolldown)

v1.0.0-beta.29

Compare Source

🚀 Features

• rolldown_plugin_chunk_import_map: support custom file name (#​5383) by @​shulaoda
• rolldown_plugin_chunk_import_map: emit standard import map (#​5382) by @​shulaoda
• rolldown_plugin_chunk_import_map: support custom base url (#​5381) by @​shulaoda
• support plugin context meta for native plugins (#​5371) by @​shulaoda
• rolldown: oxc v0.77.3 (#​5367) by @​Boshen
• rolldown_plugin_transform: align sourcemap enable logic (#​5348) by @​shulaoda
• plugin_driver: use hook usage for close_bundle (#​5361) by @​shulaoda
• hmr: attach region comments for hmr patch (#​5358) by @​hyf0
• rolldown: add transformHiresSourcemap option (#​5346) by @​Brooooooklyn
• rolldown_plugin_web_worker_post: align transform_ast hook metadata order to post (#​5339) by @​shulaoda

🐛 Bug Fixes

• when preserveEntrySignatures: false is set, output includes a circular import (#​5365) by @​IWANABETHATGUY
• do not normalize iife global names (#​5228) by @​redstonekasi
• hmr: should not panic for editing modules that contain import(..) (#​5351) by @​hyf0
• sync ast for newly added modules (#​5354) by @​IWANABETHATGUY
• used exports from dynamic imported module are removed incorrectly (#​5341) by @​IWANABETHATGUY
• keep top level variables for non-esm format when minify is enabled (#​5332) by @​sapphi-red
• rust: correctly return watch option (#​5334) by @​HigherOrderLogic

🚜 Refactor

• rolldown_plugin_chunk_import_map: clarify import map paths and output filename (#​5376) by @​shulaoda
• rolldown: collapse_sourcemaps does not need to own a Vec (#​5352) by @​Boshen
• rolldown_plugin_asset: improve readability for easier maintenance (#​5359) by @​shulaoda
• ecmascript: remove unnecessary allocator.alloc(program) call (#​5350) by @​Boshen
• store ast with same shape as module_table (#​5345) by @​IWANABETHATGUY
• simplify is_dynamic_entry_alive (#​5342) by @​IWANABETHATGUY
• rolldown_plugin_web_worker_post: tweak code organization (#​5338) by @​shulaoda
• store ScopeFlags instead of ScopeId when traverse ast (#​5330) by @​IWANABETHATGUY
• simplify keep_names VarDeclaration rewrite (#​5325) by @​IWANABETHATGUY

📚 Documentation

• experimental: update the description of chunkImportMap (#​5384) by @​shulaoda
• experiment: add usage documentation for chunkImportMap (#​5379) by @​shulaoda

⚡ Performance

• plugin_driver: skip unused hooks early based on hook usage meta (#​5363) by @​shulaoda
• rolldown: box TransformOptions (#​5353) by @​Boshen

🧪 Testing

• rust: hide runtime module output in snapshots to improve clarity (#​5366) by @​hyf0
• node: put minify related tests in a single directory (#​5333) by @​sapphi-red

⚙️ Miscellaneous Tasks

• examples: update chunk-import-map (#​5385) by @​shulaoda
• add examples/chunk-import-map (#​5380) by @​shulaoda
• deps: lock file maintenance (#​5373) by @​renovate[bot]
• deps: lock file maintenance rust crates (#​5372) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​5370) by @​renovate[bot]
• deps: update dependency @​napi-rs/wasm-runtime to v1 (#​5369) by @​renovate[bot]
• deps: update taiki-e/install-action action to v2.56.19 (#​5368) by @​renovate[bot]
• extract HookOrderIndicates logic (#​5362) by @​shulaoda
• rust: remove unnecessary #[allow(unused)] (#​5360) by @​shulaoda
• deps: update dependency rolldown-plugin-dts to v0.14.1 (#​5357) by @​renovate[bot]
• use debug=1 for profile.dev and profile.test (#​5355) by @​IWANABETHATGUY
• deps: update dependency rolldown-plugin-dts to ^0.14.0 (#​5349) by @​renovate[bot]
• remove packages/rolldown/npm/* from workspace config (#​5347) by @​Brooooooklyn
• pnpm,justfile: enable pnpm verifyDepsBeforeRun: install (#​5331) by @​Boshen
• update build-js-glue script (#​5335) by @​btea

◀️ Revert

• test(rust): prevent meaningless snapshot change from bumping oxc runtime versions #​5312 (#​5336) by @​hyf0

❤️ New Contributors

• @​redstonekasi made their first contribution in #​5228
• @​HigherOrderLogic made their first contribution in #​5334

v1.0.0-beta.28

Compare Source

🚀 Features

• rolldown: oxc v0.77.2 (#​5328) by @​Boshen
• hmr: add module and exports parameters to CJS initializer functions (#​5322) by @​hyf0
• rolldown_plugin_transform: align with vitejs/rolldown-vite#318 (#​5318) by @​shulaoda
• rolldown_plugin_transform: align with vitejs/rolldown-vite#315 (#​5315) by @​shulaoda
• hmr: automatically disable treeshaking in hmr (#​5311) by @​hyf0
• hmr: use trait HmrAstBuilder to unify ast construction (#​5310) by @​hyf0
• rolldown_plugin_chunk_import_map: basic implementation (#​5307) by @​shulaoda
• add watch.onInvalidate (#​5239) by @​situ2001
• rolldown_plugin_chunk_import_map: implement initial render_chunk logic (#​5306) by @​shulaoda
• rolldown: oxc v0.77.1 (#​5304) by @​Boshen
• js: expose experimental.incrementalBuild option (#​5300) by @​IWANABETHATGUY
• js: support experimental.onDemandWrapping option (#​5299) by @​IWANABETHATGUY
• support on demand wrapping for entry chunk (#​5291) by @​IWANABETHATGUY
• rolldown_plugin_chunk_import_map: initialize (#​5289) by @​shulaoda
• show owner module id for "canonical name not found for" errors (#​5288) by @​sapphi-red

🐛 Bug Fixes

• only transform VarDeclaration when enable keepNames (#​5323) by @​IWANABETHATGUY
• keepNames with special Ifstmt (#​5320) by @​IWANABETHATGUY
• incremental watch panic when adding dynamic import (#​5309) by @​IWANABETHATGUY
• make leaf module wrapping optimization opt-in (#​5305) by @​IWANABETHATGUY
• keepNames should consider exportNamed function declaration (#​5298) by @​IWANABETHATGUY
• undefined process.versions for browser build (#​5295) by @​sxzz
• sanitizeFileName: entry name should be sanitized (#​5283) by @​shulaoda
• minify-internal-exports: ensure minifying internal exports stably (#​5281) by @​hyf0
• keep legal and annotation comments for minify: 'dce-only' (#​5280) by @​sapphi-red
• unstable chunk generation when preserveEntrySignatures: false is used (#​5274) by @​IWANABETHATGUY

🚜 Refactor

• pass the while CodegenOptions to EcmaCompiler::minify (#​5279) by @​sapphi-red
• avoid iterate canonical_exports twice (#​5276) by @​IWANABETHATGUY

📚 Documentation

• pluginutils: add README file (#​5262) by @​TheAlexLichter

⚡ Performance

• inline function expression when rewriting name property with keepNames enabled (#​5321) by @​IWANABETHATGUY
• rolldown_sourcemap: cache source id -> source text mapping (#​5285) by @​Boshen
• rolldown_sourcemap: disable rayon (#​5284) by @​Boshen

🧪 Testing

• rust: prevent meaningless snapshot change from bumping oxc runtime versions (#​5312) by @​hyf0

⚙️ Miscellaneous Tasks

• upgrade to NAPI-RS 3.0 stable (#​5324) by @​Brooooooklyn
• infra: add onlyBuiltDependencies (#​5287) by @​situ2001
• improve the order of import keys in the exports field (#​5314) by @​btea
• deps: update dependency rolldown-plugin-dts to v0.13.14 (#​5293) by @​renovate[bot]
• deps: lock file maintenance rust crates (#​5267) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​5266) by @​renovate[bot]
• deps: update github-actions (#​5265) by @​renovate[bot]

❤️ New Contributors

• @​situ2001 made their first contribution in #​5287

---

Configuration

📅 Schedule: Branch creation - "before 10am" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.