chore(deps): update non-major

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sanity/pkg-utils (source)	^9.0.5 -> ^9.0.8
@types/react (source)	^19.2.2 -> ^19.2.4
@types/react-dom (source)	^19.2.2 -> ^19.2.3
esbuild	^0.25.12 -> ^0.27.0
oxfmt (source)	^0.11.0 -> ^0.13.0
oxlint (source)	^1.26.0 -> ^1.28.0
oxlint-tsgolint	^0.5.1 -> ^0.6.0
vitest (source)	^4.0.7 -> ^4.0.8

---

Release Notes

sanity-io/pkg-utils (@​sanity/pkg-utils)

v9.0.8

Compare Source

Patch Changes

• #​2200 972795f Thanks @​renovate! - fix(deps): Update dependency esbuild to ^0.27.0

• #​2207 8bf7c18 Thanks @​renovate! - fix(deps): Update dependency rolldown-plugin-dts to v0.17.5

• #​2209 dcd254c Thanks @​renovate! - fix(deps): Update dependency browserslist to ^4.28.0

v9.0.6

Compare Source

Patch Changes

• #​2180 75b4d92 Thanks @​renovate! - fix(deps): Update dependency rollup to ^4.53.2

• #​2184 ad075d3 Thanks @​renovate! - fix(deps): Update dependency rolldown to v1.0.0-beta.47

evanw/esbuild (esbuild)

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#​4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Compare Source

• Enable trusted publishing (#​4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

oxc-project/oxc (oxfmt)

v0.13.0

Compare Source

v0.12.0

Compare Source

🚀 Features

• 3251000 oxfmt: Use prettier directly and bundle prettier (#​15544) (Dunqing)
• 5708126 formatter/sort_imports: Add options.newlinesBetween (#​15369) (leaysgur)

oxc-project/oxc (oxlint)

v1.28.0

Compare Source

v1.27.0: oxlint v1.27.0 && oxfmt v0.12.0

Compare Source

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#​15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#​15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#​15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#​15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#​15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#​15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#​15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#​15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#​15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#​15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#​15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#​15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#​15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#​15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#​15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#​15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#​15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#​15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#​15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#​15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#​15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#​15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#​15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#​15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#​15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#​15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#​15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#​15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#​15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#​15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#​15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#​15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#​15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#​15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#​15407) (sapphi-red)

Oxfmt v0.12.0

🚀 Features

• 3251000 oxfmt: Use prettier directly and bundle prettier (#​15544) (Dunqing)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#​15469) (Boshen)
• 33ad374 oxfmt: Disable embedded formatting by default for alpha (#​15402) (leaysgur)
• 5708126 formatter/sort_imports: Add options.newlinesBetween (#​15369) (leaysgur)
• 2dfc3bd formatter: Remove Tag::StartVerbatim and Tag::EndVerbatim (#​15370) (Dunqing)
• 88c7530 formatter: Remove FormatElement::LocatedTokenText (#​15367) (Dunqing)

🐛 Bug Fixes

• d32d22e formatter: Correct FormatElement size check (#​15461) (Dunqing)
• b0f43f9 formatter: Test call difference (#​15356) (Dunqing)
• 01f20f3 formatter: Incorrect comment checking logic for grouping argument (#​15354) (Dunqing)

⚡ Performance

• f4b75b6 formatter: Pre-allocate enough space for the FormatElement buffer (#​15422) (Dunqing)
• 5a61189 formatter: Avoid unnecessary allocation for BinaryLikeExpression (#​15467) (Dunqing)
• 064f835 formatter: Optimize printing call arguments (#​15464) (Dunqing)
• 29f35b2 formatter: Reuse previous indent stack in FitsMeasurer (#​15416) (Dunqing)
• a6808a0 oxfmt: Use AllocatorPool to reuse allocator between threads (#​15412) (leaysgur)
• 2515045 formatter: Use CodeBuffer's built-in print_indent to print indentation (#​15406) (Dunqing)
• 681607b formatter: Check the Text to see whether it has multiple lines based on its width (#​15405) (Dunqing)
• b92deb4 formatter: Replace String buffer with byte-oriented CodeBuffer (#​14752) (Boshen)
• 963b87f formatter: Add text_without_whitespace for text that can never have whitespace (#​15403) (Dunqing)
• f30ce4b formatter: Optimize formatting literal string (#​15380) (Dunqing)
• 8f25a0e formatter: Memorize text width for FormatElement::Text (#​15372) (Dunqing)
• f913543 formatter: Avoid allocation for SyntaxTokenCowSlice (#​15366) (Dunqing)
• 98c9234 formatter: Optimize FormatElement::Token printing (#​15365) (Dunqing)

oxc-project/tsgolint (oxlint-tsgolint)

v0.6.0

Compare Source

What's Changed

• chore(deps): update typescript-go digest to f60eb37 by @​renovate[bot] in #​380
• chore(deps): update typescript-go digest to db968bc by @​renovate[bot] in #​381
• chore(deps): update typescript-go digest to ffa30a7 by @​renovate[bot] in #​382
• chore(deps): update typescript-go digest to 97756ce by @​renovate[bot] in #​383
• Add npm version badge to README by @​Boshen in #​384
• chore(deps): update github-actions by @​renovate[bot] in #​385
• chore(deps): update module golang.org/x/sys to v0.38.0 by @​renovate[bot] in #​386
• chore(deps): update npm packages by @​renovate[bot] in #​387
• chore(deps): update golangci/golangci-lint-action action to v9 by @​renovate[bot] in #​388
• chore(deps): update typescript-go digest to ea4e944 by @​renovate[bot] in #​390
• feat: add support for headless rule config by @​camchenry in #​258
• docs: update docs for adding new rule and options schema by @​camchenry in #​391
• fix(no-deprecated): false positive with class getter by @​camc314 in #​395
• chore(deps): update dependency vitest>vite to v7.2.4 by @​renovate[bot] in #​396
• feat: add options schema for no-base-to-string and no-confusing-void-expression by @​camchenry in #​392
• feat: add options schema for no-deprecated by @​camchenry in #​393
• feat: add options schema for no-duplicate-type-constituents by @​camchenry in #​397
• feat: add options schema for no-meaningless-void-operator by @​camchenry in #​398
• feat: add options schema for no-misused-promises by @​camchenry in #​399
• perf: use minimal tsconfig to make tests 2-3x faster by @​camchenry in #​405
• perf: use minimal tsconfig for more tests by @​camchenry in #​406
• feat: add options schema for no-misused-spread by @​camchenry in #​401
• feat: add options schema for no-unnecessary-boolean-literal-compare by @​camchenry in #​402
• feat: add options schema for no-unnecessary-type-assertion by @​camchenry in #​403
• feat: add options schema for only-throw-error by @​camchenry in #​404
• feat: add options schema for prefer-promise-reject-errors by @​camchenry in #​409

Full Changelog: oxc-project/tsgolint@v0.5.1...v0.6.0

vitest-dev/vitest (vitest)

v4.0.8

Compare Source

   🐞 Bug Fixes

• Workaround noExternal merging bug on Vite 6  -  by @​hi-ogawa in #​8950 (bcb13)
• Missed context.d.ts file  -  by @​termorey in #​8965 (9044d)
• Incorrect error message for non-awaited expect.element()  -  by @​StyleShit in #​8954 (9638d)
• browser: Cleanup frame-ancestors from CSP header at coverage middleware  -  by @​userquin in #​8941 (1f730)
• deps: Update all non-major dependencies  -  by @​sheremet-va in #​8636 (da8b9)
• forks: Do not fail with Windows Defender enabled  -  by @​sheremet-va in #​8967 (c79f4)
• runner: Properly encode Uint8Array body in annotations  -  by @​Livan-pro in #​8951 (997ca)
• spy: Copy static properties if spy is initialised with vi.fn(), fix types for vi.spyOn(obj, class)  -  by @​sheremet-va in #​8956 (75e7f)
• webdriverio: When no argument is passed to the .click interaction command, the webdriver command should also have no argument  -  by @​julienw in #​8937 (069e6)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5226ae6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	esbuild@​0.27.0
	@​types/​react-dom@​19.2.2 ⏵ 19.2.3
	vitest@​4.0.7 ⏵ 4.0.9	-2		-21	-1
	@​types/​react@​19.2.2 ⏵ 19.2.4			+1
	oxfmt@​0.11.0 ⏵ 0.13.0	+5		+6	+1
	oxlint@​1.26.0 ⏵ 1.28.0	+1		+1	+1
	oxlint-tsgolint@​0.5.1 ⏵ 0.6.0				+1
	@​sanity/​pkg-utils@​9.0.5 ⏵ 9.0.8

View full report