chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@custom-elements-manifest/analyzer (source)	0.10.5 -> 0.10.10
@eslint/js (source)	9.35.0 -> 9.37.0
@rollup/plugin-node-resolve (source)	16.0.1 -> 16.0.3
@types/node (source)	22.18.1 -> 22.18.10
@typescript-eslint/eslint-plugin (source)	8.42.0 -> 8.46.1
@typescript-eslint/parser (source)	8.42.0 -> 8.46.1
@vscode/codicons	^0.0.40 -> ^0.0.41
dotenv	17.2.2 -> 17.2.3
eslint-plugin-wc	3.0.1 -> 3.0.2
mocha (source)	11.7.2 -> 11.7.4
npm-check-updates	18.0.3 -> 18.3.1
rollup (source)	4.50.0 -> 4.52.4
rollup-plugin-visualizer	6.0.3 -> 6.0.4
semver	7.7.2 -> 7.7.3
typescript (source)	5.9.2 -> 5.9.3

---

Release Notes

open-wc/custom-elements-manifest (@​custom-elements-manifest/analyzer)

v0.10.10

Compare Source

• Dont filter out a declaration is it is exported as key of an object

v0.10.9

Compare Source

• Fix declaration data on exports

v0.10.8

Compare Source

• Add .npmignore to prevent stuff from being published

v0.10.7

Compare Source

• Attr decorator fix

v0.10.6

Compare Source

• Update version of find-dependencies

eslint/eslint (@​eslint/js)

v9.37.0

Compare Source

v9.36.0

Compare Source

Features

• 47afcf6 feat: correct preserve-caught-error edge cases (#​20109) (Francesco Trotta)

Bug Fixes

• 75b74d8 fix: add missing rule option types (#​20127) (ntnyq)
• 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#​20116) (루밀LuMir)
• 7d61b7f fix: add missing scope types to Scope.type (#​20110) (Pixel998)
• 7a670c3 fix: correct rule option typings in rules.d.ts (#​20084) (Pixel998)

Documentation

• b73ab12 docs: update examples to use defineConfig (#​20131) (sethamus)
• 31d9392 docs: fix typos (#​20118) (Pixel998)
• c7f861b docs: Update README (GitHub Actions Bot)
• 6b0c08b docs: Update README (GitHub Actions Bot)
• 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

• 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#​20139) (Milos Djermanovic)
• 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
• bac82a2 ci: simplify renovate configuration (#​19907) (唯然)
• c00bb37 ci: bump actions/labeler from 5 to 6 (#​20090) (dependabot[bot])
• fee751d refactor: use defaultOptions in rules (#​20121) (Pixel998)
• 1ace67d chore: update example to use defineConfig (#​20111) (루밀LuMir)
• 4821963 test: add missing loc information to error objects in rule tests (#​20112) (루밀LuMir)
• b42c42e chore: disallow use of deprecated type property in core rule tests (#​20094) (Milos Djermanovic)
• 7bb498d test: remove deprecated type property from core rule tests (#​20093) (Pixel998)
• e10cf2a ci: bump actions/setup-node from 4 to 5 (#​20089) (dependabot[bot])
• 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#​20080) (Pixel998)
• f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
• 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#​20079) (Milos Djermanovic)

rollup/plugins (@​rollup/plugin-node-resolve)

v16.0.3

2025-10-13

Bugfixes

• fix: resolve bare targets of package "imports" using export maps; avoid fileURLToPath(null) (#​1908)

v16.0.2

2025-10-04

Bugfixes

• fix: error thrown with empty entry (#​1893)

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.46.1

Compare Source

🩹 Fixes

• eslint-plugin: [no-misused-promises] special-case .finally not to report when a promise returning function is provided as an argument (#​11667)
• eslint-plugin: [prefer-optional-chain] include mixed "nullish comparison style" chains in checks (#​11533)

❤️ Thank You

• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.46.0

Compare Source

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#​11659)
• rule-schema-to-typescript-types: clean up and make public (#​11633)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#​11660)
• typescript-estree: forbid abstract method and accessor to have implementation (#​11657)
• eslint-plugin: removed error type previously deprecated (#​11674)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#​11603)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#​11634)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#​11628)
• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#​11487)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev

You can read about our versioning strategy and releases on our website.

v8.45.0

Compare Source

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#​11616)

🩹 Fixes

• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#​11614)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#​11617)

❤️ Thank You

• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.44.1

Compare Source

🩹 Fixes

• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#​11611)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#​11599)
• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#​11597)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.44.0

Compare Source

🚀 Features

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#​11267)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-conversion] ignore enum members (#​11490)

❤️ Thank You

• Moses Odutusin @​thebolarin
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.43.0

Compare Source

🚀 Features

• typescript-estree: disallow empty type parameter/argument lists (#​11563)

🩹 Fixes

• eslint-plugin: [prefer-return-this-type] don't report an error when returning a union type that includes a classType (#​11432)
• eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#​11359)
• eslint-plugin: [no-floating-promises] allowForKnownSafeCalls now supports function names (#​11423, #​11430)
• eslint-plugin: [consistent-type-exports] fix declaration shadowing (#​11457)
• eslint-plugin: [no-unnecessary-type-conversion] only report ~~ on integer literal types (#​11517)
• scope-manager: exclude Program from DefinitionBase node types (#​11469)
• eslint-plugin: [no-non-null-assertion] do not suggest optional chain on LHS of assignment (#​11489)
• type-utils: add union type support to TypeOrValueSpecifier (#​11526)

❤️ Thank You

• Dima @​dbarabashh
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• tao
• Victor Genaev @​mainframev
• Yukihiro Hasegawa @​y-hsgw
• 민감자(Minji Kim) @​mouse0429
• 송재욱

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.46.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.46.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.45.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.44.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.44.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.43.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

microsoft/vscode-codicons (@​vscode/codicons)

v0.0.41

Compare Source

🚀 New icons

• collection #​323
• new-collection #​323
• thinking #​326

🧹 Clean up

• gear #​325

Full Changelog: microsoft/vscode-codicons@v0.0.40...v0.0.41

motdotla/dotenv (dotenv)

v17.2.3

Compare Source

Changed

• Fixed typescript error definition (#​912)

43081j/eslint-plugin-wc (eslint-plugin-wc)

v3.0.2

Compare Source

What's Changed

• fix: ignore listeners with signals by @​43081j in #​149
• fix: disallow extra properties in rule options by @​andreww2012 in #​147
• chore: switch to trusted publishing by @​43081j in #​150
• feat: upgrade ESLint locally by @​43081j in #​151
• chore: bump mocha/chai by @​43081j in #​152
• fix: borked yaml in workflow by @​43081j in #​153
• fix: build before publish by @​43081j in #​154
• fix: run build once in publish by @​43081j in #​155
• fix: run build in prepublish only by @​43081j in #​156

New Contributors

• @​andreww2012 made their first contribution in #​147

Full Changelog: 43081j/eslint-plugin-wc@3.0.1...3.0.2

mochajs/mocha (mocha)

v11.7.4

Compare Source

🩹 Fixes

• watch mode using chokidar v4 (#​5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#​5465) (bff9166)

🧹 Chores

• remove trailing spaces (#​5475) (7f68e5c)

v11.7.3

Compare Source

🩹 Fixes

• use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#​5408) (ebdbc48)

📚 Documentation

• add security escalation policy (#​5466) (4122c7d)
• fix duplicate global leak documentation (#​5461) (1164b9d)
• migrate third party UIs wiki page to docs (#​5434) (6654704)
• update maintainer release notes for release-please (#​5453) (185ae1e)

🤖 Automation

• deps: bump actions/setup-node in the github-actions group (#​5459) (48c6f40)

raineorshine/npm-check-updates (npm-check-updates)

v18.3.1

Compare Source

v18.3.0

Compare Source

v18.2.1

Compare Source

v18.2.0

Compare Source

Thanks to community members for raising awareness and to @​SebastianSedzik for the implementation.

See: #​1547

Feature: --cooldown

Usage:

ncu --cooldown [n]
ncu -c [n]

The cooldown option helps protect against supply chain attacks by requiring package versions to be published at least the given number of days before considering them for upgrade.

Note that previous stable versions will not be suggested. The package will be completely ignored if its latest published version is within the cooldown period. This is due to a limitation of the npm registry, which does not provide a way to query previous stable versions.

Example:

Let's examine how cooldown works with a package that has these versions available:

1.0.0          Released 7 days ago    (initial version)
1.1.0          Released 6 days ago    (minor update)
1.1.1          Released 5 days ago    (patch update)
1.2.0          Released 5 days ago    (minor update)
2.0.0-beta.1   Released 5 days ago    (beta release)
1.2.1          Released 4 days ago    (patch update)
1.3.0          Released 4 days ago    (minor update) [latest]
2.0.0-beta.2   Released 3 days ago    (beta release)
2.0.0-beta.3   Released 2 days ago    (beta release) [beta]

With default target (latest):

$ ncu --cooldown 5

No update will be suggested because:

• Latest version (1.3.0) is only 4 days old.
• Cooldown requires versions to be at least 5 days old
• Use --cooldown 4 or lower to allow this update

With @beta/@tag target:

$ ncu --cooldown 3 --target @​beta

No update will be suggested because:

• Current beta (2.0.0-beta.3) is only 2 days old
• Cooldown requires versions to be at least 3 days old
• Use --cooldown 2 or lower to allow this update

With other targets:

$ ncu --cooldown 5 --target greatest|newest|minor|patch|semver

Each target will select the best version that is at least 5 days old:

greatest → 1.2.0        (highest version number outside cooldown)
newest   → 2.0.0-beta.1 (most recently published version outside cooldown)
minor    → 1.2.0        (highest minor version outside cooldown)
patch    → 1.1.1        (highest patch version outside cooldown)

Note for latest/tag targets:

⚠️ For packages that update frequently (e.g. daily releases), using a long cooldown period (7+ days) with the default --target latest or --target @​tag may prevent all updates since new versions will be published before older ones meet the cooldown requirement. Please consider this when setting your cooldown period.

v18.1.1

Compare Source

v18.1.0

Compare Source

rollup/rollup (rollup)

v4.52.4

Compare Source

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#​6133)

Pull Requests

• #​6128: Enable npm OIDC publishing (@​lukastaegert)
• #​6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #​6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

v4.52.3

Compare Source

2025-09-27

Bug Fixes

• Fix check in native loader for environments that do not support reports (#​6123)

Pull Requests

• #​6123: fix(native-loader): safely handle report.getReport() on Termux/Android (@​Jobians, @​lukastaegert)
• #​6124: chore(deps): pin msys2/setup-msys2 action to fb197b7 (@​renovate[bot])
• #​6125: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6126: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.52.2

Compare Source

2025-09-23

Bug Fixes

• Fix Android build crashing due to failed dlopen (#​6109)

Pull Requests

• #​6109: fix(rust): use prebuilt std when it is available (@​cyyynthia)

v4.52.1

Compare Source

2025-09-23

Bug Fixes

• Opt-out of dynamic import optimization when using top-level await to effectively prevent deadlocks (#​6121)

Pull Requests

• #​6121: Simplify top-level await deadlock prevention (@​lukastaegert)

v4.52.0

Compare Source

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#​6087)
• Add support for x86_64-pc-windows-gnu platform (#​6110)

Pull Requests

• #​6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #​6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #​6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

v4.51.0

Compare Source

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#​6108)

Bug Fixes

• Improve OpenHarmony build to work in more situations (#​6115)

Pull Requests

• #​6108: feat: support ROLLUP_FILE_URL_OBJ for URL object instead of string (@​guybedford, @​lukastaegert)
• #​6112: Disable Cargo cache for Android (@​lukastaegert)
• #​6113: fix(deps): update rust crate swc_compiler_base to v35 (@​renovate[bot])
• #​6114: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6115: Disable local_dynamic_tls for OpenHarmony (@​hqzing)
• #​6116: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6117: chore(deps): lock file maintenance (@​renovate[bot])

v4.50.2

Compare Source

2025-09-15

Bug Fixes

• Resolve an issue where unused destructured array pattern declarations would conflict with included variables (#​6100)

Pull Requests

• #​6100: Tree-shake un-included elements in array pattern (@​TrickyPi)
• #​6102: chore(deps): update actions/setup-node action to v5 (@​renovate[bot])
• #​6103: chore(deps): update dependency eslint-plugin-unicorn to v61 (@​renovate[bot])
• #​6104: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #​6105: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6107: Improve CI stability (@​lukastaegert)

v4.50.1

Compare Source

2025-09-07

Bug Fixes

• Resolve a situation where a destructuring default value was removed (#​6090)

Pull Requests

• #​6088: feat(www): shorter repl shareables (@​cyyynthia, @​lukastaegert)
• #​6090: Call includeNode for self or children nodes in includeDestructuredIfNecessary (@​TrickyPi)
• #​6091: fix(deps): update rust crate swc_compiler_base to v33 (@​renovate[bot])
• #​6092: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6094: perf: replace startsWith with strict equality (@​btea)

btd/rollup-plugin-visualizer (rollup-plugin-visualizer)

v6.0.4

Compare Source

npm/node-semver (semver)

v7.7.3

Compare Source

Bug Fixes

• e37e0ca #​813 faster paths for compare (#​813) (@​H4ad)
• 2471d75 #​811 x-range build metadata support (i529015)

Chores

• 8f05c87 #​807 bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#​807) (@​dependabot[bot], @​owlstronaut)

microsoft/TypeScript (typescript)

v5.9.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.