fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@shikijs/vitepress-twoslash (source)	^3.14.0 -> ^3.17.0			devDependencies	minor
@swc/core (source)	^1.15.0 -> ^1.15.3			dependencies	patch
@types/node (source)	^24.10.0 -> ^24.10.1			devDependencies	patch
bumpp	^10.3.1 -> ^10.3.2			devDependencies	patch
bumpp	^10.3.1 -> ^10.3.2			dependencies	patch
c12	^3.3.1 -> ^3.3.2			dependencies	patch
es-toolkit (source)	^1.41.0 -> ^1.42.0			dependencies	minor
esbuild	^0.25.12 -> ^0.27.0			dependencies	minor
lint-staged	^16.2.6 -> ^16.2.7			devDependencies	patch
node	24.11.0 -> 24.11.1			uses-with	patch
pnpm (source)	10.20.0 -> 10.24.0			packageManager	minor
tsx (source)	^4.20.6 -> ^4.21.0			devDependencies	minor
vitest (source)	^4.0.7 -> ^4.0.14			devDependencies	patch

---

Release Notes

shikijs/shiki (@​shikijs/vitepress-twoslash)

v3.17.0

Compare Source

   🚀 Features

• cli: Support passing remote file url  -  by @​o-az in #​1139 (fb05a)
• core: Support embeddedLanguages alias for backwards compatibility  -  by @​Ipshita29 in #​1044 and #​1145 (3a367)
• monaco: Normalize theme tokenScopes and tighten monaco type import  -  by @​Simon-He95 in #​1140 (dc792)

   🐞 Bug Fixes

• monaco: Preserve Markdown font styles  -  by @​prempyla and @​antfu in #​1107 (e4dec)
• shiki: Rename createdBundledHighlighter to createBundledHighlighter  -  by @​tushar73-jet, Tushar and @​antfu in #​1135 (e6d21)
• transformers: Handle multi-token comments in rose-pine theme  -  by @​ish1416 and @​antfu in #​1118 (3e1bd)
• twoslash: Fix typo in twoslash-query-persisted, close #​1130, close #​981  -  by @​antfu in #​1130 and #​981 (55a17)
• types: Add 'plain' to PlainTextLanguage type  -  by @​kevinkucharczyk in #​1133 (156c5)

    View changes on GitHub

v3.16.0

Compare Source

   🚀 Features

• Update grammars  -  by @​antfu (02dab)

   🐞 Bug Fixes

• Enable decorations for structure: inline  -  by @​Aashish-Jha-11 and Aashish_Jha_1107 in #​1103 (8806b)
• Resolve vitest alias for wasm-inlined  -  by @​sahilsharda (2d7b3)
• transformers: Support comment-prefixed [code . highlight] markers in v3 notation matcher  -  by @​Hariksh in #​1102 (5068b)

    View changes on GitHub

v3.15.0

Compare Source

   🚀 Features

• lang-ansi: Fallback for missing theme ANSI colors  -  by @​Chanakyasinde and @​antfu in #​1095 (f36ea)
• transformers: Support meta.indent for indent guides  -  by @​L33Z22L11 in #​1087 (d8f89)

   🐞 Bug Fixes

• Allow singleton highlighter recovery after invalid language error  -  by @​Maxiemad in #​1091 (218c9)
• vitepress-twoslash: Prevent popper show/hide on dragging  -  by @​bluwy in #​1090 (29522)

    View changes on GitHub

swc-project/swc (@​swc/core)

v1.15.3

Compare Source

Bug Fixes

• (es/codegen) Restore missing top-level comments (#​11302) (0998c93)

• (es/codegen) Emit comments of all nodes (#​11314) (387ee0f)

• (es/minifier) Prevent compress.comparisons from transforming expressions with side effects (#​11256) (58a9d81)

• (es/minifier) Remove unused arrow functions in dead code elimination (#​11319) (88c6ac7)

• (es/parser) Make the span of Program start at input start (#​11199) (b56e008)

• (es/plugin) Use #[cfg] to avoid compilation error (#​11316) (f615cdb)

• (es/quote) Replace usage of swc_atoms with swc_core::atoms (#​11299) (c1e32fa)

Miscellaneous Tasks

• (es/transformer) Determine project structure (#​11306) (58f2602)

Performance

• (es/compat) Merge regexp pass into Transformer (#​11307) (440b391)

• (es/compat) Merge export_namespace_from to Transformer (#​11309) (7a528ce)

Refactor

• (es/transfomer) Prevent breaking change (#​11308) (45827fa)

v1.15.2

Compare Source

Bug Fixes

• (bindings/es) Respect filename option from print() (#​11264) (0d4d2d9)

Features

• (es/minifier) Drop empty constructors during minification (#​11250) (2cea7dd)

• (es/visit) Add context parameter to VisitMutHook trait (#​11254) (8645d0d)

Performance

• (es/parser) Inline skip_space (afb824a)

• (es/parser) Eliminate the outer loop of skip_block_comment (#​11261) (e41c0ac)

• (es/plugin) Use shared tokio runtime to avoid creation overhead (#​11267) (707026b)

v1.15.1

Compare Source

Bug Fixes

• (cli) Print filename to stderr when compiling (#​11249) (d66dab5)

• (es/minifier) Prevent array destructuring optimization in assignment contexts (#​11221) (99d8b0a)

Features

• (es/compiler) Determine module structure (#​11238) (415019c)

• (ts/fast-strip) Add a binding crate for nodejs/amaro (#​11236) (f0829af)

• (visit) Add hook APIs for visitors (#​11242) (3a141ed)

Miscellaneous Tasks

• (es/compiler) Drop syntax_ext and prepare AI-based porting (#​11239) (15639c0)

Performance

• (common) Improve StringInput#bump_bytes (#​11230) (6a9fa49)

• (es/parser) Optimize skip_space (#​11225) (541d252)

Refactor

• (visit) Use separate crate for hooks (#​11243) (d93ec90)

antfu-collective/bumpp (bumpp)

v10.3.2

Compare Source

   🐞 Bug Fixes

• Resolve the options in config file correctly  -  by @​liangmiQwQ in #​101 (f5887)

    View changes on GitHub

unjs/c12 (c12)

v3.3.2

Compare Source

compare changes

📖 Documentation

• Fix typo in globalRc option (#​281)

📦 Build

• Switch to obuild (rolldown) (9addbb1)
• Relax magicast peer dependency range (eae6be1)

🏡 Chore

• Update dev deps (26fe8fe)
• Update deps (16fd49d)
• Update deps (120c0e6)
• Update scripts (543b39c)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Jan T. Sott [email protected]

toss/es-toolkit (es-toolkit)

v1.42.0

Compare Source

Released on November 17th, 2025.

• Added new async utilities: filterAsync, flatMapAsync, forEachAsync, mapAsync, reduceAsync, and limitAsync for handling asynchronous operations.
• Exported ThrottleOptions and DebounceOptions interfaces for better type support.
• Fixed isFinite to implement type predicate to narrow type to number.
• Fixed isSafeInteger to implement type predicate to narrow type to number.
• Fixed omit to prevent adding index properties to array-like objects.
• Fixed mergeWith to remove unnecessary nullish coalescing for 100% branch coverage.
• Fixed compat/updateWith to remove unreachable code and add prototype pollution test.
• Updated documentation headings for consistency.
• Improved test coverage for compat/mergeWith, compat/unset, get, toMerged, mergeWith, and compat/intersectionBy with additional edge cases and security tests.

We sincerely thank @​Debbl, @​wo-o29, @​raon0211, @​Yeom-JinHo, @​sukvvon, and @​D-Sketon for their contributions. We appreciate your great efforts!

evanw/esbuild (esbuild)

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#​4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Compare Source

• Enable trusted publishing (#​4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

lint-staged/lint-staged (lint-staged)

v16.2.7

Compare Source

Patch Changes

• #​1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

actions/node-versions (node)

v24.11.1: 24.11.1

Compare Source

Node.js 24.11.1

pnpm/pnpm (pnpm)

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

privatenumber/tsx (tsx)

v4.21.0

Compare Source

vitest-dev/vitest (vitest)

v4.0.14

Compare Source

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in #​9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in #​9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in #​8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in #​9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in #​9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in #​9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in #​9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #​9018  -  by @​sheremet-va in #​9072 and #​9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in #​9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in #​9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in #​9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in #​9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in #​9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in #​9057 (acc51)

    View changes on GitHub

v4.0.13

Compare Source

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in #​9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in #​9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in #​9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in #​9076 (6b9a1)

    View changes on GitHub

v4.0.12

Compare Source

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in #​9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in #​9066 (e944a)

    View changes on GitHub

v4.0.11

Compare Source

   🚀 Experimental Features

• api: Add extensible test artifact API  -  by @​macarie in #​8987 (77292)
  • See more at https://vitest.dev/api/advanced/artifacts
• expect: Provide task in MatchState  -  by @​macarie in #​9022 (afd1f)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in #​8994 (d6d33)
  • See more at https://vitest.dev/guide/open-telemetry

   🏎 Performance

• experimental: Add file system cache  -  by @​sheremet-va in #​9026 (1b147)
  • See more at https://vitest.dev/config/experimental#experimental-fsmodulecache

    View changes on GitHub

v4.0.10

Compare Source

   🐞 Bug Fixes

• Remove onCancel when worker is terminated  -  by @​sheremet-va in #​9033 (6d7f0)
• browser:
  • Don't scale the iframe if UI is disabled  -  by @​sheremet-va in #​9018 (5406e)
  • Handle dependency stack traces with external source maps. Resolves: #​9003  -  by @​iclectic in #​9016 and #​9003 (57ae5)
• bun:
  • Parsing of stack trace for bun runtime  -  by @​nazarhussain in #​9032 (f3ec6)
• core:
  • Prevent starting new run when cancelling  -  by @​AriPerkkio in #​8991 (eb98d)
• pool:
  • Prevent writing to closed worker  -  by @​AriPerkkio and @​sheremet-va in #​9023 (042c6)
• reporters:
  • Report correct test run duration at the end  -  by @​sheremet-va in #​8969 (bc3a6)
• ui:
  • Use execution time from ws reporter (onFinished)  -  by @​userquin in #​8975 (f56dc)

    View changes on GitHub

v4.0.9

Compare Source

   🚀 Experimental Features

• expect: Add Set support to toBeOneOf  -  by @​tim-we and @​sheremet-va in #​8906 (a415d)

   🐞 Bug Fixes

• browser: Add favicon icons to the browser mode ui  -  by @​userquin in #​8972 (353ee)
• forks: Increase worker start timeout  -  by @​AriPerkkio in #​9027 (5e750)
• jsdom: Cloned request is an instance of Request  -  by @​sheremet-va in #​8985 (506a9)
• ui: Collect file/suite/test duration correctly  -  by @​userquin in #​8976 (8016d)

    View changes on GitHub

v4.0.8

Compare Source

   🐞 Bug Fixes

• Workaround noExternal merging bug on Vite 6  -  by @​hi-ogawa in #​8950 (bcb13)
• Missed context.d.ts file  -  by @​termorey in #​8965 (9044d)
• Incorrect error message for non-awaited expect.element()  -  by @​StyleShit in #​8954 (9638d)
• browser: Cleanup frame-ancestors from CSP header at coverage middleware  -  by @​userquin in #​8941 (1f730)
• deps: Update all non-major dependencies  -  by @​sheremet-va in #​8636 (da8b9)
• forks: Do not fail with Windows Defender enabled  -  by @​sheremet-va in #​8967 (c79f4)
• runner: Properly encode Uint8Array body in annotations  -  by @​Livan-pro in #​8951 (997ca)
• spy: Copy static properties if spy is initialised with vi.fn(), fix types for vi.spyOn(obj, class)  -  by @​sheremet-va in #​8956 (75e7f)
• webdriverio: When no argument is passed to the .click interaction command, the webdriver command should also have no argument  -  by @​julienw in #​8937 (069e6)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[pkg-pr-new]

npm i https://pkg.pr.new/zotero-plugin-scaffold@153

commit: 71e83fa