chore(deps): update npm (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@​splunk/eslint-config	^5.0.0 → ^6.0.0
@types/react-dom (source)	^18.3.7 → ^19.2.3
@vitejs/plugin-react (source)	^4.7.0 → ^6.0.2
diff	^8.0.4 → ^9.0.0
http-proxy-middleware	^3.0.5 → ^4.1.1
typescript (source)	^5.9.3 → ^6.0.3
vite (source)	^7.3.1 → ^8.0.16
vite-plugin-dts (source)	4.5.3 → 5.0.2

---

Release Notes

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v6.0.2

Compare Source

Allow all options in reactCompilerPreset (#​1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

v6.0.1

Compare Source

Expand @rolldown/plugin-babel peer dep range (#​1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

v6.0.0

Compare Source

v5.2.0

Compare Source

v5.1.4

Compare Source

Fix canSkipBabel not accounting for babel.overrides (#​1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

v5.1.3

Compare Source

v5.1.2

Compare Source

v5.1.1

Compare Source

Update code to support newer rolldown-vite (#​976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

v5.1.0

Compare Source

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#​890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#​930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

v5.0.4

Compare Source

Perf: use native refresh wrapper plugin in rolldown-vite (#​881)

v5.0.3

Compare Source

HMR did not work for components imported with queries with rolldown-vite (#​872)

Perf: simplify refresh wrapper generation (#​835)

v5.0.2

Compare Source

Skip transform hook completely in rolldown-vite in dev if possible (#​783)

v5.0.1

Compare Source

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#​735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#​734)

Respect tsconfig jsxImportSource (#​726)

Fix reactRefreshHost option on rolldown-vite (#​716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#​708)

Skip babel-plugin-react-compiler on non client environment (689)

v5.0.0

Compare Source

kpdecker/jsdiff (diff)

v9.0.0

Compare Source

(All changes part of PR #​672.)

• ES5 support is dropped. parsePatch now uses TextDecoder and Uint8Array, which are not available in ES5, and TypeScript is now compiled with the "es6" target. From now on, I intend to freely use any features that are deemed "Widely available" by Baseline. Users who need ES5 support should stick to version 8.

• C-style quoted strings in filename headers are now properly supported.

  When the name of either the old or new file in a patch contains "special characters", both GNU diff and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; parsePatch would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. formatPatch, meanwhile, did not quote or escape special characters at all.

  Now, parsePatch parses all the possible escape sequences that GNU diff (or Git) ever output, and formatPatch quotes and escapes filenames containing special characters in the same way GNU diff does.

• formatPatch now omits file headers when oldFileName or newFileName in the provided patch object are undefined, regardless of the headerOptions parameter. (Previously, it would treat the absence of oldFileName or newFileName as indicating the filename was the word "undefined" and emit headers --- undefined / +++ undefined.)

• formatPatch no longer outputs trailing tab characters at the end of ---/+++ headers.

  Previously, if formatPatch was passed a patch object to serialize that had empty strings for the oldHeader or newHeader property, it would include a trailing tab character after the filename in the --- and/or +++ file header. Now, this scenario is treated the same as when oldHeader/newHeader is undefined - i.e. the trailing tab is omitted.

• formatPatch no longer mutates its input when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously formatPatch would provide the correct output but also mutate the oldLines or newLines property on the hunk, changing the meaning of the underlying patch.

• Git-style patches are now supported by parsePatch, formatPatch, and reversePatch.

  Patches output by git diff can include some features that are unlike those output by GNU diff, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the content of two files, but Git diffs can also indicate, via "extended headers", the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated ---/+++ file headers nor any hunks.

  jsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now parsePatch parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no --- or +++ file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by parsePatch. See isGit and subsequent properties in the docs in the README.md file.

  formatPatch now outputs extended headers based on these new Git-specific properties, and reversePatch respects them as far as possible (with one unavoidable caveat noted in the README.md file).

• Unpaired file headers now cause parsePatch to throw.

  It remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a @@​ hunk header on the very first line), but a patch with only a --- header or only a +++ header is now considered an error.

• parsePatch is now more tolerant of "trailing garbage"

  That is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of "garbage" (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a +, -, or and thus is interpretable as part of a hunk still triggers a throw).

  This means we no longer reject patches output by tools that include extra data in "garbage" lines not understood by generic unified diff parsers. (For example, SVN patches can include "Property changes on:" lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)

  This change brings jsdiff's behaviour more in line with GNU patch, which is highly permissive of "garbage".

• The oldFileName and newFileName fields of StructuredPatch are now typed as string | undefined instead of string. This type change reflects the (pre-existing) reality that parsePatch can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).

chimurai/http-proxy-middleware (http-proxy-middleware)

v4.1.1

Compare Source

• fix(fixRequestBody): harden form-data stringification

v4.1.0

Compare Source

• feat(definePlugin): helper function to create plugins
• chore(package.json): update to httpxy@​0.5.3
• fix(ipv6): preserve credentials when normalizing bracketed IPv6 target string
• fix(ipv6): unspecified IPv6 target hostname (::)
• fix(response-interceptor): reduce responseInterceptor buffer churn
• fix(ws): handle multi-server upgrade subscription and safe proxy shutdown
• feat(router): add 'res' and 'options' to router function
• feat(pathRewrite): add 'res' and 'options' to custom pathRewrite function
• fix(responseInterceptor): prevent trailer/content-length conflict
• feat(zstd): support zstd compression in responseInterceptor and fixRequestBody
• fix(responseInterceptor): handle bodyless responses (HEAD/1xx/204/304) with content-encoding
• fix(router): harden proxy-table matching

v4.0.0

Compare Source

• fix(types): fix Logger type
• fix(error-response-plugin): sanitize input
• feat: drop node v14/v16/v18 [BREAKING CHANGE]
• refactor: replace http-proxy w/ httpxy
• chore: remove legacyCreateProxyMiddleware() [BREAKING CHANGE]
• ci: migrate from jest to vitest
• chore(package.json): esm only [BREAKING CHANGE]
• chore(package.json): bump to httpxy 0.5.0 (#​1183)
• chore(package.json): drop node20 [BREAKING CHANGE] (#​1179)
• refactor: remove deprecated url.parse() (#​1176)
• fix(fixRequestBody): support content-encoding on request body (#​1142)
• fix: prevent TypeError when ws enabled but server is undefined (#​1163)
• fix: applyPathRewrite logs old req.url instead of rewritten path (#​1157)
• feat(hono): support for hono with createHonoProxyMiddleware
• feat(ipv6): support literal IPv6 addresses in target and forward options (ie. "http://[::1]:8000")
• chore(package.json): bump httpxy to ^0.5.1
• fix(logger-plugin): support ipv6 host and handle undefined protocol/host
• ci(publish.yml): pin github.triggering_actor
• chore(package.json): node ^22.15.0 (#​1218)
• refactor(package): subpath 'http-proxy-middleware/hono' (#​1220)
• chore: node 26 support

v3.0.7

Compare Source

What's Changed

• fix(fixRequestBody): harden form-data stringification by @​chimurai in #​1259
• chore(package.json): v3.0.7 by @​chimurai in #​1261

Full Changelog: chimurai/http-proxy-middleware@v3.0.6...v3.0.7

v3.0.6

Compare Source

What's Changed

• fix(types): fix Logger type by @​chimurai in #​1104
• fix(fixRequestBody): support text/plain by @​knudtty in #​1103
• chore(examples): bump deps by @​chimurai in #​1105
• build(prettier): improve prettier setup by @​chimurai in #​1108
• chore(deps): fix punycode node deprecation warning by @​chimurai in #​1109
• chore(examples): bump deps by @​chimurai in #​1110
• build(codespaces): add devcontainer.json by @​chimurai in #​1112
• chore(package): bump dev dependencies by @​chimurai in #​1116
• ci(github-action): ci.yml add node v24 by @​chimurai in #​1117
• chore(package): bump dev dependencies by @​chimurai in #​1118
• chore(package): upgrade to jest v30 by @​chimurai in #​1122
• chore(examples): upgrade deps by @​chimurai in #​1124
• chore(package): update dev deps by @​chimurai in #​1125
• test(websocket): fix ws import by @​chimurai in #​1126
• chore(refactor): use node: protocol imports by @​chimurai in #​1127
• ci(node24): pin node24 due to TLS issue with mockttp by @​chimurai in #​1137
• docs(recipes/pathRewrite.md): fix comment by @​DEBargha2004 in #​1135
• chore(package): bump dev deps by @​chimurai in #​1138
• chore(deps): update actions/checkout action to v5 by @​chimurai in #​1140
• fix(error-response-plugin): sanitize input by @​chimurai in #​1141
• chore(package.json): update dev deps by @​chimurai in #​1143
• chore: add context7.json by @​chimurai in #​1144
• build(eslint): update eslint.config.mjs by @​chimurai in #​1145
• ci(github workflow): harden github workflows by @​chimurai in #​1146
• chore(package): bump dev deps by @​chimurai in #​1147
• ci(ci.yml): unpin node 24 by @​chimurai in #​1148
• docs(recipes): fix servers.md http.createServer example by @​hacklschorsch in #​1150
• ci: publish with oidc by @​chimurai in #​1152
• chore(package.json): bump dev deps by @​chimurai in #​1153
• chore(package.json): bump dev deps by @​chimurai in #​1155
• chore(package.json): bump dev deps by @​chimurai in #​1158
• test(types.spec.ts): add type check when req or res are 'any' by @​chimurai in #​1161
• chore(package.json): bump deps by @​chimurai in #​1164
• chore(package.json): eslint v10 by @​chimurai in #​1165
• chore(package.json): bump dev deps by @​chimurai in #​1166
• chore(package.json): bump dev-deps by @​chimurai in #​1171
• docs(examples): fix websocket example by @​chimurai in #​1170
• build(vscode): use workspace version of TypeScript by @​chimurai in #​1173
• fix(router): harden proxy-table matching by @​chimurai in #​1254
• chore(package.json): v3.0.6 by @​chimurai in #​1256

New Contributors

• @​knudtty made their first contribution in #​1103
• @​DEBargha2004 made their first contribution in #​1135
• @​hacklschorsch made their first contribution in #​1150

Full Changelog: chimurai/http-proxy-middleware@v3.0.5...v3.0.6

microsoft/TypeScript (typescript)

v6.0.3

Compare Source

v6.0.2

Compare Source

vitejs/vite (vite)

v8.0.16

Compare Source

Bug Fixes

• deps: reject UNC paths for launch-editor-middleware (#​22571) (50b9512)
• reject windows alternate paths (#​22572) (dc245c7)

v8.0.15

Compare Source

Features

• send 408 on request timeout (#​22476) (c85c9ee)
• update rolldown to 1.0.3 (#​22538) (646dbed)

Bug Fixes

• capitalize error messages and remove spurious space in parse error (#​22488) (85a0eff)
• deps: update all non-major dependencies (#​22511) (2686d7d)
• dev: fix html-proxy cache key mismatch for /@​fs/ HTML paths (#​21762) (47c4213)
• glob: error on relative glob in virtual module when no files match (#​22497) (5c8e98f)
• optimizer: close the rolldown bundle when write() rejects (#​22528) (e3cfb9d)
• resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#​22509) (40985f1)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​22566) (3052a67)

Code Refactoring

• correct logic in collectAllModules function (#​22562) (6978a9c)

v8.0.14

Compare Source

Features

• update rolldown to 1.0.2 (#​22484) (96efc88)

Bug Fixes

• deps: update all non-major dependencies (#​22471) (98b8163)
• dev: handle errors when sending messages to vite server (#​22450) (e8e9a34)
• html: handle trailing slash paths in transformIndexHtml (#​22480) (5d94d1b)
• optimizer: pass oxc jsx options to transformSync in dependency scan (#​22342) (b3132da)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​22470) (7cb728e)
• remove irrelevant commits from changelog (2c69495)

Code Refactoring

• glob: do not rewrite import path for absolute base (#​22310) (0ae2844)

Tests

• css: sass does not use main field (#​22449) (ebf39a0)

v8.0.13

Compare Source

Features

• bundled-dev: add lazy bundling support (#​21406) (4f0949f)
• optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#​22357) (47071ce)
• update rolldown to 1.0.1 (#​22444) (8c766a6)

Bug Fixes

• build: copy public directory after building same environment with write=false (#​22328) (158e8ae)
• css: await sass/less/styl worker disposal on teardown (fix #​22274) (#​22275) (b7edcb7)
• css: keep deprecated name/originalFileName in synthetic assetFileNames call (#​22439) (8e59c97)
• make isBundled per environment (#​22257) (a576326)
• ssr: avoid rewriting labels that collide with imports (#​22451) (d9b18e0)

Miscellaneous Chores

• remove irrelevant commits from changelog (#​22430) (6ea3838)
• update changelog (#​22413) (fcdc87c)

v8.0.12

Compare Source

Features

• update rolldown to 1.0.0 (#​22401) (cf0ff41)

Bug Fixes

• create-vite: pass react framework to TanStack CLI (#​22397) (18f0f90)
• deps: update all non-major dependencies (#​22420) (2be6000)
• module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#​22369) (f5a22e6)
• refer to rolldownOptions instead of deprecated rollupOptions in messages (#​22400) (b675c7b)
• worker: apply build.target to worker bundle (#​22404) (3c93fde)
• worker: forward define to worker bundle transform (#​22408) (d4838a0)

Miscellaneous Chores

• deps: update dependency eslint-plugin-n to v18 (#​22423) (2fe7bd2)
• deps: update rolldown-related dependencies (#​22421) (66b9eb3)

v8.0.11

Compare Source

Features

• update rolldown to 1.0.0-rc.18 (#​22360) (3f80524)

Bug Fixes

• deps: update all non-major dependencies (#​22334) (672c962)
• deps: update all non-major dependencies (#​22382) (5c0cfcb)
• glob: align hmr matcher options with glob enumeration (#​22306) (30028f9)
• make separate object instance for each environment (#​22276) (7c2aa3b)

Documentation

• create-vite: list react-compiler templates in README (#​22347) (7c3a61f)
• explain mergeConfig skips null/undefined (#​22325) (2151f70)
• mention native config loader in CLI options (#​22348) (0420c5d)
• update evan's x handle (640202a)

Miscellaneous Chores

• deps: update dependency tsdown to ^0.21.10 (#​22333) (3b51e05)
• deps: update rolldown-related dependencies (#​22383) (555ff36)
• deps: update transitive packages to fix npm audit alerts (#​22316) (86aee62)

Code Refactoring

• devtools integration (#​22312) (3c8bf06)
• remove unnecessary async (#​22296) (b31fd35)
• show direct path type in bad character warning (#​22339) (0c162e9)

Tests

• create-vite: use short help alias (#​22389) (994ab66)

v8.0.10

Compare Source

Features

• update rolldown to 1.0.0-rc.17 (#​22299) (a4d06d9)

Bug Fixes

• hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#​22147) (a4d828f)
• css: show filename in CSS minification warnings for .css?inline (#​22292) (83f0a78)
• optimizer: allow user transform.target to override default in optimizeDeps (#​22273) (5c7cec6)
• remove format sniffing module resolution from JS resolver (#​22297) (b8a21cc)

Code Refactoring

• enable some typecheck rules (#​22278) (9437518)
• typecheck client directory (#​22284) (40a0847)

v8.0.9

Compare Source

Features

• update rolldown to 1.0.0-rc.16 (#​22248) (2947edd)

Bug Fixes

• allow binding when strictPort is set but wildcard port is in use (#​22150) (dfc8aa5)
• build: emptyOutDir should happen for watch rebuilds (#​22207) (ee52267)
• bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#​22269) (868f141)
• css: use unique key for cssEntriesMap to prevent same-basename collision (#​22039) (374bb5d)
• deps: update all non-major dependencies (#​22219) (4cd0d67)
• deps: update all non-major dependencies (#​22268) (c28e9c1)
• detect Deno workspace root (fix #​22237) (#​22238) (1b793c0)
• dev: handle errors in watchChange hook (#​22188) (fc08bda)
• optimizer: handle more chars that will be sanitized (#​22208) (3f24533)
• skip fallback sourcemap generation for ?raw imports (#​22148) (3ec9cda)

Documentation

• align the descriptions in READMEs (#​22231) (44c42b9)
• fix reuses wording in dev environment comment (#​22173) (9163412)
• fix wording in sass error comment (#​22214) (bc5c6a7)
• update build CLI defaults (#​22261) (605bb97)

Miscellaneous Chores

• deps: update dependency dotenv-expand to v13 (#​22271) (0a3887d)

v8.0.8

Compare Source

Features

• update rolldown to 1.0.0-rc.15 (#​22201) (6baf587)

Bug Fixes

• avoid dns.getDefaultResultOrder temporary (#​22202) (15f1c15)
• ssr: class property keys hoisting matching imports (#​22199) (e137601)

v8.0.7

Compare Source

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#​22185) (5c05b04)

v8.0.6

Compare Source

Features

• update rolldown to 1.0.0-rc.13 (#​22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#​22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#​22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#​22151) (56ec256)

Miscellaneous Chores

• create-vite: remove unnecessary DOM.Iterable (#​22168) (bdc53ab)
• replace remaining prettier script (#​22179) (af71fb2)

v8.0.5

Compare Source

Bug Fixes

• apply server.fs check to env transport (#​22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#​22161) (79f002f)
• check server.fs after stripping query as well (#​22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#​22158) (f05f501)

v8.0.4

Compare Source

Features

• allow esbuild 0.28 as peer deps (#​22155) (b0da973)
• hmr: truncate list of files on hmr update (#​21535) (d00e806)
• optimizer: log when dependency scanning or bundling takes over 1s (#​21797) (f61a1ab)

Bug Fixes

• hasBothRollupOptionsAndRolldownOptions should return false for proxy case (#​22043) (99897d2)
• add types for vite/modulepreload-polyfill (#​22126) (17330d2)
• deps: update all non-major dependencies (#​22073) (6daa10f)
• deps: update all non-major dependencies (#​22143) (22b0166)
• resolve: resolve tsconfig paths starting with # (#​22038) (3460fc5)
• ssr: use browser platform for webworker SSR builds (fix #​21969) (#​21963) (364c227)

Documentation

• add environment.fetchModule documentation ([#​22035](https://redirect.github.com/vitejs/vite/issues/220

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "every 2 weeks on Sunday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.