chore(deps): update node-based dev tools

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@lerna-lite/cli (source)	4.10.5 → 5.2.0
@lerna-lite/publish (source)	4.10.5 → 5.2.0
@lerna-lite/version (source)	4.10.5 → 5.2.0
jsdom	27.4.0 → 29.0.2
publint (source)	0.3.16 → 0.3.18
tsdown (source)	0.18.4 → 0.21.10

---

Release Notes

lerna-lite/lerna-lite (@​lerna-lite/cli)

v5.2.0

Compare Source

Features

• run: add --aggregate-output for child processes in large monorepo (#​1317) (bd1f908) - by @​ghiscoding

v5.1.0

Compare Source

Features

• add --no-shell for lerna exec/watch to avoid DEP0190 warning (#​1309) (7b7e61c) - by @​ghiscoding

v5.0.0

Compare Source

[!NOTE]
Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#​1302)
• build: use module --nodenext instead of bundler/esnext (#​1301)
• bump NodeJS requirement to Node v22.17 (#​1299)
• remove deprecated code --remove-package-fields (#​1295)

Code Refactoring

• build: use module --nodenext instead of bundler/esnext (#​1301) (14990ba) - by @​ghiscoding
• bump NodeJS requirement to Node v22.17 (#​1299) (91ca715) - by @​ghiscoding
• remove deprecated code --remove-package-fields (#​1295) (072c863) - by @​ghiscoding
• use native import.meta.dirname/filename (#​1302) (9a4f686) - by @​ghiscoding

v4.11.5

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.4

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.3

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.2

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.11.0

Compare Source

✨ Features

• add customizable remote Release Header & Footer messages (#​1243) (5ad8425) - by @​ghiscoding

lerna-lite/lerna-lite (@​lerna-lite/publish)

v5.2.0

Compare Source

Features

• deps: migrate from execa to tinyexec (#​1316) (b3de36d) - by @​ghiscoding

v5.1.0

Compare Source

Note: Version bump only for package @​lerna-lite/publish

v5.0.0

Compare Source

[!NOTE]
Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#​1302)
• bump NodeJS requirement to Node v22.17 (#​1299)
• remove deprecated code --remove-package-fields (#​1295)
• core: replace tinyrainbow with native util.styleText() (#​1293)

Bug Fixes

• deps: update all non-major dependencies (#​1289) (530905f) - by @​renovate[bot]
• npmlog: replace has-unicode with internal implementation (#​1284) (c729652) - by @​ghiscoding
• publish: replace byte-size with internal implementation (#​1283) (ae8867d) - by @​ghiscoding
• publish: show output from publish and postpublish lifecycle scripts (#​1287) (d5faf1b) - by @​ghiscoding

Code Refactoring

• bump NodeJS requirement to Node v22.17 (#​1299) (91ca715) - by @​ghiscoding
• core: replace tinyrainbow with native util.styleText() (#​1293) (1d36057) - by @​ghiscoding
• remove deprecated code --remove-package-fields (#​1295) (072c863) - by @​ghiscoding
• use native import.meta.dirname/filename (#​1302) (9a4f686) - by @​ghiscoding

v4.11.5

Compare Source

Bug Fixes

• core: remove p-pipe, p-reduce (#​1280) (d298ef1) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#​1277) (819c5c9) - by @​ghiscoding
• deps: update all non-major dependencies (#​1274) (9351be2) - by @​renovate[bot]
• deps: update dependency tar to v7.5.11 [security] (#​1273) (6ac77a9) - by @​ghiscoding

v4.11.4

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1269) (6c82fab) - by @​renovate[bot]
• deps: update dependency tar to v7.5.10 [security] (#​1272) (f2e9bbf) - by @​renovate[bot]

v4.11.3

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1266) (9cbf1c5) - by @​renovate[bot]
• deps: update all non-major dependencies (#​1267) (28b1984) - by @​renovate[bot]
• deps fix(deps): update dependency tar to v7.5.8 [security] (#​1264) (0b694f7) - by @​renovate[bot]

v4.11.2

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​1251) (597828f) - by @​renovate[bot]
• deps: update all non-major dependencies (#​1263) (4b05ca2) - by @​renovate[bot]
• deps: update dependency tar to v7.5.7 [security] (#​1254) (a18a25e) - by @​renovate[bot]

v4.11.1

Compare Source

🐞 Bug Fixes

• deps: update all non-major dependencies (#​1248) (541fe07) - by @​renovate[bot]

v4.11.0

Compare Source

Note: Version bump only for package @​lerna-lite/publish

lerna-lite/lerna-lite (@​lerna-lite/version)

v5.2.0

Compare Source

Features

• deps: migrate from execa to tinyexec (#​1316) (b3de36d) - by @​ghiscoding

v5.1.0

Compare Source

Bug Fixes

• deps: update dependency @​conventional-changelog/git-client to ^2.7.0 (#​1312) (d6689fb) - by @​renovate[bot]

v5.0.0

Compare Source

[!NOTE]
Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#​1302)
• bump NodeJS requirement to Node v22.17 (#​1299)
• drop conventional-changelog legacy API for local preset file (#​1296)
• core: replace tinyrainbow with native util.styleText() (#​1293)

Bug Fixes

• deps: update conventional-changelog packages (#​1304) (ee684a7) - by @​renovate[bot]

Code Refactoring

• bump NodeJS requirement to Node v22.17 (#​1299) (91ca715) - by @​ghiscoding
• core: replace tinyrainbow with native util.styleText() (#​1293) (1d36057) - by @​ghiscoding
• drop conventional-changelog legacy API for local preset file (#​1296) (c299059) - by @​ghiscoding
• use native import.meta.dirname/filename (#​1302) (9a4f686) - by @​ghiscoding

v4.11.5

Compare Source

Bug Fixes

• core: remove p-pipe, p-reduce (#​1280) (d298ef1) - by @​ghiscoding
• deps: remove set-blocking, is-stream (#​1276) (8f0d1e3) - by @​ghiscoding
• deps: replace uuid, pify with native Node.js APIs (#​1275) (7bd09e2) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#​1277) (819c5c9) - by @​ghiscoding

v4.11.4

Compare Source

Bug Fixes

• deps: update conventional-changelog packages (#​1270) (dcd5910) - by @​renovate[bot]

v4.11.3

Compare Source

Note: Version bump only for package @​lerna-lite/version

v4.11.2

Compare Source

Bug Fixes

• add missing Comment issues/PRs count in --dry-run mode (#​1261) (5226ad1) - by @​ghiscoding
• deps: update all non-major dependencies (#​1251) (597828f) - by @​renovate[bot]

v4.11.1

Compare Source

🐞 Bug Fixes

• should comment on all linked issues/PRs (#​1245) (39e0f55) - by @​ghiscoding

v4.11.0

Compare Source

✨ Features

• add customizable remote Release Header & Footer messages (#​1243) (5ad8425) - by @​ghiscoding

jsdom/jsdom (jsdom)

v29.0.2

Compare Source

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

Compare Source

v29.0.0

Compare Source

Breaking changes:

• Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

• Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
• Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
• Added cssMediaRule.matches and cssSupportsRule.matches getters.
• Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
• Added cssKeyframeRule.keyText getter/setter validation.
• Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
• Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
• Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
• Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (thypon)
• Fixed a memory leak when stylesheets were removed from the document.
• Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
• Fixed nested @media rule parsing.
• Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
• Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
• Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
• Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

Compare Source

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

v28.0.0

Compare Source

• Overhauled resource loading customization. See the new README for details on the new API.
• Added MIME type sniffing to <iframe> and <frame> loads.
• Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
• Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
• Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
• Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
• Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
• Fixed require("url").parse() deprecation warning when using WebSockets.
• Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.
• Fixed many small issues in XMLHttpRequest.

publint/publint (publint)

v0.3.18

Compare Source

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

v0.3.17

Compare Source

Patch Changes

• Fix packing packages with pnpm when publishConfig.directory is set (#​216)

• Updated dependencies [2dcb107]:

  • @​publint/pack@​0.1.3

rolldown/tsdown (tsdown)

v0.21.10

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (8a449)

    View changes on GitHub

v0.21.9

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (2d74e)
• config: Track transitive config dependencies for watch reload  -  by @​sxzz in #​919 (16e27)
• exports: Add bin to publishConfig when devExports is enabled  -  by @​sxzz in #​911 (60592)
• plugin: Add tsdownConfig and tsdownConfigResolved plugin hooks  -  by @​sxzz in #​918 (665e5)

   🐞 Bug Fixes

• Skip package.json writting when content is deeply equal  -  by @​ocavue and @​sxzz in #​913 (d8e1c)
• Skip Node.js version check in Bun  -  by @​sxzz (38afd)
• css: Detect css modules from full id for vue virtual sfc styles  -  by @​sxzz in #​917 (e6021)

    View changes on GitHub

v0.21.8

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (7f887)
• attw: Improve ignoreRules type to autocomplete known values  -  by @​mrlubos in #​892 (c8f5c)
• create-tsdown: Add Vite Plus template option  -  by @​sxzz (daed0)
• exports: Add extensions option for subpath export keys  -  by @​SinhSinhAn and @​sxzz in #​899 (1bb7a)
• target: Add support for baseline-widely-available target  -  by @​sxzz in #​896 (d6a16)

   🐞 Bug Fixes

• Export type only for cjs dts re-export  -  by @​sxzz (25510)
• Exclude shim file from bundled dependency hint  -  by @​sxzz in #​909 (3f8de)
• dts: Skip cjs dts reexport for non-entry chunks  -  by @​sxzz (5fee2)

    View changes on GitHub

v0.21.7

Compare Source

   🚀 Features

• Add module option for attw and publint to allow passing imported modules directly  -  by @​sxzz (31e90)

   🐞 Bug Fixes

• deps: Add skipNodeModulesBundle dep subpath e2e tests and fix docs  -  by @​sxzz (deff7)

    View changes on GitHub

v0.21.6

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-rc.12  -  by @​sxzz (51292)
• config:
  • Pass root config to workspace config functions  -  by @​sxzz (76169)
  • Use mergeConfig for workspace config merging and support variadic overrides  -  by @​sxzz (148aa)
• dts:
  • Add cjsReexport option to eliminate dual module type hazard  -  by @​mandarini and @​sxzz in #​856 (875c1)
• exports:
  • Add bin option to auto-generate package.json bin field  -  by @​sxzz in #​869 (7ebd6)

   🐞 Bug Fixes

• css:
  • Compile preprocessor langs in virtual CSS modules  -  by @​sxzz in #​865 (7b2e0)
  • Strip .module from CSS output filenames  -  by @​sxzz in #​866 (03ade)
  • Default splitting to true in unbundle mode for CSS inject  -  by @​sxzz in #​867 (a4da6)
  • Split CSS plugin into pre/post phases for scoped CSS support  -  by @​sxzz in #​870 (ff0c4)
• entry:
  • Correctly output relative paths in logger output  -  by @​sxzz (00050)

    View changes on GitHub

v0.21.5

Compare Source

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in #​845 (41411)
• Support typescript v6  -  by @​ocavue in #​858 (bffc4)

   🐞 Bug Fixes

• css:
  • Run final minification on merged CSS output  -  by @​sxzz in #​853 (475df)
  • Don't override internal importer  -  by @​Laupetin in #​860 (af40e)
  • Use aliased exports for CSS module keys  -  by @​wChenonly and @​sxzz in #​840 (bb6de)
• deps:
  • External optionalDependencies by default  -  by @​sxzz (cd24d)
  • Resolve subpath extensions for packages without exports field  -  by @​sxzz in #​863 (c5150)
  • Correctly resolve root @types packages for dts deep imports  -  by @​brc-dd and @​sxzz in #​852 (0b276)

    View changes on GitHub

v0.21.4

Compare Source

   🚀 Features

• css: Add CSS modules support  -  by @​sxzz in #​834 (2a88a)

   🐞 Bug Fixes

• exports: Preserve CRLF line endings in package.json  -  by @​sxzz (a4d4e)

    View changes on GitHub

v0.21.3

Compare Source

   🚀 Features

• copy: Add support for watching copy source files  -  by @​schplitt in #​721 (7c23a)

   🐞 Bug Fixes

• css: Watch inline CSS files in watch mode  -  by @​sxzz (2051a)
• exports: Sort inlined dependencies by package name  -  by @​sxzz (0ec71)
• publint: Support Yarn v1  -  by @​sxzz (4a291)
• unbundle: Root should be lowest common ancestor of entry files  -  by @​sxzz (f1823)

    View changes on GitHub

v0.21.2

Compare Source

   🚨 Breaking Changes

• exe: Add exe.outDir for separate executable output dir, defaults to build  -  by @​sxzz (d49ef)

Note: Executable is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

• Add root option for controlling output directory structure  -  by @​sxzz (bad2d)
• deps: Rename onlyAllowBundle to onlyBundle  -  by @​peaklabs-dev and @​sxzz in #​819 (cbd7b)

   🐞 Bug Fixes

• css: Skip data URIs and external URLs in CSS url() rebasing  -  by @​sxzz (13907)

    View changes on GitHub

v0.21.1

Compare Source

   🚨 Breaking Changes

• css: Move all CSS support to @tsdown/css package  -  by @​sxzz in #​809 (1b1a1)

[!IMPORTANT]
If you are using CSS features (e.g., CSS imports), you now need to manually install the @tsdown/css package:

npm install @​tsdown/css -D
# or
pnpm add @​tsdown/css -D

Note: CSS support is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

• css:
  • Add css.inject option to preserve CSS imports in JS output  -  by @​sxzz and Claude Haiku 4.5 in #​808 (ad745)
  • Support ?inline query for CSS imports  -  by @​sxzz in #​810 (b7379)
  • Support node_modules package resolution  -  by @​sxzz and Claude Haiku 4.5 in #​812 (b06b4)

   🐞 Bug Fixes

• Generate correct filename for sass files when dts is enabled  -  by @​ocavue in #​802 (848a7)
• css:
  • Handle virtual module IDs from framework plugins  -  by @​sxzz (c421f)
  • Ignore css imports with URL query  -  by @​ocavue and @​sxzz in #​806 (c1d23)

    View changes on GitHub

v0.21.0

Compare Source

v0.21.0 - Notable Changes

Breaking Changes

Dependency options renamed to deps namespace

The dependency-related options have been moved under a new deps namespace with clearer names:

• external -> deps.neverBundle
• noExternal -> deps.alwaysBundle
• inlineOnly -> deps.onlyAllowBundle
• skipNodeModulesBundle -> deps.skipNodeModulesBundle

Before:

export default defineConfig({
  external: ['vue'],
  noExternal: ['lodash'],
})

After:

export default defineConfig({
  deps: {
    neverBundle: ['vue'],
    alwaysBundle: ['lodash'],
  },
})

The old options still work but are deprecated and will emit warnings.

failOnWarn default changed from 'ci-only' to false

If you relied on the previous behavior where warnings would fail the build in CI environments, you now need to explicitly set failOnWarn: true or failOnWarn: 'ci-only' in your config.

Node.js < 22.18.0 deprecated

tsdown now emits a deprecation warning when running on Node.js versions below 22.18.0. Plan to upgrade your Node.js version accordingly.

New Features

Experimental Node.js SEA executable bundling (exe)

tsdown can now bundle your TypeScript project into a standalone executable using Node.js Single Executable Applications (SEA). A new @tsdown/exe package provides cross-platform executable building support. See the exe documentation for details.

export default defineConfig({
  exe: true, // or { useCodeCache: true, useSnapshot: true }
})

Full CSS pipeline with @tsdown/css

CSS handling has been reimplemented as a native Rolldown plugin and extracted into the @tsdown/css package, providing a complete CSS pipeline with Lightning CSS and PostCSS support via the css.transformer option. See the CSS documentation for details.

inlinedDependencies field in package.json

When using the exports feature, tsdown now auto-generates an inlinedDependencies field in your package.json, listing dependencies that are bundled into the output.

Object option for customExports

customExports now supports an object format for more fine-grained control over the generated exports field.

Migration Guide

1. Update dependency options: Rename external -> deps.neverBundle, noExternal -> deps.alwaysBundle, etc.
2. Check failOnWarn: If you need warnings to fail the build in CI, explicitly set failOnWarn: 'ci-only' or failOnWarn: true.
3. Upgrade Node.js: Ensure you're running Node.js >= 22.18.0 to avoid deprecation warnings.

Links

• tsdown Documentation
• v0.21.0-beta.1 Release
• v0.21.0-beta.2 Release
• v0.21.0-beta.3 Release
• v0.21.0-beta.4 Release
• v0.21.0-beta.5 Release
• Full diff from v0.20.3

---

   🚨 Breaking Changes

• Change failOnWarn default from 'ci-only' to false  -  by @​sxzz (ad8db)
• exe: Require Node >=25.7 and default format to esm  -  by @​sxzz in #​798 (0173c)

   🚀 Features

• Rename dependency options to deps namespace  -  by @​sxzz (7f509)
• Upgrade rolldown  -  by @​sxzz (7a528)
• Deprecate Node.js versions below 22.18.0  -  by @​sxzz (439f1)
• Support bundling .node files by default  -  by @​sxzz (944e9)
• css:
  • Implement full CSS pipeline as Rolldown plugin  -  by @​sxzz in #​787 (dbe3c)
  • Extract CSS pipeline into @tsdown/css package  -  by @​sxzz in #​790 (e4cbe)
  • Add PostCSS support with css.transformer option  -  by @​sxzz in #​791 (35bef)
  • Default css.transformer to lightningcss  -  by @​sxzz in #​797 (288a5)
• exe:
  • Add experimental Node.js SEA executable bundling  -  by @​sxzz in #​777 (418d5)
  • Add cross-platform executable building via @tsdown/exe  -  by @​sxzz in #​786 (b6833)
  • Support latest and latest-lts for nodeVersion  -  by @​sxzz (ce7ab)
• exports:
  • Support object option for customExports  -  by @​Joery-M and @​sxzz in #​769 (7fb72)
  • Add inlinedDependencies field to package.json  -  by [@​sxzz](https://redirect.github.c

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.