chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@clack/prompts (source)	^0.6.3 -> ^0.7.0					dependencies	minor
@sveltejs/site-kit	6.0.0-next.26 -> 6.0.0-next.27					devDependencies	patch
pnpm (source)	8.6.5 -> 8.6.12					packageManager	patch
pnpm/action-setup	v2.2.4 -> v2.4.0					action	minor
undici (source)	~5.22.0 -> ~5.23.0					dependencies	minor
vitest	^0.33.0 -> ^0.34.0					devDependencies	minor

---

Release Notes

natemoo-re/clack (@​clack/prompts)

v0.7.0

Compare Source

Minor Changes

• b27a701: add maxItems option to select prompt
• 89371be: added a new method called spinner.message(msg: string)

Patch Changes

• 52183c4: Fix spinner conflict with terminal on error between spinner.start() and spinner.stop()
• ab51d29: Fixes cases where the note title length was miscalculated due to ansi characters
• Updated dependencies [cd79076]
  • @​clack/core@​0.3.3

sveltejs/site-kit (@​sveltejs/site-kit)

v6.0.0-next.27

Compare Source

Patch Changes

• 9e0b164: add more i18n slots

pnpm/pnpm (pnpm)

v8.6.12

Compare Source

Patch Changes

• Make the error message friendlier when a user attempts to run a command that does not exist #​6887.
• pnpm patch should work correctly when shared-workspace-file is set to false #​6885.
• pnpm env use should retry deleting the previous Node.js executable #​6587.
• pnpm dlx should not print an error stack when the underlying script execution fails #​6698.
• When showing the download progress of large tarball files, always display the same number of digits after the decimal point #​6901.
• Report download progress less frequently to improve performance #​6906.
• pnpm install --frozen-lockfile --lockfile-only should fail if the lockfile is not up to date with the package.json files #​6913.

Our Gold Sponsors

Our Silver Sponsors

v8.6.11

Compare Source

Patch Changes

• Change the install error message when a lockfile is wanted but absent to indicate the wanted lockfile is absent, not present. This now reflects the actual error #​6851.
• When dealing with a local dependency that is a path to a symlink, a new symlink should be created to the original symlink, not to the actual directory location.
• The length of the temporary file names in the content-addressable store reduced in order to prevent ENAMETOOLONG errors from happening #​6842.
• Don't print "added" stats, when installing with --lockfile-only.
• Installation of a git-hosted dependency should not fail if the pnpm-lock.yaml file of the installed dependency is not up-to-date #​6865.
• Don't ignore empty strings in params #​6594.
• Always set dedupe-peer-dependents to false, when running installation during deploy #​6858.
• When several containers use the same store simultaneously, there's a chance that multiple containers may create a temporary file at the same time. In such scenarios, pnpm could fail to rename the temporary file in one of the containers. This issue has been addressed: pnpm will no longer fail if the temporary file is absent but the destination file exists.
• Authorization token should be found in the configuration, when the requested URL is explicitly specified with a default port (443 on HTTPS or 80 on HTTP) #​6863.

Our Gold Sponsors

Our Silver Sponsors

v8.6.10

Compare Source

Patch Changes

• Installation succeeds if a non-optional dependency of an optional dependency has failing installation scripts #​6822.
• The length of the temporary file names in the content-addressable store reduced in order to prevent ENAMETOOLONG errors from happening #​6842.
• Ignore empty patch content when patch-commit.
• Sort keys in packageExtensions before calculating packageExtensionsChecksum #​6824.
• Pass the right scheme to git ls-remote in order to prevent a fallback to git+ssh that would result in a 'host key verification failed' issue #​6806
• The "postpublish" script of a git-hosted dependency is not executed, while building the dependency #​6822.

Our Gold Sponsors

Our Silver Sponsors

v8.6.9

Compare Source

Patch Changes

• Temporarily revert the fix to #​6805 to fix the regression it caused #​6827.

Our Gold Sponsors

Our Silver Sponsors

v8.6.8

Compare Source

Patch Changes

• When the same file is appended multiple times into a tarball, the last occurrence is selected when unpacking the tarball.
• Fixed a bug in which pnpm passed the wrong scheme to git ls-remote, causing a fallback to git+ssh and resulting in a 'host key verification failed' issue #​6805.
• Added support for publishConfig.registry in package.json for publishing #​6775.
• pnpm rebuild now uploads the built artifacts to the content-addressable store.
• If a command cannot be created in .bin, the exact error message is now displayed.
• Treat linked dependencies with a tag version type as up-to-date #​6592.
• pnpm setup now prints more details when it cannot detect the active shell.

Our Gold Sponsors

Our Silver Sponsors

v8.6.7

Compare Source

Patch Changes

• Ensure consistent output for scripts executed concurrently, both within a single project and across multiple projects. Each script's output will now be printed in a separate section of the terminal, when running multiple scripts in a single project using regex #​6692.
• The --parallel CLI flag should work on single project #​6692.
• Optimizing project manifest normalization, reducing amoung of data copying #​6763.
• Move loading wantedLockfile outside dependenciesHierarchyForPackage, preventing OOM crash when loading the same lock file too many times #​6757.
• Replace ineffective use of ramda difference with better alternative #​6760.

Our Gold Sponsors

Our Silver Sponsors

v8.6.6

Compare Source

Patch Changes

• Installation of a git-hosted dependency without package.json should not fail, when the dependency is read from cache #​6721.
• Local workspace bin files that should be compiled first are linked to dependent projects after compilation #​1801.
• Prefer versions found in parent package dependencies only #​6737.
• Multiple performance optimizations implemented by @​zxbodya:
  • avoid copying preferredVersions object #​6735
  • avoid object copy in resolvePeersOfNode #​6736
  • preferredVersions in resolveDependenciesOfImporters #​6748
  • remove ramda isEmpty usages #​6753
  • use Maps and Sets instead of objects #​6749
  • optimize splitNodeId, fix invalid nodeId #​6755

Our Gold Sponsors

Our Silver Sponsors

pnpm/action-setup (pnpm/action-setup)

v2.4.0

Compare Source

Add ability to install standalone binary (https://github.com/pnpm/action-setup/pull/92).

v2.3.0

Compare Source

• feat: specifying path to non-root package.json file (https://github.com/pnpm/action-setup/pull/88).
• docs: improve.

nodejs/undici (undici)

v5.23.0

Compare Source

What's Changed

• bump engines to node >= 16 by @​ronag in https://github.com/nodejs/undici/pull/2119
• Revert "bump engines to node >= 16 (#​2119)" by @​ronag in https://github.com/nodejs/undici/pull/2121
• fetch: set referrer properly by @​KhafraDev in https://github.com/nodejs/undici/pull/2125
• fix: support truncated gzip by @​jimmywarting in https://github.com/nodejs/undici/pull/2126
• workflow: apply security best practices by @​step-security-bot in https://github.com/nodejs/undici/pull/2130
• build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @​dependabot in https://github.com/nodejs/undici/pull/2135
• build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by @​dependabot in https://github.com/nodejs/undici/pull/2133
• build(deps): bump node from 18-alpine to 20-alpine in /build by @​dependabot in https://github.com/nodejs/undici/pull/2131
• build(deps): bump pkgjs/action from 0.1.6 to 0.1.7 by @​dependabot in https://github.com/nodejs/undici/pull/2136
• build(deps): bump actions/checkout from 3.1.0 to 3.5.2 by @​dependabot in https://github.com/nodejs/undici/pull/2132
• build(deps-dev): bump jsdom from 21.1.2 to 22.1.0 by @​dependabot in https://github.com/nodejs/undici/pull/2142
• build(deps): bump fastify/github-action-merge-dependabot from 3.7.0 to 3.8.0 by @​dependabot in https://github.com/nodejs/undici/pull/2148
• fix(pr): use correct pr template file by @​AugustinMauroy in https://github.com/nodejs/undici/pull/2141
• Additional WebSocket send tests to cover all payload size categories by @​jawj in https://github.com/nodejs/undici/pull/2149
• fix: reverse decompression order of "Content-Encoding" encodings (fixes #​2158) by @​rychkog in https://github.com/nodejs/undici/pull/2159
• fix: keep running WPTs if a test times out by @​KhafraDev in https://github.com/nodejs/undici/pull/2165
• feat: add build environment info by @​mhdawson in https://github.com/nodejs/undici/pull/2168
• fix: forward error reason to fetch controller by @​KhafraDev in https://github.com/nodejs/undici/pull/2172
• stricter types for bodymixin.json by @​KhafraDev in https://github.com/nodejs/undici/pull/2181
• chore: Renable autoSelectFamily tests. by @​ShogunPanda in https://github.com/nodejs/undici/pull/2180
• build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @​dependabot in https://github.com/nodejs/undici/pull/2147
• build(deps): bump github/codeql-action from 2.3.2 to 2.20.3 by @​dependabot in https://github.com/nodejs/undici/pull/2185
• fix: fetch resource timing performance entry names should be strings by @​GaryWilber in https://github.com/nodejs/undici/pull/2188
• build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @​dependabot in https://github.com/nodejs/undici/pull/2176
• build(deps): bump fastify/github-action-merge-dependabot from 3.8.0 to 3.9.0 by @​dependabot in https://github.com/nodejs/undici/pull/2177
• build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @​dependabot in https://github.com/nodejs/undici/pull/2178
• build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by @​dependabot in https://github.com/nodejs/undici/pull/2175
• test: fix autoselectfamily on platforms without IPv6 support by @​LiviaMedeiros in https://github.com/nodejs/undici/pull/2197
• fix: make multipart/form-data boundary string more consistent by @​LiviaMedeiros in https://github.com/nodejs/undici/pull/2196
• docs: add proxy agent options docs by @​dancastillo in https://github.com/nodejs/undici/pull/2193
• build(deps): bump github/codeql-action from 2.20.3 to 2.21.2 by @​dependabot in https://github.com/nodejs/undici/pull/2205
• feat: make use of addAbortListener where applicable by @​atlowChemi in https://github.com/nodejs/undici/pull/2195

New Contributors

• @​step-security-bot made their first contribution in https://github.com/nodejs/undici/pull/2130
• @​AugustinMauroy made their first contribution in https://github.com/nodejs/undici/pull/2141
• @​rychkog made their first contribution in https://github.com/nodejs/undici/pull/2159
• @​mhdawson made their first contribution in https://github.com/nodejs/undici/pull/2168
• @​GaryWilber made their first contribution in https://github.com/nodejs/undici/pull/2188
• @​atlowChemi made their first contribution in https://github.com/nodejs/undici/pull/2195

Full Changelog: nodejs/undici@v5.22.1...v5.23.0

v5.22.1

Compare Source

What's Changed

• Cache storage by @​KhafraDev in https://github.com/nodejs/undici/pull/2076
• test: skip content-disposition test in node 18 by @​KhafraDev in https://github.com/nodejs/undici/pull/2081
• Cache storage cleanup by @​KhafraDev in https://github.com/nodejs/undici/pull/2082
• Cache storage fixes by @​KhafraDev in https://github.com/nodejs/undici/pull/2083
• test: improve test coverage for ErrorEvent and MessageEvent by @​KhafraDev in https://github.com/nodejs/undici/pull/2085
• test: remove --experimental-wasm-simd by @​KhafraDev in https://github.com/nodejs/undici/pull/2087
• websocket: add websocketinit by @​KhafraDev in https://github.com/nodejs/undici/pull/2088
• feat(websocket): allow setting custom headers by @​KhafraDev in https://github.com/nodejs/undici/pull/2089
• test: fix tests failing only on node v20 by @​KhafraDev in https://github.com/nodejs/undici/pull/2096
• fix: skip set content-length when FormData value is stream by @​fengmk2 in https://github.com/nodejs/undici/pull/2091
• doc: update outdated command in contributing.md by @​jazelly in https://github.com/nodejs/undici/pull/2099
• cache: fix most failing WPTs by @​KhafraDev in https://github.com/nodejs/undici/pull/2100
• feat: allow build:wasm to auto detect platform by @​jazelly in https://github.com/nodejs/undici/pull/2102
• docs: updated Error documentation (fixes #​2090) by @​titanism in https://github.com/nodejs/undici/pull/2092
• mimesniff: fix many broken tests by @​KhafraDev in https://github.com/nodejs/undici/pull/2103
• test: fix failing tests by @​KhafraDev in https://github.com/nodejs/undici/pull/2097
• build(deps): bump github/codeql-action from 2.2.9 to 2.3.2 by @​dependabot in https://github.com/nodejs/undici/pull/2105
• fix: more informative error message to tell that the server doesn't match http/1.1 protocol by @​Songkeys in https://github.com/nodejs/undici/pull/2055
• Fix bug in 16-bit frame length when buffer is a subarray by @​jawj in https://github.com/nodejs/undici/pull/2106
• update wpts by @​KhafraDev in https://github.com/nodejs/undici/pull/2108
• fix: update error definitions by @​dfilatov in https://github.com/nodejs/undici/pull/2112
• fix: make assertion a noop by @​ronag in https://github.com/nodejs/undici/pull/2111

New Contributors

• @​jazelly made their first contribution in https://github.com/nodejs/undici/pull/2099
• @​titanism made their first contribution in https://github.com/nodejs/undici/pull/2092
• @​Songkeys made their first contribution in https://github.com/nodejs/undici/pull/2055
• @​jawj made their first contribution in https://github.com/nodejs/undici/pull/2106
• @​dfilatov made their first contribution in https://github.com/nodejs/undici/pull/2112

Full Changelog: nodejs/undici@v5.22.0...v5.22.1

vitest-dev/vitest (vitest)

v0.34.1

Compare Source

v0.34.0

[Compar

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[changeset-bot]

🦋 Changeset detected

Latest commit: 68066da

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
create-svelte	Patch
@sveltejs/kit	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[ghostdevv]

Doesn't look like there are any breaking changes in vitest

[benmccann]

I've tried closing this PR, but it keeps coming back 😝

The latest dts-buddy currently has a bug, so we shouldn't upgrade it (Rich-Harris/dts-buddy#25). I think the site-kit upgrade will mess up some of the styles without changes in svelte.kit.dev. We should finish up #10187 to handle both of those changes

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.