chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@types/node (source)	^18.6.2 -> ^18.11.17
@types/react (source)	^18.0.18 -> ^18.0.26
@types/react-dom (source)	^18.0.6 -> ^18.0.10
@vercel/ncc	^0.34.0 -> ^0.36.0
dayjs (source)	^1.11.5 -> ^1.11.7
pnpm (source)	7.9.5 -> 7.19.0
prettier (source)	^2.7.1 -> ^2.8.1
tsx	^3.9.0 -> ^3.12.1
typescript (source)	^4.8.2 -> ^4.9.4

---

Release Notes

vercel/ncc

v0.36.0

Compare Source

Bug Fixes

• gitignore should include release.config.js (#​1016) (44e2eac)
• node 18 by update source-map used by Terser to 0.7.4 (#​999) (2f69f83)

Features

• add semantic-release to autopublish (#​1015) (be3405d), closes #​1000

iamkun/dayjs

v1.11.7

Compare Source

Bug Fixes

• Add locale (zh-tw) meridiem (#​2149) (1e9ba76)
• update fa locale (#​2151) (1c26732)

v1.11.6

Compare Source

Bug Fixes

• add BigIntSupport plugin (#​2087) (f6dce48)
• Fix objectSupport collides with Duration plugin - issue #​2027 (#​2038) (c9370ea)

pnpm/pnpm

v7.19.0

Compare Source

Minor Changes

• New setting supported in the package.json that is in the root of the workspace: pnpm.requiredScripts. Scripts listed in this array will be required in each project of the worksapce. Otherwise, pnpm -r run <script name> will fail #​5569.
• When the hoisted node linker is used, preserve node_modules directories when linking new dependencies. This improves performance, when installing in a project that already has a node_modules directory #​5795.
• When the hoisted node linker is used, pnpm should not build the same package multiple times during installation. If a package is present at multipe locations because hoisting could not hoist them to a single directory, then the package should only built in one of the locations and copied to the rest #​5814.

Patch Changes

• pnpm rebuild should work in projects that use the hoisted node linker #​5560.
• pnpm patch should print instructions about how to commit the changes #​5809.
• Allow the -S flag in command shims pnpm/cmd-shim#​42.
• Don't relink injected directories if they were not built #​5792.

Our Gold Sponsors

Our Silver Sponsors

v7.18.2

Compare Source

Patch Changes

• Added --json to the pnpm publish --help output #​5773.
• pnpm update should not replace workspace:*, workspace:~, and workspace:^ with workspace:<version> #​5764.
• The fatal error should be printed in JSON format, when running a pnpm command with the --json option #​5710.
• Throw an error while missing script start or file server.js #​5782.
• pnpm license list should not fail if a license file is an executable #​5740.

Our Gold Sponsors

Our Silver Sponsors

v7.18.1

Compare Source

Patch Changes

• The update notifier should suggest using the standalone script, when pnpm was installed using a standalone script #​5750.
• Vulnerabilities that don't have CVEs codes should not be skipped by pnpm audit if an ignoreCves list is declared in package.json #​5756.
• It should be possible to use overrides with absolute file paths #​5754.
• pnpm audit --json should ignore vulnerabilities listed in auditConfig.ignoreCves #​5734.
• pnpm licenses should print help, not just an error message #​5745.

Our Gold Sponsors

Our Silver Sponsors

v7.18.0

Compare Source

Minor Changes

• Overrides may be defined as a reference to a spec for a direct dependency by prefixing the name of the package you wish the version to match with a `# pnpm.

  {
    "dependencies": {
      "foo": "^1.0.0"
    },
    "overrides": {
      // the override is defined as a reference to the dependency
      "foo": "$foo",
      // the referenced package does not need to match the overridden one
      "bar": "$foo"
    }
  }

  Issue: #​5703

Patch Changes

• pnpm audit should work when the project's package.json has no version field #​5728
• Dependencies specified via * should be updated to semver ranges by pnpm update #​5681.
• It should be possible to override a dependency with a local package using relative path from the workspace root directory #​5493.
• Exit with non-zero exit code when child process exits with a non-zero exit clode #​5525.
• pnpm add should prefer local projects from the workspace, even if they use prerelease versions #​5316

Our Gold Sponsors

Our Silver Sponsors

v7.17.1

Compare Source

Patch Changes

• pnpm set-script and pnpm pkg are passed through to npm #​5683.
• pnpm publish <tarball path> should exit with non-0 exit code when publish fails #​5396.
• readPackage hooks should not modify the package.json files in a workspace #​5670.
• Comments in package.json5 are preserver #​2008.
• pnpm setup should create PNPM_HOME as a non-expandable env variable on Windows #​4658.
• Fix the CLI help of the pnpm licenses command.

Our Gold Sponsors

Our Silver Sponsors

v7.17.0

Compare Source

Minor Changes

• Added a new command pnpm licenses list, which displays the licenses of the packages #​2825

Patch Changes

• pnpm update --latest !foo should not update anything if the only dependency in the project is the ignored one #​5643.
• pnpm audit should send the versions of workspace projects for audit.
• Hoisting with symlinks should not override external symlinks and directories in the root of node_modules.
• The pnpm.updateConfig.ignoreDependencies setting should work with multiple dependencies in the array #​5639.

Our Gold Sponsors

Our Silver Sponsors

v7.16.1

Compare Source

Patch Changes

• Sync all injected dependencies when hoisted node linker is used #​5630

Our Gold Sponsors

Our Silver Sponsors

v7.16.0

Compare Source

Minor Changes

• Support pnpm env list to list global or remote Node.js versions #​5546.

Patch Changes

• Replace environment variable placeholders with their values, when reading .npmrc files in subdirectories inside a workspace #​2570.
• Fix an error that sometimes happen on projects with linked local dependencies #​5327.

Our Gold Sponsors

Our Silver Sponsors

v7.15.0

Compare Source

Minor Changes

• Support --format=json option to output outdated packages in JSON format with outdated command #​2705.

  pnpm outdated --format=json
  #or
  pnpm outdated --json

• A new setting supported for ignoring vulnerabilities by their CVEs. The ignored CVEs may be listed in the pnpm.auditConfig.ignoreCves field of package.json. For instance:

  {
    "pnpm": {
      "auditConfig": {
        "ignoreCves": [
          "CVE-2019-10742",
          "CVE-2020-28168",
          "CVE-2021-3749",
          "CVE-2020-7598"
        ]
      }
    }
  }

Patch Changes

• The reporter should not crash when the CLI process is kill during lifecycle scripts execution #​5588.
• Installation shouldn't fail when the injected dependency has broken symlinks. The broken symlinks should be just skipped #​5598.

Our Gold Sponsors

Our Silver Sponsors

v7.14.2

Compare Source

Patch Changes

• Don't fail if cannot override the name field of the error object #​5572.
• Don't fail on rename across devices.

Our Gold Sponsors

Our Silver Sponsors

v7.14.1

Compare Source

Patch Changes

• pnpm list --long --json should print licenses and authors of packages #​5533.
• Don't crash on lockfile with no packages field #​5553.
• Version overrider should have higher priority then custom read package hook from .pnpmfile.cjs.
• Don't print context information when running install for the pnpm dlx command.
• Print a warning if a package.json has a workspaces field but there is no pnpm-workspace.yaml file #​5363.
• It should be possible to set a custom home directory for pnpm by changing the PNPM_HOME environment variable.

Our Gold Sponsors

Our Silver Sponsors

v7.14.0

Compare Source

Minor Changes

• Add pnpm doctor command to do checks for known common issues

Patch Changes

• Ignore the always-auth setting.

  pnpm will never reuse the registry auth token for requesting the package tarball, if the package tarball is hosted on a different domain.

  So, for example, if your registry is at https://company.registry.com/ but the tarballs are hosted at https://tarballs.com/, then you will have to configure the auth token for both domains in your .npmrc:

  @​my-company:registry=https://company.registry.com/
  //company.registry.com/=SOME_AUTH_TOKEN
  //tarballs.com/=SOME_AUTH_TOKEN
  

Our Gold Sponsors

config help if that's undesired. If you want to rebase/retry this PR, check this box This PR has been generated by Mend Renovate. View repository job log here.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
jp-holidays	✅ Ready (Inspect)	Visit Preview	Dec 24, 2022 at 1:53AM (UTC)