chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/types (source)	^7.28.6 → ^7.29.0
@sxzz/eslint-config	^7.5.1 → ^7.6.0
@sxzz/prettier-config	^2.2.6 → ^2.3.1
@types/node (source)	^25.0.10 → ^25.2.0
@typescript/native-preview (source)	7.0.0-dev.20260124.1 → 7.0.0-dev.20260202.1
pnpm (source)	10.28.1 → 10.28.2
rollup (source)	^4.56.0 → ^4.57.1

---

Release Notes

babel/babel (@​babel/types)

v7.29.0

Compare Source

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

• babel-types
  • #​17750 [7.x backport] Add attributes import declaration builder (@​JLHwung)
• babel-standalone
  • #​17663 [7.x backport] feat(standalone): export async transform (@​JLHwung)
  • #​17725 [7.x backport] feat: read standalone targets from data-targets (@​JLHwung)

🐛 Bug Fix

• babel-parser
  • #​17765 fix(parser): correctly parse type assertions in extends clause (@​nicolo-ribaudo)
  • #​17723 [7.x backport] fix(parser): improve super type argument parsing (@​JLHwung)
• babel-traverse
  • #​17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #​17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • #​17642 [Babel 7] Improve generator performance (@​liuxingbaoyu)

Committers: 6

• David (@​simbahax)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• @​magic-akari

sxzz/eslint-config (@​sxzz/eslint-config)

v7.6.0

Compare Source

   🚀 Features

• Add Astro support  -  by @​sxzz in #​154 (5aa3e)
• Add importWithError utility for optional plugin imports  -  by @​sxzz (4ce53)

    View changes on GitHub

sxzz/prettier-config (@​sxzz/prettier-config)

v2.3.1

Compare Source

   🐞 Bug Fixes

• Missing dist  -  by @​sxzz (e1152)

    View changes on GitHub

v2.3.0

Compare Source

No significant changes

    View changes on GitHub

v2.2.7

Compare Source

   🐞 Bug Fixes

• deps:
  • Update all non-major dependencies  -  in #​83 (4484b)
  • Update all non-major dependencies  -  in #​84 (1a098)

    View changes on GitHub

microsoft/typescript-go (@​typescript/native-preview)

v7.0.0-dev.20260202.1

Compare Source

v7.0.0-dev.20260201.1

Compare Source

v7.0.0-dev.20260131.1

Compare Source

v7.0.0-dev.20260130.1

Compare Source

v7.0.0-dev.20260129.1

Compare Source

v7.0.0-dev.20260128.1

Compare Source

v7.0.0-dev.20260127.1

Compare Source

v7.0.0-dev.20260126.1

Compare Source

pnpm/pnpm (pnpm)

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

rollup/rollup (rollup)

v4.57.1

Compare Source

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#​6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#​6254)

Pull Requests

• #​6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #​6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6254: Fully include dynamic imports in a try-catch (@​lukastaegert)
• #​6255: chore(deps): lock file maintenance (@​renovate[bot])

v4.57.0

Compare Source

2026-01-27

Features

• Add import attributes to all plugin hooks that did not provide them yet (#​5700)
• Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#​5700)

Pull Requests

• #​5700: extend more hooks to include import attributes and add warnings (@​TrickyPi, @​lukastaegert)
• #​6243: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6244: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6245: chore(deps): lock file maintenance (@​renovate[bot])
• #​6246: Refactor to reduce Rollup 5 upgrade diff (@​lukastaegert)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/unplugin-inline-enum@108

commit: 8272d1e

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​babel/​types@​7.28.6 ⏵ 7.29.0	+1		+1	+3
	@​types/​node@​25.0.10 ⏵ 25.2.0	+1		+1
	rollup@​4.56.0 ⏵ 4.57.1

View full report