chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@tanstack/vue-query (source)	^5.90.3 -> ^5.90.5
@types/node (source)	^24.7.2 -> ^24.9.1
@vue/language-core (source)	^3.1.0 -> ^3.1.1
@vue/language-core (source)	^3.1.0 -> ^3.1.1
ast-walker-scope	^0.8.2 -> ^0.8.3
happy-dom	^20.0.0 -> ^20.0.7
lint-staged	^16.2.4 -> ^16.2.5
pnpm (source)	10.18.1 -> 10.18.3
rolldown (source)	1.0.0-beta.43 -> 1.0.0-beta.44
rollup (source)	^4.52.4 -> ^4.52.5
semver	^7.7.2 -> ^7.7.3
tsdown	^0.15.7 -> ^0.15.9
unplugin-utils	^0.3.0 -> ^0.3.1
vite (source)	^7.1.9 -> ^7.1.11
vite-plugin-vue-devtools (source)	^8.0.2 -> ^8.0.3
vue-router (source)	^4.6.0 -> ^4.6.3

---

Release Notes

TanStack/query (@​tanstack/vue-query)

v5.90.5

Compare Source

Patch Changes

• Updated dependencies [e42ddfe]:
  • @​tanstack/query-core@​5.90.5

v5.90.4

Compare Source

Patch Changes

• Updated dependencies [20ef922]:
  • @​tanstack/query-core@​5.90.4

vuejs/language-tools (@​vue/language-core)

v3.1.1

Compare Source

Features

• feat(language-server): support --tsdk command line arg (#​5691)

Bug Fixes

• fix(language-core): tolerate non-literal export default (#​5675) - Thanks to @​KazariEX!
• fix(language-core): use component instance props as fallthrough attributes (#​5686) - Thanks to @​KazariEX!
• fix(typescript-plugin): determine if variable is Ref by RefSymbol property (#​5687) - Thanks to @​KazariEX!
• fix(language-core): exclude effect of comments on root node (#​5689) - Thanks to @​KazariEX!
• fix(typescript-plugin): place __vue__ in project instead of program (#​5690)
• fix(component-type-helpers): remove deprecated $scopedSlots support for Vue 2
• fix(language-core): replace markdown links after sfc blocks processing (#​5695) - Thanks to @​KazariEX!
• fix(language-core): do not report unused error on __VLS_export (#​5696) - Thanks to @​KazariEX!

Other Changes

• refactor(language-core): reimplement writeGlobalTypes without side effects

capricorn86/happy-dom (happy-dom)

v20.0.7

Compare Source

👷‍♂️ Patch fixes

• Fix incorrect handling of >= operator in media query parser - By @​lkritsimas in task #​1869

v20.0.6

Compare Source

👷‍♂️ Patch fixes

• Changes implementation for DOMTokenList.forEach(), Headers.forEach() and NodeList.forEach() to be spec compliant - By @​ikeyan in task #​1858

v20.0.5

Compare Source

👷‍♂️ Patch fixes

• The setter TreeWalker.currentNode should validate if the value is a Node - By @​capricorn86 in task #​1935

v20.0.4

Compare Source

👷‍♂️ Patch fixes

• Only adds buttons to FormData if they are the submitter - By @​maxmil and @​
  karpiuMG in task #​1859

v20.0.3

Compare Source

👷‍♂️ Patch fixes

• Moves URL resolution to after checking if module preloading is enabled to prevent URL errors to be thrown when unresolvable - By @​iam-medvedev in task #​1851
• Fixes issue where CSS variables aren't parsed correctly when inside CSS functions - By @​fimion in task #​1837

lint-staged/lint-staged (lint-staged)

v16.2.5

Compare Source

Patch Changes

• #​1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.

pnpm/pnpm (pnpm)

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

rolldown/rolldown (rolldown)

v1.0.0-beta.44

Compare Source

💥 BREAKING CHANGES

• enable output.minifyInternalExports for format: 'es' or minify: true (#​6594) by @​sapphi-red
• node/options: remove InputOptions.jsx, prefer transform.jsx always (#​6548) by @​hyf0

🚀 Features

• support jsx preset for transform.jsx (#​6630) by @​shulaoda
• rolldown_plugin_vite_html: align inject_to_body function (#​6622) by @​shulaoda
• rolldown_vite_css_post_plugin: tweak is_legacy field (#​6620) by @​shulaoda
• native-plugin: expose viteHtmlPlugin (#​6609) by @​shulaoda
• native-plugin: expose viteCSSPostPlugin (#​6606) by @​shulaoda
• builtin-plugin: expose viteCSSPlugin (#​6605) by @​shulaoda
• rolldown_plugin_vite_html: complete plugin binding (#​6604) by @​shulaoda
• rolldown_plugin_vite_css: support plugin binding (#​6598) by @​shulaoda
• add TypedArray constructors to side-effect free globals (#​6592) by @​IWANABETHATGUY
• rolldown_plugin_vite_html: align process src attr logic (#​6572) by @​shulaoda
• rolldown: support output.clearDir to clean up dir before build (#​6486) by @​aprosail
• dev: return RolldownOutput instead of BindingOutputs from onOutput (#​6563) by @​sapphi-red
• rolldown_plugin_vite_html: align process srcset logic (#​6560) by @​shulaoda
• rolldown_plugin_vite_html: align process src function (#​6559) by @​shulaoda
• rolldown_plugin_vite_html: align parse secset function (#​6558) by @​shulaoda
• node/options: deprecate dropLabels and add transform.dropLabels (#​6557) by @​hyf0
• node/options: deprecate keepNames and add output.keepNames (#​6556) by @​hyf0
• node/options: deprecate profilerNames and add output.generatedCode.profilerNames (#​6555) by @​hyf0
• node/options: deprecate top level inject and define and add transform.define, transform.inject (#​6544) by @​hyf0
• rolldown_plugin_vite_html: initialize attributes handle logic (#​6543) by @​shulaoda
• rolldown: oxc v0.95.0 (#​6541) by @​Boshen
• rolldown_plugin_vite_html: align inject css logic (#​6528) by @​shulaoda
• rolldown_plugin_vite_html: align modulepreload inject logic (#​6526) by @​shulaoda
• rolldown_plugin_vite_html: align css bundle output inject logic (#​6524) by @​shulaoda
• rolldown_plugin_vite_html: support inject_to_head function (#​6522) by @​shulaoda
• rolldown_plugin_vite_html: align emit and delete logic (#​6521) by @​shulaoda
• rolldown_vite_html: align handle html asset url logic (#​6518) by @​shulaoda
• add an example how to transform code and generate sourcemap with experimental.nativeMagicString (#​6514) by @​IWANABETHATGUY
• rolldown_plugin_vite_html: align handle inline css logic (#​6517) by @​shulaoda

🐛 Bug Fixes

• native-plugin: use correct config for assetPlugin (#​6638) by @​shulaoda
• no_color not being respected on reporter (#​6615) by @​H4ad
• improve tree shaking for JSON default imports (#​6626) by @​IWANABETHATGUY
• cjs treeshaking removes used code (#​6597) by @​IWANABETHATGUY
• plugin/vite-resolve: return package_json_path from resolveId hook (#​6434) by @​sapphi-red
• dev: should have idx error happens with deferSyncScanData + incremental rebuild (#​6568) by @​sapphi-red
• rolldown: sync scoping properly in pre_process_ecma_ast (#​6537) by @​Boshen
• process CJS tree shaking bailout modules before eliminating unused dynamic entries (#​6549) by @​IWANABETHATGUY
• rust/dev: error of bundler.scandoesn't get handled (#​6547) by @​Copilot
• inline only self referenced json module properties (#​6519) by @​IWANABETHATGUY
• avoid processing native MagicString sourcemap when sourcemap is disabled (#​6510) by @​IWANABETHATGUY

🚜 Refactor

• rolldown_binding: unify BindingAssetInlineLimit (#​6625) by @​shulaoda
• rolldown_binding: tweak BindingAssetPluginConfig (#​6624) by @​shulaoda
• tweak viteCSSPlugin config (#​6610) by @​shulaoda
• rust/dev: remove unnecessary bundler cache management of dev engine (#​6576) by @​hyf0
• rust/dev: refactor TaskInput into enum to reduce invalid states (#​6575) by @​hyf0
• improve the error message of ScanStageCache#merge (#​6564) by @​IWANABETHATGUY
• rust/dev: use client_id to check if module is executed for test environment (#​6566) by @​hyf0
• rust/binding: mark napi object that won't be received from js side (#​6531) by @​hyf0
• rust/binding: mark napi object struct that won't be passed to js explicitly (#​6525) by @​hyf0
• rust/binding: use &str or JsString to avoid unnecessary clone (#​6523) by @​hyf0
• rust/binding: use &str to avoid unnecessary clone (#​6520) by @​hyf0
• rust: replace unwrap with expect for better error handling in message sending (#​6509) by @​hyf0

📚 Documentation

• add redirect from /guide/in-depth/ to /in-depth/ (#​6554) by @​Copilot
• guide: polish notable features page (#​6535) by @​sapphi-red
• builtin-plugins: add replace plugin docs (#​6534) by @​sapphi-red
• add Additional Thanks in acknowledgements page (#​6507) by @​hyf0
• polish doc for experimental.nativeMagicString (#​6504) by @​IWANABETHATGUY

⚡ Performance

• cli: advance createTokioRuntime (#​6618) by @​hyf0
• rolldown: reduce unnecessary Vec allocate (#​6601) by @​Brooooooklyn
• rolldown: make derived assets generation more parallel (#​6600) by @​Brooooooklyn
• rolldown: make chunks generation more parallel (#​6599) by @​Brooooooklyn
• rolldown_utils: only allocate HASH_PLACEHOLDER_LEFT once (#​6595) by @​Brooooooklyn
• rolldown: use oxc-resolver with simd-json (#​6591) by @​Boshen
• rolldown: avoid allocate the sourcemap sources on non Windows os (#​6590) by @​Brooooooklyn
• resolver: use optimized fs.read_to_string impl (#​6589) by @​Brooooooklyn
• deps: upgrade json-escape-simd and add simdutf8 dependency (#​6579) by @​Brooooooklyn
• rust/dev: remove unncessary clone for ClientInput (#​6565) by @​hyf0
• visit ast in cross_module_optimization stage parallel (#​6552) by @​IWANABETHATGUY

🧪 Testing

• json module prop conflict with normal module declaration binding (#​6540) by @​IWANABETHATGUY
• vite-tests: fix rolldown overrides (#​6532) by @​sapphi-red

⚙️ Miscellaneous Tasks

• remove string conversion warning in replacePlugin to compatible with rollup (#​6639) by @​IWANABETHATGUY
• deps: update dependency dprint-json to v0.21.0 (#​6637) by @​renovate[bot]
• deps: lock file maintenance (#​6635) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​6632) by @​renovate[bot]
• node: use built-in styleText (#​6340) by @​dumbmatter
• deps: update actions/setup-node action to v6 (#​6629) by @​renovate[bot]
• deps: update github-actions (#​6628) by @​renovate[bot]
• deps: update dependency dprint-markdown to v0.20.0 (#​6627) by @​renovate[bot]
• Switch color dependencies (ansis and picocolors) to built-in styleText (#​6619) by @​IWANABETHATGUY
• native-plugin: tweak assetPlugin (#​6623) by @​shulaoda
• remove deprecated warning in build.ts (#​6621) by @​IWANABETHATGUY
• deps: update dependency tsdown to v0.15.8 (#​6617) by @​renovate[bot]
• rolldown_binding: rename vite css plugin config field (#​6611) by @​shulaoda
• add colored deprecation warnings for top-level options (#​6612) by @​IWANABETHATGUY
• rust: make cargo publish --workspace work (#​6287) by @​Boshen
• deps: update dependency rolldown-plugin-dts to v0.16.12 (#​6608) by @​renovate[bot]
• test: add opposite_minify_internal_exports and remove minify_internal_exports extend test (#​6596) by @​hyf0
• test: render snapshot for build and dev independently (#​6584) by @​hyf0
• test: split test logic for normal build and dev engine (#​6580) by @​hyf0
• fix rolldown build self warning (#​6578) by @​IWANABETHATGUY
• tweak BindingBuiltinPluginName (#​6574) by @​shulaoda
• rust: use forked notify crate (#​6573) by @​Boshen
• add .len() and .is_empty() to HybridIndexVec (#​6570) by @​sapphi-red
• ai: improve AGENT.md with verified prompts (#​6533) by @​hyf0
• clippy: set too-many-lines-threshold to 200 (#​6530) by @​shulaoda
• clean up examples/basic-vue (#​6515) by @​IWANABETHATGUY
• deps: update dependency tsdown to v0.15.7 (#​6512) by @​renovate[bot]
• add shulaoda to release PR assignees (#​6505) by @​shulaoda

❤️ New Contributors

• @​dumbmatter made their first contribution in #​6340
• @​H4ad made their first contribution in #​6615
• @​aprosail made their first contribution in #​6486

rollup/rollup (rollup)

v4.52.5

Compare Source

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#​6144)

Pull Requests

• #​6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #​6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #​6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6143: chore: eslint enable concurrency option (@​btea)
• #​6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #​6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

rolldown/tsdown (tsdown)

v0.15.9

Compare Source

   🐞 Bug Fixes

• Update rolldown and migrate from the deprecated API  -  by @​ocavue in #​552 (0aedb)
• Pin rolldown version  -  by @​ocavue in #​553 (7752e)

    View changes on GitHub

v0.15.8

Compare Source

   🚀 Features

• rolldown: Write config for debugging  -  by @​sxzz (ec8d5)

   🐞 Bug Fixes

• target: Invalid number target  -  by @​sxzz (c1071)

    View changes on GitHub

vuejs/devtools (vite-plugin-vue-devtools)

v8.0.3

Compare Source

   🐞 Bug Fixes

• Compatible with node25, close #​977  -  by @​webfansplz in #​977 (5d97b)

   🏎 Performance

• Drop execa  -  by @​43081j in #​964 (16fed)

    View changes on GitHub

vuejs/router (vue-router)

v4.6.3

Compare Source

Please refer to CHANGELOG.md for details.

v4.6.2

Compare Source

Please refer to CHANGELOG.md for details.

v4.6.1

Compare Source

Please refer to CHANGELOG.md for details.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/unplugin-vue-router@738

commit: a58babd

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.75%. Comparing base (36568d4) to head (a58babd).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #738   +/-   ##
=======================================
  Coverage   64.75%   64.75%           
=======================================
  Files          39       39           
  Lines        4301     4301           
  Branches      828      828           
=======================================
  Hits         2785     2785           
  Misses       1508     1508           
  Partials        8        8           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	minimist@​1.2.8
	happy-dom@​20.0.2 ⏵ 20.0.7	+1		+1	+1
	lint-staged@​16.2.4 ⏵ 16.2.5	+1			+1
	@​tanstack/​vue-query@​5.90.3 ⏵ 5.90.5				+1
	@​types/​node@​24.7.2 ⏵ 24.9.1	+1		+20	+5

View full report

[cloudflare-workers-and-pages]

Deploying unplugin-vue-router with    Cloudflare Pages

Latest commit:	a58babd
Status:	✅  Deploy successful!
Preview URL:	https://d7523cc0.unplugin-vue-router.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.unplugin-vue-router.pages.dev

View logs