fix(deps): Update dependency @sanity/pkg-utils to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sanity/pkg-utils	3.3.8 -> 6.4.1

---

Release Notes

sanity-io/pkg-utils (@​sanity/pkg-utils)

v6.4.1

Compare Source

Bug Fixes

• tweak clean message (be74a64)

v6.4.0

Compare Source

Features

• add --clean flag for build to auto rimraf dist (35b609a)

v6.3.0

Compare Source

Features

• add --check flag to build to auto run check after build (35a6d42)

v6.2.1

Compare Source

Bug Fixes

• deps: Update dependency @​microsoft/api-extractor to v7.43.1 (#​712) (cda9318)

v6.2.0

Compare Source

Features

• improve exports validation (#​707) (21f0342)

v6.1.0

Compare Source

Features

• support ESM-only packages (#​701) (a1d4aa3)

v6.0.2

Compare Source

Bug Fixes

• allow wider typescript semver range (#​699) (63fa409)

v6.0.1

Compare Source

Bug Fixes

• optimize lodash plugin crashed on TS syntax (e7b1baf)

v6.0.0

Compare Source

⚠ BREAKING CHANGES

• use node: protocol on built in modules

Features

• add lodash optimization (#​696) (4a4f84c)
• use node: protocol on built in modules (7fdad52)

v5.1.12

Compare Source

Bug Fixes

• deps: Update dependency rollup to ^4.14.1 (#​688) (9a6dd0f)

v5.1.11

Compare Source

Bug Fixes

• don't generate legacy exports for CJS-only exports (b38aa49)

v5.1.10

Compare Source

Bug Fixes

• add const T to narrow types returned by defineConfig (be29777)
• set moduleSideEffects: 'no-external' by default (51afe8a)

v5.1.9

Compare Source

Bug Fixes

• deps: Update dependency @​babel/core to ^7.24.4 (#​679) (66b65ef)

v5.1.8

Compare Source

Bug Fixes

• deps: Update dependency rollup to ^4.14.0 (#​673) (3e436c6)

v5.1.7

Compare Source

Bug Fixes

• type: "undefined" should be type: "commonjs" (befbe86)

v5.1.6

Compare Source

Bug Fixes

• only require type: commonjs when legacyExports: false (#​662) (de5fe2c)

v5.1.5

Compare Source

Bug Fixes

• deps: Update dependency prettier-plugin-packagejson to ^2.4.14 (#​659) (d609564)
• deps: Update dependency rollup to ^4.13.2 (#​648) (be3922f)
• update tsdoc for external (2e95cd3)

v5.1.4

Compare Source

Bug Fixes

• deps: Update dependency @​babel/core to ^7.24.3 (#​641) (33cad3a)

v5.1.3

Compare Source

Bug Fixes

• emit valid ESM in CJS modules when legacyExports: true (#​635) (26f9e1c)

v5.1.2

Compare Source

Bug Fixes

• only require top-level types if there are exports (77143b7)
• require a type in package.json when in strict mode (#​631) (191482b)

v5.1.1

Compare Source

Bug Fixes

• ensure no "Masquerading as ESM|CJS" dts errors (#​627) (e54dc10)

v5.1.0

Compare Source

Features

• support module: "Preserve" in TS 5.4 (8f62425)

Bug Fixes

• use the same typescript version as @microsoft/api-extractor (d63fab6)

v5.0.7

Compare Source

Bug Fixes

• deps: Update dependency @​babel/core to ^7.24.1 (#​618) (096fc1f)

v5.0.6

Compare Source

Bug Fixes

• deps: Update dependency @​microsoft/api-extractor to ^7.43.0 (#​619) (ea85609)

v5.0.5

Compare Source

Bug Fixes

• only suffix the chunks folder if chunks are not hashed (61acd17)

v5.0.4

Compare Source

Bug Fixes

• prefix chunks folder with [format] instead of the filename (c4fadaf)

v5.0.3

Compare Source

Bug Fixes

• prefix with format when not using a hash (cb85ac1)

v5.0.2

Compare Source

Bug Fixes

• deps: Update dependency esbuild to ^0.20.2 (#​596) (eb2960b)

v5.0.1

Compare Source

Bug Fixes

• deps: Update dependency rollup to ^4.13.0 (#​585) (37243c4)

v5.0.0

Compare Source

⚠ BREAKING CHANGES

• remove node.import ESM CJS wrapper support (#​226)

Features

• remove node.import ESM CJS wrapper support (#​226) (28aa84d)

v4.4.4

Compare Source

v4.4.3

Compare Source

v4.4.2

Compare Source

v4.4.1

Compare Source

Bug Fixes

• deps: update dependency astro to ^4.4.10 (#​558) (6f2d2b6)
• deps: update dependency rollup to ^4.12.1 (#​565) (85d3255)

v4.4.0

Compare Source

Features

• add support for svelte (#​546) (d765af0)

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.42.3 (#​543) (9ad938c)

v4.3.1

Compare Source

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.42.1 (#​538) (841b846)

v4.3.0

Compare Source

Features

• make [hash] in chunk file names opt-in (5181ac4)

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.41.0 (#​531) (e982e76)

v4.2.11

Compare Source

Bug Fixes

• deps: update dependency prettier-plugin-packagejson to ^2.4.12 (#​525) (502e2a5)

v4.2.10

Compare Source

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.40.6 (#​521) (50bde33)

v4.2.9

Compare Source

Bug Fixes

• only minifyInternalExports when compact is true (8a9d83d)

v4.2.8

Compare Source

Bug Fixes

• always mark template literal as supported (f9b809e)
• deps: update dependency @​sanity/browserslist-config to ^1.0.3 (7b438b4)
• ensure browserslist defaults are set (271518f)

v4.2.7

Compare Source

Bug Fixes

• minify syntax by default (09ffc73)

v4.2.6

Compare Source

Bug Fixes

• set terser compress directives to false (b707e4d)

v4.2.5

Compare Source

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.40.5 (#​513) (0a24a40)
• enable esbuild syntax minifier (da6f2f4)
• enable esbuild tree shaking (51ff892)

v4.2.4

Compare Source

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.40.2 (#​504) (e66b744)
• deps: update dependency @​microsoft/api-extractor to ^7.40.3 (#​508) (df20db0)
• deps: update dependency @​sanity/browserslist-config to ^1.0.2 (d58beee)
• deps: update dependency esbuild to ^0.20.1 (#​509) (f062233)

v4.2.3

Compare Source

Bug Fixes

• deps: update dependency prettier-plugin-packagejson to ^2.4.11 (#​497) (e938910)

v4.2.2

Compare Source

Bug Fixes

• deps: update dependency astro to ^4.3.6 (#​485) (3c9cc66)
• deps: update dependency browserslist to ^4.23.0 (#​492) (22078df)
• deps: update dependency rollup to ^4.11.0 (#​493) (c01619f)

v4.2.0

Compare Source

Features

• improve treeshaking (#​463) (91831a3)

v4.1.5

Compare Source

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.40.1 (#​470) (566c8b9)

v4.1.4

Compare Source

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.40.0 (#​464) (f2af378)
• deps: update dependency @​sanity/browserslist-config to ^1.0.1 (#​468) (95d28f2)
• deps: update dependency chokidar to ^3.6.0 (#​465) (ec07deb)

v4.1.3

Compare Source

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.39.5 (#​459) (7cbb1ec)

v4.1.2

Compare Source

Bug Fixes

• deps: update dependency prettier-plugin-packagejson to ^2.4.10 (#​446) (269ca72)

v4.1.1

Compare Source

Bug Fixes

• deps: update dependency browserslist to ^4.22.3 (#​438) (82de0e7)
• deps: update dependency esbuild to ^0.20.0 (#​439) (679c7c9)

v4.1.0

Compare Source

Features

• add support for shared browerslist configs (#​430) (d35abef)

Bug Fixes

• use browserslist-to-esbuild (#​426) (fe3a8d9)

v4.0.0

Compare Source

⚠ BREAKING CHANGES

• only run babel if a custom babel plugin is specified
• remove @babel/preset-env

Bug Fixes

• deps: update dependency @​microsoft/api-extractor to ^7.39.4 (#​418) (31cd33f)
• deps: update dependency esbuild to ^0.19.12 (#​422) (565e307)
• deps: update dependency jsonc-parser to ^3.2.1 (#​423) (63d307a)
• only run babel if a custom babel plugin is specified (6436993)
• remove @babel/preset-env (276042e)

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

🚮 Removed packages: npm/@sanity/[email protected]

View full report↗︎

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/[email protected]	Install script: postinstall Source: node install.js	orphan: npm/[email protected]

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]