chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@capsizecss/metrics (source)	3.5.0 -> 3.6.2			devDependencies	minor
@capsizecss/unpack (source)	3.0.0 -> 3.0.1			dependencies	patch
@types/node (source)	24.10.0 -> 24.10.1			devDependencies	patch
actions/checkout	v5.0.0 -> v5.0.1			action	patch
danielroe/provenance-action	v0.1.0 -> v0.1.1			action	patch
esbuild	^0.25.12 -> ^0.27.0			dependencies	minor
knip (source)	5.68.0 -> 5.70.0			devDependencies	minor
pnpm (source)	10.21.0 -> 10.22.0			packageManager	minor
rollup (source)	4.52.5 -> 4.53.3			devDependencies	minor
shadcn-docs-nuxt (source)	1.1.4 -> 1.1.7			dependencies	patch
tsdown (source)	0.16.0 -> 0.16.5			devDependencies	patch
unstorage (source)	1.17.1 -> 1.17.2			dependencies	patch
unstorage (source)	1.17.1 -> 1.17.2			resolutions	patch

---

Release Notes

seek-oss/capsize (@​capsizecss/metrics)

v3.6.2

Compare Source

Patch Changes

• #​242 7e46f3d Thanks @​michaeltaranto! - metrics: Fix font metric types

v3.6.1

Compare Source

Patch Changes

• #​239 41ef5b0 Thanks @​delucis! - Bundle Capsize packages with tsdown instead of Crackle. This is an internal change only and does not affect the public API.

v3.6.0

Compare Source

Minor Changes

• #​235 9776218 Thanks @​michaeltaranto! - Update Google Fonts

seek-oss/capsize (@​capsizecss/unpack)

v3.0.1

Compare Source

Patch Changes

• #​239 41ef5b0 Thanks @​delucis! - Bundle Capsize packages with tsdown instead of Crackle. This is an internal change only and does not affect the public API.

actions/checkout (actions/checkout)

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

danielroe/provenance-action (danielroe/provenance-action)

v0.1.1

Compare Source

compare changes

🚀 Enhancements

• Add support for bun.lock (#​12)

📖 Documentation

• Use @main constraint for example (237ceea)

❤️ Contributors

• Daniel Roe (@​danielroe)

evanw/esbuild (esbuild)

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#​4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Compare Source

• Enable trusted publishing (#​4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

webpro-nl/knip (knip)

v5.70.0

Compare Source

• Revert "Revive some tests in Bun" (f1406b5)
• feat(plugins): Add Prisma plugin entry and Prisma schema compiler (#​1340) (9f80aa4) - thanks @​CHC383!
• Improve some export/import positions (b19282b)
• Move block to group top-level patterns (bba25f3)
• Improve some naming around module graph (63d6117)
• Minor refactors (a63b0dc)
• Update auto-fix.mdx (#​1356) (c64d905) - thanks @​skvale!
• Improve side-effects & opaque import call handling (resolve #​1352) (e364589)
• Add some unit tests for isIdentifierReferenced (f31eab4)
• Add support for awaited import call promise (92cbcef)
• Edit and dim tag hints title (e4affd2)
• feat(plugins): Add taskfile plugin (#​1357) (f64b72c) - thanks @​elierotenberg!
• Improve pragmas handling/setup (resolves #​1358) (e0f497c)
• Upgrade js-yaml + some others (resolve #​1359) (5195888)
• Clean up (da9440f)

v5.69.1

Compare Source

• Release @​knip/create-config 1.0.8 (8740516)
• Edit docs (5eb8a69)
• Apply Next.js page extensions to app directory (#​1351) (f9cf9dc) - thanks @​remcohaszing!
• Refactor fixes & consistently use issue.fixes (d7b45cf)
• Revive some tests in Bun (74a0bd8)
• Fix import identifier/specifier pos (95d2c04)
• Fix namespace import pos (6b6b80b)
• Improve some export/import positions (9b87b1a)
• Rely on absolute paths with formatly (npx acts weird) (6653f35)

v5.69.0

Compare Source

• Update mdxlint-preset-webpro (88e772a)
• Edit docs (c44b8bf)
• Upgrade biome (5d3d74d)
• Fix up issue type shorthands (88ad825)
• Improve zod error message (2083810)
• Correct mdxlint setup in package.json (#​1337) (71a4d12) - thanks @​remcohaszing!
• (create-config): Fix regex for detecting packages in pnpm-workspace.yaml (#​1342) (46e33d9) - thanks @​taro-28!
• Add missing dependency on remark-gfm (#​1338) (e1462d3) - thanks @​remcohaszing!
• feat(plugins): extend prisma plugin (#​1339) (6dc700a) - thanks @​CHC383!
• Link to github org knip search results (2ee1f1b)
• Support --format in eslint plugin (resolves #​1343) (4cb18bb)
• mdxlint uses remark prefix (cdd2173)
• Print relative path in trace renderer (379e798)
• Allow to un-ignore wildcard ignored workspaces (b422f10)
• Support URL constructor with import.meta.url (resolves #​1310) (ffff5a6)
• Refactor import props into modifiers (9a0ace7)
• Rename method (d922df4)
• Fix up KnipConfig that can be an (async) function (4310d20)
• Verify only first word for valid binary (resolve #​1345) (153ced0)
• Add auto-fixable catalog issue type (#​1204) (063b647)
• Refactor plugins to use Plugin type annotation (f1e8b82)
• Update some dependencies (0339f49)
• Lint & format (f606570)

pnpm/pnpm (pnpm)

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

rollup/rollup (rollup)

v4.53.3

Compare Source

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#​6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#​6183)

Pull Requests

• #​6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #​6174: Re-enable TypeScript test (@​lukastaegert)
• #​6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #​6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

v4.53.2

Compare Source

2025-11-10

Bug Fixes

• Do not throw when using invalid escape sequences in template literals (#​6177)

Pull Requests

• #​6177: handle TemplateElement with null cooked value (@​TrickyPi)

v4.53.1

Compare Source

2025-11-07

Bug Fixes

• Fix install script (#​6172)

Pull Requests

• #​6172: fix: move patch-package from postinstall to prepare script (@​mshima)

v4.53.0

Compare Source

2025-11-07

Features

• Improve rendering performance by caching generated variable names (#​5947)

Pull Requests

• #​5947: refactor: store safe variable names in cache for subsequent usage (@​Aslemammad, @​lukastaegert, @​Service account user)
• #​6149: chore(deps): update dependency vite to v7.1.11 [security] (@​renovate[bot], @​Service account user)
• #​6151: fix(deps): update swc monorepo (major) (@​renovate[bot], @​Service account user)
• #​6152: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #​6153: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #​6155: Fix tests: Do not swallow warnings for multi-format tests (@​lukastaegert, @​Service account user)
• #​6159: chore(deps): update dependency eslint-plugin-unicorn to v62 (@​renovate[bot])
• #​6160: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #​6161: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6164: chore(deps): update dependency @​rollup/plugin-alias to v6 (@​renovate[bot])
• #​6165: chore(deps): update dependency @​rollup/plugin-commonjs to v29 (@​renovate[bot])
• #​6166: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6167: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

ZTL-UwU/shadcn-docs-nuxt (shadcn-docs-nuxt)

v1.1.7

Compare Source

🌐 i18n

• Add zhcn and zhtw as alternative language codes
• Add Chinese docs translation

View changes on GitHub

v1.1.6

Compare Source

🐞 Bug Fixes

• Duplicated theme class on bodyAttrs fixes: #​185 - by @​ZTL-UwU in #​185 (c2fe2)

v1.1.5

Compare Source

rolldown/tsdown (tsdown)

v0.16.5

Compare Source

   🚀 Features

• create-tsdown: Add react-compiler template  -  by @​elecmonkey and @​sxzz in #​604 (45229)

   🐞 Bug Fixes

• exports: Use correct indentation for output  -  by @​msigwart and @​sxzz in #​599 (4de70)

    View changes on GitHub

v0.16.4

Compare Source

   🚀 Features

• Upgrade rolldown to 1.0.0-beta.50  -  by @​sxzz (597d9)

    View changes on GitHub

v0.16.3

Compare Source

   🏎 Performance

• Replace debug with obug  -  by @​sxzz (222e9)

    View changes on GitHub

v0.16.2

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-beta.49  -  by @​sxzz (48181)
• entry: Auto enable glob, support infer entry extension  -  by @​sxzz and jinghaihan (2c525)

    View changes on GitHub

v0.16.1

Compare Source

   🚀 Features

• Switch unconfig-core & mark unrun stable  -  by @​sxzz in #​585 (339f5)

   🐞 Bug Fixes

• attw: Improve attw execute, output package name  -  by @​sxzz (237f6)
• unused: Set root to cwd  -  by @​sxzz (844c9)

    View changes on GitHub

unjs/unstorage (unstorage)

v1.17.2

Compare Source

compare changes

📦 Build

• Fix masquerading as CJS issue (#​700)

❤️ Contributors

• Kricsleo (@​kricsleo)

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for fontless ready!

Name	Link
🔨 Latest commit	91553ea
🔍 Latest deploy log	https://app.netlify.com/projects/fontless/deploys/691d69ba9474850008f5e437
😎 Deploy Preview	https://deploy-preview-688--fontless.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/fontaine@688

npm i https://pkg.pr.new/fontless@688

commit: 91553ea