chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@types/node (source)	^24.10.4 → ^24.10.9			devDependencies	patch
eslint-plugin-prettier	^5.5.4 → ^5.5.5			devDependencies	patch
node (source)	24.12.0 → 24.13.0				minor
node	24.12.0 → 24.13.0			uses-with	minor
pnpm (source)	10.27.0 → 10.28.2				minor
prettier (source)	^3.7.4 → ^3.8.1			devDependencies	minor
release-it	^19.2.2 → ^19.2.4			devDependencies	patch
rollup (source)	^4.54.0 → ^4.57.1			devDependencies	minor

---

Release Notes

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

v5.5.5

Compare Source

Patch Changes

• #​772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #​776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

nodejs/node (node)

v24.13.0: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [3e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #​61283
• [4ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [89adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
• [7302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [20075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [20591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

actions/node-versions (node)

v24.13.0: 24.13.0

Compare Source

Node.js 24.13.0

pnpm/pnpm (pnpm)

v10.28.2

Compare Source

v10.28.1

Compare Source

v10.28.0

Compare Source

prettier/prettier (prettier)

v3.8.1

Compare Source

v3.8.0

Compare Source

diff

🔗 Release note

release-it/release-it (release-it)

v19.2.4

Compare Source

• chore: update dependencies to resolve security vulnerabilities (#​1273) (b45dd1a) - thanks @​Yeom-JinHo!
• Update a few dev deps (cd8acdc)

v19.2.3

Compare Source

• Reuse generated changelog (316dbfa)
• Remove obsolete eslint compat packages/config (f6cc8f3)
• Update remark-preset-webpro and fix broken links (6e6dd4b)

rollup/rollup (rollup)

v4.57.1

Compare Source

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#​6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#​6254)

Pull Requests

• #​6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #​6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6254: Fully include dynamic imports in a try-catch (@​lukastaegert)
• #​6255: chore(deps): lock file maintenance (@​renovate[bot])

v4.57.0

Compare Source

2026-01-27

Features

• Add import attributes to all plugin hooks that did not provide them yet (#​5700)
• Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#​5700)

Pull Requests

• #​5700: extend more hooks to include import attributes and add warnings (@​TrickyPi, @​lukastaegert)
• #​6243: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6244: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6245: chore(deps): lock file maintenance (@​renovate[bot])
• #​6246: Refactor to reduce Rollup 5 upgrade diff (@​lukastaegert)

v4.56.0

Compare Source

2026-01-22

Features

• Track object property inclusions of dynamic namespace members (#​6230)

Bug Fixes

• Handle methods that access dynamically imported namespace members via this (#​6230)

Pull Requests

• #​6230: Refine namespace handling (@​lukastaegert)

v4.55.3

Compare Source

2026-01-21

Bug Fixes

• Fix JSX semicolon insert position in variable declarations (#​6241)

Pull Requests

• #​6241: Fix JSX semicolon insertion (@​lukastaegert)

v4.55.2

Compare Source

2026-01-19

Bug Fixes

• Sort manual chunks by execution order to reduce circular dependency issues (#​6240)

Pull Requests

• #​6234: chore(deps): pin cross-platform-actions/action action to 492b0c8 (@​renovate[bot])
• #​6235: chore(deps): update dependency globals to v17 (@​renovate[bot], @​lukastaegert)
• #​6236: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6237: chore(deps): lock file maintenance (@​renovate[bot])
• #​6239: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6240: Sort manual chunks by module execution order (@​TrickyPi)

v4.55.1

Compare Source

2026-01-05

Bug Fixes

• Fix artifact reference for OpenBSD (#​6231)

Pull Requests

• #​6231: Fix OpenBSD artifacts and ensure OIDC is working (@​lukastaegert)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) in timezone Pacific/Auckland, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.