chore(deps): pin dependencies by renovate[bot] · Pull Request #4279 · nitrojs/nitro

renovate · 2026-05-23T04:37:04Z

This PR contains the following updates:

Package	Type	Update	Change
@apphosting/common	devDependencies	pin	`^0.0.9` → `0.0.9`
@azure/functions	devDependencies	pin	`^3.5.1` → `3.5.1`
@azure/static-web-apps-cli	devDependencies	pin	`^2.0.9` → `2.0.9`
@cloudflare/workers-types	devDependencies	pin	`^4.20260521.1` → `4.20260521.1`
@cloudflare/workers-utils (source)	devDependencies	pin	`^0.21.0` → `0.21.0`
@deno/types	devDependencies	pin	`^0.0.1` → `0.0.1`
@hiogawa/vite-plugin-fullstack	devDependencies	pin	`^0.0.11` → `0.0.11`
@netlify/edge-functions (source)	devDependencies	pin	`^3.0.7` → `3.0.7`
@netlify/functions (source)	devDependencies	pin	`^5.2.2` → `5.2.2`
@rollup/plugin-alias (source)	devDependencies	pin	`^6.0.0` → `6.0.0`
@rollup/plugin-commonjs (source)	devDependencies	pin	`^29.0.2` → `29.0.2`
@rollup/plugin-inject (source)	devDependencies	pin	`^5.0.5` → `5.0.5`
@rollup/plugin-json (source)	devDependencies	pin	`^6.1.0` → `6.1.0`
@rollup/plugin-node-resolve (source)	devDependencies	pin	`^16.0.3` → `16.0.3`
@rollup/plugin-replace (source)	devDependencies	pin	`^6.0.3` → `6.0.3`
@scalar/api-reference (source)	devDependencies	pin	`^1.57.2` → `1.57.2`
@scalar/openapi-types (source)	devDependencies	pin	`^0.8.0` → `0.8.0`
@types/aws-lambda (source)	devDependencies	pin	`^8.10.161` → `8.10.161`
@types/estree (source)	devDependencies	pin	`^1.0.9` → `1.0.9`
@types/etag (source)	devDependencies	pin	`^1.8.4` → `1.8.4`
@types/http-proxy (source)	devDependencies	pin	`^1.17.17` → `1.17.17`
@types/node (source)	devDependencies	pin	`^25.9.1` → `25.9.1`
@types/node-fetch (source)	devDependencies	pin	`^2.6.13` → `2.6.13`
@types/semver (source)	devDependencies	pin	`^7.7.1` → `7.7.1`
@types/xml2js (source)	devDependencies	pin	`^0.4.14` → `0.4.14`
@vercel/queue	devDependencies	pin	`^0.2.0` → `0.2.0`
@vitest/coverage-v8 (source)	devDependencies	pin	`^4.1.7` → `4.1.7`
automd	devDependencies	pin	`^0.4.3` → `0.4.3`
c12	devDependencies	pin	`^4.0.0-beta.5` → `4.0.0-beta.5`
changelogen	devDependencies	pin	`^0.6.2` → `0.6.2`
chokidar	devDependencies	pin	`^5.0.0` → `5.0.0`
citty	devDependencies	pin	`^0.2.2` → `0.2.2`
compatx	devDependencies	pin	`^0.2.0` → `0.2.0`
confbox	devDependencies	pin	`^0.2.4` → `0.2.4`
cookie-es	devDependencies	pin	`^3.1.1` → `3.1.1`
croner (source)	devDependencies	pin	`^10.0.1` → `10.0.1`
defu	devDependencies	pin	`^6.1.7` → `6.1.7`
destr	devDependencies	pin	`^2.0.5` → `2.0.5`
dot-prop	devDependencies	pin	`^10.1.0` → `10.1.0`
edge-runtime (source)	devDependencies	pin	`^4.0.1` → `4.0.1`
etag	devDependencies	pin	`^1.8.1` → `1.8.1`
execa	devDependencies	pin	`^9.6.1` → `9.6.1`
expect-type	devDependencies	pin	`^1.3.0` → `1.3.0`
exsolve	devDependencies	pin	`^1.0.8` → `1.0.8`
geist (source)	devDependencies	pin	`^1.7.0` → `1.7.0`
get-port-please	devDependencies	pin	`^3.2.0` → `3.2.0`
giget	devDependencies	pin	`^3.2.0` → `3.2.0`
gzip-size	devDependencies	pin	`^7.0.0` → `7.0.0`
httpxy	devDependencies	pin	`^0.5.3` → `0.5.3`
klona	devDependencies	pin	`^2.0.6` → `2.0.6`
knitwork	devDependencies	pin	`^1.3.0` → `1.3.0`
magic-string	devDependencies	pin	`^0.30.21` → `0.30.21`
mdzilla	devDependencies	pin	`^0.2.1` → `0.2.1`
mime	devDependencies	pin	`^4.1.0` → `4.1.0`
miniflare (source)	devDependencies	pin	`^4.20260520.0` → `4.20260520.0`
mlly	devDependencies	pin	`^1.8.2` → `1.8.2`
motion-v	devDependencies	pin	`^2.2.1` → `2.2.1`
nypm	devDependencies	pin	`^0.6.6` → `0.6.6`
obuild	devDependencies	pin	`^0.4.36` → `0.4.36`
oxfmt (source)	devDependencies	pin	`^0.51.0` → `0.51.0`
oxlint (source)	devDependencies	pin	`^1.66.0` → `1.66.0`
pathe	devDependencies	pin	`^2.0.3` → `2.0.3`
perfect-debounce	devDependencies	pin	`^2.1.0` → `2.1.0`
pkg-types	devDependencies	pin	`^2.3.1` → `2.3.1`
pretty-bytes	devDependencies	pin	`^7.1.0` → `7.1.0`
react (source)	devDependencies	pin	`^19.2.6` → `19.2.6`
rendu	devDependencies	pin	`^0.1.0` → `0.1.0`
rollup (source)	devDependencies	pin	`^4.60.4` → `4.60.4`
rou3	devDependencies	pin	`^0.8.1` → `0.8.1`
scule	devDependencies	pin	`^1.3.0` → `1.3.0`
semver	devDependencies	pin	`^7.8.0` → `7.8.0`
serve-placeholder	devDependencies	pin	`^2.0.2` → `2.0.2`
shaders	devDependencies	pin	`^2.5.113` → `2.5.113`
source-map	devDependencies	pin	`^0.7.6` → `0.7.6`
std-env	devDependencies	pin	`^4.1.0` → `4.1.0`
tinyglobby (source)	devDependencies	pin	`^0.2.16` → `0.2.16`
tsconfck (source)	devDependencies	pin	`^3.1.6` → `3.1.6`
typescript (source)	devDependencies	pin	`^6.0.3` → `6.0.3`
ufo	devDependencies	pin	`^1.6.4` → `1.6.4`
ultrahtml	devDependencies	pin	`^1.6.0` → `1.6.0`
uncrypto	devDependencies	pin	`^0.1.3` → `0.1.3`
unctx	devDependencies	pin	`^2.5.0` → `2.5.0`
unimport	devDependencies	pin	`^6.3.0` → `6.3.0`
untyped	devDependencies	pin	`^2.0.0` → `2.0.0`
unwasm	devDependencies	pin	`^0.5.3` → `0.5.3`
vite (source)	devDependencies	pin	`^8.0.14` → `8.0.14`
vite7 (source)	devDependencies	pin	`^7.3.2` → `7.3.3`
vitest (source)	devDependencies	pin	`^4.1.7` → `4.1.7`
wrangler (source)	devDependencies	pin	`^4.93.1` → `4.93.1`
xml2js	devDependencies	pin	`^0.6.2` → `0.6.2`
youch	devDependencies	pin	`^4.1.1` → `4.1.1`
youch-core	devDependencies	pin	`^0.3.3` → `0.3.3`
zephyr-agent (source)	devDependencies	pin	`^1.1.1` → `1.1.1`
zod (source)	devDependencies	pin	`^4.4.3` → `4.4.3`

⚠️ Renovate's pin functionality does not currently wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

Configuration

📅 Schedule: (UTC)

Branch creation
- "after 1am and before 5am"
Automerge
- "after 2am and before 5am"

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2026-05-23T04:37:06Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml


<--- Last few GCs --->

[1112:0x267c9000]   139537 ms: Scavenge (interleaved) 1489.3 (1495.9) -> 1488.5 (1495.9) MB, pooled: 0 MB, 74.53 / 0.01 ms  (average mu = 0.363, current mu = 0.385) allocation failure; 
[1112:0x267c9000]   141943 ms: Mark-Compact (reduce) 1492.2 (1498.4) -> 1487.6 (1493.3) MB, pooled: 0 MB, 1279.50 / 0.02 ms  (+ 601.7 ms in 31 steps since start of marking, biggest step 33.1 ms, walltime since start of marking 1942 ms) (average mu = 0.330
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0x744ae8 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/24.16.0/bin/node]
 2: 0xc1a4b0  [/opt/containerbase/tools/node/24.16.0/bin/node]
 3: 0xc1a59f  [/opt/containerbase/tools/node/24.16.0/bin/node]
 4: 0xebdda5  [/opt/containerbase/tools/node/24.16.0/bin/node]
 5: 0xebddd2  [/opt/containerbase/tools/node/24.16.0/bin/node]
 6: 0xebe0ca  [/opt/containerbase/tools/node/24.16.0/bin/node]
 7: 0xecedca  [/opt/containerbase/tools/node/24.16.0/bin/node]
 8: 0xed3170  [/opt/containerbase/tools/node/24.16.0/bin/node]
 9: 0x19655d1  [/opt/containerbase/tools/node/24.16.0/bin/node]
/usr/local/bin/node: line 18:  1112 Aborted                 /opt/containerbase/tools/node/24.16.0/bin/node "$@"

vercel · 2026-05-23T04:37:06Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nitro.build	Ready	Preview, Comment	May 29, 2026 11:55am

socket-security · 2026-05-23T04:37:46Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	License
	@netlify/edge-functions@3.0.7
	@apphosting/common@0.0.9
	@types/xml2js@0.4.14
	@types/etag@1.8.4
	@types/express@5.0.6
	@tanstack/react-router-devtools@1.167.0
	@types/http-proxy@1.17.17
	@deno/types@0.0.1
	@types/node-fetch@2.6.13
	elysia@1.4.28
	@types/semver@7.7.1
	@hiogawa/vite-plugin-fullstack@0.0.11
	@types/estree@1.0.9
	@types/react-dom@19.2.3
	env-runner@0.1.9
	@tanstack/react-router@1.170.4
	@cloudflare/workers-utils@0.21.0
	mdzilla@0.2.1
	@types/aws-lambda@8.10.161
	@tanstack/router-plugin@1.168.6
	@types/react@19.2.15
	@vitest/coverage-v8@4.1.7
	c12@4.0.0-beta.4 ⏵ 4.0.0-beta.5
	crossws@0.3.5 ⏵ 0.4.5	⁺¹			^-19
	giget@3.1.2 ⏵ 3.2.0	⁺¹		⁺¹
	h3@1.15.6 ⏵ 2.0.1-rc.22	⁺²	⁺³		^-19
	changelogen@0.6.2
	edge-runtime@4.0.1
	@types/node@25.9.1
	expect-type@1.3.0
	@typescript/native-preview@7.0.0-dev.20260521.1
	execa@8.0.1 ⏵ 9.6.1			⁺¹
	@tanstack/react-start@1.168.6
See 23 more rows in the dashboard

View full report

socket-security · 2026-05-23T04:37:48Z

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

renovate Bot requested a review from pi0 as a code owner May 23, 2026 04:37

vercel Bot deployed to Preview May 23, 2026 04:38 View deployment

chore(deps): pin dependencies

5c28f9b

renovate Bot force-pushed the renovate/pin-dependencies branch from bd2cdb6 to 5c28f9b Compare May 29, 2026 11:53

vercel Bot deployed to Preview May 29, 2026 11:55 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): pin dependencies#4279

chore(deps): pin dependencies#4279
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pin-dependencies

renovate Bot commented May 23, 2026

Uh oh!

renovate Bot commented May 23, 2026 •

edited

Loading

Uh oh!

vercel Bot commented May 23, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 23, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 23, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

renovate Bot commented May 23, 2026

Configuration

Uh oh!

renovate Bot commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Artifact update problem

File name: pnpm-lock.yaml

Uh oh!

vercel Bot commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented May 23, 2026 •

edited

Loading

vercel Bot commented May 23, 2026 •

edited

Loading

socket-security Bot commented May 23, 2026 •

edited

Loading

socket-security Bot commented May 23, 2026 •

edited

Loading