chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@types/node (source)	22.18.12 -> 22.19.3
bumpp	10.3.1 -> 10.3.2
pkg-pr-new (source)	0.0.60 -> 0.0.62
pnpm (source)	10.21.0 -> 10.26.0
rou3	0.7.8 -> 0.7.12
vue-router (source)	4.6.3 -> 4.6.4

---

Release Notes

antfu-collective/bumpp (bumpp)

v10.3.2

Compare Source

   🐞 Bug Fixes

• Resolve the options in config file correctly  -  by @​liangmiQwQ in #​101 (f5887)

    View changes on GitHub

stackblitz-labs/pkg.pr.new (pkg-pr-new)

v0.0.62

Compare Source

v0.0.61

Compare Source

pnpm/pnpm (pnpm)

v10.26.0

Compare Source

v10.25.0

Compare Source

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:is-odd@3.0.1) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - chokidar@4.0.3
    - webpack@4.47.0 || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

h3js/rou3 (rou3)

v0.7.12

Compare Source

compare changes

🚀 Enhancements

• add: Allow escaping : and * using backslash (#​175)

🏡 Chore

• Update deps (9d3703c)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.7.11

Compare Source

compare changes

🩹 Fixes

• Handle root wildcard routes (#​173)

🏡 Chore

• Update deps (d299937)

❤️ Contributors

• Kricsleo (@​kricsleo)
• Pooya Parsa (@​pi0)

v0.7.10

Compare Source

compare changes

🔥 Performance

• compiler: Eval data once in iot mode (#​172)

🏡 Chore

• Update deps (ef34343)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.7.9

Compare Source

compare changes

📦 Build

• Reduce dist size (425ee50)

🏡 Chore

• Update dev dependencies (05a81ff)

❤️ Contributors

• Pooya Parsa (@​pi0)

vuejs/router (vue-router)

v4.6.4

Compare Source

   🚀 Features

• experimental:
  • Handle redirect types  -  by @​posva (92efb)
  • Basic alias  -  by @​posva (ded2d)

   🐞 Bug Fixes

• Make the build output compatible with v4.5  -  by @​drylint in #​2591 (42bc2)
• experimental: IsActive with custom params  -  by @​posva (edca6)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/unrouting@94

commit: dbd6494

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 2 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 15, reused 0, downloaded 0, added 0
Progress: resolved 16, reused 0, downloaded 0, added 0
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "undici-types@6.21.0" (possible package takeover)

This error happened while installing the dependencies of @types/node@22.19.3

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.