Update ui deps sync

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@rollup/plugin-commonjs (source)	^28.0.8 → ^28.0.9
@rollup/plugin-replace (source)	^6.0.2 → ^6.0.3
@rollup/plugin-typescript (source)	^12.1.4 → ^12.3.0
@types/node (source)	^20.19.21 → ^20.19.33
@upstash/redis	1.35.6 → 1.36.2
@upstash/redis	1.35.6 → 1.36.2
autoprefixer	^10.4.21 → ^10.4.24
jszip	3.6.0 → 3.10.1
rollup (source)	^4.52.4 → ^4.57.1
semver	^7.7.3 → ^7.7.4
tailwindcss (source)	^3.4.18 → ^3.4.19

---

Release Notes

rollup/plugins (@​rollup/plugin-commonjs)

v28.0.9

2025-10-24

Bugfixes

• fix: handle node: builtins with strictRequires: auto (#​1930)

rollup/plugins (@​rollup/plugin-replace)

v6.0.3

2025-10-29

Bugfixes

• fix: update delimiters to respect valid js identifier chars (#​1938)

rollup/plugins (@​rollup/plugin-typescript)

v12.3.0

2025-10-23

Features

• feat: expose latest Program to transformers in watch mode (#​1923)

v12.2.0

2025-10-22

Features

• feat: process .js when allowJs is enabled (#​1920)

upstash/upstash-redis (@​upstash/redis)

v1.36.2

Compare Source

What's Changed

• DX-2363: add redis-js skills by @​CahidArda in upstash/redis-js#1406
• Dx 2353: Add commands HGETDEL, HGETEX, HSETEX, XDELEX, XACKDEL, CLIENT SETINFO and add new options to BITOP and XADD by @​alitariksahin in upstash/redis-js#1407

Full Changelog: upstash/redis-js@v1.36.1...v1.36.2

v1.36.1

Compare Source

What's Changed

• feat: support chunked messages by @​joschan21 in upstash/redis-js#1404

Full Changelog: upstash/redis-js@v1.36.0...v1.36.1

v1.36.0

Compare Source

What's Changed

• feat: add redis functions support by @​ytkimirti in upstash/redis-js#1401

Full Changelog: upstash/redis-js@v1.35.8...v1.36.0

v1.35.8

Compare Source

What's Changed

• DX-2280: Remove large-group runners by @​CahidArda in upstash/redis-js#1398
• fix: bump next by @​CahidArda in upstash/redis-js#1400
• fix: improve env variable access by @​ytkimirti in upstash/redis-js#1399

Full Changelog: upstash/redis-js@v1.35.7...v1.35.8

v1.35.7

Compare Source

What's Changed

• DX-2204: document telemetry configuration option by @​CahidArda in upstash/redis-js#1393
• DX-2265: add Requester type declaration by @​CahidArda in upstash/redis-js#1397
• Fix: zremrangebyscore should accept string | number for min/max scores by @​mvonschledorn in upstash/redis-js#1396

New Contributors

• @​mvonschledorn made their first contribution in upstash/redis-js#1396

Full Changelog: upstash/redis-js@v1.35.6...v1.35.7

postcss/autoprefixer (autoprefixer)

v10.4.24

Compare Source

• Made Autoprefixer a little faster (by @​Cherry).

v10.4.23

Compare Source

• Reduced dependencies (by @​hyperz111).

v10.4.22

Compare Source

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

Stuk/jszip (jszip)

v3.10.1

Compare Source

• Add sponsorship files.
  • If you appreciate the time spent maintaining JSZip then I would really appreciate your sponsorship.
• Consolidate metadata types and expose OnUpdateCallback #​851 and #​852
• use const instead var in example from README.markdown #​828
• Switch manual download link to HTTPS #​839

Internals:

• Replace jshint with eslint #​842
• Add performance tests #​834

v3.10.0

Compare Source

• Change setimmediate dependency to more efficient one. Fixes #​617 (see #​829)
• Update types of currentFile metadata to include null (see #​826)

v3.9.1

Compare Source

• Fix recursive definition of InputFileFormat introduced in 3.9.0.

v3.9.0

Compare Source

• Update types JSZip#loadAsync to accept a promise for data, and remove arguments from new JSZip() (see #​752)
• Update types for compressionOptions to JSZipFileOptions and JSZipGeneratorOptions (see #​722)
• Add types for generateInternalStream (see #​774)

v3.8.0

Compare Source

• Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1

Compare Source

• Fix build of dist files.
  • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.

v3.7.0

Compare Source

• Fix: Use a null prototype object for this.files (see #​766)
  • This change might break existing code if it uses prototype methods on the .files property of a zip object, for example zip.files.toString(). This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.

rollup/rollup (rollup)

v4.57.1

Compare Source

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#​6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#​6254)

Pull Requests

• #​6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #​6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6254: Fully include dynamic imports in a try-catch (@​lukastaegert)
• #​6255: chore(deps): lock file maintenance (@​renovate[bot])

v4.57.0

Compare Source

2026-01-27

Features

• Add import attributes to all plugin hooks that did not provide them yet (#​5700)
• Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#​5700)

Pull Requests

• #​5700: extend more hooks to include import attributes and add warnings (@​TrickyPi, @​lukastaegert)
• #​6243: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6244: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6245: chore(deps): lock file maintenance (@​renovate[bot])
• #​6246: Refactor to reduce Rollup 5 upgrade diff (@​lukastaegert)

v4.56.0

Compare Source

2026-01-22

Features

• Track object property inclusions of dynamic namespace members (#​6230)

Bug Fixes

• Handle methods that access dynamically imported namespace members via this (#​6230)

Pull Requests

• #​6230: Refine namespace handling (@​lukastaegert)

v4.55.3

Compare Source

2026-01-21

Bug Fixes

• Fix JSX semicolon insert position in variable declarations (#​6241)

Pull Requests

• #​6241: Fix JSX semicolon insertion (@​lukastaegert)

v4.55.2

Compare Source

2026-01-19

Bug Fixes

• Sort manual chunks by execution order to reduce circular dependency issues (#​6240)

Pull Requests

• #​6234: chore(deps): pin cross-platform-actions/action action to 492b0c8 (@​renovate[bot])
• #​6235: chore(deps): update dependency globals to v17 (@​renovate[bot], @​lukastaegert)
• #​6236: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6237: chore(deps): lock file maintenance (@​renovate[bot])
• #​6239: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6240: Sort manual chunks by module execution order (@​TrickyPi)

v4.55.1

Compare Source

2026-01-05

Bug Fixes

• Fix artifact reference for OpenBSD (#​6231)

Pull Requests

• #​6231: Fix OpenBSD artifacts and ensure OIDC is working (@​lukastaegert)

v4.54.0

Compare Source

2025-12-20

Features

• Enable tree-shaking for Symbol.hasInstance, Symbol.dispose and Symbol.asyncDispose properties if unused (#​6046)

Bug Fixes

• Ensure that well-known-Symbol-valued properties are not tree-shaken except in select cases (#​6046)
• Ensure namespace properties are included when referenced only from a try-catch (#​6216)

Pull Requests

• #​6046: fix: correctly handle wellknown protocols (@​cyyynthia, @​lukastaegert)
• #​6201: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #​6211: chore(deps): update msys2/setup-msys2 digest to 4f806de (@​renovate[bot], @​lukastaegert)
• #​6212: chore(deps): update actions/cache action to v5 (@​renovate[bot])
• #​6213: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #​6214: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6215: chore(deps): lock file maintenance (@​renovate[bot])
• #​6216: fix: include namespace variable paths during try-catch deoptimization (@​schwing)

v4.53.5

Compare Source

2025-12-16

Bug Fixes

• Fix wrong semicolon insertion position when using JSX (#​6206)
• Generate spec-compliant sourcemaps when sources content is excluded (#​6196)

Pull Requests

• #​6196: fix: set sourcesContent to undefined instead of null when excluding sources content (@​TrickyPi)
• #​6206: Fix semicolon order in JSX (@​TrickyPi)

v4.53.4

Compare Source

2025-12-15

Bug Fixes

• Ensure Symbol.dispose and Symbol.asyncDispose properties are never removed with (await) using declarations. (#​6209)

Pull Requests

• #​6185: chore(deps): update dependency @​inquirer/prompts to v8 (@​renovate[bot], @​lukastaegert)
• #​6186: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6187: chore(deps): lock file maintenance (@​renovate[bot])
• #​6188: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6190: Fix syntax error in manualChunks example (@​jonnyeom)
• #​6194: chore(deps): update actions/checkout action to v6 (@​renovate[bot])
• #​6195: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6202: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #​6203: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6209: Do not tree-shake handlers for "using" (@​lukastaegert)

v4.53.3

Compare Source

2025-11-19

Bug Fixes

• Fix an error where too many modules where flagged for having an unused external import (#​6182)
• Fix an error where an assignment was wrongly tree-shaken when mutating it (#​6183)

Pull Requests

• #​6171: Add test-install CI job to test packaging, installation and importing of rollup package (@​antoninkriz, @​lukastaegert)
• #​6174: Re-enable TypeScript test (@​lukastaegert)
• #​6180: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6182: Tracing the importers chain for exported variables in external module (@​TrickyPi, @​lukastaegert)
• #​6183: Check if left side is included when checking if assigning to an assignment has side effects (@​lukastaegert)

v4.53.2

Compare Source

2025-11-10

Bug Fixes

• Do not throw when using invalid escape sequences in template literals (#​6177)

Pull Requests

• #​6177: handle TemplateElement with null cooked value (@​TrickyPi)

v4.53.1

Compare Source

2025-11-07

Bug Fixes

• Fix install script (#​6172)

Pull Requests

• #​6172: fix: move patch-package from postinstall to prepare script (@​mshima)

v4.53.0

Compare Source

2025-11-07

Features

• Improve rendering performance by caching generated variable names (#​5947)

Pull Requests

• #​5947: refactor: store safe variable names in cache for subsequent usage (@​Aslemammad, @​lukastaegert, @​Service account user)
• #​6149: chore(deps): update dependency vite to v7.1.11 [security] (@​renovate[bot], @​Service account user)
• #​6151: fix(deps): update swc monorepo (major) (@​renovate[bot], @​Service account user)
• #​6152: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #​6153: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​Service account user)
• #​6155: Fix tests: Do not swallow warnings for multi-format tests (@​lukastaegert, @​Service account user)
• #​6159: chore(deps): update dependency eslint-plugin-unicorn to v62 (@​renovate[bot])
• #​6160: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #​6161: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6164: chore(deps): update dependency @​rollup/plugin-alias to v6 (@​renovate[bot])
• #​6165: chore(deps): update dependency @​rollup/plugin-commonjs to v29 (@​renovate[bot])
• #​6166: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6167: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

v4.52.5

Compare Source

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#​6144)

Pull Requests

• #​6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #​6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #​6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6143: chore: eslint enable concurrency option (@​btea)
• #​6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #​6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

npm/node-semver (semver)

v7.7.4

Compare Source

Bug Fixes

• a29faa5 #​835 cli: pass options to semver.valid() for loose version validation (#​835) (@​mldangelo)

Documentation

• 1d28d5e #​836 fix typos and update -n CLI option documentation (#​836) (@​mldangelo)

Dependencies

• 120968b #​840 @npmcli/template-oss@4.29.0 (#​840)

Chores

• 44d7130 #​824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#​824) (@​dependabot[bot])
• 7073576 #​820 reorder parameters in invalid-versions.js test (#​820) (@​reggi)
• 5816d4c #​829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#​829) (@​dependabot[bot], @​npm-cli-bot)

tailwindlabs/tailwindcss (tailwindcss)

v3.4.19

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

Package.json devDependencies updated: @types/node from ^20.19.21 to ^20.19.22 and rollup from ^4.52.4 to ^4.52.5. These are patch version updates with no runtime behavior changes.

Changes

Cohort / File(s)	Summary
DevDependency version updates packages/ui/package.json	@types/node: ^20.19.21 → ^20.19.22; rollup: ^4.52.4 → ^4.52.5

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Renovate update import and package #674: Also modifies packages/ui/package.json for dependency management through Renovate rules.

Suggested reviewers

• ericglau
• collins-w

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Update ui deps sync" is directly related to the changeset, which updates dependencies in the packages/ui/package.json file (@types/node and rollup versions). The title accurately indicates the primary change involves updating UI package dependencies, and a teammate scanning the commit history would understand this is about dependency updates for the UI package. While the term "sync" is somewhat informal and could be more explicit about which dependencies are affected, the title is sufficiently clear and specific to describe the main change.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Description check	✅ Passed	The PR description clearly documents dependency updates from Renovate with version changes, release notes, and detailed changelogs for each package.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/ui-deps-sync

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}