chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@azure/app-configuration (source)	^1.9.0 -> ^1.10.0
@azure/cosmos (source)	^4.7.0 -> ^4.9.0
@azure/cosmos (source)	^4.8.0 -> ^4.9.0
@azure/data-tables (source)	^13.3.1 -> ^13.3.2
@cloudflare/workers-types	^4.20251120.0 -> ^4.20251126.0
@deno/kv (source)	>=0.12.0 -> >=0.13.0
@deno/kv (source)	^0.12.0 -> ^0.13.0
@vercel/functions (source)	^3.3.3 -> ^3.3.4
@vitest/coverage-v8 (source)	^4.0.12 -> ^4.0.14
obuild	^0.4.2 -> ^0.4.3
pnpm (source)	10.20.0 -> 10.23.0
vitest (source)	^4.0.12 -> ^4.0.14
wrangler (source)	^4.49.1 -> ^4.50.0

---

Release Notes

Azure/azure-sdk-for-js (@​azure/app-configuration)

v1.10.0

Compare Source

cloudflare/workerd (@​cloudflare/workers-types)

v4.20251126.0

Compare Source

v4.20251125.0

Compare Source

v4.20251121.0

Compare Source

denoland/denokv (@​deno/kv)

v0.13.0

Compare Source

vercel/vercel (@​vercel/functions)

v3.3.4

Compare Source

Patch Changes

• [functions] update link to docs (#​14350)

vitest-dev/vitest (@​vitest/coverage-v8)

v4.0.14

Compare Source

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in #​9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in #​9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in #​8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in #​9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in #​9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in #​9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in #​9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #​9018  -  by @​sheremet-va in #​9072 and #​9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in #​9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in #​9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in #​9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in #​9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in #​9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in #​9057 (acc51)

    View changes on GitHub

v4.0.13

Compare Source

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in #​9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in #​9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in #​9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in #​9076 (6b9a1)

    View changes on GitHub

unjs/obuild (obuild)

v0.4.3

Compare Source

compare changes

🏡 Chore

• Update oxc (6256796)

❤️ Contributors

• Pooya Parsa (@​pi0)

pnpm/pnpm (pnpm)

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

cloudflare/workers-sdk (wrangler)

v4.50.0

Compare Source

Minor Changes

• #​11219 524a6e5 Thanks @​Ltadrian! - Implement Hyperdrive binding TLS miniflare proxy. This will allow for wrangler dev hyperdrive bindings to connect to external
  databases that require TLS.

• #​11233 c922a81 Thanks @​emily-shen! - Add containers.unsafe to allow internal users to use additional container features

Patch Changes

• #​11353 0cf696d Thanks @​vicb! - Use the native node:domain module when available

  It is enabled when the enable_nodejs_domain_module compatibility flag is set.

• #​11328 bb44120 Thanks @​ascorbic! - Fixes a bug that caused wrangler deploy to hang when deploying SvelteKit sites with experimental autoconfig

• #​11025 4a158e9 Thanks @​devin-ai-integration! - Use the native node:wasi module when available

  It is enabled when the enable_nodejs_wasi_module compatibility flag is set.

• Updated dependencies [0cf696d, 524a6e5, 4a158e9]:

  • @​cloudflare/unenv-preset@​2.7.11
  • miniflare@​4.20251118.1

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.77%. Comparing base (773c1c3) to head (62a8b65).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #708   +/-   ##
=======================================
  Coverage   91.77%   91.77%           
=======================================
  Files           5        5           
  Lines         401      401           
  Branches      127      127           
=======================================
  Hits          368      368           
  Misses         33       33           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

 ERR_PNPM_INVALID_PEER_DEPENDENCY_SPECIFICATION  The peerDependencies field named 'mongodb' of package 'unstorage' has an invalid value: '^6|^7'

The values in peerDependencies should be either a valid semver range, a `workspace:` spec, or a `catalog:` spec