chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
danielroe/provenance-action	action	patch	v0.1.0 -> v0.1.1
knip (source)	devDependencies	minor	5.68.0 -> 5.70.2
lint-staged	devDependencies	patch	16.2.6 -> 16.2.7
pnpm (source)	packageManager	minor	10.21.0 -> 10.23.0

---

Release Notes

danielroe/provenance-action (danielroe/provenance-action)

v0.1.1

Compare Source

compare changes

🚀 Enhancements

• Add support for bun.lock (#​12)

📖 Documentation

• Use @main constraint for example (237ceea)

❤️ Contributors

• Daniel Roe (@​danielroe)

webpro-nl/knip (knip)

v5.70.2

Compare Source

v5.70.1

Compare Source

• chore: fix vitest node env recognition (#​1360) (9a38e10) - thanks @​jonathansamines!
• Improve some export/import positions (f6f58fa)
• Add some common hints/FAQs to plugin test template (da7cf84)

v5.70.0

Compare Source

• Revert "Revive some tests in Bun" (f1406b5)
• feat(plugins): Add Prisma plugin entry and Prisma schema compiler (#​1340) (9f80aa4) - thanks @​CHC383!
• Improve some export/import positions (b19282b)
• Move block to group top-level patterns (bba25f3)
• Improve some naming around module graph (63d6117)
• Minor refactors (a63b0dc)
• Update auto-fix.mdx (#​1356) (c64d905) - thanks @​skvale!
• Improve side-effects & opaque import call handling (resolve #​1352) (e364589)
• Add some unit tests for isIdentifierReferenced (f31eab4)
• Add support for awaited import call promise (92cbcef)
• Edit and dim tag hints title (e4affd2)
• feat(plugins): Add taskfile plugin (#​1357) (f64b72c) - thanks @​elierotenberg!
• Improve pragmas handling/setup (resolves #​1358) (e0f497c)
• Upgrade js-yaml + some others (resolve #​1359) (5195888)
• Clean up (da9440f)

v5.69.1

Compare Source

• Release @​knip/create-config 1.0.8 (8740516)
• Edit docs (5eb8a69)
• Apply Next.js page extensions to app directory (#​1351) (f9cf9dc) - thanks @​remcohaszing!
• Refactor fixes & consistently use issue.fixes (d7b45cf)
• Revive some tests in Bun (74a0bd8)
• Fix import identifier/specifier pos (95d2c04)
• Fix namespace import pos (6b6b80b)
• Improve some export/import positions (9b87b1a)
• Rely on absolute paths with formatly (npx acts weird) (6653f35)

v5.69.0

Compare Source

• Update mdxlint-preset-webpro (88e772a)
• Edit docs (c44b8bf)
• Upgrade biome (5d3d74d)
• Fix up issue type shorthands (88ad825)
• Improve zod error message (2083810)
• Correct mdxlint setup in package.json (#​1337) (71a4d12) - thanks @​remcohaszing!
• (create-config): Fix regex for detecting packages in pnpm-workspace.yaml (#​1342) (46e33d9) - thanks @​taro-28!
• Add missing dependency on remark-gfm (#​1338) (e1462d3) - thanks @​remcohaszing!
• feat(plugins): extend prisma plugin (#​1339) (6dc700a) - thanks @​CHC383!
• Link to github org knip search results (2ee1f1b)
• Support --format in eslint plugin (resolves #​1343) (4cb18bb)
• mdxlint uses remark prefix (cdd2173)
• Print relative path in trace renderer (379e798)
• Allow to un-ignore wildcard ignored workspaces (b422f10)
• Support URL constructor with import.meta.url (resolves #​1310) (ffff5a6)
• Refactor import props into modifiers (9a0ace7)
• Rename method (d922df4)
• Fix up KnipConfig that can be an (async) function (4310d20)
• Verify only first word for valid binary (resolve #​1345) (153ced0)
• Add auto-fixable catalog issue type (#​1204) (063b647)
• Refactor plugins to use Plugin type annotation (f1e8b82)
• Update some dependencies (0339f49)
• Lint & format (f606570)

lint-staged/lint-staged (lint-staged)

v16.2.7

Compare Source

Patch Changes

• #​1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

pnpm/pnpm (pnpm)

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.