build: update all non-major dependencies (main)

[angular-robot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@rollup/wasm-node (source)	4.61.0 → 4.61.1
@typescript-eslint/eslint-plugin (source)	8.60.1 → 8.61.0
@typescript-eslint/parser (source)	8.60.1 → 8.61.0
http-proxy-middleware	4.0.0 → 4.1.0
https-proxy-agent (source)	9.0.0 → 9.1.0
jasmine (source)	~6.2.0 → ~6.3.0
jasmine-core (source)	~6.2.0 → ~6.3.0
pacote	21.5.0 → 21.5.1
rolldown (source)	1.0.3 → 1.1.0
rollup (source)	4.61.0 → 4.61.1
semver	7.8.1 → 7.8.4
undici (source)	8.3.0 → 8.4.1

---

• If you want to rebase/retry this PR, check this box

---

Release Notes

rollup/rollup (@​rollup/wasm-node)

v4.61.1

Compare Source

2026-06-04

Bug Fixes

• Avoid extraneous newlines when adding headers via plugins (#​6403)
• Fix a rare issue where starting Rollup would hang on Windows (#​6404)

Pull Requests

• #​6402: Improve documentation for manualPureFunctions (@​lukastaegert)
• #​6403: Does not add an extra leading line feed for addons (@​TrickyPi)
• #​6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@​jdz321, @​lukastaegert)

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.61.0

Compare Source

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#​12372)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.61.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

chimurai/http-proxy-middleware (http-proxy-middleware)

v4.1.0

Compare Source

• feat(definePlugin): helper function to create plugins
• chore(package.json): update to httpxy@​0.5.3
• fix(ipv6): preserve credentials when normalizing bracketed IPv6 target string
• fix(ipv6): unspecified IPv6 target hostname (::)
• fix(response-interceptor): reduce responseInterceptor buffer churn
• fix(ws): handle multi-server upgrade subscription and safe proxy shutdown
• feat(router): add 'res' and 'options' to router function
• feat(pathRewrite): add 'res' and 'options' to custom pathRewrite function
• fix(responseInterceptor): prevent trailer/content-length conflict
• feat(zstd): support zstd compression in responseInterceptor and fixRequestBody
• fix(responseInterceptor): handle bodyless responses (HEAD/1xx/204/304) with content-encoding
• fix(router): harden proxy-table matching

TooTallNate/proxy-agents (https-proxy-agent)

v9.1.0

Compare Source

Minor Changes

• 84e85ed: Add onProxyAuth callback and negotiate option for Kerberos/SPNEGO proxy authentication

  • Extract shared Negotiate/SPNEGO auth logic into new proxy-agent-negotiate package
  • Added optional onProxyAuth async callback to HttpsProxyAgent and HttpProxyAgent options
  • When the proxy responds with 407 Proxy-Authentication Required, the callback is invoked with the response and auth scheme
  • The callback returns headers (e.g. Proxy-Authorization) to retry the request with
  • Added negotiate: true option that uses the kerberos package for automatic Negotiate/SPNEGO auth
  • Added kerberos as an optional peer dependency of proxy-agent-negotiate
  • Extended the proxy test package to support authenticate: 'negotiate' mode for mock testing

• 3ebf4b2: Add proxy event emission on the request object for all proxy agents. After the proxy connection is established, the request emits a proxy event with { proxy, socket } where proxy is the proxy URL string. This is useful for debugging and logging which proxy was used for a connection.

Patch Changes

• 1852c75: Fix socket event race condition by deferring socket.resume() via setImmediate(), ensuring HTTP client machinery has time to attach data listeners before data starts flowing
• Updated dependencies [84e85ed]
  • proxy-agent-negotiate@​1.1.0

jasmine/jasmine-npm (jasmine)

v6.3.0: 6.3.0

Compare Source

Please see the release notes.

jasmine/jasmine (jasmine-core)

v6.3.0: 6.3.0

Compare Source

Please see the release notes.

npm/pacote (pacote)

v21.5.1

Compare Source

Bug Fixes

• 627a7dc #​499 avoid ReDoS in addGitSha committish stripping (@​owlstronaut)

Chores

• 790a24b #​500 template-oss-apply (#​500) (@​owlstronaut, test)
• 09cb304 #​499 template-oss-apply (@​owlstronaut)
• bea9f84 #​499 @npmcli/template-oss@5.1.0 (@​owlstronaut)

rolldown/rolldown (rolldown)

v1.1.0

Compare Source

🚀 Features

• enable experimental.lazyBarrel by default (#​9632) by @​shulaoda
• import.meta.glob support caseSensitive option (#​9594) by @​btea
• add SOURCEMAP_BROKEN warning for renderChunk hook (#​9601) by @​sapphi-red
• add SOURCEMAP_BROKEN warning for transform hook (#​9600) by @​sapphi-red
• add @__NO_SIDE_EFFECTS__ hint for invalid @__PURE__ before function declarations (#​9505) by @​Copilot
• code-splitting: support group-local includeDependenciesRecursively (#​9587) by @​hyf0

🐛 Bug Fixes

• report TSCONFIG_ERROR instead of UNHANDLEABLE_ERROR for a missing tsconfig file (#​9633) by @​shulaoda
• browser: add missing exports and ensure consistency with rolldown package (#​9629) by @​sapphi-red
• should build test-dev-server when test-node (#​9610) by @​situ2001
• chunk-optimizer: refuse asymmetric merge for cyclic dynamic entries (#​9320) (#​9322) by @​aminpaks
• dev: handle the remaining errors in dev (#​9570) by @​h-a-n-a
• handle slash-normalized ids with preserveModulesRoot (#​9595) by @​IWANABETHATGUY
• json: preserve .default access on JSON default imports (#​9568) by @​IWANABETHATGUY
• testing: remove unintended trigger_full_build from test harness (#​9573) by @​hyf0

🚜 Refactor

• js-regex: use regress native replace/replace_all (#​9607) by @​IWANABETHATGUY
• remove never-constructed ImportStatus variants (#​9606) by @​Boshen

📚 Documentation

• clarify that RolldownBuild::close method should be called in most cases (#​9619) by @​sapphi-red

⚡ Performance

• avoid unnecessary intermediate sourcemaps (#​9599) by @​sapphi-red

🧪 Testing

• add unit test for collapsing module sourcemap (#​9626) by @​sapphi-red
• cover vite-alias regex capture-group expansion (#​9602) (#​9608) by @​IWANABETHATGUY

⚙️ Miscellaneous Tasks

• deps: update oxc_resolver to 11.21.0 (#​9634) by @​shulaoda
• update invalid option diagnostic link to point to Rolldown docs (#​9631) by @​sapphi-red
• deps: update vite+ to v0.1.24 (#​9628) by @​renovate[bot]
• deps: update oxc resolver to v11.20.0 (#​9549) by @​renovate[bot]
• deps: update dependency vite-plus to v0.1.24 (#​9470) by @​renovate[bot]
• deps: update npm packages (#​9614) by @​renovate[bot]
• deps: upgrade oxc to 0.134.0 (#​9625) by @​shulaoda
• deps: update crate-ci/typos action to v1.47.0 (#​9620) by @​renovate[bot]
• deps: update rollup submodule for tests to v4.61.0 (#​9623) by @​rolldown-guard[bot]
• deps: update github actions (#​9613) by @​renovate[bot]
• deps: update pnpm to v11.4.0 (#​9616) by @​renovate[bot]
• deps: update rust crates (#​9615) by @​renovate[bot]
• deps: update test262 submodule for tests (#​9624) by @​rolldown-guard[bot]
• deps: update dependency @​napi-rs/cli to v3.7.0 (#​9588) by @​renovate[bot]
• deps: update dependency rust to v1.96.0 (#​9596) by @​renovate[bot]
• re-enable WASI testing with proper infrastructure (#​9397) by @​Boshen

❤️ New Contributors

• @​aminpaks made their first contribution in #​9322

npm/node-semver (semver)

v7.8.4

Compare Source

Bug Fixes

• e583226 #​874 reject numeric segments after x-ranges (@​pupuking723)

v7.8.3

Compare Source

Bug Fixes

• 046da7f #​872 align caret includePrerelease lower bounds (#​872) (@​wayyoungboy)

Chores

• 3485dda #​866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#​866) (@​dependabot[bot])

v7.8.2

Compare Source

Bug Fixes

• bea6028 #​870 increment dotted prerelease identifiers (#​870) (@​liuzemei, @​SheldonNeo)

nodejs/undici (undici)

v8.4.1

Compare Source

What's Changed

• test: avoid localhost lookup in fetch cookies tests by @​mcollina in #​5363
• fix: prevent race condition between onEnd and onTrailers in HTTP/2 client (#​5216) by @​mcollina in #​5343
• fix(dns): skip requests without origin by @​marko1olo in #​5376
• docs: add Getting Started guide by @​AliMahmoudDev in #​5371
• docs: fix code examples that crash at runtime and other inaccuracies by @​AliMahmoudDev in #​5386
• fix: handle paused parser on socket end (issue #​5360) by @​mcollina in #​5389
• fix(client): reject pipelined TLS altname errors by @​marko1olo in #​5373
• docs: fix multiple inaccuracies in API documentation by @​AliMahmoudDev in #​5384
• docs: fix remaining broken links in API documentation by @​AliMahmoudDev in #​5342

New Contributors

• @​marko1olo made their first contribution in #​5376

Full Changelog: nodejs/undici@v8.4.0...v8.4.1

v8.4.0

Compare Source

What's Changed

• fix: register connect listener before initiating requests in close-and-destroy test by @​mcollina in #​5272
• test: stabilize tls-cert-leak regression by @​mcollina in #​5306
• fix: replace tspl with native test context in test/examples.js by @​mcollina in #​5300
• http2: remove redundant request stream binding by @​trivikr in #​5302
• test: limit cache-tests workers on Windows by @​mcollina in #​5309
• test: use test context cleanup hooks in parser issue tests by @​mcollina in #​5282
• Add redirect option to strip headers on redirect by @​mcollina in #​5281
• chore(test): fix lint failure by @​aduh95 in #​5316
• chore(ci): use npm ci instead of npm install by @​aduh95 in #​5315
• docs: clarify formData security considerations by @​mcollina in #​5320
• docs: add EventSource server example by @​Will-thom in #​5321
• fix(core): simplify addAbortListener util by @​aduh95 in #​5317
• build(deps-dev): bump ws from 8.20.0 to 8.21.0 by @​dependabot[bot] in #​5325
• build(deps-dev): bump jsondiffpatch from 0.7.3 to 0.7.6 by @​dependabot[bot] in #​5313
• docs: match undici EoL to node version it's bundled in by @​trivikr in #​5330
• fix: handle all HTTP/2 request stream sync errors by @​mcollina in #​5311
• fix: preserve timeout errors for HTTP/2 requests by @​mcollina in #​5091
• fix(core): normalize autoSelectFamily timeout AggregateError by @​youcefzemmar in #​5329
• chore(core): define kEnumerableProperty atomically by @​aduh95 in #​5332
• chore(core): use regex.exec instead of string.match by @​aduh95 in #​5331
• fix: reset invalid HTTP/2 sessions by @​mcollina in #​5310
• feat(connect): add preferH2 connector option to offer h2 first in ALPN by @​Antamansid in #​5327
• test: fix flaky http2 trailers test by @​mcollina in #​5338
• fix(mock): restore single-arg MockCallHistory.filterCallsByX by @​youcefzemmar in #​5328
• docs: document missing error types in Errors.md by @​cesarvspr in #​5339
• build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 by @​dependabot[bot] in #​5346
• build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 by @​dependabot[bot] in #​5347
• build(deps): bump uWebSockets.js from v20.67.0 to v20.68.0 in /benchmarks by @​dependabot[bot] in #​5352
• build(deps): bump concurrently from 9.2.1 to 10.0.3 in /benchmarks by @​dependabot[bot] in #​5353
• build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.4 by @​dependabot[bot] in #​5348
• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @​dependabot[bot] in #​5351
• build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​5349
• docs: improve connect option documentation in Client.md by @​AliMahmoudDev in #​5344
• fix(mock): do not persist snapshots on close in playback mode by @​GeoffreyBooth in #​5359
• fix(fetch): remove abort listener when request settles by @​ATOM00blue in #​5318
• test: add Node.js global fetch regression coverage by @​mcollina in #​5361
• fix(h2): make Client multiplex on h2 (#​4143) by @​mcollina in #​5362

New Contributors

• @​Will-thom made their first contribution in #​5321
• @​youcefzemmar made their first contribution in #​5329
• @​Antamansid made their first contribution in #​5327
• @​cesarvspr made their first contribution in #​5339
• @​AliMahmoudDev made their first contribution in #​5344
• @​ATOM00blue made their first contribution in #​5318

Full Changelog: nodejs/undici@v8.3.0...v8.4.0

[gemini-code-assist]

Code Review

This pull request updates several package dependencies across multiple package.json files in the workspace, including rollup, semver, undici, http-proxy-middleware, and jasmine, to their newer versions. There are no review comments, and I have no feedback to provide.