chore(deps): update dependency tsdown to v0.19.0 by renovate[bot] · Pull Request #2857 · resend/react-email

renovate · 2026-01-19T15:47:46Z

This PR contains the following updates:

Package	Change	Age	Confidence
tsdown (source)	`0.15.12` → `0.19.0`
tsdown (source)	`^0.15.1` → `^0.19.0`

Release Notes

rolldown/tsdown (tsdown)

`v0.19.0`

Compare Source

🚨 Breaking Changes

Rename debugLogs to debug - by @sxzz (bb4e7)
Remove deprecated silent option - by @sxzz (59015)
devtools:
- Rename debug to devtools, rename debug.devtools to devtools.ui - by @sxzz (63e6f)
exports:
- Add legacy option, remove main & module fields if pure ESM - by @sxzz (16841)
- Exclude extension name for exports.exclude - by @sxzz (53d38)
- Only auto-fill types when exports.legacy - by @lishaduck and @sxzz in #685 (7be6b)

🚀 Features

Add typeAssert util back - by @sxzz (1d385)
Generate CSS exports when css.splitting is disabled - by @jinghaihan and @sxzz in #680 (b737c)
Upgrade rolldown to 1.0.0-beta.58 - by @sxzz (48036)
Expose enableDebug - by @sxzz (2d922)
Expose resolveUserConfig - by @sxzz (c9acb)
Upgrade rolldown to 1.0.0-beta.59 - by @sxzz (d564f)
Clear console on rebuild start - by @sxzz (78efd)
migrate: Add monorepo support - by @lauigi and @sxzz in #659 (efba2)

🐞 Bug Fixes

Print blank line only when the log level is info - by @tomgao365 in #689 (96d82)
attw: Add --ignore-scripts to avoid lifecycle output - by @Doctor-wu in #661 (1c8b1)
cjs: Update version check for require ESM support - by @sxzz (beeff)

🏎 Performance

Optimize hot paths - by @sxzz (7925d)

View changes on GitHub

`v0.18.4`

Compare Source

🚀 Features

Export mergeConfig - by @sxzz (ccd17)
Warn deprecated removeNodeProtocol - by @sxzz (90cd6)
css: Add CSS code splitting support - by @jinghaihan and @sxzz in #654 (0525f)
entry: Support multiple patterns with same base - by @sxzz (cee1b)
exports: Add packageJson option - by @sxzz (6d220)

View changes on GitHub

`v0.18.3`

Compare Source

🚀 Features

Upgrade rolldown to 1.0.0-beta.57 - by @sxzz (525c0)
Add envFile & envPrefix option - by @toto6038 and @sxzz in #664 (d5493)
attw: Add ignoreRules option to filter specified rule - by @zyyv and Copilot in #665 (450b0)

🐞 Bug Fixes

Inline PackageJson type - by @sxzz (dfc43)

View changes on GitHub

`v0.18.2`

Compare Source

🚀 Features

Support globs for noExternal / inlineOnly / exports.exclude - by @sxzz and @TheAlexLichter (84b68)
entry: Support glob negation patterns in object entry - by @Doctor-wu and @sxzz in #662 (8ed1b)

🐞 Bug Fixes

Preserve import cache for node_modules - by @sxzz (426ab)
skipNodeModulesBundle for monorepo - by @sxzz (9a34f)
attw: Show full entrypoint - by @sxzz (c89c4)
clean: Remove dot files - by @sxzz (0430b)

View changes on GitHub

`v0.18.1`

Compare Source

🚀 Features

Support glob patterns in object entry - by @sxzz (bcb7a)

export default defineConfig({
  entry: {
    '*': './src/*.ts',
    'data-loaders': './src/data-loaders/entries/index.ts',
    'data-loaders/*': './src/data-loaders/entries/!(index).ts',
    'volar/*': './src/volar/entries/*.ts',
  },
}

Upgrade rolldown to 1.0.0-beta.55 - by @sxzz (5be3e)
Mark exports option as a stable feature - by @sxzz (ce9e0)

🐞 Bug Fixes

Keep banner / footer as-is - by @sxzz (f67e0)

View changes on GitHub

`v0.18.0`

Compare Source

🚨 Breaking Changes

copy: Rework, sync behavior of rollup-plugin-copy - by @sxzz (e864b)

`v0.17.4`

Compare Source

🚨 Breaking Changes

copy: Sync behavior of rollup-plugin-copy - by @sxzz (e864b)

🚀 Features

exports: Add exclude option - by @TheAlexLichter and @sxzz in #340 (9e634)
shortcuts: Case insensitive - by @btea in #649 (019af)

🐞 Bug Fixes

Resolve cwd from user config - by @sxzz (bc066)

View changes on GitHub

`v0.17.3`

Compare Source

🚀 Features

copy: Support glob in copy - by @kricsleo and @sxzz in #637 (c1fd4)
- This may be a breaking change, as the behavior has changed again in v0.17.4. Please upgrade to v0.17.4 and verify the issue.

🐞 Bug Fixes

Print error stack - by @sxzz (1c5b6)
Add config name to rebuilt message - by @sxzz (bfdc6)
Call hooks for each format - by @sxzz (19bdd)
Merge input & output options - by @sxzz (14181)

View changes on GitHub

`v0.17.2`

Compare Source

🐞 Bug Fixes

Empty clean array - by @sxzz (eae7f)

View changes on GitHub

`v0.17.1`

Compare Source

🐞 Bug Fixes

Respect clean on watch mode - by @sxzz (bfbfb)

View changes on GitHub

`v0.17.0`

Compare Source

🚨 Breaking Changes

Notable features: https://bsky.app/profile/sxzz.dev/post/3m6xi7e7d5k2b

Rolldown native watcher - by @sxzz in #329 (1c4f8)
Enable failOnWarn by default in CI - by @sxzz in #617 (245e7)
Remove unconfig from configLoader - by @sxzz (9d6a7)
Support exports, publint, attw for multi-configs - by @sxzz (f889a)
refactor!(attw): rename profile value from esmOnly to esm-only - by @sxzz (85c10f3)

🚀 Features

Export WatchPlugin - by @sxzz (4ccb2)
Add write option - by @sxzz (64fea)
Add chunks on build:done hook - by @sxzz (eb45c)
Override options by format - by @sxzz (482f6)
Upgrade rolldown to 1.0.0-beta.53 - by @sxzz (a04f2)
migrate:
- Migrate optionalDependencies - by @sxzz (22fd9)
- Use ast-grep for config file - by @Doctor-wu and @sxzz in #620 (b0b34)

🐞 Bug Fixes

Move require before import - by @sxzz (85c0e)
copy: Call function - by @sxzz (e4197)
exports: Merge multi-config outputs - by @pyyupsk and @sxzz in #625 (73984)
migrate: Build before publish - by @sxzz (bf0f5)
workspace: Cwd defaults to config dirname, support filter for all configs - by @sxzz (24f27)

🏎 Performance

Reload config via import-without-cache - by @sxzz (0b7e4)
Use native loader for bun - by @sxzz (36dbf)

View changes on GitHub

`v0.16.8`

Compare Source

🚀 Features

Upgrade rolldown to 1.0.0-beta.52 - by @sxzz (1ff67)
Add enabled option to feature options - by @sxzz (0b244)

Deprecation

Deprecate attw.profile = 'esmOnly', use esm-only instead.

View changes on GitHub

`v0.16.7`

Compare Source

🚀 Features

Support ci-only / local-only on addon features - by @sxzz (8bbf0)

View changes on GitHub

`v0.16.6`

Compare Source

🚀 Features

Upgrade rolldown to beta 51 - by @sxzz (f502b)

View changes on GitHub

`v0.16.5`

Compare Source

🚀 Features

create-tsdown: Add react-compiler template - by @elecmonkey and @sxzz in #604 (45229)

🐞 Bug Fixes

exports: Use correct indentation for output - by @msigwart and @sxzz in #599 (4de70)

View changes on GitHub

`v0.16.4`

Compare Source

🚀 Features

Upgrade rolldown to 1.0.0-beta.50 - by @sxzz (597d9)

View changes on GitHub

`v0.16.3`

Compare Source

🏎 Performance

Replace debug with obug - by @sxzz (222e9)

View changes on GitHub

`v0.16.2`

Compare Source

🚀 Features

Upgrade rolldown to v1.0.0-beta.49 - by @sxzz (48181)
entry: Auto enable glob, support infer entry extension - by @sxzz and jinghaihan (2c525)

View changes on GitHub

`v0.16.1`

Compare Source

🚀 Features

Switch unconfig-core & mark unrun stable - by @sxzz in #585 (339f5)

🐞 Bug Fixes

attw: Improve attw execute, output package name - by @sxzz (237f6)
unused: Set root to cwd - by @sxzz (844c9)

View changes on GitHub

`v0.16.0`

Compare Source

🚨 Breaking Changes

Rename config exports - by @sxzz in #519 (7de20)
- Split Options interface into UserConfig and InlineConfig. The original one now is InlineConfig.
- Rename NormalizedUserConfig to UserConfig
- Rename ResolvedOptions to ResolvedConfig
Defaults fixedExtension to true when platform is node - by @sxzz in #517 (e1168)
Rename --debug CLI flag to --debug-logs - by @sxzz in #576 (e4ef6)

🚀 Features

Add tsdown debug mode and Vite DevTools integration - by @sxzz in #576 (e4ef6)
create-tsdown: Add svelte template - by @elecmonkey in #577 (10d30)
Upgrade rolldown to 1.0.0-beta.46

View changes on GitHub

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Summary by cubic

Upgrade tsdown to v0.19.0 across the root and all example packages to pick up the latest Rolldown updates and fixes. Build tooling only; no runtime changes.

Dependencies
- Bump tsdown to 0.19.0 in root and ^0.19.0 in examples
- Regenerate pnpm-lock.yaml
Migration
- If you set tsdown options: rename debugLogs to debug and remove silent
- Devtools options renamed: debug → devtools, debug.devtools → devtools.ui
- For pure ESM, use exports.legacy if you still need main/module fields

^{Written for commit 6255c0c. Summary will update on new commits.}

changeset-bot · 2026-01-19T15:47:51Z

⚠️ No Changeset found

Latest commit: 6255c0c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

vercel · 2026-01-19T15:47:53Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
react-email	Error		Feb 11, 2026 8:03pm
react-email-demo	Error		Feb 11, 2026 8:03pm

cubic-dev-ai

No issues found across 9 files

socket-security · 2026-02-11T20:03:23Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@types/normalize-path@3.0.2
	@types/mime-types@2.1.4
	@radix-ui/react-toggle@1.1.10
	@radix-ui/react-slot@1.2.4
	@radix-ui/react-collapsible@1.1.12
	@radix-ui/react-toggle-group@1.1.11
	@radix-ui/react-tabs@1.1.13
	@types/prompts@2.4.9
	@radix-ui/react-dropdown-menu@2.1.16
	@radix-ui/react-popover@1.1.15
	@radix-ui/react-tooltip@1.2.8
	@vercel/firewall@1.1.2
	@radix-ui/react-select@2.2.6
	@types/prismjs@1.26.5
	@types/html-to-text@9.0.4
	@types/babel__core@7.20.5
	@types/react-dom@19.2.3
	@types/css-tree@2.3.11
	@types/shelljs@0.10.0
	@types/fs-extra@11.0.4
	@types/babel__traverse@7.20.7
	@types/react@19.2.13
	@types/three@0.170.0
	@responsive-email/react-email@0.0.4
	@radix-ui/colors@3.0.0
	@types/node@22.14.1
	@types/node@22.19.7
	@vercel/analytics@1.5.0
	vite@6.4.1
	autoprefixer@10.4.23
	@react-email/tailwind@0.0.12
	@react-three/fiber@9.5.0
	@vitejs/plugin-react@4.4.1
See 4 more rows in the dashboard

View full report

socket-security · 2026-02-11T20:03:25Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `vite` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: packages/tailwind/integrations/vite/package.json → `npm/vite@6.4.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/vite@6.4.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

cubic-dev-ai bot reviewed Jan 19, 2026

View reviewed changes

vercel bot had a problem deploying to Preview – react-email January 19, 2026 15:49 Failure

vercel bot had a problem deploying to Preview – react-email-demo January 19, 2026 15:49 Failure

gabrielmfern approved these changes Feb 11, 2026

View reviewed changes

chore(deps): update dependency tsdown to v0.19.0

6255c0c

gabrielmfern force-pushed the renovate/tsdown-0.x branch from bb18c5d to 6255c0c Compare February 11, 2026 20:02

vercel bot had a problem deploying to Preview – react-email February 11, 2026 20:03 Failure

vercel bot had a problem deploying to Preview – react-email-demo February 11, 2026 20:04 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency tsdown to v0.19.0#2857

chore(deps): update dependency tsdown to v0.19.0#2857
renovate[bot] wants to merge 1 commit intocanaryfrom
renovate/tsdown-0.x

renovate bot commented Jan 19, 2026 •

edited by cubic-dev-ai bot

Loading

Uh oh!

changeset-bot bot commented Jan 19, 2026 •

edited

Loading

Uh oh!

vercel bot commented Jan 19, 2026 •

edited

Loading

Uh oh!

cubic-dev-ai bot left a comment

Uh oh!

socket-security bot commented Feb 11, 2026

Uh oh!

socket-security bot commented Feb 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

renovate bot commented Jan 19, 2026 • edited by cubic-dev-ai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

🚨 Breaking Changes

🚀 Features

🐞 Bug Fixes

🏎 Performance

🚀 Features

🚀 Features

🐞 Bug Fixes

🚀 Features

🐞 Bug Fixes

🚀 Features

🐞 Bug Fixes

🚨 Breaking Changes

🚨 Breaking Changes

🚀 Features

🐞 Bug Fixes

🚀 Features

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🚨 Breaking Changes

🚀 Features

🐞 Bug Fixes

🏎 Performance

🚀 Features

Deprecation

🚀 Features

🚀 Features

🚀 Features

🐞 Bug Fixes

🚀 Features

🏎 Performance

🚀 Features

🚀 Features

🐞 Bug Fixes

🚨 Breaking Changes

🚀 Features

Configuration

Summary by cubic

Uh oh!

changeset-bot bot commented Jan 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ No Changeset found

Uh oh!

vercel bot commented Jan 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

socket-security bot commented Feb 11, 2026

Uh oh!

socket-security bot commented Feb 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

renovate bot commented Jan 19, 2026 •

edited by cubic-dev-ai bot

Loading

changeset-bot bot commented Jan 19, 2026 •

edited

Loading

vercel bot commented Jan 19, 2026 •

edited

Loading