chore(deps): update dependency tsdown to ^0.22.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
tsdown (source)	^0.21.2 → ^0.22.0

---

Release Notes

rolldown/tsdown (tsdown)

v0.22.0

Compare Source

   🚨 Breaking Changes

• Drop Node.js < 22.18.0 support, make unrun optional, add tsx config loader  -  by @​sxzz (a1042)
• dts: Auto-enable dts when tsconfig declaration is true  -  by @​sxzz in #​872 (085f0)
• publint: Use pkg from publint results, require publint v0.3.8+  -  by @​sxzz (413bb)

   🚀 Features

• Upgrade rolldown to 1.0.0-rc.18  -  by @​sxzz (66085)
• Upgrade rolldown to v1.0.0  -  by @​sxzz (fabba)
• exports: Auto-enable bin detection by default  -  by @​sxzz in #​873 (abda9)

   🐞 Bug Fixes

• Explicitly drop node 23 support  -  by @​sxzz (85e65)
• debug: Enhance debug logging for pack tarball  -  by @​sxzz and Copilot (5de04)
• exports: Detect types fields nested in conditional exports  -  by @​sxzz (82fa1)
• pkg: Fix duplicate configuration warning logic  -  by @​ho991217 and @​sxzz in #​935 (6a0d9)

🔄 Migration Guide

Node.js version

Upgrade to Node.js 22.18.0 or later. Bun and Deno remain supported (experimental).

unrun is no longer bundled

If your environment relies on the unrun config loader (i.e. you're on a Node version without native TypeScript support and use the default auto loader), install it manually:

npm i -D unrun

# or, alternatively, the new tsx loader:
npm i -D tsx

If you use Node.js 22.18.0+ with native TypeScript support, no change is needed — the auto loader will pick native.

dts auto-enabled from tsconfig

If your tsconfig.json has compilerOptions.declaration: true but you do not want tsdown to emit .d.ts files, opt out explicitly:

// tsdown.config.ts
export default defineConfig({
  dts: false,
})

exports.bin auto-detection

Any entry chunk containing a shebang (e.g. #!/usr/bin/env node) now causes tsdown to write a bin field in package.json automatically. The semantics differ slightly from explicit bin: true:

Value	Single shebang	Multiple shebangs	No shebangs
(unset)	Auto-set bin	Warn, skip	Silent
true	Auto-set bin	Throw	Warn
false	No bin	No bin	No bin

To opt out entirely:

export default defineConfig({
  exports: { bin: false },
})

Links

• tsdown Documentation
• v0.22.0-beta.1 Release
• v0.22.0-beta.2 Release
• v0.22.0-beta.3 Release
• Full diff from v0.21.10

v0.21.10

Compare Source

   🚀 Features

• Upgrade rolldown  -  by @​sxzz (8a449)

    View changes on GitHub

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on the first day of the month"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
plugins-studio	Error		May 27, 2026 2:03pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 39fcaed

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 28 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 18, reused 0, downloaded 0, added 0
Progress: resolved 21, reused 0, downloaded 0, added 0
Progress: resolved 26, reused 0, downloaded 0, added 0
Progress: resolved 28, reused 0, downloaded 0, added 0
Progress: resolved 29, reused 0, downloaded 0, added 0
Progress: resolved 30, reused 0, downloaded 0, added 0
Progress: resolved 64, reused 0, downloaded 0, added 0
Progress: resolved 101, reused 0, downloaded 0, added 0
Progress: resolved 102, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/sanity-io/plugins/turbo/generators:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "tinyexec@1.2.2" (possible package takeover)

This error happened while installing the dependencies of tsdown@0.22.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had trusted publisher, but this version has provenance attestation. A trust downgrade may indicate a supply chain incident.