Skip to content

deps: update dependency bun to v1.3.11#5909

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/bun-1.x
Open

deps: update dependency bun to v1.3.11#5909
renovate[bot] wants to merge 1 commit intomainfrom
renovate/bun-1.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 6, 2026
edited
Loading

This PR contains the following updates:

Package Change
bun (source) 1.2.191.3.11
@types/bun (source) 1.3.81.3.11

Release Notes

oven-sh/bun (bun)

v1.3.11: Bun v1.3.11

Compare Source

To install Bun v1.3.11

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.11:

bun upgrade
Read Bun v1.3.11's release notes on Bun's blog
Thanks to 15 contributors!

v1.3.10: Bun v1.3.10

Compare Source

To install Bun v1.3.10

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.10:

bun upgrade
Read Bun v1.3.10's release notes on Bun's blog
Thanks to 11 contributors!

v1.3.9: Bun v1.3.9

Compare Source

To install Bun v1.3.9

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.9:

bun upgrade
Read Bun v1.3.9's release notes on Bun's blog
Thanks to 10 contributors!

v1.3.8: Bun v1.3.8

Compare Source

To install Bun v1.3.8

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.8:

bun upgrade
Read Bun v1.3.8's release notes on Bun's blog
Thanks to 4 contributors!

v1.3.7: Bun v1.3.7

Compare Source

To install Bun v1.3.7

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.7:

bun upgrade
Read Bun v1.3.7's release notes on Bun's blog
Thanks to 11 contributors!

v1.3.6: Bun v1.3.6

Compare Source

To install Bun v1.3.6

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.6:

bun upgrade
Read Bun v1.3.6's release notes on Bun's blog
Thanks to 23 contributors!

v1.3.5: Bun v1.3.5

Compare Source

To install Bun v1.3.5

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.5:

bun upgrade
Read Bun v1.3.5's release notes on Bun's blog
Thanks to 10 contributors!

v1.3.4: Bun v1.3.4

Compare Source

To install Bun v1.3.4

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.4:

bun upgrade
Read Bun v1.3.4's release notes on Bun's blog
Thanks to 14 contributors!

v1.3.3: Bun v1.3.3

Compare Source

To install Bun v1.3.3

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.3:

bun upgrade
Read Bun v1.3.3's release notes on Bun's blog
Thanks to 19 contributors!

v1.3.2: Bun v1.3.2

Compare Source

To install Bun v1.3.2

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.2:

bun upgrade
Read Bun v1.3.2's release notes on Bun's blog
Thanks to 18 contributors!

v1.3.1: Bun v1.3.1

Compare Source

To install Bun v1.3.1

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.1:

bun upgrade
Read Bun v1.3.1's release notes on Bun's blog
Thanks to 15 contributors!

Special thanks to Martin Schwarzl of Cloudflare for fuzzing & reporting several bugs!!

v1.3.0: Bun v1.3

Compare Source

Read the blog post

Group 77

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3:

bun upgrade

v1.2.23: Bun v1.2.23

Compare Source

To install Bun v1.2.23

curl -fsSL https://bun.sh/install | bash

### or you can use npm
### npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.2.23:

bun upgrade
Read Bun v1.2.23's release notes on Bun's blog
Thanks to 16 contributors!

v1.2.22: Bun v1.2.22

Compare Source

To install Bun v1.2.22

curl -fsSL https://bun.sh/install | bash

### or you can use npm
### npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.2.22:

bun upgrade
Read Bun v1.2.22's release notes on Bun's blog
Thanks to 14 contributors!

v1.2.21: Bun v1.2.21

Compare Source

To install Bun v1.2.21

curl -fsSL https://bun.sh/install | bash

### or you can use npm
### npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.2.21:

bun upgrade
Read Bun v1.2.21's release notes on Bun's blog
Thanks to 23 contributors!

v1.2.20: Bun v1.2.20

Compare Source

To install Bun v1.2.20

curl -fsSL https://bun.sh/install | bash

### or you can use npm
### npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.2.20:

bun upgrade
Read Bun v1.2.20's release notes on Bun's blog
Thanks to 19 contributors!

@renovate renovate bot requested a review from a team as a code owner March 6, 2026 17:39
@trunk-io
Copy link

trunk-io bot commented Mar 6, 2026

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

@socket-security
Copy link

socket-security bot commented Mar 6, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​types/​bun@​1.3.8 ⏵ 1.3.111001004993 -2100

View full report

@renovate renovate bot force-pushed the renovate/bun-1.x branch from eaf7531 to 37b2a7e Compare March 10, 2026 01:41
@arcjet-rei
Copy link
Contributor

arcjet-rei commented Mar 12, 2026

Root cause

Bun 1.3 introduced isolated installs (pnpm-like module resolution) as the default for workspaces, and its npm lockfile migrator cannot handle glob patterns (like "*") in the workspaces field.

Changes made

File Change Why
package.json Changed "workspaces": ["*"] to explicit list of 35 directories Bun 1.3's lockfile migrator can't expand glob patterns — this is the key fix that lets bun use package-lock.json
package.json Added @types/node and tslib to root devDependencies Phantom dependencies no longer hoisted under isolated installs
arcjet-nuxt/package.json Added @rollup/wasm-node to devDependencies Missing dependency — rollup binary wasn't available
arcjet-react-router/package.json Added @rollup/wasm-node to devDependencies Same
transport/bun.ts Added explicit Transport return type TS2742 — bun's .bun/ path structure leaked into inferred types
arcjet-nuxt/index.ts Added explicit NuxtModule type annotation Same TS2742 issue
package-lock.json Regenerated to reflect all above changes Needed for consistency

@arcjet-rei
Copy link
Contributor

arcjet-rei commented Mar 12, 2026

@qw-in This one could really use your eyes on it – I think all the changes aside from the expansion of the workspace list are beneficial, and I think some of them were required to get deno up to date as well. The change to not use globbing for workspaces is a pain, but this seems to be a bug in bun, and we can return to globbing when or if that gets fixed. I think it's important to get this to land, because without it, Bun is bypassing package-lock.json, which opens Bun users up to supply chain attacks (because we're not checking in the bun lockfile).

@renovate renovate bot force-pushed the renovate/bun-1.x branch from d442636 to 1f87f6c Compare March 13, 2026 16:09
@renovate renovate bot force-pushed the renovate/bun-1.x branch from 1f87f6c to 0c88817 Compare March 25, 2026 05:22
@renovate renovate bot changed the title deps: update dependency bun to v1.3.10 deps: update dependency bun to v1.3.11 Mar 25, 2026
@renovate renovate bot force-pushed the renovate/bun-1.x branch from 0c88817 to df948d8 Compare March 25, 2026 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arcjet-rei