Skip to content

fix(deps): update all non-major dependencies#22734

Merged
sapphi-red merged 1 commit into
mainfrom
renovate/all-minor-patch
Jun 25, 2026
Merged

fix(deps): update all non-major dependencies#22734
sapphi-red merged 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@clack/prompts (source) ^1.5.1^1.6.0 age confidence devDependencies minor
@vitejs/plugin-react (source) ^6.0.2^6.0.3 age confidence devDependencies patch
@vitest/utils (source) 4.1.84.1.9 age confidence devDependencies patch
autoprefixer ^10.5.0^10.5.1 age confidence dependencies patch 10.5.2
baseline-browser-mapping ^2.10.37^2.10.38 age confidence devDependencies patch
browserslist ^4.28.2^4.28.4 age confidence dependencies patch
eslint-plugin-import-x ^4.16.2^4.17.0 age confidence devDependencies minor
globals 17.6.017.7.0 age confidence minor
globals ^17.6.0^17.7.0 age confidence devDependencies minor
less (source) ^4.6.6^4.6.7 age confidence devDependencies patch
lint-staged ^17.0.7^17.0.8 age confidence devDependencies patch
miniflare (source) ^4.20260611.0^4.20260623.0 age confidence devDependencies minor
nanoid ^5.1.11^5.1.15 age confidence devDependencies patch 5.1.16
oxfmt (source) ^0.54.0^0.56.0 age confidence devDependencies minor
oxlint (source) ^1.69.0^1.71.0 age confidence devDependencies minor
playwright-chromium (source) ^1.60.0^1.61.1 age confidence devDependencies minor
pnpm (source) 10.34.310.34.4 age confidence packageManager patch
pnpm/action-setup v6.0.8v6.0.9 age confidence action patch
svelte (source) ^5.56.3^5.56.4 age confidence devDependencies patch
svelte-check ^4.6.0^4.7.0 age confidence devDependencies minor 4.7.1
typescript-eslint (source) 8.61.08.62.0 age confidence minor
typescript-eslint (source) ^8.61.0^8.62.0 age confidence devDependencies minor
vitepress-plugin-llms ^1.13.1^1.13.2 age confidence devDependencies patch
vitest (source) ^4.1.8^4.1.9 age confidence devDependencies patch
zizmorcore/zizmor-action v0.5.6v0.5.7 age confidence action patch

Release Notes

bombshell-dev/clack (@​clack/prompts)

v1.6.0

Compare Source

Minor Changes
  • #​568 f87933f Thanks @​florian-lefebvre! - Updates default formatter of note() to note dim lines anymore

    If you want the old behavior, provide a format() function:

    import { note } from '@​clack/prompts';
    +import { styleText } from 'node:util';
    
    note(
      'You can edit the file src/index.jsx',
      'Next steps.'
    +  { format: (text) => styleText('dim', text) }
    );
  • #​567 cc6aab5 Thanks @​dreyfus92! - Add keyboard instruction footers to select, multiselect, and groupMultiselect in the active state, matching autocomplete. No option — always shown.

Patch Changes
vitejs/vite-plugin-react (@​vitejs/plugin-react)

v6.0.3

Compare Source

vitest-dev/vitest (@​vitest/utils)

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub
postcss/autoprefixer (autoprefixer)

v10.5.1

Compare Source

web-platform-dx/baseline-browser-mapping (baseline-browser-mapping)

v2.10.38

Compare Source

browserslist/browserslist (browserslist)

v4.28.4

Compare Source

  • Fixed SyntaxError regression of 4.28.3.

v4.28.3

Compare Source

  • Fixed baseline query case-insensitivity (by @​swwind).
un-ts/eslint-plugin-import-x (eslint-plugin-import-x)

v4.17.0

Compare Source

Minor Changes
  • #​474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.
Patch Changes
  • #​494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #​481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #​484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #​468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #​479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #​476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

sindresorhus/globals (globals)

v17.7.0

Compare Source

less/less.js (less)

v4.6.7

Compare Source

Changes
lint-staged/lint-staged (lint-staged)

v17.0.8

Compare Source

Patch Changes
  • #​1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #​1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

cloudflare/workers-sdk (miniflare)

v4.20260623.0

Compare Source

Patch Changes
  • #​14364 a085dec Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260617.1 1.20260619.1
  • #​14383 9a0de8f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260619.1 1.20260621.1
  • #​14397 fab565f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260621.1 1.20260623.1

v4.20260617.1

Compare Source

Patch Changes
  • #​14118 b38823f Thanks @​aicayzer! - Fix Uint8Array step outputs in local Workflows being persisted with the full backing ArrayBuffer

    A Uint8Array returned from a Workflows step under wrangler dev was serialised together with its full underlying ArrayBuffer, causing a raw SQLITE_TOOBIG error at view sizes well below the documented 1MiB step-output limit. For example, a 200KB view sliced from an 800KB buffer (a common pattern from crypto.getRandomValues or arr.slice(...) on a larger pool) would fail. The view's bytes are now copied to a tight buffer before persistence, bringing local behaviour in line with production. Fixes #​14101.

v4.20260617.0

Compare Source

Patch Changes
  • #​14347 673b09e Thanks @​jamesopstad! - Update undici from 7.24.8 to 7.28.0

  • #​14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #​14314 5c3bb11 Thanks @​harryzcy! - Bump esbuild to 0.28.1

    This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

  • #​14331 296ad65 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260616.1 1.20260617.1

v4.20260616.0

Compare Source

Minor Changes
  • #​14221 0e055d3 Thanks @​mglewis! - Support cf.image (transform via Workers) image transformations in local dev

    fetch(url, { cf: { image: { ... } } }) now transforms images locally via Sharp, instead of returning the original bytes unchanged. This mirrors the production "transform via Workers" feature, so Workers already using cf.image behave much more closely to production in wrangler dev.

    As with the Images binding, cf.image transforms require Sharp to be installed — transforms are silently skipped if Sharp is unavailable.

Patch Changes
  • #​14271 27db82c Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260611.1 1.20260612.1
  • #​14298 2a6a26b Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260612.1 1.20260615.1
  • #​14317 9a424ed Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260615.1 1.20260616.1
  • #​14287 41f391f Thanks @​edmundhung! - Improve errors for missing resource bindings

    When methods like getKVNamespace() or getR2Bucket() are called with a binding name that is not configured for that resource type, Miniflare now reports the expected binding type in the error message.

ai/nanoid (nanoid)

v5.1.15

Compare Source

  • Fixed random pool corruption on big ID sizes.

v5.1.14

Compare Source

  • Fixed npm package size regression.

v5.1.13

Compare Source

  • Fixed npm package size regression.

v5.1.12

Compare Source

  • Moved to npm Provenance and Staged Publishing.
oxc-project/oxc (oxfmt)

v0.56.0

Compare Source

v0.55.0

Compare Source

🚀 Features
  • 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)
oxc-project/oxc (oxlint)

v1.71.0

Compare Source

🚀 Features
  • 0dc2405 linter: Add schema for eslint/no-restricted-properties (#​23619) (Sysix)
  • b638d0e linter: Add schema for node/callback-return (#​23615) (Sysix)
  • eb8bedc linter: Add schema for import/extensions (#​23557) (WaterWhisperer)
  • 46f3625 linter: Implement node/no-sync rule (#​23589) (fujitani sora)
  • b01739a linter: Add schema for unicorn/numeric-separators-style (#​23554) (Mikhail Baev)
  • 68afd2a linter/node: Implement no-mixed-requires rule (#​23539) (fujitani sora)
  • a421215 linter: Add schema for eslint/prefer-destructuring (#​23410) (WaterWhisperer)
  • 84438be linter/jsdoc: Added missing options to require-param-description (#​23416) (kapobajza)
  • 51910df linter/jsdoc: Add missing options to require-param-type rule (#​23418) (kapobajza)
  • e90925f linter/unicorn: Implement prefer-number-coercion rule (#​23497) (Shekhu☺️)
  • dd1c866 linter/vue: Implement no-async-in-computed-properties rule (#​23493) (bab)
  • b02444e linter: Add schema for react/jsx-no-script-url (#​23475) (WaterWhisperer)
  • a8dce46 linter/unicorn: Implement max-nested-calls rule (#​23461) (arieleli01212)
🐛 Bug Fixes
  • a303c23 linter/jsx-a11y: Align anchor-is-valid config with upstream (#​23446) (camc314)
📚 Documentation
  • b50bf4d linter: Remove manually written options doc for eslint/arrow-body-style (#​23490) (Mikhail Baev)

v1.70.0

Compare Source

🚀 Features
  • 2e8bda4 linter/vue: Implement no-dupe-keys rule (#​23350) (bab)
  • 1490a0a linter/react: Implement react-compiler rule (#​23202) (Boshen)
  • dd560ae linter/unicorn: Implement no-array-fill-with-reference-type rule (#​23397) (Mikhail Baev)
  • af36c2f linter: Add schema for react/jsx-curly-brace-presence (#​23400) (WaterWhisperer)
  • 47d34a3 linter: Add schema for react/jsx-handler-names (#​23393) (WaterWhisperer)
  • f4250d0 linter: Add schema for unicorn/import-style (#​23386) (WaterWhisperer)
  • 30c74ce linter: Add schema for jsx_a11y/no-noninteractive-element-to-interactive-role (#​23384) (Sysix)
  • cfbe8dc linter: Add schema for jsx_a11y/no-interactive-element-to-noninteractive-role (#​23382) (WaterWhisperer)
  • d15b7ff linter: Add schema for typescript/no-restricted-types (#​23381) (WaterWhisperer)
  • 028a811 linter: Add schema for jsx-a11y/media-has-caption (#​23377) (Sysix)
  • b3b1038 linter: Add schema for jsx-a11y/label-has-associated-control (#​23376) (Sysix)
  • 7ada6b2 linter: Add schema for jsx_a11y/no-distracting-elements (#​23379) (WaterWhisperer)
  • ee3dd49 linter: Add schema for jsx-a11y/img-redundant-alt (#​23374) (Sysix)
  • df5f8dd linter: Add short descriptions to most lint rules. (#​23365) (Connor Shea)
  • e3fd735 linter: Add schema for jsx_a11y/alt-text (#​23369) (Sysix)
  • 0f2fff4 linter: Add schema for react/exhaustive-deps (#​23372) (Mikhail Baev)
  • e3e4e10 linter: Add schema for react_perf/jsx-no-new-object-as-prop (#​23368) (Mikhail Baev)
  • 9366d44 linter: Add schema for unicorn/prefer-at (#​23366) (WaterWhisperer)
  • f57b55d linter: Add schema for typescript/array-type (#​23355) (Sysix)
  • 0dcf912 linter: Add schema for typescript/ban-ts-comment (#​23354) (Sysix)
  • 51fa83e linter: Add schema for react/no-did-update-set-state (#​23357) (Mikhail Baev)
  • 59db0bd linter: Add schema for consistent-generic-constructors (#​23353) (Sysix)
  • c4775c0 linter: Add schema for typescript/consistent-type-assertions (#​23349) (Sysix)
  • 6e516f7 linter: Add schema for typescript/consistent-type-imports (#​23348) (Sysix)
  • 012134d linter: Add schema for react/jsx-no-target-blank (#​23345) (WaterWhisperer)
  • 0806aae linter: Add schema for jsx_a11y/no-noninteractive-tabindex (#​23337) (Mikhail Baev)
  • 0708b5a linter: Add schema for react/jsx-filename-extension (#​23315) (Mikhail Baev)
  • 150bce1 linter: Add schema for typescript/no-empty-object-type (#​23309) (Sysix)
  • f9e36f1 linter: Add schema for typescript/no-duplicate-type-constituents (#​23308) (Sysix)
  • 937accf linter: Add schema for typescript/no-invalid-void-type (#​23307) (Sysix)
  • 3e042b9 linter: Add schema for typescript/no-misused-promises (#​23306) (Sysix)
  • da212d1 linter: Add schema for typescript/no-unnecessary-condition (#​23305) (Sysix)
  • f8f0d38 linter: Add schema for typescript/parameter-properties (#​23304) (Sysix)
  • 2275fc7 linter: Add schema for typescript/prefer-nullish-coalescing (#​23302) (Sysix)
  • d353858 linter: Add schema for typescript/prefer-string-starts-ends-with (#​23301) (Sysix)
  • 03060f5 linter: Add schema for typescript/triple-slash-reference (#​23300) (Sysix)
  • 6619cee linter: Add schema for promise/param-names (#​23298) (Sysix)
  • 8bf108e linter: Add schema for promise/catch-or-return (#​23297) (Sysix)
  • 48158d0 linter: Add schema for vitest/consistent-each-for (#​23294) (Sysix)
  • 7e74c98 linter: Add schema for vitest/consistent-test-filename (#​23293) (Sysix)
  • ff94d4a linter: Add schema for vitest/consistent-vitest-vi (#​23292) (Sysix)
  • 2409a10 linter: Add schema for vitest/prefer-import-in-mock (#​23291) (Sysix)
  • 3d782b7 linter: Add schema for react/no-unstable-nested-components (#​23287) (Mikhail Baev)
  • 0a0bc2f linter/jsx-a11y: Add allowedRedundantRoles option to no-redundant-roles (#​22820) (bab)
  • 80758a5 linter/vue: Implement no-side-effects-in-computed-properties rule (#​23282) (bab)
  • e3869ac linter: Add schema for react/no-object-type-as-default-prop (#​23279) (Mikhail Baev)
  • 4480609 linter: Add schema for react/jsx-props-no-spreading (#​23276) (Mikhail Baev)
  • 08d68a5 linter/react: Implement jsx-no-literals rule (#​23145) (kapobajza)
  • 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)
  • bdb723c linter/unicorn: Implement prefer-single-call rule (#​23235) (Yuzhe Shi)
  • 31543ed linter: Add schema for vue/define-props-destructuring (#​23252) (Sysix)
  • 21b6c3d linter: Add schema for oxc/no-async-endpoint-handlers (#​23251) (Sysix)
  • e77ff81 linter: Add schema for unicorn/prefer-object-from-entries (#​23249) (Mikhail Baev)
  • bcac2d6 linter: Add schema for jest/vitest/no-restricted-matchers (#​23247) (Sysix)
  • 539f036 linter: Add schema for jest/vitest/no-restricted-*-methods (#​23246) (Sysix)
  • dd1b927 linter/vue: Implement require-default-prop rule (#​22951) (bab)
  • 3f018e7 linter: Add schema for unicorn/no-instanceof-builtins (#​23225) (Mikhail Baev)
  • e0d0f78 linter: Verify promise/no-callback-in-promise schema (#​23141) (beanscg)
  • 123d4f4 linter: Add schema for jest/vitest/valid-expect (#​23185) (Sysix)
  • 46c8a21 linter: Add schema for jest/vitest/require-top-level-describe (#​23184) (Sysix)
  • 41465cf linter: Add schema for jest/vitest/prefer-snapshot-hint (#​23183) (Sysix)
  • d068b9b linter: Add schema for jest/vitest/prefer-expect-assertions (#​23181) (Sysix)
  • 064a1ee linter: Add schema for jest/prefer-ending-with-an-expect (#​23180) (Sysix)
  • d046797 linter: Add schema for jest/vitest/no-standalone-expect (#​23179) (Sysix)
  • 137b9a6 linter: Add schema for jest/vitest/no-large-snapshots (#​23178) (Sysix)
  • 0f3e4a5 linter: Add schema for jest/vitest/no-hooks (#​23177) (Sysix)
  • cd0b384 linter: Add schema for unicorn/explicit-length-check (#​23155) (Mikhail Baev)
  • 01b74c4 linter: Add schema for jest/no-deprecated-functions (#​23136) (Sysix)
  • 9d6a387 linter: Add schema for unicorn/catch-error-name (#​23137) (Mikhail Baev)
  • 0da8efa linter: Add schema for jest/vitest/max-nested-describe (#​23131) (Sysix)
  • d71c9fd linter: Add schema for eslint/no-use-before-define (#​23129) (Sysix)
🐛 Bug Fixes
  • 26ddac6 linter: Avoid config schema generation for jsx_a11y/no-noninteractive-element-interactions (#​23385) (Sysix)
  • 40556ad linter: Parse jsx-a11y/control-has-associated-label config with DefaultRuleConfig (#​23373) (Sysix)
  • 71e9648 linter: Expose no-noninteractive-element-interactions schema (#​23283) (camc314)
  • 6c86d1c linter/react-perf: Correct nativeAllowList all schema (#​23229) (camc314)
  • 4dd52de linter/react-perf: Re-generate stale snapshots (#​23228) (camc314)
  • 8f3db61 linter: Allow options for eslint/capitalized-comments (#​23139) (Sysix)
⚡ Performance
  • f09707e linter: jest/no-deprecated-functions store config version as usize (#​23138) (Sysix)
📚 Documentation
  • f682e25 linter: Remove manually written options doc for eslint/prefer-arrow-callback (#​23438) (Mikhail Baev)
  • 64c942c linter: Remove manually written options doc for eslint/no-sequences (#​23420) (Mikhail Baev)
  • 14abf32 linter/react-perf: Use autogenerated docs (#​23227) (camc314)
microsoft/playwright (playwright-chromium)

v1.61.1

Compare Source

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();
New APIs
Network
Browser and Screencast
  • New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
  • New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
  • The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.
Test runner

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 22, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from f605b86 to 57643af Compare June 22, 2026 12:44
@renovate renovate Bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Jun 22, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from 376ff46 to 1fd6a2d Compare June 24, 2026 20:44
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 1fd6a2d to 9fab34f Compare June 25, 2026 07:18
@sapphi-red sapphi-red merged commit e635f49 into main Jun 25, 2026
23 of 24 checks passed
@sapphi-red sapphi-red deleted the renovate/all-minor-patch branch June 25, 2026 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant