Skip to content

fix(deps): update npm dependencies#162

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm
Open

fix(deps): update npm dependencies#162
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm

Conversation

@renovate

@renovate renovate Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@material-symbols/metadata (source) ^0.44.6^0.45.0 age confidence
@nuxt/eslint (source) 1.15.21.16.0 age confidence
@tailwindcss/vite (source) 4.3.04.3.2 age confidence
@types/node (source) 25.9.225.9.4 age confidence
@vitest/browser (source) 4.1.84.1.9 age confidence
@vitest/ui (source) 4.1.84.1.9 age confidence
@vue/language-server (source) 3.3.53.3.6 age confidence
autoprefixer 10.5.010.5.2 age confidence
daisyui (source) 5.5.235.6.13 age confidence
eslint (source) 10.4.110.6.0 age confidence
happy-dom 20.10.220.10.6 age confidence
js-yaml 4.2.04.3.0 age confidence
material-symbols (source) ^0.44.6^0.45.0 age confidence
pako 2.1.02.2.0 age confidence
playwright (source) 1.61.01.61.1 age confidence
pnpm (source) 11.5.2+sha512.71c631e382066efc25625d5cf029075de07b61b37f6e27350fbd84b1bda5864c8c1967adc280776b45c30a715c0359a3be08fef42d5bb09e2b9902997969291611.10.0 age confidence
postcss (source) 8.5.158.5.16 age confidence
tailwindcss (source) 4.3.04.3.2 age confidence
typescript-eslint (source) 8.61.08.62.1 age confidence

Release Notes

marella/material-symbols (@​material-symbols/metadata)

v0.45.5

Compare Source

v0.45.4

Compare Source

v0.45.3

Compare Source

v0.45.2

Compare Source

v0.45.1

Compare Source

nuxt/eslint (@​nuxt/eslint)

v1.16.0

Compare Source

   🚀 Features
    View changes on GitHub
tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.3.2

Compare Source

Fixed
  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#​20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#​20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#​20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#​20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#​20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#​20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#​20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#​20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#​20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#​20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#​20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#​20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#​20289)

v4.3.1

Compare Source

Added
  • Add --silent option to suppress output in @tailwindcss/cli (#​20100)
Fixed
  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#​20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#​20052)
  • Allow @apply to be used with CSS mixins (#​19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#​20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#​20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#​20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#​20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#​20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#​20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#​20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#​20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#​20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#​19588)
  • Allow @variant to be used inside addBase (#​19480)
  • Ensure @source globs with symlinks are preserved (#​20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#​20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#​20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#​20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#​20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#​20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#​20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#​20228)
Changed
  • Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#​20196)
  • Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#​20196)
vitest-dev/vitest (@​vitest/browser)

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub
vitest-dev/vitest (@​vitest/ui)

v4.1.9

Compare Source

vuejs/language-tools (@​vue/language-server)

v3.3.6

Compare Source

language-core
  • fix: make generic component internal context inference type-safe across .d.ts boundary (#​6104) - Thanks to @​Holiden!
  • fix: do not treat non-trivial property accesses as compound - Thanks to @​KazariEX!
  • fix: treat semicolon-terminated expressions as compound - Thanks to @​KazariEX!
  • fix: preserve return types for compound event handlers - Thanks to @​KazariEX!
  • fix: use WeakMap to cache inline TS ASTs - Thanks to @​KazariEX!
  • fix: match upstream CSS v-bind parsing behavior - Thanks to @​KazariEX!
  • fix: include setup bindings as potential component names (#​6111) - Thanks to @​KazariEX!
  • perf: reduce boundary code feature allocations - Thanks to @​KazariEX!
  • refactor: centralize code features and deprecate allCodeFeatures - Thanks to @​KazariEX!
postcss/autoprefixer (autoprefixer)

v10.5.2

Compare Source

  • Moved -webkit-fill-available before -moz-available, so Firefox
    will use -webkit- version which is closer to stretch.

v10.5.1

Compare Source

saadeghi/daisyui (daisyui)

v5.6.13

Compare Source

Bug Fixes
  • modal-start and modal-end RTL (0958416)

v5.6.12

Compare Source

Bug Fixes
  • email input RTL style in join (76148f7)

v5.6.11

Compare Source

Bug Fixes

v5.6.10

Compare Source

Bug Fixes

v5.6.9

Compare Source

Bug Fixes

v5.6.8

Compare Source

Bug Fixes
  • indicator center and middle misalign when item is a child. closes: #​4602 (6ceb65b)

v5.6.7

Compare Source

Bug Fixes
  • loading in prefers-reduced-motion now has slow animation instead of no animation. closes: #​4599 (f25acfd)

v5.6.6

Compare Source

Bug Fixes

v5.6.5

Compare Source

Bug Fixes
  • prevent tab conflict with Tailwind's new optional tab class (1b6f11a), closes #​4595

v5.6.4

Compare Source

Bug Fixes
  • tooltip position in RTL (e7f8a4f)

v5.6.3

Compare Source

Bug Fixes

v5.6.2

Compare Source

Bug Fixes
  • Missing outline and separators for joined buttons. closes: #​4586 (3f94950)

v5.6.1

Compare Source

Bug Fixes

v5.6.0

Compare Source

Features
  • add new Aura component
  • add new OTP component
  • add new Megamenu component
  • add vertical range slider with range-vertical
  • add HTML popover support for modal
  • add tooltip alignment utilities with tooltip-start, tooltip-center, and tooltip-end, closes #​4229
  • add new calendar style integration for Vanilla Calendar Pro
  • make rating size modifiers responsive, closes #​4367
  • improve input, textarea, select, and floating label sizing, closes #​4370
  • improve collapse overflow behavior when closed, closes #​4419
  • improve filter keyboard navigation and reset behavior, refs #​4424
  • simplify join styles and prevent nested join leakage, closes #​4506
  • rewrite button styles and improve checked, disabled, soft, ghost, link, and focus states, see #​4430
  • add default styling for customizable select selectedcontent, refs #​4549
  • allow menu elements as .menu containers
  • add selected/selectable card focus and checked styling
Bug Fixes
  • respect prefers-reduced-motion for loading indicators, closes #​4298
  • revert dropdown overflow clipping for details inside .menu, closes #​4343
  • align horizontal and vertical menu items correctly, closes #​4381
  • prefix CSS variables inside var() without replacing fallback content, closes #​4372, closes #​4408
  • only apply root scroll background image to :root
  • improve root color, scroll gutter, and scroll lock separation
  • keep card outline visible on focus-visible, closes #​4421
  • improve collapse details/summary transitions and styling, closes #​4515
  • highlight select trigger while native picker is open, closes #​4528
  • dropdown animation inside modal
  • Safari quirks for datetime inputs
  • remove text-wrap: balance from menu items
  • make highlighted mockup-code lines span full scroll width, closes #​4542
  • clear React Day Picker range middle cell background, closes #​4455
  • use defined Pikaday theme colors for events and ranges, closes #​4496
  • keep .kbd legible inside colored buttons, closes #​4353
  • prevent footer grid styles from displaying script/style/template children, closes #​4471
  • prevent FAB trigger and labels from being text-selected in Safari
  • fan out first fab-flower action when no main action exists, closes #​4531
  • add modal overlay transition for stacked dialogs
  • adjust swap layers, closes #​4574
  • make swap-active work with rotate and flip, closes #​4553
  • give select-ghost picker a non-transparent background, closes #​4521
  • improve button border style for keyboard and mouse navigation
  • make diff work inside card and fix CDN hover gallery layering, closes #​4416, closes #​4474
  • improve disabled input label color contrast
  • clean up file input styling
  • improve alert noise size
  • improve diff thumb styling
  • fix menu typo from previous changes
Docs
  • add daisyUI 5.6 blog post
  • add docs for Aura, OTP, Megamenu, vertical range, tooltip alignment, popover modal, selectable cards, responsive floating labels, and select dropdown max height
  • add clipboard button to markdown code blocks, closes #​4536
  • add select dropdown max-height example, closes #​4440
  • add collapse usage examples inspired by outside-click patterns, refs #​4479
  • allow hyphens and spaces in theme generator theme names
  • fix mockup-browser background color snippet
  • improve focus indicators for code blocks and headings
  • add Angular install note for modern CSS / color-mix() rendering
  • use CDN-safe alert icon classes
  • add tooltip component to llms.txt
  • document read-only rating pattern in daisyUI skill files
Chores
  • update Bun, Tailwind CSS, Lightning CSS, PostCSS, Prettier, and related dependencies
  • add package exports for daisyui
  • update daisyUI skill files for new and changed components
eslint/eslint (eslint)

v10.6.0

Compare Source

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#​20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#​20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#​20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#​21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#​21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#​21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#​21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#​21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#​21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#​21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#​20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#​20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#​20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#​20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#​20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#​20983) (lumir)

Chores

v10.5.0

Compare Source

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#​20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#​20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#​20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#​20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#​20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#​20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#​20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#​20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#​20926) (sethamus)

Chores

capricorn86/happy-dom (happy-dom)

v20.10.6

Compare Source

👷‍♂️ Patch fixes

v20.10.5

Compare Source

👷‍♂️ Patch fixes
  • Adds cache to query selector parser - By @​capricorn86 in task #​2142
    • The selector parser degraded in performance in v20.6.3 to solve more complex selectors
    • Parsing is still a bit slower, but the cache will hopefully mitigate most of the problem

v20.10.4

Compare Source

👷‍♂️ Patch fixes
  • Coerce null qualifiedName to empty string in createDocument - By @​Firer in task #​2206

v20.10.3

Compare Source

👷‍♂️ Patch fixes
  • Fix "~=" attribute selector matching hyphenated substrings in CSS selectors - By @​mixelburg in task #​2194
nodeca/js-yaml (js-yaml)

v4.3.0

Compare Source

marella/material-symbols (material-symbols)

v0.45.5

Compare Source

v0.45.4

Compare Source

v0.45.3

Compare Source

v0.45.2

Compare Source

v0.45.1

Compare Source

v0.45.0

Compare Source

nodeca/pako (pako)

v2.2.0

Compare Source

Added
  • Alternate deflate hash (ANZAC++) - for nodejs zlib compatibility.
    A nice bonus ~ 40% speed boost.
  • legacyHash (default: true) deflate option, to switch between original zlib
    and nodejs binary-compatible output.
Fixed
  • Inflate: fix window not updated after inflateReset (multistream/bgzip), #​139.
  • Inflate: emit chunk on flush, #​259.
  • Inflate: only continue to next stream for gzip; error on truncated input.
microsoft/playwright (playwright)

v1.61.1

Compare Source

pnpm/pnpm (pnpm)

v11.10.0

Compare Source

Minor Changes
  • e2e3c81: Added the issues command as an alias of bugs, so pnpm issues opens the package's bug tracker URL in the browser.

  • 8491f8e: Added the prefix command which prints the current package prefix directory (or global prefix directory if -g / --global is used).

  • 3425e80: Added an _auth setting for configuring registry authentication as a single structured (URL-keyed) value. It can be set in the global pnpm config (config.yaml) or, for CI, via the pnpm_config__auth environment variable. The env form sidesteps the GitHub Actions / bash / zsh limitation that broke the existing pnpm_config_//host/:_authToken=… form (env var names containing /, :, or . are silently dropped). Closes #​12314.

    The value is keyed by registry URL so each secret is explicitly bound to the host that may receive it. Registry URL keys must use http or https and must not include credentials, query strings, or fragments:

    export pnpm_config__auth='{"https://registry.npmjs.org":{"@​":{"authToken":"npm-token"},"@​org":{"authToken":"org-token"}}}'

    The equivalent in the global config.yaml:

    _auth:
      https://registry.npmjs.org:
        "@​":
          authToken: npm-token
        "@​org":
          authToken: org-token

    Within each registry URL, @ means registry-wide/default credentials and package scopes like @org bind credentials to that scope on the same host. The only supported credential field is authToken (maps to _authToken / bearer auth); the deprecated basicAuth / username + password forms are intentionally not accepted here.

    Each entry also infers a trusted registry route: @ routes the default registry (and pnpm add <pkg> resolves there), and @org routes that scope. Because the credential and destination host arrive in one trusted value, repo-controlled pnpm-workspace.yaml or project .npmrc cannot redirect the token to a different host. _auth is honored only from the env var and the global config — it is ignored in a project pnpm-workspace.yaml / .npmrc, so repo-controlled config can never supply registry auth. Precedence: CLI flags (--registry, --@&#8203;scope:registry) > pnpm_config__auth > global config.yaml _auth > pnpm-workspace.yaml.

    Both pnpm_config__auth (lowercase, documented form) and PNPM_CONFIG__AUTH (all-caps, the shell convention some CI runners apply) are honored. If both are set, lowercase wins unless it is empty, in which case uppercase is used. The env var wins over the global config.yaml _auth on a conflicting key. tokenHelper is not supported in _auth. Parsing is strict: a malformed value (bad JSON, wrong shape, invalid registry URL or scope, an unsupported credential field) fails fast with an error rather than being silently dropped.

    Pacquet parity note: the pacquet (Rust) port supports the same single credential field as the TS CLI: authToken.

  • a33eeec: pnpm self-update and packageManager version-switching can now install and link pnpm v12 (the Rust port), published with equal content under both the pnpm and @pnpm/exe names on the next-12 dist-tag. Its native binaries ship as @pnpm/exe.<platform>-<arch> packages, which pnpm's built-in installer links directly — no Node.js launcher, so the command pays no Node startup cost. v12 is initialized exactly like @pnpm/exe, including per-platform global-virtual-store hashing. From v12 onward the install converges on the unscoped pnpm package (the Rust exe) — even when updating from the SEA @pnpm/exe build.

  • 1dd12bd: When resolving through a pnpr install-accelerator server, pnpm no longer forwards its own upstream registry credentials in the resolve request. Only the Authorization header identifying the caller to pnpr is sent. The pnpr server now selects upstream credentials from its own route policy (operator-configured upstream credential aliases), so private dependencies resolve through a pnpr-managed alias the caller is authorized to use, rather than by sending the client's registry tokens to the server.

  • 1e81761: Expose web authentication authUrl and doneUrl in JSON error output when OTP is required in a non-interactive terminal #​12724.

Patch Changes
  • 2f389d6: Added the Node.js release team's new signing key (Stewart X Addison, 655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD) to the embedded Node.js release keys, so runtimes whose SHASUMS256.txt is signed by the new releaser verify successfully.

  • acbdb94: Fixed shell tab completion not suggesting workspaces after the -F alias for --filter option.

  • dcabb78: Fixed pnpm up -r <pkg> bumping unrelated packages that have open semver ranges. Previously, any update mutation nullified the lockfile-derived preferredVersions globally, so packages with ^x.y.z ranges could re-resolve to newer compatible versions even though the user only asked to update a specific package. The install layer now always seeds preferredVersions from the lockfile, and caller-supplied preferred versions (such as the vulnerability penalties of pnpm audit --fix) layer on top of the seed instead of replacing it. The targeted package still bumps: the per-resolve updateRequested flag makes the resolver ignore the target's own lockfile pins.

    Closes #​10662.

  • d539172: Fixed pnpm pack and pnpm publish failing when prepack generates files that are included in the package and postpack cleans them up.

  • be6505a: Hardened globa

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone Europe/London)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot enabled auto-merge (squash) June 24, 2026 14:46
@renovate

renovate Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package.json
Command failed: corepack use pnpm@11.10.0

@renovate
renovate Bot force-pushed the renovate/npm branch 2 times, most recently from 31c11a3 to d0a84dc Compare June 25, 2026 11:54
@renovate renovate Bot changed the title chore(deps): update npm dependencies fix(deps): update npm dependencies Jun 25, 2026
@renovate
renovate Bot force-pushed the renovate/npm branch 9 times, most recently from 933b2c6 to 067dc97 Compare July 2, 2026 10:57
@renovate
renovate Bot force-pushed the renovate/npm branch 8 times, most recently from d44ee89 to cb58b92 Compare July 9, 2026 23:00
@renovate
renovate Bot force-pushed the renovate/npm branch 8 times, most recently from cd2c4bd to 9f03bf8 Compare July 15, 2026 13:10
@renovate
renovate Bot force-pushed the renovate/npm branch 4 times, most recently from fcd82d0 to 4868f69 Compare July 18, 2026 04:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants