fix(deps): update npm dependencies#162
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
Contributor
Author
|
renovate
Bot
force-pushed
the
renovate/npm
branch
2 times, most recently
from
June 25, 2026 11:54
31c11a3 to
d0a84dc
Compare
renovate
Bot
force-pushed
the
renovate/npm
branch
9 times, most recently
from
July 2, 2026 10:57
933b2c6 to
067dc97
Compare
renovate
Bot
force-pushed
the
renovate/npm
branch
8 times, most recently
from
July 9, 2026 23:00
d44ee89 to
cb58b92
Compare
renovate
Bot
force-pushed
the
renovate/npm
branch
8 times, most recently
from
July 15, 2026 13:10
cd2c4bd to
9f03bf8
Compare
renovate
Bot
force-pushed
the
renovate/npm
branch
4 times, most recently
from
July 18, 2026 04:43
fcd82d0 to
4868f69
Compare
renovate
Bot
force-pushed
the
renovate/npm
branch
from
July 18, 2026 21:06
4868f69 to
96e760b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^0.44.6→^0.45.01.15.2→1.16.04.3.0→4.3.225.9.2→25.9.44.1.8→4.1.94.1.8→4.1.93.3.5→3.3.610.5.0→10.5.25.5.23→5.6.1310.4.1→10.6.020.10.2→20.10.64.2.0→4.3.0^0.44.6→^0.45.02.1.0→2.2.01.61.0→1.61.111.5.2+sha512.71c631e382066efc25625d5cf029075de07b61b37f6e27350fbd84b1bda5864c8c1967adc280776b45c30a715c0359a3be08fef42d5bb09e2b99029979692916→11.10.08.5.15→8.5.164.3.0→4.3.28.61.0→8.62.1Release Notes
marella/material-symbols (@material-symbols/metadata)
v0.45.5Compare Source
v0.45.4Compare Source
v0.45.3Compare Source
v0.45.2Compare Source
v0.45.1Compare Source
nuxt/eslint (@nuxt/eslint)
v1.16.0Compare Source
🚀 Features
View changes on GitHub
tailwindlabs/tailwindcss (@tailwindcss/vite)
v4.3.2Compare Source
Fixed
auto-rows-*andauto-cols-*utilities (e.g.auto-rows-12andauto-cols-16) (#20229)@tailwindcss/cliin--watchmode from crashing on Windows when@sourcepoints to a directory that doesn't exist (#20242)@tailwindcss/vitefrom crashing in Deno v2.8.x whencontext.parentURLis not a valid URL (#20245)@tailwindcss/cliin--watchmode rebuilds when the input CSS file changes in an ignored directory (#20246)@variantrules used inaddBase(…)to use custom variants defined later (#20247)@tailwindcss/vitefrom crashing during HMR when scanned files or directories are deleted (#20259)font-sizeinstead ofcolordeclarations fortext-[--spacing(…)](#20260)@sourcepatterns from scanning unrelated sibling files and folders (#20263)%]…[%in.tt,.tt2, and.txfiles (#20269)p.text-black[condition](#20269)@position-tryrules from triggering unknown at-rule warnings when optimizing CSS (#20277)--opacitytheme values (#20287)@tailwindcss/postcsswhen used with newer PostCSS patch releases (#20289)v4.3.1Compare Source
Added
--silentoption to suppress output in@tailwindcss/cli(#20100)Fixed
Module#registerHooksinstead ofModule#registeron Node 26+ (#20028)@applyto be used with CSS mixins (#19427)not-*correctly negates@containerqueries, includingstyle(…)queries (#20059)drop-shadow-*color utilities work with custom shadow values containingcalc(…)(#20080)@tailwindcss/vite(#20103)@tailwindcss/webpackcan be installed in Rspack projects without requiringwebpackas a peer dependency (#20027)calc(…)expressions (e.g.px-[calc(1rem+0px)]→px-[calc(1rem+0)]) (#20127)left-[99999px]→left-[99999px], notleft-24999.75) (#20130)@tailwindcss/cliin--watchmode recovers when a tracked dependency is deleted and restored (#20137)@tailwindcss/clibinaries are ignored when scanning for class candidates (#20139)addClass(…)andremoveClass(…)calls (#20198)@variantto be used insideaddBase(#19480)@sourceglobs with symlinks are preserved (#20203)@sourcerules can re-include files excluded by earlier@source notrules (#20203)@utilityrules (#20205)inset-shadow-noneand other inset shadows work correctly (#20208)@sourcedirectories are scanned even when ignored by git (#20214)@sourceglobs ending in**/*preserve dynamic path segments to avoid scanning too many files (#20217)calc(…)divisions when the result would require high precision (e.g.w-[calc(100%/3.5)]→w-[calc(100%/3.5)], notw-[28.571428571428573%]) (#20221)@tailwindcss/postcss(#20228)Changed
0instead ofcalc(var(--spacing) * 0)for spacing utilities likem-0andleft-0(#20196)var(--spacing)instead ofcalc(var(--spacing) * 1)for spacing utilities likem-1andleft-1(#20196)vitest-dev/vitest (@vitest/browser)
v4.1.9Compare Source
🐞 Bug Fixes
importOriginalwith optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #10546 (a5180)View changes on GitHub
vitest-dev/vitest (@vitest/ui)
v4.1.9Compare Source
vuejs/language-tools (@vue/language-server)
v3.3.6Compare Source
language-core
.d.tsboundary (#6104) - Thanks to @Holiden!WeakMapto cache inline TS ASTs - Thanks to @KazariEX!v-bindparsing behavior - Thanks to @KazariEX!allCodeFeatures- Thanks to @KazariEX!postcss/autoprefixer (autoprefixer)
v10.5.2Compare Source
-webkit-fill-availablebefore-moz-available, so Firefoxwill use
-webkit-version which is closer tostretch.v10.5.1Compare Source
grid-areaspan reset for overriding areas (by @puneetdixit200).saadeghi/daisyui (daisyui)
v5.6.13Compare Source
Bug Fixes
v5.6.12Compare Source
Bug Fixes
v5.6.11Compare Source
Bug Fixes
v5.6.10Compare Source
Bug Fixes
<button disabled>style in menu. closes: #4600 (1f07963)v5.6.9Compare Source
Bug Fixes
v5.6.8Compare Source
Bug Fixes
v5.6.7Compare Source
Bug Fixes
v5.6.6Compare Source
Bug Fixes
v5.6.5Compare Source
Bug Fixes
tabclass (1b6f11a), closes #4595v5.6.4Compare Source
Bug Fixes
v5.6.3Compare Source
Bug Fixes
v5.6.2Compare Source
Bug Fixes
v5.6.1Compare Source
Bug Fixes
btn-activeas a utility class. closes: #4584 (99316ff)v5.6.0Compare Source
Features
range-verticaltooltip-start,tooltip-center, andtooltip-end, closes #4229selectedcontent, refs #4549menuelements as.menucontainersBug Fixes
prefers-reduced-motionfor loading indicators, closes #4298detailsinside.menu, closes #4343var()without replacing fallback content, closes #4372, closes #4408:rootfocus-visible, closes #4421text-wrap: balancefrom menu items.kbdlegible inside colored buttons, closes #4353fab-floweraction when no main action exists, closes #4531swap-activework with rotate and flip, closes #4553select-ghostpicker a non-transparent background, closes #4521Docs
color-mix()renderingllms.txtChores
daisyuieslint/eslint (eslint)
v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)v10.5.0Compare Source
Features
5ca8c52feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)b565783feat: report no-with violations at the with keyword (#20971) (Pixel998)2ce032ffeat: report max-lines-per-function violations at function head (#20966) (Pixel998)732cb3efeat: report max-nested-callbacks violations at function head (#20967) (Pixel998)f9c138afeat: report max-depth violations on keywords (#20943) (Pixel998)bdb496cfeat: correct max-depth handling for else-if chains (#20944) (Pixel998)c296873feat: update error loc inmax-statementsto function header (#20907) (Taejin Kim)Documentation
8ae1b5bdocs: Update README (GitHub Actions Bot)ca7eb90docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)f99b47adocs: Update README (GitHub Actions Bot)acf03d4docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)Chores
b18bf58chore: update ecosystem plugins (#20959) (ESLint Bot)c2d1444refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)243b8c5chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)217b2a9test: add unit tests for ParserService (#20949) (Taejin Kim)72003e7test: add location information to error messages inmax-statements(#20945) (lumir)7797c26refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)67c46fachore: update ecosystem plugins (#20938) (ESLint Bot)95d8c7achore: update dependency @eslint/json to v2 (#20934) (renovate[bot])cf9e496chore: update @arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)fb6d396test: run type tests with TypeScript 7 (#20868) (sethamus)capricorn86/happy-dom (happy-dom)
v20.10.6Compare Source
👷♂️ Patch fixes
v20.10.5Compare Source
👷♂️ Patch fixes
v20.10.4Compare Source
👷♂️ Patch fixes
v20.10.3Compare Source
👷♂️ Patch fixes
nodeca/js-yaml (js-yaml)
v4.3.0Compare Source
marella/material-symbols (material-symbols)
v0.45.5Compare Source
v0.45.4Compare Source
v0.45.3Compare Source
v0.45.2Compare Source
v0.45.1Compare Source
v0.45.0Compare Source
nodeca/pako (pako)
v2.2.0Compare Source
Added
A nice bonus ~ 40% speed boost.
legacyHash(default: true) deflate option, to switch between originalzliband
nodejsbinary-compatible output.Fixed
inflateReset(multistream/bgzip), #139.microsoft/playwright (playwright)
v1.61.1Compare Source
pnpm/pnpm (pnpm)
v11.10.0Compare Source
Minor Changes
e2e3c81: Added theissuescommand as an alias ofbugs, sopnpm issuesopens the package's bug tracker URL in the browser.8491f8e: Added theprefixcommand which prints the current package prefix directory (or global prefix directory if-g/--globalis used).3425e80: Added an_authsetting for configuring registry authentication as a single structured (URL-keyed) value. It can be set in the global pnpm config (config.yaml) or, for CI, via thepnpm_config__authenvironment variable. The env form sidesteps the GitHub Actions / bash / zsh limitation that broke the existingpnpm_config_//host/:_authToken=…form (env var names containing/,:, or.are silently dropped). Closes #12314.The value is keyed by registry URL so each secret is explicitly bound to the host that may receive it. Registry URL keys must use
httporhttpsand must not include credentials, query strings, or fragments:The equivalent in the global
config.yaml:Within each registry URL,
@means registry-wide/default credentials and package scopes like@orgbind credentials to that scope on the same host. The only supported credential field isauthToken(maps to_authToken/ bearer auth); the deprecatedbasicAuth/username+passwordforms are intentionally not accepted here.Each entry also infers a trusted registry route:
@routes the default registry (andpnpm add <pkg>resolves there), and@orgroutes that scope. Because the credential and destination host arrive in one trusted value, repo-controlledpnpm-workspace.yamlor project.npmrccannot redirect the token to a different host._authis honored only from the env var and the global config — it is ignored in a projectpnpm-workspace.yaml/.npmrc, so repo-controlled config can never supply registry auth. Precedence: CLI flags (--registry,--@​scope:registry) >pnpm_config__auth> globalconfig.yaml_auth>pnpm-workspace.yaml.Both
pnpm_config__auth(lowercase, documented form) andPNPM_CONFIG__AUTH(all-caps, the shell convention some CI runners apply) are honored. If both are set, lowercase wins unless it is empty, in which case uppercase is used. The env var wins over the globalconfig.yaml_authon a conflicting key.tokenHelperis not supported in_auth. Parsing is strict: a malformed value (bad JSON, wrong shape, invalid registry URL or scope, an unsupported credential field) fails fast with an error rather than being silently dropped.Pacquet parity note: the pacquet (Rust) port supports the same single credential field as the TS CLI:
authToken.a33eeec:pnpm self-updateandpackageManagerversion-switching can now install and link pnpm v12 (the Rust port), published with equal content under both thepnpmand@pnpm/exenames on thenext-12dist-tag. Its native binaries ship as@pnpm/exe.<platform>-<arch>packages, which pnpm's built-in installer links directly — no Node.js launcher, so the command pays no Node startup cost. v12 is initialized exactly like@pnpm/exe, including per-platform global-virtual-store hashing. From v12 onward the install converges on the unscopedpnpmpackage (the Rust exe) — even when updating from the SEA@pnpm/exebuild.1dd12bd: When resolving through a pnpr install-accelerator server, pnpm no longer forwards its own upstream registry credentials in the resolve request. Only theAuthorizationheader identifying the caller to pnpr is sent. The pnpr server now selects upstream credentials from its own route policy (operator-configured upstream credential aliases), so private dependencies resolve through a pnpr-managed alias the caller is authorized to use, rather than by sending the client's registry tokens to the server.1e81761: Expose web authenticationauthUrlanddoneUrlin JSON error output when OTP is required in a non-interactive terminal #12724.Patch Changes
2f389d6: Added the Node.js release team's new signing key (Stewart X Addison,655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD) to the embedded Node.js release keys, so runtimes whoseSHASUMS256.txtis signed by the new releaser verify successfully.acbdb94: Fixed shell tab completion not suggesting workspaces after the-Falias for--filteroption.dcabb78: Fixedpnpm up -r <pkg>bumping unrelated packages that have open semver ranges. Previously, any update mutation nullified the lockfile-derivedpreferredVersionsglobally, so packages with^x.y.zranges could re-resolve to newer compatible versions even though the user only asked to update a specific package. The install layer now always seedspreferredVersionsfrom the lockfile, and caller-supplied preferred versions (such as the vulnerability penalties ofpnpm audit --fix) layer on top of the seed instead of replacing it. The targeted package still bumps: the per-resolveupdateRequestedflag makes the resolver ignore the target's own lockfile pins.Closes #10662.
d539172: Fixed pnpm pack and pnpm publish failing when prepack generates files that are included in the package and postpack cleans them up.be6505a: Hardened globaConfiguration
📅 Schedule: (in timezone Europe/London)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.