chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@antfu/eslint-config	6.0.0 -> 6.2.0
@playwright/test (source)	1.55.1 -> 1.56.1
@types/css-tree (source)	2.3.10 -> 2.3.11
bumpp	10.2.3 -> 10.3.1
changelogithub	13.16.0 -> 13.16.1
esbuild	0.25.10 -> 0.25.12
jiti	2.6.0 -> 2.6.1
knip (source)	5.64.1 -> 5.67.1
lint-staged	16.2.3 -> 16.2.6
magic-string	0.30.19 -> 0.30.21
pnpm (source)	10.17.1 -> 10.20.0
rollup (source)	4.52.3 -> 4.52.5
shadcn-docs-nuxt (source)	1.1.2 -> 1.1.4
tailwindcss (source)	4.1.13 -> 4.1.16
tinyexec	1.0.1 -> 1.0.2
typescript (source)	5.9.2 -> 5.9.3
unstorage (source)	1.17.1 -> 1.17.2
vue-router (source)	4.5.1 -> 4.6.3

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v6.2.0

Compare Source

   🚀 Features

• Accepting functions for ignores, close #​776  -  by @​antfu in #​776 (63b13)

    View changes on GitHub

v6.1.0

Compare Source

   🚀 Features

• Update deps  -  by @​antfu (aca34)

    View changes on GitHub

microsoft/playwright (@​playwright/test)

v1.56.1

Compare Source

Highlights

#​37871 chore: allow local-network-access permission in chromium
#​37891 fix(agents): remove workspaceFolder ref from vscode mcp
#​37759 chore: rename agents to test agents
#​37757 chore(mcp): fallback to cwd when resolving test config

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

v1.56.0

Compare Source

Playwright Agents

Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test:

• 🎭 planner explores the app and produces a Markdown test plan
• 🎭 generator transforms the Markdown plan into the Playwright Test files
• 🎭 healer executes the test suite and automatically repairs failing tests

Run npx playwright init-agents with your client of choice to generate the latest agent definitions:

### Generate agent files for each agentic loop
### Visual Studio Code
npx playwright init-agents --loop=vscode

### Claude Code
npx playwright init-agents --loop=claude

### opencode
npx playwright init-agents --loop=opencode

[!NOTE]
VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality!

Learn more about Playwright Agents

New APIs

• New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page
• New method page.requests() for retrieving the most recent network requests from the page
• Added --test-list and --test-list-invert to allow manual specification of specific tests from a file

UI Mode and HTML Reporter

• Added option to 'html' reporter to disable the "Copy prompt" button
• Added option to 'html' reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list
• Added option to UI Mode mirroring the --update-snapshots options
• Added option to UI Mode to run only a single worker at a time

Breaking Changes

• Event browserContext.on('backgroundpage') has been deprecated and will not be emitted. Method browserContext.backgroundPages() will return an empty list

Miscellaneous

• Aria snapshots render and compare input placeholder
• Added environment variable PLAYWRIGHT_TEST to Playwright worker processes to allow discriminating on testing status

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

antfu-collective/bumpp (bumpp)

v10.3.1

Compare Source

No significant changes

    View changes on GitHub

v10.3.0

Compare Source

   🚀 Features

• Support --release for release type  -  by @​luoling8192 in #​97 (5af7b)

    View changes on GitHub

antfu/changelogithub (changelogithub)

v13.16.1

Compare Source

   🐞 Bug Fixes

• Fix asset upload for untagged releases  -  by @​josh-hemphill in #​74 (86d29)

    View changes on GitHub

evanw/esbuild (esbuild)

v0.25.12

Compare Source

• Fix a minification regression with CSS media queries (#​4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#​4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:
  class ExampleIterator extends Iterator {}

• Add support for the new @view-transition CSS rule (#​4313)

  With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

  /* Original code */
  @​view-transition {
    navigation: auto;
    types: check;
  }
  
  /* Old output */
  @​view-transition { navigation: auto; types: check; }
  
  /* New output */
  @​view-transition {
    navigation: auto;
    types: check;
  }

  The new view transition feature provides a mechanism for creating animated transitions between documents in a multi-page app. You can read more about view transition rules here.

  This change was contributed by @​yisibl.

• Trim CSS rules that will never match

  The CSS minifier will now remove rules whose selectors contain :is() and :where() as those selectors will never match. These selectors can currently be automatically generated by esbuild when you give esbuild nonsensical input such as the following:

  /* Original code */
  div:before {
    color: green;
    &.foo {
      color: red;
    }
  }
  
  /* Old output (with --supported:nesting=false --minify) */
  div:before{color:green}:is().foo{color:red}
  
  /* New output (with --supported:nesting=false --minify) */
  div:before{color:green}

  This input is nonsensical because CSS nesting is (unfortunately) not supported inside of pseudo-elements such as :before. Currently esbuild generates a rule containing :is() in this case when you tell esbuild to transform nested CSS into non-nested CSS. I think it's reasonable to do that as it sort of helps explain what's going on (or at least indicates that something is wrong in the output). It shouldn't be present in minified code, however, so this release now strips it out.

v0.25.11

Compare Source

• Add support for with { type: 'bytes' } imports (#​4292)

  The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

  import data from './image.png' with { type: 'bytes' }
  const view = new DataView(data.buffer, 0, 24)
  const width = view.getInt32(16)
  const height = view.getInt32(20)
  console.log('size:', width + '\xD7' + height)

• Lower CSS media query range syntax (#​3748, #​4293)

  With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

  @&#8203;media (640px <= width <= 960px) {
    main {
      display: flex;
    }
  }

  will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

  @​media (min-width: 640px) and (max-width: 960px) {
    main {
      display: flex;
    }
  }

unjs/jiti (jiti)

v2.6.1

Compare Source

compare changes

🩹 Fixes

• interop: Only passthrough default if it is not a promise (#​408)

📦 Build

• Revert to terser-webpack-plugin (#​407)

🏡 Chore

• Update bench (037c646)
• Update deps (974ca40)
• Remove unused code (8b41497)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)

webpro-nl/knip (knip)

v5.67.1

Compare Source

v5.67.0

Compare Source

v5.66.4

Compare Source

• Add experimental nextjs conventions support (#​1322) (b7acf1f) - thanks @​vinnymac!
• Fix one character getting removed too much when fixing unused exported type (#​1324) (935cf5d) - thanks @​ulrichstark!
• Set --fix if --fix-types or --allow-remove-files is set (close #​1325) (d4b56e7)
• Update sponsors page (87c3880)
• Re-gen plugins list (a7d1ece)
• Update oxc-resolver (close #​1316) (3eaad53)

v5.66.3

Compare Source

v5.66.2

Compare Source

v5.66.1

Compare Source

• Revive some tests in Node (20690d1)
• Fix up SymbolType and reuse SYMBOL_TYPE (resolves #​1306) (d7c1c83)
• Minor refactor (3143c4e)
• Make defineNuxtConfig writable and deletable (resolves #​1307) (c31a77f)
• Fix up progress flag (c761a9d)
• Clear screen in watch mode (fb3ff4e)
• Refactor watch mode (661440e)
• Re-play previously unretained issues in watch mode (9b96730)
• Format & lint (7776ae8)

v5.66.0

Compare Source

• Add coverage for ignoreFiles feat (87ca476)
• update eleventy API to add addBundle() fix (#​1300) (ed2acec) - thanks @​hoardinghopes!
• feat: add danger plugin (#​1302) (d9e969d) - thanks @​what1s1ove!
• feat: add support for ignoring specific issue types per file pattern (#​1303) (673893a) - thanks @​rfalke-rtl!
• Speed up JSON load (83ca88f)
• Add JSON5 explainer to error (closes #​1297) (cb926ca)
• Add ignoreIssues to JSON Schema (9005691)
• Update docs (b4b8929)
• Oh, CI (b153f93)
• Fix lint issues (0ccfda6)

v5.65.0

Compare Source

• Release 5.64.3 (157ae94)
• Oops (f7ce7d7)
• Fix some typos in docs and code comments (#​1299) (715d7cc) - thanks @​jdufresne!
• Consider imported ns members referenced w/ spread (resolves #​1298) (8b91d08)
• Fix up added glob ignore patterns and debug output (4a3025d)
• Iterate on configuring-project-files.md (fac5613)
• Add ignoreFiles config option (c9ab3c9)
• Work JSON Schema (bfe7a0e)
• Fix up lint-staged plugin (resolves #​1293) (b39832d)
• Speed up strip-json-comments a tad (7172653)
• 4 ain't 5 (9b3981b)
• Add .npmrc to .gitignore (2d261f5)

v5.64.3

Compare Source

• Add support for json5 files (#​1290) (5dd115f) - thanks @​rfalke-rtl!
• Skip comments in .lintstagedrc.json files using a heuristic (#​1291) (83b02bb) - thanks @​rfalke-rtl!
• Fix --trace and add test (cf0556e)
• Fix sponsor color in svg (3db7eb7)
• Upgrade pnpm (0531075)
• Add fallback webpack entry if context is set (resolves #​1296) (c6845c7)

v5.64.2

Compare Source

• refactor: use toC12config for bump plugin (#​1280) (dbdd98b) - thanks @​nyarthan!
• chore: specifiy packageManager field for corepack users (#​1281) (7c70d9f) - thanks @​nyarthan!
• Fix config hints in production mode (resolves #​1279) (7abdc69)
• Refactor config hints a bit for perf tweak (d7e7866)
• Bump a few deps for docs (665f38a)
• Re-gen sponsorships chart (461edb4)
• Fix lint issue (4c72030)
• Stick with bun 1.2.22+6bafe2602 (7ee634a)
• Fix config hints (e687287)
• Update projects component (edb7367)
• feat: detect vitest ui mode (#​1284) (b6ac28c) - thanks @​nyarthan!
• Fix ESLint config error (#​1286) (3efb8a3) - thanks @​dnicolson!
• fix: Mark nested Next.js sitemaps as entrypoints (#​1287) (dde7a80) - thanks @​hugotiger!

lint-staged/lint-staged (lint-staged)

v16.2.6

Compare Source

Patch Changes

• #​1693 33d4502 Thanks @​Adrian-Baran-GY! - Fix problems with --continue-on-error option, where tasks might have still been killed (SIGINT) when one of them failed.

v16.2.5

Compare Source

Patch Changes

• #​1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.

v16.2.4

Compare Source

Patch Changes

• #​1682 0176038 Thanks @​iiroj! - Update dependencies, including [email protected] with bug fixes.

• #​1671 581a54e Thanks @​iiroj! - Speed up execution by only importing the yaml depedency if using YAML configuration files.

Rich-Harris/magic-string (magic-string)

v0.30.21

Compare Source

pnpm/pnpm (pnpm)

v10.20.0

Compare Source

Minor Changes

• Support --all option in pnpm --help to list all commands #​8628.

Patch Changes

• When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #​10100.
• create command should not verify patch info.
• Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #​10063.

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  onlyBuiltDependencies:
    - [email protected] || 21.6.5
    - [email protected]

  Related PR: #​10104.

• Added support for exact versions in minimumReleaseAgeExclude #​9985.

  You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - [email protected]
    - [email protected] || 5.102.1

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes

• pnpm outdated --long should work #​10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
• Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #​8748.
• pnpm dlx should not fail when minimumReleaseAge is set #​10037.

rollup/rollup (rollup)

v4.52.5

Compare Source

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#​6144)

Pull Requests

• #​6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #​6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #​6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6143: chore: eslint enable concurrency option (@​btea)
• #​6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #​6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

v4.52.4

Compare Source

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#​6133)

Pull Requests

• #​6128: Enable npm OIDC publishing (@​lukastaegert)
• #​6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #​6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

ZTL-UwU/shadcn-docs-nuxt (shadcn-docs-nuxt)

v1.1.4

Compare Source

🚀 Features

• Add some translations & footer border configuration - by @​BenjaminOddou in #​161 (4151c)
• Add Mermaid Support in Code Blocks - by @​6get-xiaofan in #​176 and #​177 (92260)
• Mermaid - by @​ZTL-UwU (e5a17)
• i18n: Add it (Italian) ui translation - by @​kalix127 in #​168 (93b9f)

🐞 Bug Fixes

• Hero button wrapping & mobile styles - by @​everfu in #​165 (e2895)
• Close search dialog on route change - by @​BenjaminOddou in #​164 (79a12)
• Aside isActive when url ends with a slash (fixes: #​179) - by @​ZTL-UwU in #​179 (328ce)

View changes on GitHub

tailwindlabs/tailwindcss (tailwindcss)

v4.1.16

Compare Source

Fixed

• Discard candidates with an empty data type (#​19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#​19176)
• Fix invalid colors due to nested & (#​19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#​19178)

v4.1.15

Compare Source

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#​19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#​19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#​19097)
• Allow named groups in combination with not-*, has-*, and in-* (#​19100)
• Prevent important utilities from affecting other utilities (#​19110)
• Don’t index into strings with the theme(…) function (#​19111)
• Fix parsing issue when \t is used in at-rules (#​19130)
• Upgrade: Canonicalize utilities containing 0 values (#​19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#​19157)

Changed

• Remove the postinstall script from oxide ([#​19149])(#​19149)

v4.1.14

Compare Source

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#​18888)
• Handle @variant inside @custom-variant (#​18885)
• Merge suggestions when using @utility (#​18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#​18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#​18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#​18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#​18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#​18918)
• Use default export condition for @tailwindcss/vite (#​18948)
• Re-throw errors from PostCSS nodes (#​18373)
• Detect classes in markdown inline directives (#​18967)
• Ensure files with only @theme produce no output when built (#​18979)
• Support Maud templates when extracting classes (#​18988)
• Upgrade: Do not migrate variant = 'outline' during upgrades (#​18922)
• Upgrade: Show version mismatch (if any) when running upgrade tool (#​19028)
• Upgrade: Ensure first class inside className is migrated (#​19031)
• Upgrade: Migrate classes inside *ClassName and *Class attributes (#​19031)

tinylibs/tinyexec (tinyexec)

v1.0.2

Compare Source

What's Changed

• refactor: migrate to tsdown by @​sxzz in #​50
• feat: OIDC publish by @​outslept in #​52
• docs: clarify documentation by @​outslept in #​54
• chore: set engine constraint by @​43081j in #​56
• test: migrate to vitest by @​43081j in #​58
• fix: read stdout/stderr in parallel by @​43081j in #​59

New Contributors

• @​sxzz made their first contribution in #​50
• @​outslept made their first contribution in #​52

Full Changelog: tinylibs/tinyexec@1.0.1...1.0.2

microsoft/TypeScript (typescript)

v5.9.3: TypeScript 5.9.3

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• [fixed issues query for Typescript 5.9.0 (Beta)](https://

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

❌ Deploy Preview for fontless failed.

Name	Link
🔨 Latest commit	3a2159d
🔍 Latest deploy log	https://app.netlify.com/projects/fontless/deploys/690a9e9524eed90009a71e5c

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/fontaine@670

npm i https://pkg.pr.new/fontless@670

commit: 7f2a887

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.40%. Comparing base (d66809d) to head (7f2a887).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #670   +/-   ##
=======================================
  Coverage   53.40%   53.40%           
=======================================
  Files          11       11           
  Lines         734      734           
  Branches       93       93           
=======================================
  Hits          392      392           
  Misses        342      342           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.