fix(deps): update npm - - package.json

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@aws-sdk/credential-providers (source)	^3.980.0 → ^3.1004.0			dependencies	minor	3.1007.0 (+2)
@babel/core (source)	^7.28.6 → ^7.29.0			devDependencies	patch
@esbuild/darwin-arm64	^0.27.2 → ^0.27.3			optionalDependencies	patch
@esbuild/darwin-x64	^0.27.2 → ^0.27.3			optionalDependencies	patch
@esbuild/linux-x64	0.27.2 → 0.27.3			optionalDependencies	patch
@esbuild/win32-x64	0.27.2 → 0.27.3			optionalDependencies	patch
@eslint/compat (source)	^2.0.2 → ^2.0.3			devDependencies	patch
@eslint/js (source)	^9.39.2 → ^9.39.4			devDependencies	patch
@fontsource/roboto (source)	^5.2.9 → ^5.2.10			dependencies	patch
@primer/octicons-react (source)	^19.21.2 → ^19.22.0			dependencies	minor
@types/lodash (source)	^4.17.23 → ^4.17.24			devDependencies	patch
@types/node (source)	^22.19.7 → ^22.19.15			devDependencies	patch
@vitejs/plugin-react (source)	^5.1.2 → ^5.1.4			devDependencies	patch
axios (source)	^1.13.4 → ^1.13.6			dependencies	patch
cypress (source)	^15.9.0 → ^15.11.0			devDependencies	minor
eslint (source)	^9.39.2 → ^9.39.4			devDependencies	patch
eslint-plugin-cypress	^5.2.1 → ^5.3.0			devDependencies	patch
express-rate-limit	^8.2.1 → ^8.3.0			dependencies	minor	8.3.1
fast-check (source)	^4.5.3 → ^4.6.0			devDependencies	minor
isomorphic-git (source)	^1.36.3 → ^1.37.2			dependencies	minor
lint-staged	^16.2.7 → ^16.3.2			devDependencies	minor	16.3.3
mongo	606f8e0 → adfc10c				digest
node	c028001 → bd3086f			final	digest
node	c028001 → bd3086f			stage	digest
openid-client	^6.8.1 → ^6.8.2			dependencies	patch
simple-git (source)	^3.30.0 → ^3.32.3			dependencies	minor	3.33.0
typescript-eslint (source)	^8.54.0 → ^8.56.1			devDependencies	patch	8.57.0

---

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/credential-providers)

v3.1004.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1003.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1002.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1001.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1000.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.999.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.998.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.997.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.996.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.995.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.994.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.993.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

evanw/esbuild (@​esbuild/darwin-arm64)

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

eslint/rewrite (@​eslint/compat)

v2.0.3

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

eslint/eslint (@​eslint/js)

v9.39.4

Compare Source

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

fontsource/font-files (@​fontsource/roboto)

v5.2.10

Compare Source

primer/octicons (@​primer/octicons-react)

v19.22.0

Compare Source

Minor Changes

• #​1157 18e3b9fd Thanks @​janmaarten-a11y! - Add book-locked icon
  Add comment-locked icon
  Add issue-locked icon
  Add git-pull-request-locked icon

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v5.1.4

Compare Source

Fix canSkipBabel not accounting for babel.overrides (#​1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

cypress-io/cypress (cypress)

v15.11.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

v15.10.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-10-0

eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#​20564) (Milos Djermanovic)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#​20554) (Milos Djermanovic)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#​20549) (Andrej Beles)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#​20538) (루밀LuMir)

Documentation

• 4675152 docs: add deprecation notice partial (#​20520) (Milos Djermanovic)

Chores

• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#​20596) (Francesco Trotta)
• 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
• 1d16c2f ci: pin Node.js 25.6.1 (#​20563) (Milos Djermanovic)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

express-rate-limit/express-rate-limit (express-rate-limit)

v8.3.0

Compare Source

You can view the changelog here.

v8.2.2

Compare Source

dubzzz/fast-check (fast-check)

v4.6.0

Compare Source

Better stringMatching with maxLength
[Code][Diff]

Features

• (PR#6599) Add basic maxLength support to stringMatching
• (PR#6600) Better clamp on regexes when maxLength on stringMatching
• (PR#6687) Deprecate Random::next(n) and Random::nextInt()

Fixes

• (PR#6502) Bug: Bad d.ts import in BuildInversedRelationsMapping
• (PR#6578) Bug: Don't crash when stringifying detached ArrayBuffers
• (PR#6700) Bug: Fix object unmapper and depth computation for special keys
• (PR#6432) CI: Move all dependencies to dev on examples/
• (PR#6443) CI: Migrate to Docusaurus v4 configuration format
• (PR#6456) CI: Enable persist-credentials in add-contributor workflow
• (PR#6501) CI: Bump module in tsconfig to node18
• (PR#6548) CI: Fix zizmor ignore config line numbers
• (PR#6554) CI: Drop tests against Node 20
• (PR#6563) CI: Fix check_publish status to be success on no error
• (PR#6565) CI: Add create release workflow
• (PR#6610) CI: Rework pnpm configuration
• (PR#6619) CI: Add PR template enforcement workflow
• (PR#6622) CI: Skip Netlify doc publish on PRs
• (PR#6625) CI: Run PR template check without approval
• (PR#6623) CI: Skip PR template check for Renovate bot
• (PR#6638) CI: Bundle fast-check using rolldown
• (PR#6662) CI: Rework configuration of examples
• (PR#6683) CI: Add Claude Code GitHub Action workflow
• (PR#6684) CI: Add configuration for pre and post tool Claude hooks
• (PR#6690) CI: Refine GH Action triggering CLAUDE
• (PR#6693) CI: Configure another Claude model
• (PR#6703) CI: Add top-level permissions: {} to workflows missing it
• (PR#6704) CI: Refactor Claude workflow custom instructions configuration
• (PR#6705) CI: Add SessionStart hook to ensure dependencies are installed
• (PR#6597) Clean: Drop runkit file
• (PR#6640) Clean: Drop unused "tsd" in package.json
• (PR#6441) Doc: Release note for 4.5.0
• (PR#6442) Doc: Replace generic blog tags with feature-specific taxonomy
• (PR#6458) Doc: Add adamni21 as doc contributor
• (PR#6496) Doc: Refine npm keywords
• (PR#6514) Doc: Skill for JavaScript testing expert
• (PR#6516) Doc: Add note to avoid overusing filter and fc.pre
• (PR#6517) Doc: Update testing skill to recommend mimicking existing test structure
• (PR#6523) Doc: Add PR template requirement to Copilot instructions
• (PR#6522) Doc: Add note on complementary testing approaches
• (PR#6524) Doc: Add snapshot vs screenshot guidance
• (PR#6527) Doc: Push to install missing tooling
• (PR#6530) Doc: Clearer guidelines for constraints of arbs in skill
• (PR#6526) Doc: Add AI-powered testing documentation
• (PR#6529) Doc: Add testing-library and browser testing part in skill
• (PR#6528) Doc: Add bigint type preference for integer computations in skill
• (PR#6531) Doc: Add TDD fashion thinking in skill
• (PR#6553) Doc: Add josephjunker as doc contributor
• (PR#6561) Doc: Add page on "What is property-based testing" and modify "Why property-based testing"
• (PR#6605) Doc: Drop Snyk link on Readme
• (PR#6603) Doc: Update CONTRIBUTING.md for AI
• (PR#6572) Doc: Rework issue templates
• (PR#6613) Doc: Update PR template
• (PR#6634) Doc: Rework bug-report template
• (PR#6635) Doc: Rework regression-report template
• (PR#6652) Doc: Update Readme to point to npmx
• (PR#6659) Doc: Update home to link to npmx
• (PR#6696) Doc: Add rushelex as code contributor
• (PR#6448) Performance: Optimize RunDetailsFormatter array allocations
• (PR#5718) Performance: Import less from pure-rand
• (PR#6679) Performance: Bump pure-rand to v8
• (PR#6446) Performance: Replace loose equality by strict one
• (PR#6444) Performance: Slightly faster code for RunExecution
• (PR#6437) Refactor: Replace fileURLToPath patterns with import.meta.*
• (PR#6567) Refactor: Remove ErrorWithCause, use Error directly
• (PR#6621) Refactor: Replace glob package with native Node.js fs.glob
• (PR#6675) Refactor: Drop @​rollup/plugin-replace for rolldown builtin
• (PR#6550) Security: Fix zizmor template-injection findings
• (PR#6472) Test: Provide cause when doc generation fails
• (PR#6381) Test: Migrate test-types to vitest
• (PR#6507) Test: Filter ESM-only packages from CommonJS mode checks
• (PR#6453) Typo: Fix typo for dictionary arbitrary constraint maxKeys
• (PR#6552) Typo: Replace flatMap with chain in error message

---

isomorphic-git/isomorphic-git (isomorphic-git)

v1.37.2

Compare Source

Bug Fixes

• add packfile integrity validation (fixes #​2288) (#​2289) (556ba32)

v1.37.1

Compare Source

Bug Fixes

• update sha.js closes #​2180 (#​2283) (e96e940)

v1.37.0

Compare Source

Features

• implement single commit cherry pick (#​2282) (ba6177f)

lint-staged/lint-staged (lint-staged)

v16.3.2

Compare Source

Patch Changes

• #​1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Compare Source

Patch Changes

• #​1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Compare Source

Minor Changes

• #​1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #​1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #​1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

panva/openid-client (openid-client)

v6.8.2

Compare Source

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

steveukx/git-js (simple-git)

v3.32.3

Compare Source

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

v3.32.2

Compare Source

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

v3.32.1

Compare Source

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

v3.32.0

Compare Source

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised
  along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

v3.31.1

Compare Source

Patch Changes

• a44184f: Resolve NPM publish steps

typescript-eslint/typescript-eslint (typescript-eslint)

v8.56.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	a20dd9d
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/69b1c35c1b08750008c10366

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.

View full job summary

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.71%. Comparing base (1c6c541) to head (a20dd9d).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1379   +/-   ##
=======================================
  Coverage   89.71%   89.71%           
=======================================
  Files          68       68           
  Lines        4880     4880           
  Branches      888      888           
=======================================
  Hits         4378     4378           
  Misses        484      484           
  Partials       18       18           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.