Skip to content

chore(deps): update npm-development#182

Merged
nedtwigg merged 2 commits into
mainfrom
renovate/npm-development
Jun 29, 2026
Merged

chore(deps): update npm-development#182
nedtwigg merged 2 commits into
mainfrom
renovate/npm-development

Conversation

@renovate

@renovate renovate Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@react-router/dev (source) 7.15.17.18.0 age adoption passing confidence
@storybook/react (source) 10.4.010.4.6 age adoption passing confidence
@storybook/react-vite (source) 10.4.010.4.6 age adoption passing confidence
@tailwindcss/vite (source) 4.3.04.3.1 age adoption passing confidence
@tauri-apps/cli 2.11.22.11.4 age adoption passing confidence
@types/react (source) 19.2.1419.2.17 age adoption passing confidence
@types/vscode (source) 1.85.01.125.0 age adoption passing confidence
@vitejs/plugin-react (source) 6.0.26.0.3 age adoption passing confidence
@vscode/vsce (source) 3.9.13.9.2 age adoption passing confidence
chromatic (source) ^16.10.1^17.0.0 age adoption passing confidence
esbuild 0.28.00.28.1 age adoption passing confidence
ovsx (source) ^0.10.12^1.0.0 age adoption passing confidence
storybook (source) 10.4.010.4.6 age adoption passing confidence
tailwindcss (source) 4.3.04.3.1 age adoption passing confidence
vite (source) 8.0.148.1.0 age adoption passing confidence
vitest (source) 4.1.64.1.9 age adoption passing confidence

Release Notes

remix-run/react-router (@​react-router/dev)

v7.18.0

Compare Source

Patch Changes
  • Pass Vite server.watch config to child compiler in development mode. (#​15178)

  • Ignore external Vite server environments in Framework Mode build hooks (#​14883)

    When future.v8_viteEnvironmentApi is enabled, React Router previously treated any non-client Vite environment as its own server build. This caused issues with integrations like Nitro, where plugins can register additional environments.

    Framework Mode build hooks now ignore external server environments and only process the app's own server build.

  • Updated dependencies:

v7.17.0

Compare Source

Patch Changes
  • Fix future flag warning URLs and only log each future flag warning one time (#​15138)
Unstable Changes

⚠️ Unstable features are not recommended for production use

v7.16.0

Compare Source

Minor Changes
  • Stabilize future.unstable_trailingSlashAwareDataRequests as future.v8_trailingSlashAwareDataRequests (#​15098)

    • The unstable flag is no longer supported and will error during config resolution
  • Log future flag warnings for upcoming React Router v8 flags (#​15029)

    • v8_middleware, v8_splitRouteModules, v8_viteEnvironmentApi, v8_passThroughRequests, v8_trailingSlashAwareDataRequests
Patch Changes
storybookjs/storybook (@​storybook/react)

v10.4.6

Compare Source

v10.4.5

Compare Source

v10.4.4

Compare Source

  • Telemetry: Add timeout to event-log POST to prevent build hang - #​35085, thanks @​badams!

v10.4.3

Compare Source

v10.4.2

Compare Source

v10.4.1

Compare Source

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.3.1

Compare Source

Added
  • Add --silent option to suppress output in @tailwindcss/cli (#​20100)
Fixed
  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#​20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#​20052)
  • Allow @apply to be used with CSS mixins (#​19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#​20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#​20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#​20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#​20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#​20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#​20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#​20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#​20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#​20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#​19588)
  • Allow @variant to be used inside addBase (#​19480)
  • Ensure @source globs with symlinks are preserved (#​20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#​20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#​20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#​20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#​20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#​20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#​20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#​20228)
Changed
  • Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#​20196)
  • Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#​20196)
tauri-apps/tauri (@​tauri-apps/cli)

v2.11.4: @​tauri-apps/cli v2.11.4

Compare Source

[2.11.4]

Bug Fixes
  • 67ffa192a (#​15596 by @​FabianLars) Fixed an issue in the AppImage bundler that caused the /.desktop and .DirIcon files to be absolute symlinks instead of relative symlinks which caused problems with AppImage installers like AppManager.
Dependencies
  • Upgraded to tauri-cli@2.11.4

v2.11.3: @​tauri-apps/cli v2.11.3

Compare Source

[2.11.3]

Bug Fixes
  • 50b0237ed (#​15549 by @​Legend-Master) Escape special characters in productName when generating Android strings.xml

  • 728c8d4a5 (#​15473 by @​Legend-Master) Skip building bundles when using tauri android run

  • be0cb0d43 (#​15344 by @​raglady) Fix NDK_HOME environment variable not honored when set

  • ed8fd411f (#​15552 by @​Legend-Master) Make ureq_proto show trace level logs only on -vvv instead of -vv

  • fca4a31f9 (#​15454 by @​fallintoplace) Fix tauri migrate generating invalid namespace imports for aliased pluginified imports from @tauri-apps/api.

    Inputs like import { cli as superCli } from "@​tauri-apps/api" now migrate to import * as superCli from "@​tauri-apps/plugin-cli" instead of producing invalid ESM syntax. The migration tests also reparse migrated JS, Svelte, and Vue output so syntax regressions are caught directly.

Dependencies
  • Upgraded to tauri-cli@2.11.3
vitejs/vite-plugin-react (@​vitejs/plugin-react)

v6.0.3

Compare Source

Microsoft/vsce (@​vscode/vsce)

v3.9.2

Compare Source

Changes:

This list of changes was auto generated.

chromaui/chromatic-cli (chromatic)

v17.4.1

Compare Source

🐛 Bug Fix
Authors: 3

v17.4.0

Compare Source

🚀 Enhancement
🐛 Bug Fix
Authors: 1

v17.3.0

Compare Source

🚀 Enhancement
🐛 Bug Fix
Authors: 3

v17.2.0

Compare Source

🚀 Enhancement
Authors: 1

v17.1.0

Compare Source

🚀 Enhancement
Authors: 1

v17.0.1

Compare Source

🐛 Bug Fix
Authors: 2

v17.0.0

Compare Source

💥 Breaking Change
🐛 Bug Fix
Authors: 2

evanw/esbuild (esbuild)

v0.28.1

Compare Source

  • Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

    This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

    Thanks to @​dellalibera for reporting this issue.

  • Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

    The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

    Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

    Thanks to @​sondt99 for reporting this issue.

  • Avoid inlining using and await using declarations (#​4482)

    Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

    // Original code
    {
      using x = new Resource()
      x.activate()
    }
    
    // Old output (with --minify)
    new Resource().activate();
    
    // New output (with --minify)
    {using e=new Resource;e.activate()}
  • Fix module evaluation when an error is thrown (#​4461, #​4467)

    If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

  • Fix some edge cases around the new operator (#​4477)

    Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

    // Original code
    new (foo()`bar`)()
    new (foo()?.bar)()
    
    // Old output
    new foo()`bar`();
    new (foo())?.bar();
    
    // New output
    new (foo())`bar`();
    new (foo()?.bar)();
  • Fix renaming of nested var declarations (#​4471)

    This release fixes a bug where var declarations in nested scopes that are hoisted up to module scope were not correctly being renamed during bundling. That could previously lead to name collisions when minification was disabled, which could potentially cause a behavior change. The bug has been fixed so that these hoisted declarations are now considered to be module-level symbols during the name collision avoidance pass.

  • Emit var instead of const for certain TypeScript-only constructs for ES5 (#​4448)

    While esbuild doesn't generally support converting const to var for ES5 due to nested scoping rules (which is currently a build-time error), esbuild previously incorrectly converted TypeScript-only import assignment constructs into a const declaration even when targeting ES5. With this release, esbuild will now use var for this case instead:

    // Original code
    import x = require('y')
    
    // Old output (with --target=es5)
    const x = require("y");
    
    // New output (with --target=es5)
    var x = require("y");
eclipse-openvsx/openvsx (ovsx)

v1.0.1

Compare Source

v1.0.0

Compare Source

Dependencies
  • Bump fast-uri from 3.1.0 to 3.1.2 (#​1829)
  • Bump brace-expansion from 5.0.5 to 5.0.6 (#​1846)
  • Bump qs from 6.15.0 to 6.15.2 (#​1869)
  • Bump tmp from 0.2.4 to 0.2.6 (#​1877)
vitejs/vite (vite)

v8.1.0

Compare Source

Features
Bug Fixes
Code Refactoring

v8.0.16

Compare Source

Bug Fixes

v8.0.15

Compare Source

Features
Bug Fixes
  • capitalize error messages and remove spurious space in parse error (#​22488) (85a0eff)
  • deps: update all non-major dependencies (#​22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@​fs/ HTML paths (#​21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#​22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#​22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#​22509) (40985f1)
Miscellaneous Chores
Code Refactoring
vitest-dev/vitest (vitest)

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub

v4.1.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v4.1.7

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

  • Branch creation
    • Only on Monday (* * * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 29, 2026

Copy link
Copy Markdown

Deploying mouseterm with  Cloudflare Pages  Cloudflare Pages

Latest commit: 752231b
Status: ✅  Deploy successful!
Preview URL: https://f538fa74.mouseterm.pages.dev
Branch Preview URL: https://renovate-npm-development.mouseterm.pages.dev

View logs

@dormouse-bot dormouse-bot left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing worth a maintainer decision before this lands — flagged inline on vscode-ext/package.json. The rest of the bumps look fine: ovsx@1.0.2 still exposes publish --packagePath/--no-dependencies (the release.yml publish step is unaffected), and chromatic 17 already passed UI Tests on this commit.

Comment thread vscode-ext/package.json Outdated
The npm-development group bumped @types/vscode to 1.125.0, but
engines.vscode stays ^1.85.0 — that lets the typed API surface
outrun the declared minimum runtime (APIs added after 1.85 would
be undefined on VS Code 1.85–1.124, and CI wouldn't catch it since
the extension is esbuild-bundled with no typecheck).

Pin the type stub back to 1.85.0 and add a Renovate packageRule
(allowedVersions) so future npm-development PRs keep it pinned.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@renovate

renovate Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@nedtwigg nedtwigg merged commit 13803fc into main Jun 29, 2026
9 checks passed
@nedtwigg nedtwigg deleted the renovate/npm-development branch June 29, 2026 21:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants