chore(deps-dev): bump the devdependencies group across 1 directory with 10 updates

[dependabot]

Bumps the devdependencies group with 10 updates in the / directory:

Package	From	To
@types/node	22.10.2	22.13.1
@types/react	19.0.2	19.0.8
@types/react-dom	19.0.2	19.0.3
@vitest/coverage-v8	2.1.8	3.0.5
jsdom	25.0.1	26.0.0
knip	5.42.0	5.43.6
postcss	8.4.49	8.5.1
tailwindcss	3.4.17	4.0.4
typescript	5.7.2	5.7.3
vitest	2.1.8	3.0.5

Updates @types/node from 22.10.2 to 22.13.1

Commits

• See full diff in compare view

Updates @types/react from 19.0.2 to 19.0.8

Commits

• See full diff in compare view

Updates @types/react-dom from 19.0.2 to 19.0.3

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 2.1.8 to 3.0.5

Release notes

Sourced from @​vitest/coverage-v8's releases.

v3.0.5

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

v3.0.4

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963

   🐞 Bug Fixes

• Filter projects eagerly during config resolution  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#7313 (dff44)
• Apply development|production condition on Vites 6 by @​hi-ogawa and @​sheremet-va (#7301) (ef146)
• browser: Restrict served files from /__screenshot-error  -  by @​hi-ogawa in vitest-dev/vitest#7340 (ed9ae)
• deps: Update all non-major dependencies  -  by @​sheremet-va in vitest-dev/vitest#7297 (38ea8)
• runner: Timeout long sync hook  -  by @​hi-ogawa in vitest-dev/vitest#7289 (c60ee)
• typechecking: Support typechecking parsing with Vite 6  -  by @​sheremet-va in vitest-dev/vitest#7335 (bff70)
• types: Fix public types  -  by @​mrginglymus and @​sheremet-va in vitest-dev/vitest#7328 (ce6af)

    View changes on GitHub

v3.0.3

   🐞 Bug Fixes

• browser:
  • Don't throw a validation error if v8 coverage is used with filtered instances  -  by @​sheremet-va in vitest-dev/vitest#7306 (fa463)
  • Don't fail when running --browser.headless if the browser projest is part of the workspace  -  by @​sheremet-va in vitest-dev/vitest#7311 (e43a8)

   🏎 Performance

• reporters: Update summary only when needed  -  by @​AriPerkkio in vitest-dev/vitest#7291 (7f36b)

    View changes on GitHub

v3.0.2

   🐞 Bug Fixes

... (truncated)

Commits

• 1154662 chore: release v3.0.5
• 9e40437 chore: release v3.0.4
• 38ea8ea fix(deps): update all non-major dependencies (#7297)
• 33ab8a2 chore: release v3.0.3
• f17918a chore: release v3.0.2
• 56c5018 chore: release v3.0.1
• 537fa5e fix(deps): update all non-major dependencies (#7147)
• 01600e0 chore: release v3.0.0
• 8cab960 fix: colors on forks pool (#7090)
• 57b671d chore: release v3.0.0-beta.4
• Additional commits viewable in compare view

Updates jsdom from 25.0.1 to 26.0.0

Release notes

Sourced from jsdom's releases.

Version 26.0.0

Breaking change: canvas peer dependency requirement has been upgraded from v2 to v3. (sebastianwachter)

Other changes:

• Added AbortSignal.any(). (jdbevan)
• Added initial support for form-associated custom elements, in particular making them labelable and supporting the ElementInternals labels property. The form-associated callbacks are not yet supported. (hesxenon)
• Updated whatwg-url, adding support for URL.parse().
• Updated cssstyle and rrweb-cssom, to improve CSS parsing capabilities.
• Updated nwsapi, improving CSS selector matching.
• Updated parse5, fixing a bug around <noframes> elements and HTML entity decoding.
• Fixed JSDOM.fromURL() to properly reject the returned promise if the server redirects to an invalid URL, instead of causing an uncaught exception.

Changelog

Sourced from jsdom's changelog.

26.0.0

Breaking change: canvas peer dependency requirement has been upgraded from v2 to v3. (sebastianwachter)

Other changes:

• Added AbortSignal.any(). (jdbevan)
• Added initial support for form-associated custom elements, in particular making them labelable and supporting the ElementInternals labels property. The form-associated callbacks are not yet supported. (hesxenon)
• Updated whatwg-url, adding support for URL.parse().
• Updated cssstyle and rrweb-cssom, to improve CSS parsing capabilities.
• Updated nwsapi, improving CSS selector matching.
• Updated parse5, fixing a bug around <noframes> elements and HTML entity decoding.
• Fixed JSDOM.fromURL() to properly reject the returned promise if the server redirects to an invalid URL, instead of causing an uncaught exception.

Commits

• 3644055 Version 26.0.0
• 8ebaee9 Update dependencies and dev dependencies
• 5984ace Catch invalid redirect URLs
• d5abcd1 Make querySelectorAll follow the always-impl rule
• 56f27c2 Add support for ElementInternals's labels property
• 854ae1b Implement AbortSignal.any()
• 7cc3500 Update optional peer dependency canvas to v3
• 8955c99 Add support for canvas v3
• 8dfe288 Add Node 22 to CI test matrix
• See full diff in compare view

Updates knip from 5.42.0 to 5.43.6

Release notes

Sourced from knip's releases.

Release 5.43.6

• Update docs for writing a plugin (f3669e2220a8ad40333643408ab4f78dcc73a029)
• Remove unused property (18612d2f2ce6c932b461ebd2c2ebaa9317b3e4a3)
• Merge glob patterns (3815faefb6e1875cebcee84f32a25973fd3d7654)
• Update docs for writing a plugin (c1de2ba43faa541cdae8af718002e2dc6d0bfab4)
• Invoke expo config function with context obj (resolves #919) (2d0876baaad2246757ba1b35d43960655068c0c2)
• Add empty plugins: [] to dummy expo obj to cause less issues (15b8aac5087c2a5aa8d6d0597ea61f90d29e7514)

Release 5.43.5

• Allow nsTypes to always consider all enums (the actual fix for #927) (881de38e24f95508e198db8369df14e4b4136147)

Release 5.43.4

• Add missing test & widen scope for implicit enumerations (resolves #927) (d02db682d83890c65c6332c0dc7a8f763f5e818a)

Release 5.43.3

• Improve enum/member handling (fc5982e9a90edb5f966391069a19b778d37dfe0e)
• More concise naming (f93a410f1319fd49661cafd73ddec8d10b546b6f)
• feat(jest): add mocks to entry files (#925) (895434b8ce3adf02b11b3fe3835d658ade05f348) - thanks @​TkDodo!
• Move mock (0259b8752b6f8c6b2bd780270b09e63ff227a10d)

Release 5.43.2

• Add a bit of error handling for failed contributors fetch (b70958a58ea255ee7a7831e404786da807ca93d7)
• Always use production entries by default in expo plugin (resolves #918) (9b8cb699dfbfe7bb9422ac2834dd229ebb93eb06)
• knipignore → lintignore (47460d28c8723dfca4f85fb81be3037c2c52c8f1)
• Fix scoping of namespace import refs (c8ce64d71dc841745cef6d059f43841d0f2d2419)
• Bun started exposing serialize and deserialize directly from node:v8 (cbfc56e98bdab15d708c16413dcff4ecf2916e8d)
• Update docs (b7b627398930b9aaf64e1a1bf56f6aea0ff9f35d)
• Update dependencies (9b4f695c6c1b8ed9cc4b503e51888f40e1fc1a88)

Release 5.43.1

• Add ignoreUnresolved to json schema (ec1cca705d0dbae53927938ae3d09cb1b5d1da1b)
• Update docs (d1f05c1e2df592cbee7b40b76f6657d8c07d43cb)

Release 5.43.0

• Add ignoreUnresolved feature (resolves #920) (081a776adc106221b0e7c0a0c14bcb594e7f651d)
• Edit metro plugin doc (a418b57eda0fb31cf54f8d148da2ecbd4294988d)

Release 5.42.3

• Do not crash when running npm init @​knip/config on a repository not using git (#916) (10575b8afbc0d6cc7a1442d9c28d6fa144b656ea) - thanks @​guillaumebrunerie!
• feat: add support for storybook framework option as a string (#923) (030ac406877d3c61005eee4f0067b555942c9a2f) - thanks @​filipw01!
• Fix vitest reporters with options (#922) (02a300c1f01dc9d1dc1c312404e25d88c97a125f) - thanks @​dakro!
• Improve containingFilePath for inputs + debug output for failed script parser (8ccee8178e1087791b563a47018e220db386ed9e)

Release 5.42.2

• Accept function that returns config in expo plugin (96b67835ebc07abea5c899154978b6f09ca39bff)
• Improve pm binary/package handling (4b78b614d8dace82c6c8c168c7909f4f4f025f7b)
• Make github-action inputs optional in production mode (resolves #914) (c510a3500e946153db798d912d8d9c8dc399bb0d)
• Minor housekeeping (4011b233dcef91ea8c48e971c018bbc16141cef4)
• Track Angular polyfills (#913) (e5688024e618ad066a85ef995c8a2f292fe3c43d) - thanks @​davidlj95!

... (truncated)

Commits

• 0afc339 Release 5.43.6
• 15b8aac Add empty plugins: [] to dummy expo obj to cause less issues
• 2d0876b Invoke expo config function with context obj (resolves #919)
• 3815fae Merge glob patterns
• 18612d2 Remove unused property
• f3669e2 Update docs for writing a plugin
• 51917bc Release 5.43.5
• 881de38 Allow nsTypes to always consider all enums (the actual fix for #927)
• 6954b6f Release 5.43.4
• d02db68 Add missing test & widen scope for implicit enumerations (resolves #927)
• Additional commits viewable in compare view

Updates postcss from 8.4.49 to 8.5.1

Release notes

Sourced from postcss's releases.

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

Changelog

Sourced from postcss's changelog.

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

Commits

• 7b02c75 Release 8.5.1 version
• 4c15339 Update dependencies
• 7efe91e Improve backwards compat for Input#document (#2000)
• 6873270 Release 8.5 version
• 4223bb9 Fix 80 columns limit
• 80e2401 Add Input#document (#1996)
• 6f86879 Update dependencies
• 85cbbec Fix pnpm version on CI
• 76caa57 Update dependencies
• 46ff246 Move to pnpm 10
• Additional commits viewable in compare view

Updates tailwindcss from 3.4.17 to 4.0.4

Release notes

Sourced from tailwindcss's releases.

v4.0.4

Fixed

• Fix a crash when setting JS theme values to null (#16210)
• Ensure escaped underscores in CSS variables in arbitrary values are properly unescaped (#16206)
• Ensure that the containers JS theme key is added to the --container-* namespace (#16169)
• Ensure theme @keyframes are generated even if an --animation-* variable spans multiple lines (#16237)
• Vite: Skip parsing stylesheets with the ?commonjs-proxy flag (#16238)
• Fix order-first and order-last for Firefox (#16266)
• Fix support for older instruction sets on Linux x64 builds of the standalone CLI (#16244)
• Ensure NODE_PATH is respected when resolving JavaScript and CSS files (#16274)
• Ensure Node addons are packaged correctly with FreeBSD builds (#16277)
• Fix an issue where @variant inside a referenced stylesheet could cause a stack overflow (#16300)

v4.0.3

Fixed

• Fix incorrect removal of @import url(); (#16144)

v4.0.2

Fixed

• Only generate positive grid-cols-* and grid-rows-* utilities (#16020)
• Ensure escaped theme variables are handled correctly (#16064)
• Ensure we process Tailwind CSS features when only using @reference or @variant (#16057)
• Refactor gradient implementation to work around prettier/prettier#17058 (#16072)
• Vite: Ensure hot-reloading works with SolidStart setups (#16052)
• Vite: Fix a crash when starting the development server in SolidStart setups (#16052)
• Vite: Don't rebase URLs that appear to be aliases (#16078)
• Vite: Transform <style> blocks in HTML files (#16069)
• Prevent camel-casing CSS custom properties added by JavaScript plugins (#16103)
• Do not emit @keyframes in @theme reference (#16120)
• Discard invalid declarations when parsing CSS (#16093)
• Do not emit empty CSS rules and at-rules (#16121)
• Handle @variant when at the top-level of a stylesheet (#16129)

v4.0.1

Added

• Include :open pseudo-class in existing open variant (#15349)

Fixed

• Remove invalid min-w/h-none utilities (#15845)
• Discard CSS variable shorthand utilities that don't use valid CSS variables (#15738)
• Ensure font-size utilities with none modifier have a line-height set e.g. text-sm/none (#15921)
• Ensure font-size utilities with unknown modifier don't generate CSS (#15921)
• Don’t suggest font weight utilities more than once (#15857)
• Suggest container query variants (#15857)
• Disable bare value suggestions when not using the --spacing variable (#15857)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.0.4] - 2025-02-06

Fixed

• Fix a crash when setting JS theme values to null (#16210)
• Ensure escaped underscores in CSS variables in arbitrary values are properly unescaped (#16206)
• Ensure that the containers JS theme key is added to the --container-* namespace (#16169)
• Ensure theme @keyframes are generated even if an --animation-* variable spans multiple lines (#16237)
• Vite: Skip parsing stylesheets with the ?commonjs-proxy flag (#16238)
• Fix order-first and order-last for Firefox (#16266)
• Fix support for older instruction sets on Linux x64 builds of the standalone CLI (#16244)
• Ensure NODE_PATH is respected when resolving JavaScript and CSS files (#16274)
• Ensure Node addons are packaged correctly with FreeBSD builds (#16277)
• Fix an issue where @variant inside a referenced stylesheet could cause a stack overflow (#16300)

[4.0.3] - 2025-02-01

Fixed

• Fix incorrect removal of @import url(); (#16144)

[4.0.2] - 2025-01-31

Fixed

• Only generate positive grid-cols-* and grid-rows-* utilities (#16020)
• Ensure escaped theme variables are handled correctly (#16064)
• Ensure we process Tailwind CSS features when only using @reference or @variant (#16057)
• Refactor gradient implementation to work around prettier/prettier#17058 (#16072)
• Vite: Ensure hot-reloading works with SolidStart setups (#16052)
• Vite: Fix a crash when starting the development server in SolidStart setups (#16052)
• Vite: Don't rebase URLs that appear to be aliases (#16078)
• Vite: Transform <style> blocks in HTML files (#16069)
• Prevent camel-casing CSS custom properties added by JavaScript plugins (#16103)
• Do not emit @keyframes in @theme reference (#16120)
• Discard invalid declarations when parsing CSS (#16093)
• Do not emit empty CSS rules and at-rules (#16121)
• Handle @variant when at the top-level of a stylesheet (#16129)

[4.0.1] - 2025-01-29

Added

• Include :open pseudo-class in existing open variant (#15349)

Fixed

• Remove invalid min-w/h-none utilities (#15845)
• Discard CSS variable shorthand utilities that don't use valid CSS variables (#15738)
• Ensure font-size utilities with none modifier have a line-height set e.g. text-sm/none (#15921)

... (truncated)

Commits

• 83fdf37 Prepare v4.0.4 (#16302)
• 144581d Properly skip over nodes when using replaceNode (#16300)
• d566dbd Improve performance of rebuilds (#16283)
• 82d486a Fix order-first and order-last for Firefox (#16266)
• 3b61277 Don't crash when setting JS theme value to null (#16210)
• 9fd6766 Ensure first argument to var(…) still unescapes \_ (#16206)
• 06dfa39 Ensure we always emit @keyframes correctly (#16237)
• ac202ff Update upgrade CLI to handle containers config correctly (#16169)
• b7c3f50 Prepare v4.0.3 (#16146)
• b7436f8 Fix @import url() being stripped (#16144)
• Additional commits viewable in compare view

Updates typescript from 5.7.2 to 5.7.3

Release notes

Sourced from typescript's releases.

TypeScript 5.7.3

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).
• fixed issues query for Typescript 5.7.3 (Stable).

Downloads are available on npm

Commits

• a5e123d Update LKG
• 8bc0204 🤖 Pick PR #60828 (Fix CodeQL configuration, releases) into release-5.7 (#60923)
• 7aa63df 🤖 Pick PR #60393 (Don't try to add an implicit undefi...) into release-5.7 (#...
• 9df7c36 Bump version to 5.7.3 and LKG
• e167412 🤖 Pick PR #60794 (Harden sanitizeLog against incorr...) into release-5.7 (#...
• 9ba364c Fix coverage build on release-5.7 (#60792)
• 4b7441a 🤖 Pick PR #60680 (Mark the inherited any-based index ...) into release-5.7 (#...
• e844dc3 Cherry-pick #60402, #60440, #60616 into release-5.7 (#60777)
• 21b02a1 🤖 Pick PR #60749 (Do not require import attribute on ...) into release-5.7 (#...
• b82fd16 🤖 Pick PR #60576 (Avoid incorrectly reusing assertion...) into release-5.7 (#...
• Additional commits viewable in compare view

Updates vitest from 2.1.8 to 3.0.5

Release notes

Sourced from vitest's releases.

v3.0.5

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

v3.0.4

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963

   🐞 Bug Fixes

• Filter projects eagerly during config resolution  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#7313 (dff44)
• Apply development|production condition on Vites 6 by @​hi-ogawa and @​sheremet-va (#7301) (ef146)
• browser: Restrict served files from /__screenshot-error  -  by @​hi-ogawa in vitest-dev/vitest#7340 (ed9ae)
• deps: Update all non-major dependencies  -  by @​sheremet-va in vitest-dev/vitest#7297 (38ea8)
• runner: Timeout long sync hook  -  by @​hi-ogawa in vitest-dev/vitest#7289 (c60ee)
• typechecking: Support typechecking parsing with Vite 6  -  by @​sheremet-va in vitest-dev/vitest#7335 (bff70)
• types: Fix public types  -  by @​mrginglymus and @​sheremet-va in vitest-dev/vitest#7328 (ce6af)

    View changes on GitHub

v3.0.3

   🐞 Bug Fixes

• browser:
  • Don't throw a validation error if v8 coverage is used with filtered instances  -  by @​sheremet-va in vitest-dev/vitest#7306 (fa463)
  • Don't fail when running --browser.headless if the browser projest is part of the workspace  -  by @​sheremet-va in vitest-dev/vitest#7311 (e43a8)

   🏎 Performance

• reporters: Update summary only when needed  -  by @​AriPerkkio in vitest-dev/vitest#7291 (7f36b)

    View changes on GitHub

v3.0.2

   🐞 Bug Fixes

... (truncated)

Commits

• 1154662 chore: release v3.0.5
• 3c8050e fix: don't toggle cli cursor on non-TTY (#7336)
• 191ef9e fix: validate websocket request (#7317)
• 9e40437 chore: release v3.0.4
• ef1464f fix: apply development|production condition on Vite 6 (#7301)
• 38ea8ea fix(deps): update all non-major dependencies (#7297)
• dff4406 fix: filter projects eagerly during config resolution (#7313)
• ce6af70 fix(types): fix public types (#7328)
• bff70be fix(typechecking): support typechecking parsing with Vite 6 (#7335)
• a8d123c chore(deps): update eslint packages (#7086)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
pmfy	❌ Failed (Inspect)			Feb 7, 2025 3:47am

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	7.12%	218 / 3061
🔵	Statements	7.12%	218 / 3061
🔵	Functions	56.73%	59 / 104
🔵	Branches	72.13%	88 / 122

File Coverage

No changed files found.

Generated in workflow #66 for commit 94d84a0 by the Vitest Coverage Report Action

[dependabot]

Superseded by #70.