Update devDependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/plugin-proposal-decorators (source)	7.28.6 → 7.29.0
@babel/plugin-transform-runtime (source)	7.28.5 → 7.29.0
@codemirror/language	6.12.1 → 6.12.2
@codemirror/state	6.5.4 → 6.6.0
@codemirror/view	6.39.12 → 6.40.0
@embroider/addon-dev (source)	8.2.0 → 8.3.0
@embroider/compat (source)	4.1.12 → 4.1.15
@embroider/core (source)	4.4.2 → 4.4.5
@embroider/macros (source)	1.19.6 → 1.20.1
@embroider/vite (source)	1.5.0 → 1.6.1
@eslint/js (source)	9.39.2 → 9.39.4
@glint/ember-tsc	1.1.0 → 1.2.2
@glint/template	1.7.4 → 1.7.6
@glint/tsserver-plugin	2.1.0 → 2.2.3
@iconify-json/devicon	1.2.57 → 1.2.60
@iconify-json/vscode-icons	1.2.40 → 1.2.45
@lezer/common	1.5.0 → 1.5.1
@rollup/plugin-commonjs (source)	29.0.0 → 29.0.2
@types/node (source)	24.10.9 → 24.12.0
@vitest/browser-playwright (source)	4.0.18 → 4.1.0
@vitest/browser-webdriverio (source)	4.0.18 → 4.1.0
autoprefixer	10.4.23 → 10.4.27
ember-modifier	4.2.2 → 4.3.0
ember-primitives	^0.51.0 → ^0.53.0
ember-resolver	13.1.1 → 13.2.0
ember-source (source)	6.12.0-alpha.6 → 6.12.0-beta.2
eslint (source)	9.39.2 → 9.39.4
eslint-plugin-n	17.23.2 → 17.24.0
fs-extra	11.3.3 → 11.3.4
globals	17.2.0 → 17.4.0
globby	16.1.0 → 16.1.1
mermaid	11.12.2 → 11.13.0
oxc-parser (source)	^0.107.0 → ^0.118.0
oxc-transform (source)	^0.107.0 → ^0.118.0
playwright (source)	1.58.1 → 1.58.2
postcss (source)	8.5.6 → 8.5.8
prettier-plugin-ember-template-tag	2.1.2 → 2.1.3
publint (source)	0.3.17 → 0.3.18
rollup (source)	4.57.1 → 4.59.0
shiki (source)	3.22.0 → 3.23.0
svelte (source)	5.50.3 → 5.53.11
testem	3.17.0 → 3.18.0
turbo (source)	2.8.0 → 2.8.16
type-fest	5.3.1 → 5.4.4
typescript-eslint (source)	8.54.0 → 8.57.0
vite (source)	8.0.0-beta.7 → 8.0.0
vite-bundle-analyzer	1.3.2 → 1.3.6
vite-plugin-mkcert	1.17.9 → 1.17.10
vitest (source)	4.0.18 → 4.1.0
vue (source)	3.5.27 → 3.5.30
webdriverio (source)	9.23.3 → 9.25.0

---

Release Notes

babel/babel (@​babel/plugin-proposal-decorators)

v7.29.0

Compare Source

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

• babel-types
  • #​17750 [7.x backport] Add attributes import declaration builder (@​JLHwung)
• babel-standalone
  • #​17663 [7.x backport] feat(standalone): export async transform (@​JLHwung)
  • #​17725 [7.x backport] feat: read standalone targets from data-targets (@​JLHwung)

🐛 Bug Fix

• babel-parser
  • #​17765 fix(parser): correctly parse type assertions in extends clause (@​nicolo-ribaudo)
  • #​17723 [7.x backport] fix(parser): improve super type argument parsing (@​JLHwung)
• babel-traverse
  • #​17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #​17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • #​17642 [Babel 7] Improve generator performance (@​liuxingbaoyu)

Committers: 6

• David (@​simbahax)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• @​magic-akari

codemirror/language (@​codemirror/language)

v6.12.2

Compare Source

Bug fixes

Make sure brackets are highlighted in the initial editor state.

Pause bracket matching updates during composition, to avoid disrupting Mobile Safari's fragile composition handling.

codemirror/state (@​codemirror/state)

v6.6.0

Compare Source

New features

EditorSelection.range now takes an optional assoc argument.

SelectionRange.extend can now be given a third argument to specify associativity.

codemirror/view (@​codemirror/view)

v6.40.0

Compare Source

Bug fixes

Fix a bug that caused Shift-Enter/Backspace/Delete on iOS to lose the shift modifier when delivered to key event handlers.

Fix an issue where EditorView.moveVertically could move to the wrong place in wrapped lines with a large line height.

Make sure the selection head associativity is properly set for mouse selections made with shift held down.

New features

WidgetType.updateDOM is now called with the previous widget value as third argument.

v6.39.17

Compare Source

Bug fixes

Improve touch tap-selection on line wrapping boundaries.

Make drawSelection draw our own selection handles on iOS.

Fix an issue where posAtCoords, when querying line wrapping points, got confused by extra empty client rectangles produced by Safari.

v6.39.16

Compare Source

Bug fixes

Perform scroll stabilization on the document or wrapping scrollable elements, when the user scrolls the editor.

Fix an issue where changing decorations right before a composition could end up corrupting the visible DOM.

Fix an issue where some types of text input over a selection would be read as happening in wrong position.

v6.39.15

Compare Source

Bug fixes

Fix a regression where the editor would forget previously measured line heights without good reason.

Fix an issue where scrolling the cursor into view sometimes wouldn't work on Chrome Android.

Fix a bug that broke composition inside of block wrappers.

v6.39.14

Compare Source

Bug fixes

Improve performance of posAtCoords on long lines.

Fix a regression where copy and cut in a shadow DOM on Safari would fall back to the native behavior, often copying the wrong text.

v6.39.13

Compare Source

Bug fixes

Fix an issue where a widget at start or end of line, when wrapped to cover that whole line, could block vertical cursor motion.

Fix an issue EditorView.moveVertically that would sometimes cause selection-extending vertical motion to get stuck on line wrapping points.

embroider-build/embroider (@​embroider/addon-dev)

v8.3.0

• @​embroider/addon-dev 8.3.0 (minor)
• @​embroider/compat 4.1.13 (patch)
• @​embroider/core 4.4.3 (patch)
• @​embroider/macros 1.19.7 (patch)
• @​embroider/template-tag-codemod 1.3.5 (patch)
• @​embroider/vite 1.5.1 (patch)

🚀 Enhancement

• @embroider/addon-dev
  • #​2651 Update addon-dev to support glint 1 and glint 2 and choose between them based on your available dependencies (@​NullVoxPopuli)

🐛 Bug Fix

• @embroider/compat, @embroider/template-tag-codemod
  • #​2656 Upgrade broccoli to ^4.0.0 and align Node requirements to >= 20.19.* (@​Copilot)
• @embroider/vite
  • #​2664 Narrow gjsFilter to not include files that happen to have .gjs in their file name (@​NullVoxPopuli)
• @embroider/macros
  • #​2665 widen the ember-cli-babel dependency range for macros (@​mansona)

🏠 Internal

• Other
  • #​2666 upgrade release-plan (@​mansona)
  • #​2653 Fix CI - content-tag whitespace (@​NullVoxPopuli)
• @embroider/addon-dev
  • #​2652 Switch addon-dev to vitest (@​NullVoxPopuli)

Committers: 3

• Chris Manson (@​mansona)
• Copilot [Bot] (@​copilot-swe-agent)
• @​NullVoxPopuli

eslint/eslint (@​eslint/js)

v9.39.4

Compare Source

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

typed-ember/glint (@​glint/ember-tsc)

v1.2.2

Compare Source

• @​glint/ember-tsc 1.2.2 (patch)
• @​glint/template 1.7.6 (patch)
• @​glint/tsserver-plugin 2.2.3 (patch)
• @​glint/type-test 2.0.1 (patch)

🐛 Bug Fix

• @glint/ember-tsc, @glint/template, @glint/tsserver-plugin, @glint/type-test
  • #​1073 Fix release (@​NullVoxPopuli)

🏠 Internal

• #​1071 Remove unstable publishing infra (@​NullVoxPopuli)

Committers: 1

• @​NullVoxPopuli

v1.2.1

• @​glint/ember-tsc 1.2.1 (patch)
• @​glint/template 1.7.5 (patch)
• @​glint/tsserver-plugin 2.2.2 (patch)

🐛 Bug Fix

• @glint/template, @glint/tsserver-plugin
  • #​1070 Update docs (@​NullVoxPopuli)
• Other
  • #​1069 Update release-plan (@​NullVoxPopuli)

📝 Documentation

• @glint/template, @glint/tsserver-plugin
  • #​1070 Update docs (@​NullVoxPopuli)

🏠 Internal

• #​1069 Update release-plan (@​NullVoxPopuli)
• #​1066 Prepare for marketplace releases - 1.0.4 (@​NullVoxPopuli)

Committers: 1

• @​NullVoxPopuli

v1.1.1

• @​glint/ember-tsc 1.1.1 (patch)
• @​glint/tsserver-plugin 2.1.1 (patch)

🐛 Bug Fix

• @glint/ember-tsc, @glint/tsserver-plugin
  • #​1047 Upgrade @​volar/* dependencies (@​NullVoxPopuli)

🏠 Internal

• #​1044 Update vscode meta, and extension publishing instructions (@​NullVoxPopuli)

Committers: 1

• @​NullVoxPopuli

lezer-parser/common (@​lezer/common)

v1.5.1

Compare Source

Bug fixes

Fix a bug that caused SyntaxNode.enter to incorrectly enter bracketed mounted trees in some circumstances.

rollup/plugins (@​rollup/plugin-commonjs)

v29.0.2

2026-03-06

Bugfixes

• commonjs: conditional exports (#​1952)

v29.0.1

2026-03-05

Bugfixes

• commonjs: correctly replaces shorthand "global" property in object (#​1957)

vitest-dev/vitest (@​vitest/browser-playwright)

v4.1.0

Compare Source

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

• Return a disposable from doMock()  -  by @​kirkwaiblinger in #​9332 (e3e65)
• Added chai style assertions  -  by @​ronnakamoto and @​sheremet-va in #​8842 (841df)
• Update to sinon/fake-timers v15 and add setTickMode to timer controls  -  by @​atscott and @​sheremet-va in #​8726 (4b480)
• Expose matcher types  -  by @​sheremet-va in #​9448 (3e4b9)
• Add toTestSpecification to reported tasks  -  by @​sheremet-va in #​9464 (1a470)
• Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module  -  by @​sheremet-va in #​9387 (5db54)
• Track and display expectedly failed tests (.fails) in UI and CLI  -  by @​Copilot, sheremet-va and @​sheremet-va in #​9476 (77d75)
• Support tags  -  by @​sheremet-va in #​9478 (de7c8)
• Implement aroundEach and aroundAll hooks  -  by @​sheremet-va in #​9450 (2a8cb)
• Stabilize experimental features  -  by @​sheremet-va in #​9529 (b5fd2)
• Accept new or all in --update flag  -  by @​sheremet-va in #​9543 (a5acf)
• Support meta in test options  -  by @​sheremet-va in #​9535 (7d622)
• Support type inference with a new test.extend syntax  -  by @​sheremet-va in #​9550 (e5385)
• Support vite 8 beta, fix type issues in the config with different vite versions  -  by @​sheremet-va in #​9587 (99028)
• Add assertion helper to hide internal stack traces  -  by @​hi-ogawa and Claude Opus 4.6 in #​9594 (eeb0a)
• Store failure screenshots using artifacts API  -  by @​macarie in #​9588 (24603)
• Allow vitest list to statically collect tests instead of running files to collect them  -  by @​sheremet-va in #​9630 (7a8e7)
• Add --detect-async-leaks  -  by @​AriPerkkio in #​9528 (c594d)
• Implement mockThrow and mockThrowOnce  -  by @​thor-juhasz and @​sheremet-va in #​9512 (61917)
• Support update: "none" and add docs about snapshots behavior on CI  -  by @​hi-ogawa in #​9700 (05f18)
• Support playwright launchOptions with connectOptions  -  by @​hi-ogawa in #​9702 (f0ff1)
• Add page/locator.mark API to enhance playwright trace  -  by @​hi-ogawa in #​9652 (d0ee5)
• api:
  • Support tests starting or ending with test in experimental_parseSpecification  -  by @​jgillick and Jeremy Gillick in #​9235 (2f367)
  • Add filters to createSpecification  -  by @​sheremet-va in #​9336 (c8e6c)
  • Expose runTestFiles as alternative to runTestSpecifications  -  by @​sheremet-va in #​9443 (43d76)
  • Add allowWrite and allowExec options to api  -  by @​sheremet-va in #​9350 (20e00)
  • Allow passing down test cases to toTestSpecification  -  by @​sheremet-va in #​9627 (6f17d)
• browser:
  • Add userEvent.wheel API  -  by @​macarie in #​9188 (66080)
  • Add filterNode option to prettyDOM for filtering browser assertion error output  -  by @​Copilot, sheremet-va and @​sheremet-va in #​9475 (d3220)
  • Support playwright persistent context  -  by @​hi-ogawa, Claude Opus 4.6 and @​sheremet-va in #​9229 (f865d)
  • Added detailsPanelPosition option and button  -  by @​shairez in #​9525 (c8a31)
  • Use BlazeDiff instead of pixelmatch  -  by @​macarie in #​9514 (30936)
  • Add findElement and enable strict mode in webdriverio and preview  -  by @​sheremet-va in #​9677 (c3f37)
• cli:
  • Add @​bomb.sh/tab completions  -  by @​AmirSa12 and @​sheremet-va in #​8639 (200f3)
• coverage:
  • Support ignore start/stop ignore hints  -  by @​AriPerkkio in #​9204 (e59c9)
  • Add coverage.changed option to report only changed files  -  by @​kykim00 and @​AriPerkkio in #​9521 (1d939)
• experimental:
  • Add onModuleRunner hook to worker.init  -  by @​sheremet-va in #​9286 (e977f)
  • Option to disable the module runner  -  by @​sheremet-va and @​AriPerkkio in #​9210 (9be61)
  • Add importDurations: { limit, print } options  -  by @​hi-ogawa, Claude Opus 4.6 and @​sheremet-va in #​9401 (7e10f)
  • Add print and fail thresholds for importDurations  -  by @​hi-ogawa and Claude Opus 4.6 in #​9533 (3f7a5)
• fixtures:
  • Pass down file context to beforeAll/afterAll  -  by @​sheremet-va in #​9572 (c8339)
• reporters:
  • Add agent reporter to reduce ai agent token usage  -  by @​cpojer in #​9779 (3e9e0)
• runner:
  • Enhance retry options  -  by @​MazenSamehR, Matan Shavit, @​AriPerkkio and @​sheremet-va in #​9370 (9e4cf)
• ui:
  • Allow run individual test/suites  -  by @​userquin in #​9465 (73b10)
  • Add project filter/sort support  -  by @​userquin in #​8689 (0c7ea)
  • Add duration sorting to explorer  -  by @​julianhahn and @​cursoragent in #​9603 (209b1)
  • Implement filter for slow tests  -  by @​DerYeger and @​userquin in #​9705 (8880c)
• vitest:
  • Add run summary in GitHub Actions Reporter  -  by @​macarie and jhnance in #​9579 (96bfc)

   🐞 Bug Fixes

• Deprecate several vitest/* entry points  -  by @​sheremet-va in #​9347 (fd459)
• Use meta.url in createRequire  -  by @​sheremet-va in #​9441 (e3422)
• Preact browser mode init example of render function not async  -  by @​WuMingDao in #​9375 (2bea5)
• Deprecate unused types in matcher context  -  by @​sheremet-va in #​9449 (20f87)
• Handle external/noExternal during configEnvironment hook  -  by @​hi-ogawa and Claude Opus 4.6 in #​9508 (59ea2)
• Replace default ssr environment runner with Vitest server module runner  -  by @​hi-ogawa and Claude Opus 4.6 in #​9506 (cd5db)
• Propagate experimental CLI options to child projects  -  by @​hi-ogawa and Claude Opus 4.6 in #​9531 (b624f)
• Show a warning when browser.isolate is used  -  by @​sheremet-va in #​9410 (3d48e)
• Fix vi.mock({ spy: true }) node v8 coverage  -  by @​hi-ogawa, hi-ogawa and Claude Opus 4.6 in #​9541 (687b6)
• Don't show internal ssr handler in errors  -  by @​sheremet-va in #​9547 (76c43)
• Close vitest if it failed to start  -  by @​sheremet-va in #​9573 (728ba)
• Fix ssr environment runner in project  -  by @​hi-ogawa in #​9584 (09006)
• Trim trailing white spaces in code block  -  by @​hi-ogawa in #​9591 (f78be)
• Support inline snapshot inside test.for/each  -  by @​hi-ogawa in #​9590 (615fd)
• Apply source maps for external module stack trace  -  by @​hi-ogawa in #​9152 (79e20)
• Remove the .name from statically collected test  -  by @​sheremet-va in #​9596 (b66ff)
• Don't suppress warnings on pnp  -  by @​sheremet-va in #​9602 (89cbd)
• Support snapshot with expect.soft  -  by @​iumehara, @​hi-ogawa and Claude Opus 4.6 in #​9231 (3eb2c)
• Log seed when only sequence.shuffle.tests is enabled  -  by @​kaigritun, Kai Gritun and @​sheremet-va in #​9576 [(8182b)](https://redirect.github.com/vitest-dev/vitest/co

---

Configuration

📅 Schedule: Branch creation - "after 9pm on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[github-actions]

Project	Preview URL1	Manage
Limber	https://renovate-devdependencies.limber-glimdown.pages.dev	on Cloudflare
Tutorial	https://renovate-devdependencies.limber-glimmer-tutorial.pages.dev	on Cloudflare

Logs

Footnotes

1. if these branch preview links are not working, please check the logs for the commit-based preview link. There is a character limit of 28 for the branch subdomain, as well as some other heuristics, described here for the sake of implementation ease in deploy-preview.yml, that algo has been omitted. The URLs are logged in the wrangler output, but it's hard to get outputs from a matrix job. ↩

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	ember-resolver@​13.1.1 ⏵ 13.2.0	+1
	@​embroider/​vite@​1.5.0 ⏵ 1.6.1	+1		+1
	@​embroider/​core@​4.4.2 ⏵ 4.4.5				+1
	@​embroider/​compat@​4.1.12 ⏵ 4.1.15	+1			-1
	typescript-eslint@​8.54.0 ⏵ 8.57.0
	@​babel/​plugin-proposal-decorators@​7.28.6 ⏵ 7.29.0
	@​babel/​plugin-transform-runtime@​7.28.5 ⏵ 7.29.0				-1
	@​glint/​tsserver-plugin@​2.1.0 ⏵ 2.2.3	+1		+6	+3
	@​iconify-json/​devicon@​1.2.57 ⏵ 1.2.60				+2
	shiki@​1.29.2 ⏵ 3.23.0	+1		+1
	@​lezer/​common@​1.5.1
	vitest@​4.0.18 ⏵ 4.1.0			+1
	@​codemirror/​state@​6.6.0
	@​iconify-json/​vscode-icons@​1.2.40 ⏵ 1.2.45				+3
	@​types/​node@​24.10.9 ⏵ 24.12.0			+1
	publint@​0.3.17 ⏵ 0.3.18			+1
	vite@​8.0.0-beta.7 ⏵ 8.0.0	+1		+1
	ember-repl@​8.0.1 ⏵ 8.0.2				+1
	turbo@​2.8.0 ⏵ 2.8.16	+1		+1	+1
	@​vitest/​browser-webdriverio@​4.0.18 ⏵ 4.1.0			+1	-1
	@​codemirror/​view@​6.39.12 ⏵ 6.40.0	-1		+1	+2
	globals@​17.2.0 ⏵ 17.4.0	+1		+1	-1
	@​vitest/​browser-playwright@​4.0.18 ⏵ 4.1.0			+1
	vite-plugin-mkcert@​1.17.9 ⏵ 1.17.10				+5
	globby@​16.1.0 ⏵ 16.1.1			+1
	svelte@​5.50.3 ⏵ 5.53.11	+1	+11	+1	+1
	rollup@​4.59.0
	@​glint/​ember-tsc@​1.1.0 ⏵ 1.2.2			+1	+3
	eslint@​9.39.2 ⏵ 9.39.4	+1
	@​embroider/​addon-dev@​8.2.0 ⏵ 8.3.0	-1		+1	-1
	@​codemirror/​language@​6.12.1 ⏵ 6.12.2	+1		+1
	prettier-plugin-ember-template-tag@​2.1.2 ⏵ 2.1.3				-1
See 16 more rows in the dashboard

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report