chore(deps): update all non-major dependencies

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Confidence
@tanstack/devtools-ui (source)	^0.3.5 -> ^0.4.0
@tanstack/devtools-utils (source)	^0.0.3 -> ^0.0.4
@tanstack/react-devtools (source)	0.7.0 -> 0.7.2
@tanstack/solid-devtools (source)	0.7.0 -> 0.7.2
@testing-library/jest-dom	^6.8.0 -> ^6.9.1
@types/react (source)	^19.1.15 -> ^19.2.1
@types/react-dom (source)	^19.1.9 -> ^19.2.0
eslint (source)	^9.36.0 -> ^9.37.0
goober	^2.1.16 -> ^2.1.18
knip (source)	^5.64.1 -> ^5.64.2
nx (source)	^21.5.3 -> ^21.6.3
pnpm (source)	10.17.1 -> 10.18.1
publint (source)	^0.3.13 -> ^0.3.14
react (source)	^19.1.1 -> ^19.2.0
react-dom (source)	^19.1.1 -> ^19.2.0
typescript (source)	5.9.2 -> 5.9.3
vite (source)	^7.1.7 -> ^7.1.9
vite-plugin-solid	^2.11.8 -> ^2.11.9

---

Release Notes

TanStack/devtools (@​tanstack/devtools-ui)

v0.4.0

Compare Source

Minor Changes

• Change the TanStackDevtools export (#​40)

TanStack/devtools (@​tanstack/react-devtools)

v0.7.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/devtools@​0.6.16

v0.7.1

Compare Source

Patch Changes

• Updated dependencies [a97ed26]:
  • @​tanstack/devtools@​0.6.15

TanStack/devtools (@​tanstack/solid-devtools)

v0.7.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/devtools@​0.6.16

v0.7.1

Compare Source

Patch Changes

• Updated dependencies [a97ed26]:
  • @​tanstack/devtools@​0.6.15

testing-library/jest-dom (@​testing-library/jest-dom)

v6.9.1

Compare Source

eslint/eslint (eslint)

v9.37.0

Compare Source

cristianbote/goober (goober)

v2.1.18

Compare Source

What's Changed

• Fix CSP: Apply nonce attribute before appending the element by @​ndbroadbent in #​613

Full Changelog: cristianbote/goober@v2.1.17...v2.1.18

v2.1.17

Compare Source

What's Changed

• Added Content Security Policy support by @​ndbroadbent in #​612

New Contributors

• @​ndbroadbent made their first contribution in #​612

Full Changelog: cristianbote/goober@v2.1.16...v2.1.17

webpro-nl/knip (knip)

v5.64.2

Compare Source

• refactor: use toC12config for bump plugin (#​1280) (dbdd98b) - thanks @​nyarthan!
• chore: specifiy packageManager field for corepack users (#​1281) (7c70d9f) - thanks @​nyarthan!
• Fix config hints in production mode (resolves #​1279) (7abdc69)
• Refactor config hints a bit for perf tweak (d7e7866)
• Bump a few deps for docs (665f38a)
• Re-gen sponsorships chart (461edb4)
• Fix lint issue (4c72030)
• Stick with bun 1.2.22+6bafe2602 (7ee634a)
• Fix config hints (e687287)
• Update projects component (edb7367)
• feat: detect vitest ui mode (#​1284) (b6ac28c) - thanks @​nyarthan!
• Fix ESLint config error (#​1286) (3efb8a3) - thanks @​dnicolson!
• fix: Mark nested Next.js sitemaps as entrypoints (#​1287) (dde7a80) - thanks @​hugotiger!

nrwl/nx (nx)

v21.6.3

Compare Source

21.6.3 (2025-10-02)

🩹 Fixes

• core: improve provenance error with custom registry information (#​32903)
• core: optimize task hashing with BFS and performance logging (#​32911)
• core: tweak configure-ai-agents prompt (#​32914)
• core: ensure nx is published with the correct dependency version for the native packages (#​32928, #​32898)
• js: temporarily hash all external dependencies for tasks inferred by the @nx/js/typescript plugin (#​32912)
• nx-dev: improve default zoom level of graph nodes in docs (#​32910)
• nx-dev: provide message to check previous docs w/ empty migrations (#​32919)
• nx-dev: watch for theme changes for project/task graph components (#​32885)
• nx-dev: update credit pricing link to new docs page (#​32899)

❤️ Thank You

• Caleb Ukle
• Jason Jean @​FrozenPandaz
• Juri @​juristr
• Leosvel Pérez Espinosa @​leosvelperez
• MaxKless @​MaxKless

pnpm/pnpm (pnpm)

v10.18.1

Compare Source

Patch Changes

• Don't print a warning, when --lockfile-only is used #​8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #​8748.
• pnpm dlx should not fail when minimumReleaseAge is set #​10037.

publint/publint (publint)

v0.3.14

Compare Source

Patch Changes

• Add a new warning when an entrypoint is exported as CJS-only, has a default export, and has the __esModule marker. This setup has different interpretations by bundlers and runtimes, and implicit handling detection that may not be obvious for both package authors and users, hence it is discouraged. (#​201)

facebook/react (react)

v19.2.0

Compare Source

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #​33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #​34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #​32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #​34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #​33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #​32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #​34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #​33629, #​33724, #​32735, #​33723)
• Add cacheSignal (@​sebmarkbage #​33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #​33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #​32001, #​33342#​33099, #​33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #​34264)
• Allow nonce to be used on hoistable styles (@​Andarist #​32461)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #​32774)
• s/HTML/text for for error messages if text hydration mismatches (@​rickhanlonii #​32763)
• Fix a bug with React.use inside React.lazy-ed Component (@​hi-ogawa #​33941)
• Enable the progressiveChunkSize option for server-side-rendering APIs (@​sebmarkbage #​33027)
• Fix a bug with deeply nested Suspense inside Suspense fallback when server-side-rendering (@​gnoff #​33467)
• Avoid hanging when suspending after aborting while rendering (@​gnoff #​34192)
• Add Node Web Streams to server-side-rendering APIs for Node.js (@​sebmarkbage #​33475)

React Server Components

• Preload <img> and <link> using hints before they're rendered (@​sebmarkbage #​34604)
• Log error if production elements are rendered during development (@​eps1lon #​34189)
• Fix a bug when returning a Temporary reference (e.g. a Client Reference) from Server Functions (@​sebmarkbage #​34084, @​denk0403 #​33761)
• Pass line/column to filterStackFrame (@​eps1lon #​33707)
• Support Async Modules in Turbopack Server References (@​lubieowoce #​34531)
• Add support for .mjs file extension in Webpack (@​jennyscript #​33028)
• Fix a wrong missing key warning (@​unstubbable #​34350)
• Make console log resolve in predictable order (@​sebmarkbage #​33665)

React Reconciler

• createContainer and createHydrationContainer had their parameter order adjusted after on* handlers to account for upcoming experimental APIs

microsoft/TypeScript (typescript)

v5.9.3

Compare Source

vitejs/vite (vite)

v7.1.9

Compare Source

Reverts

• server: drain stdin when not interactive (#​20885) (12d72b0)

v7.1.8

Compare Source

Bug Fixes

• css: improve url escape characters handling (#​20847) (24a61a3)
• deps: update all non-major dependencies (#​20855) (788a183)
• deps: update artichokie to 0.4.2 (#​20864) (e670799)
• dev: skip JS responses for document requests (#​20866) (6bc6c4d)
• glob: fix HMR for array patterns with exclusions (#​20872) (63e040f)
• keep ids for virtual modules as-is (#​20808) (d4eca98)
• server: drain stdin when not interactive (#​20837) (bb950e9)
• server: improve malformed URL handling in middlewares (#​20830) (d65a983)

Documentation

• create-vite: provide deno example (#​20747) (fdb758a)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20810) (ea68a88)
• deps: update rolldown-related dependencies (#​20854) (4dd06fd)
• update url of create-react-app license (#​20865) (166a178)

solidjs/vite-plugin-solid (vite-plugin-solid)

v2.11.9

Compare Source

Patch Changes

• ce00b4b: Fix server-side testing with vitest/ssr

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: e9070ba

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR