build(deps-dev): bump the dev-deps group across 1 directory with 8 updates

[dependabot]

Bumps the dev-deps group with 8 updates in the / directory:

Package	From	To
@eslint/eslintrc	3.3.4	3.3.5
@next/bundle-analyzer	16.1.6	16.1.7
@types/node	25.3.0	25.5.0
cypress	15.10.0	15.12.0
eslint-config-next	16.1.6	16.1.7
jest	30.2.0	30.3.0
jest-environment-jsdom	30.2.0	30.3.0
knip	5.85.0	5.87.0

Updates @eslint/eslintrc from 3.3.4 to 3.3.5

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.5

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

Commits

• 5135df1 chore: release 3.3.5 🚀 (#228)
• c109d69 docs: Update README sponsors
• 3dc2381 fix: update dependency minimatch to ^3.1.5 (#227)
• 81385b6 ci: pin Node.js 25.6.1 (#226)
• See full diff in compare view

Updates @next/bundle-analyzer from 16.1.6 to 16.1.7

Release notes

Sourced from @​next/bundle-analyzer's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• See full diff in compare view

Updates @types/node from 25.3.0 to 25.5.0

Commits

• See full diff in compare view

Updates cypress from 15.10.0 to 15.12.0

Release notes

Sourced from cypress's releases.

v15.12.0

Changelog: https://docs.cypress.io/app/references/changelog#15-12-0

v15.11.0

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

Commits

• dbb806a chore: release v15.12.0 (#33459)
• 4931cf0 chore: bootstrap AI agent context files (AGENTS.md + CLAUDE.md) (#33429)
• 9546ee8 chore: removes changelog entries for sigint-related fixes that are still unre...
• fec7088 chore: updating v8 snapshot cache (#33453)
• 9b7ac44 chore: Update v8 snapshot cache - darwin (#33452)
• 9c8afaa chore: updating v8 snapshot cache (#33449)
• 3d2ca8a chore: Update Chrome (beta) to 146.0.7680.65 (#33443)
• abc6b2b fix: prevent hang when waiting on multiple intercepts and navigating (#33446)
• 32e95ed test: update coming soon test from app (#33448)
• aa56256 dependency: update fast-xml-parser to 4.5.4 (#33435)
• Additional commits viewable in compare view

Updates eslint-config-next from 16.1.6 to 16.1.7

Release notes

Sourced from eslint-config-next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• [Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)
• Apply server actions transform to node_modules in route handlers (#89380)
• ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)
• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)
• Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)
• Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)
• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​unstubbable, @​styfle, @​eps1lon, and @​ztanner for helping!

Commits

• bdf3e35 v16.1.7
• See full diff in compare view

Updates jest from 30.2.0 to 30.3.0

Release notes

Sourced from jest's releases.

v30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Changelog

Sourced from jest's changelog.

30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Commits

• efb59c2 v30.3.0
• 96c53d3 feat(jest-config): add defineConfig and mergeConfig functions (#15844)
• See full diff in compare view

Updates jest-environment-jsdom from 30.2.0 to 30.3.0

Release notes

Sourced from jest-environment-jsdom's releases.

v30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Changelog

Sourced from jest-environment-jsdom's changelog.

30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Commits

• efb59c2 v30.3.0
• b5b0220 Remove unused dependencies from jest-environment-jsdom (#15928)
• See full diff in compare view

Updates knip from 5.85.0 to 5.87.0

Release notes

Sourced from knip's releases.

Release 5.87.0

• Add pkg as built-in pnpm command (#1597) (32ee5591e) - thanks @​azat-io!
• Add oxlint.config.ts to oxlint plugin (#1598) (2951050e5) - thanks @​DaniFoldi!
• Add oxfmt plugin (#1599) (6bd980742) - thanks @​DaniFoldi!
• Head banger (7930467e3)
• Add sanity to the list (4ee3d0ddd)
• Fix minor lint issue (9e0dcd974)
• Flatten test() (d010c5597)
• Make toPosix a no-op on non-Windows platforms (b37112361)
• Replace isBuiltin with startsWith('node:') in sanitizeSpecifier (e7b100aef)
• Skip picomatch recompilation when gitignore adds no new patterns (c7870dba6)
• Incrementally compile picomatch matchers during gitignore walk (9948284fb)
• Identify binaries called by find -exec (#1601) (f7367fd48) - thanks @​t3chguy!
• Identify that @babel/runtime is needed when @babel/plugin-transform-runtime is used (#1602) (ef4da0691) - thanks @​t3chguy!
• Rename package-manager → resolvers, move find (0bd97f01f)
• Streamline babel plugin impl (3cc192e08)
• Detect local $schema references in changesets plugin (resolve #1335) (3a180820f)
• Resolve Nx run-commands from cwd (resolve #1595) (e71c9acc9)
• Fix up issue types table (resolve #1376) (20a3762d5)
• Skip optional peerDep issues for installed deps (resolve #1545) (f554d2f30)
• Add dim highlight opts for enum/class members, duplicates (resolve #1567) (35ce4229f)
• Cache isGitIgnored results (75942dd0a)
• Don't report unused files outside project set (resolve #1606) (fef625da8)
• Fix openapi-ts dependency resolution (#1607) (663825ef4) - thanks @​jonahsnider!
• Improve --performance and --memory output, clean up timerify calls (df0ace489)

Release 5.86.0

• Rewrite import specifiers to use .ts extensions, remove tsx (#1548) (58674ade551d04ca38eea5b8273e8843eed7659d) - thanks @​wojtekmaj!
• Add .spec-d to vitest entry files (#1556) (3123ab76745990b2483f9c8f26c9c9ad4500d4aa) - thanks @​yamachi4416!
• Update docs for tsx → node (0418eba6dc6a0d5e1e56cce1c037b0ae6846bc64)
• Auto-format (7142fd701f97f8a4115c4094d1007f2551c33537)
• Add Qwik plugin (#1557) (fc668f4b59e40caddf8e9904fb50dc59de1a86f8) - thanks @​azat-io!
• Fix Bun plugin to handle directory arguments in bun test (c112b6c68b13976e4b601c5169a09e748e67fd4f)
• Update FAQ (b105a42610346f7b9a07071ab8f5d2d7c60b004f)
• fix(plugin): swc with externalHelpers setting ignores @swc/helpers dependency (#1560) (4bcb1f5429d003e6e2b28e2bd65a64c849fe0786) - thanks @​bobaaaaa!
• chore: git ignore artifacts (#1563) (4878724a6599bc80a9ef9c62d86d2805d7d8a914) - thanks @​unional!
• Fix Vite plugin to respect root option for index.html entries (#1561) (67a56470f61cadfe1e771adc87385a98e398da2e) - thanks @​azat-io!
• Fix Astro sharpImageService() false positive for unused sharp (#1559) (c36247cc034a14a846e94faafbdd2097f9a5d7d2) - thanks @​azat-io!
• Fix up gitignore test (b2c3d086be6c76791d2b60b10944df3b7b52d9fc)
• fix: normalize Windows backslash paths in fs.watch listener to fix --watch on Windows (#1558) (b86b421ec9f6bf1c930600c5109511712af3d224) - thanks @​Aiudadadadf!
• Fix wrangler plugin not enabled by jsonc config (#1564) (00bb1be35386300e6ea302c14a9b15e3f6e03b35) - thanks @​DaniFoldi!
• Edit AGENTS.md (a2aaf2f9983e24b881191403bd716bd1ee791c70)
• Fix tsconfig presets marked as unlisted in strict mode (resolve #1568) (463d67dad5f105cc2a76ce847192a9a7d1fb8498)
• oxcellent (8a602c7863b63b1a940584e2a0436b70d8650be8)
• Refactor format test and use prettier for consistent results (b6afc01828f884f579747e6d8e425aa1b07a068f)
• Sort package.json (d3a521b62d4ba5de05d3497b456cf9d225a743c8)
• Add .git to GLOBAL_IGNORE_PATTERNS (resolve #1571) (4e95ffb45748fa1ae84548c1992d2947826d2667)
• Detect Yarn plugins that are listed by their path alone (#1574) (de4c7d898f83a52ea80a374d9395bcb109f39c23) - thanks @​robintown!
• Start using unbash (a5de2c4e49bda454f0e42b4e5bfae54024d27772)
• Bump unbash & simplify bash parser further (57896d32c86412ad5941c67fbb2fc29882a5bafa)

... (truncated)

Commits

• b055128 Release knip@5.87.0
• df0ace4 Improve --performance and --memory output, clean up timerify calls
• 663825e Fix openapi-ts dependency resolution (#1607)
• fef625d Don't report unused files outside project set (resolve #1606)
• 75942dd Cache isGitIgnored results
• f554d2f Skip optional peerDep issues for installed deps (resolve #1545)
• e71c9ac Resolve Nx run-commands from cwd (resolve #1595)
• 3a18082 Detect local $schema references in changesets plugin (resolve #1335)
• 3cc192e Streamline babel plugin impl
• 0bd97f0 Rename package-manager → resolvers, move find
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
bloom-frontend	Ready	Preview, Comment	Mar 17, 2026 0:24am

[bl00dymarie]

I think this is safe and good to merge!

• 5 minor and 3 patch update in devDependencies only
• All 15 CI checks passed

[cypress]

Bloom frontend    Run #1576

Run Properties:   Passed #1576  •  2ce2551ec4: build(deps-dev): bump the dev-deps group across 1 directory with 8 updates

Project	Bloom frontend
Branch Review	dependabot/npm_and_yarn/dev-deps-fa3db16c27
Run status	Passed #1576
Run duration	04m 52s
Commit	2ce2551ec4: build(deps-dev): bump the dev-deps group across 1 directory with 8 updates
Committer	dependabot[bot]
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	12
Skipped	0
Passing	102
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.
View all changes introduced in this branch ↗︎