Update npm non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/preset-env (source)	7.29.0 → 7.29.2
@babel/runtime (source)	7.28.6 → 7.29.2
@formatjs/intl-segmenter	12.1.1 → 12.1.2
@jest/globals (source)	30.2.0 → 30.3.0
@nx/jest (source)	22.5.3 → 22.5.4
@sentry/browser (source)	10.40.0 → 10.43.0
@stylistic/eslint-plugin (source)	5.9.0 → 5.10.0
@types/node (source)	22.19.13 → 22.19.15
@types/sanitize-html (source)	2.16.0 → 2.16.1
@typescript-eslint/eslint-plugin (source)	8.56.1 → 8.57.1
@typescript-eslint/parser (source)	8.56.1 → 8.57.1
babel-loader	10.0.0 → 10.1.1
css-tree	3.1.0 → 3.2.1
katex (source)	0.16.33 → 0.16.38
knip (source)	5.85.0 → 5.87.0
lint-staged	16.3.0 → 16.4.0
maplibre-gl (source)	5.19.0 → 5.20.1
nx (source)	22.5.3 → 22.5.4
oidc-client-ts	3.4.1 → 3.5.0
posthog-js (source)	1.356.1 → 1.360.2
react-virtuoso (source)	4.18.1 → 4.18.3
serialize-javascript	7.0.3 → 7.0.4
storybook-addon-vis (source)	3.1.2 → 3.1.3
temporal-polyfill	0.3.0 → 0.3.2
terser-webpack-plugin	5.3.16 → 5.4.0
testcontainers	11.12.0 → 11.13.0
webpack	5.105.3 → 5.105.4

---

Release Notes

babel/babel (@​babel/preset-env)

v7.29.2

Compare Source

babel/babel (@​babel/runtime)

v7.29.2

Compare Source

formatjs/formatjs (@​formatjs/intl-segmenter)

v12.1.2

Compare Source

jestjs/jest (@​jest/globals)

v30.3.0

Compare Source

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#​15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#​15918)
• [jest-mock] Use Symbol from test environment (#​15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#​15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#​15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#​15851)
• [jest-util] Make sure process.features.require_module is false (#​15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#​15849)
• Updated Twitter icon to match the latest brand guidelines (#​15869)

nrwl/nx (@​nx/jest)

v22.5.4

Compare Source

22.5.4 (2026-03-04)

🚀 Features

• core: add .nx/polygraph to gitignore in migration and caia (#​34659)

🩹 Fixes

• angular-rspack: use relative path for postcss-cli-resources output (#​34681, #​34092)
• core: support canonical SSH URLs when extracting GitHub user/repo slug during nx release (#​31684, #​31682)
• core: update sourceRespository description of nx import (#​34606)
• core: update minimatch to 10.2.4 (#​34660)
• core: skip writing deps cache if already up-to-date (#​34582)
• core: resolve false positive loop detection when running with Bun (#​34640, #​0, #​1, #​2, #​3, #​4, #​5, #​6, #​33997)
• core: fall back to invoking PM in detection (#​34691)
• core: restore CNW user flow to match v22.1.3 (#​34671)
• gradle: tee batch runner output to stderr for terminal display (#​34630)
• maven: synchronize batch runner invoke() to prevent concurrent access (#​34600)
• misc: boost CLI command reference search ranking (#​34625)
• misc: fix broken nx.dev redirects and remove legacy redirect-rules files (#​34673)
• misc: use pathToFileURL for cross-platform path handling in postcss-cli-resources (#​34676, #​33052)
• misc: exclude .netlify paths from Framer proxy edge function (1ce5e91f5e)
• repo: reset package.json files after local release (#​34648)
• repo: remove redundant inputs override for build-base target (#​34649)
• vitest: respect reporters from target options in vitest executor (#​34663, #​34495)

❤️ Thank You

• AgentEnder @​AgentEnder
• Caleb Ukle
• Claude Opus 4.6
• Copilot @​Copilot
• Craigory Coppola @​AgentEnder
• FrozenPandaz @​FrozenPandaz
• Jack Hsu @​jaysoo
• James Henry @​JamesHenry
• Jason Jean @​FrozenPandaz
• Leosvel Pérez Espinosa @​leosvelperez
• MaxKless @​MaxKless
• Nelson Dominguez @​ekkolon

getsentry/sentry-javascript (@​sentry/browser)

v10.43.0

Compare Source

Important Changes

• feat(nextjs): Add Turbopack support for React component name annotation (#​19604)

  We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements
  are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build
  time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance
  monitoring — previously only available with webpack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@​sentry/nextjs';
  
  export default withSentryConfig(nextConfig, {
    _experimental: {
      turbopackReactComponentAnnotation: {
        enabled: true,
        ignoredComponents: ['Header', 'Footer'], // optional
      },
    },
  });

• feat(hono): Instrument middlewares app.use() (#​19611)

  Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

• feat(node-core,node): Add tracePropagation option to http and fetch integrations (#​19712)
• feat(hono): Use parametrized names for errors (#​19577)
• fix(browser): Fix missing traces for user feedback (#​19660)
• fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#​19662)
• fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#​19624)
• fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#​19653)
• fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#​19651)
• fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#​19650)
• fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#​19645)
• fix(node): Prevent duplicate LangChain spans from double module patching (#​19684)
• fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#​19617)
• fix(sveltekit): Fix file system race condition in source map cleaning (#​19714)
• fix(tanstackstart-react): Add workerd and worker export conditions (#​19461)
• fix(vercel-ai): Prevent tool call span map memory leak (#​19328)
• feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#​19658)

Internal Changes

• chore: Migrate to oxlint (#​19134)
• chore(aws-serverless): Don't build layer in build:dev command (#​19586)
• chore(ci): Allow triage action to run on issues from external users (#​19701)
• chore(deps): Bump immutable from 4.0.0 to 4.3.8 (#​19637)
• chore(e2e): Expand microservices E2E application with auto-tracing tests (#​19652)
• chore(hono): Prepare readme and add craft entry (#​19583)
• chore(sourcemaps): Make sourcemaps e2e test more generic (#​19678)
• chore(tanstackstart-react): Add link to docs in README (#​19697)
• feat(deps): Bump @​hono/node-server from 1.19.4 to 1.19.10 (#​19634)
• feat(deps): Bump underscore from 1.12.1 to 1.13.8 (#​19616)
• test(angular): Fix failing canary test (#​19639)
• test(nextjs): Add sourcemaps test for nextjs turbopack (#​19647)
• tests(e2e): Add microservices e2e for nestjs (#​19642)
• tests(e2e): Add websockets e2e for nestjs (#​19630)

Work in this release was contributed by @​dmmulroy, @​lithdew, and @​smorimoto. Thank you for your contributions!

v10.42.0

Compare Source

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#​19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#​19558)
• fix(core): Do not remove promiseBuffer entirely (#​19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#​19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#​19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#​19464)

Internal Changes

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#​19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#​19594)
• ci(deps): bump actions/checkout from 4 to 6 (#​19570)

Bundle size 📦

Path	Size
@​sentry/browser	25.02 KB
@​sentry/browser - with treeshaking flags	23.57 KB
@​sentry/browser (incl. Tracing)	41.44 KB
@​sentry/browser (incl. Tracing, Profiling)	45.99 KB
@​sentry/browser (incl. Tracing, Replay)	79.35 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.21 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	83.93 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.91 KB
@​sentry/browser (incl. Feedback)	41.44 KB
@​sentry/browser (incl. sendFeedback)	29.58 KB
@​sentry/browser (incl. FeedbackAsync)	34.52 KB
@​sentry/browser (incl. Metrics)	26.17 KB
@​sentry/browser (incl. Logs)	26.31 KB
@​sentry/browser (incl. Metrics & Logs)	26.96 KB
@​sentry/react	26.74 KB
@​sentry/react (incl. Tracing)	43.72 KB
@​sentry/vue	29.37 KB
@​sentry/vue (incl. Tracing)	43.26 KB
@​sentry/svelte	25.05 KB
CDN Bundle	27.51 KB
CDN Bundle (incl. Tracing)	42.25 KB
CDN Bundle (incl. Logs, Metrics)	28.33 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	43.07 KB
CDN Bundle (incl. Replay, Logs, Metrics)	66.49 KB
CDN Bundle (incl. Tracing, Replay)	78.26 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	83.65 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.5 KB
CDN Bundle - uncompressed	80.42 KB
CDN Bundle (incl. Tracing) - uncompressed	125.07 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	83.19 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	127.83 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	203.96 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	239.21 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	241.96 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	251.82 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	254.56 KB
@​sentry/nextjs (client)	46.08 KB
@​sentry/sveltekit (client)	41.89 KB
@​sentry/node-core	51.01 KB
@​sentry/node	170.6 KB
@​sentry/node - without tracing	95.09 KB
@​sentry/aws-serverless	110.53 KB

v10.41.0

Compare Source

eslint-stylistic/eslint-stylistic (@​stylistic/eslint-plugin)

v5.10.0

Compare Source

Features

• list-style: allow 'off' in overrides (#​1144) (c43bd4b)
• padding-line-between-statements: introduce lineMode for selector matcher (#​1143) (1ebd6d8)

Build Related

• deps: bump actions/download-artifact from 7 to 8 (#​1153) (78ca032)
• deps: bump actions/upload-artifact from 6 to 7 (#​1154) (01f7b17)

Performance

• no export all for @​typescript-eslint/utils (#​1150) (258f9d8)

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.57.1

Compare Source

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] no report for property on intersection type (#​12126)

❤️ Thank You

• Newton Yuan @​NewtonYuan

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.0

Compare Source

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#​12080)

🩹 Fixes

• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#​12089)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#​12094)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#​11355)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#​12077)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#​12079)
• eslint-plugin: [strict-void-return] false positives with overloads (#​12055)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.57.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

babel/babel-loader (babel-loader)

v10.1.1

Compare Source

v10.1.0

Compare Source

What's Changed

• refactor: use module.findPackageJSON API by @​JLHwung in #​1055
• Enable type checking and support Babel 8 by @​JLHwung in #​1056
• Bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in #​1059
• fix: mark webpack as optional peer dependency by @​chenjiahan in #​1061
• Bump webpack from 5.101.0 to 5.104.1 by @​dependabot[bot] in #​1062
• Bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in #​1060
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in #​1063
• Pin Node.js on CI by @​nicolo-ribaudo in #​1064

New Contributors

• @​chenjiahan made their first contribution in #​1061

Full Changelog: babel/babel-loader@v10.0.0...v10.1.0

csstree/csstree (css-tree)

v3.2.1

Compare Source

• Fixed parsing of nested function in a group in definition syntax (#​358)

v3.2.0

Compare Source

• Added "sideEffects": false in package.json
• Added list option to the parse() method to specify whether the parser should produce a List (by default, list: true) or an array (list: false) for node's children (e.g., SelectorList, Block, etc.)
• Added support for Functional Notation in definition syntax (for now by wrapping function arguments into an implicit group when necessary, see #​292)
• Added support for stacked multipliers {A}? and {A,B}? according to spec in definition syntax parsing (#​346)
• Added math functions support in syntax matching (e.g., min(), max(), etc.) (#​344)
• Added onToken option to the parse() method, which can be either an array or a function:
  • When the value is an array, it is populated with objects { type, start, end } (token type, and its start and end offsets).
  • When the value is a function, it accepts type, start, end, and index parameters, and is invoked with a token API as this, enabling advanced token handling (see onToken). For example, the following demonstrates checking if all block tokens have matching pairs:

    parse(css, {
        onToken(type, start, end, index) {
            if (this.isBlockOpenerTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No closing pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            } else if (this.isBlockCloserTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No opening pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            }
        }
    });

• Extended TokenStream with the following methods:
  • getTokenEnd(tokenIndex) – returns the token's end offset by index, complementing getTokenStart(tokenIndex)
  • getTokenType(tokenIndex) – returns the token's type by index
  • isBlockOpenerTokenType(tokenType) – returns true for <function-token>, <(-token>, <[-token>, and <{-token>
  • isBlockCloserTokenType(tokenType) – returns true for <)-token>, <]-token>, and <}-token>
  • getBlockTokenPairIndex(tokenIndex) – returns the index of the pair token for a block, or -1 if no pair exists
• Changed generate() to not auto insert whitespaces between tokens for raw values (#​356)
• Fixed fork() to extend node definitions instead of overriding them. For example, fork({ node: { Dimension: { generate() { /* ... */ } } } }) will now update only the generate() method on the Dimension node, while inheriting all other properties from the previous syntax definition.
• Bumped mdn/data to 2.27.1 and various fixes in syntaxes

KaTeX/KaTeX (katex)

v0.16.38

Compare Source

Bug Fixes

• accent skew mixed with font specifiers (#​4159) (aea3375), closes #​4121

v0.16.37

Compare Source

Bug Fixes

• negative-width \hphantom and symmetric \smash (#​4153) (d4799ca)

v0.16.36

Compare Source

Bug Fixes

• contrib esm bloat (#​4157) (2bde1ad)

v0.16.35

Compare Source

Bug Fixes

• version number regression (#​4155) (db26b73)

v0.16.34

Compare Source

Bug Fixes

• emoji with variation selector (#​4151) (c2606e5)

webpro-nl/knip (knip)

v5.87.0

Compare Source

v5.86.0: Release 5.86.0

Compare Source

• Rewrite import specifiers to use .ts extensions, remove tsx (#​1548) (58674ad) - thanks @​wojtekmaj!
• Add .spec-d to vitest entry files (#​1556) (3123ab7) - thanks @​yamachi4416!
• Update docs for tsx → node (0418eba)
• Auto-format (7142fd7)
• Add Qwik plugin (#​1557) (fc668f4) - thanks @​azat-io!
• Fix Bun plugin to handle directory arguments in bun test (c112b6c)
• Update FAQ (b105a42)
• fix(plugin): swc with externalHelpers setting ignores @swc/helpers dependency (#​1560) (4bcb1f5) - thanks @​bobaaaaa!
• chore: git ignore artifacts (#​1563) (4878724) - thanks @​unional!
• Fix Vite plugin to respect root option for index.html entries (#​1561) (67a5647) - thanks @​azat-io!
• Fix Astro sharpImageService() false positive for unused sharp (#​1559) (c36247c) - thanks @​azat-io!
• Fix up gitignore test (b2c3d08)
• fix: normalize Windows backslash paths in fs.watch listener to fix --watch on Windows (#​1558) (b86b421) - thanks @​Aiudadadadf!
• Fix wrangler plugin not enabled by jsonc config (#​1564) (00bb1be) - thanks @​DaniFoldi!
• Edit AGENTS.md (a2aaf2f)
• Fix tsconfig presets marked as unlisted in strict mode (resolve #​1568) (463d67d)
• oxcellent (8a602c7)
• Refactor format test and use prettier for consistent results (b6afc01)
• Sort package.json (d3a521b)
• Add .git to GLOBAL_IGNORE_PATTERNS (resolve #​1571) (4e95ffb)
• Detect Yarn plugins that are listed by their path alone (#​1574) (de4c7d8) - thanks @​robintown!
• Start using unbash (a5de2c4)
• Bump unbash & simplify bash parser further (57896d3)
• Fix refs in workspaces fixture (#​1578) (fbee342)
• Include a few more entry patterns with pageExtensions (resolve #​1581) (c6a6d9e)
• Clean exit if --fix fixes all issues (resolve #​1577) (c182c29)
• Document JSDoc tag hints (0e7b6ae)
• Update AGENTS.md (f845462)
• Add openapi-ts plugin (#​1579) (42d1b3f) - thanks @​jonahsnider!
• Migrate from js-yaml → yaml (fb042ae)
• pnpm dedupe (2586254)
• Fix plugin list order (#​1587) (519ae3a) - thanks @​ikeyan!
• Fix confusing test fixtures for openapi-ts plugin (#​1591) (f0083ca) - thanks @​jonahsnider!
• Off-by-1 (7d7dec6)
• Don't fix compiled files (pos off) (a9fdc77)
• Add aliases from any tsconfig file in typescript plugin (resolve #​1347) (ced77c7)
• Support auto-imports in Nuxt plugin (#​1517) (4ce27b2)
• Fix + lint .ts extension in import specifiers (d349de3)
• Safe ts.isInTopLevelContext → isInTopLevelScope (1819c20)
• Wrap session.handleFileChanges in try/catch (185afb8)
• Improve MDX compiler (9205e2a)
• fix(playwright): Add missing built-in null reporter (#​1596) (0f1ce7d) - thanks @​shrink!
• Add package.json#imports as entry points (1fbe286)
• Update some dependencies + dedupe (381241e)
• Add support for extends in nuxt plugin ([9fcbdf5](https://redirect.gith

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.