fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@builder.io/qwik (source)	^1.13.0 -> ^1.14.1
@clack/prompts (source)	^0.10.1 -> ^0.11.0
@eslint/js (source)	^9.26.0 -> ^9.27.0
@tailwindcss/postcss (source)	^4.1.6 -> ^4.1.7
@tailwindcss/vite (source)	^4.1.6 -> ^4.1.7
@types/express (source)	^5.0.1 -> ^5.0.2
@types/node (source)	^22.15.17 -> ^22.15.21
@types/react (source)	^19.1.4 -> ^19.1.5
@types/react-dom (source)	^19.1.4 -> ^19.1.5
@vitejs/plugin-react (source)	^4.4.1 -> ^4.5.0
@vitejs/plugin-react-swc (source)	3.9.0 -> 3.10.0
@vue/shared (source)	^3.5.13 -> ^3.5.14
baseline-browser-mapping	^2.3.0 -> ^2.4.3
debug	^4.4.0 -> ^4.4.1
eslint (source)	^9.26.0 -> ^9.27.0
eslint-plugin-import-x	^4.11.1 -> ^4.13.1
globals	^16.1.0 -> ^16.2.0
lightningcss	^1.30.0 -> ^1.30.1
miniflare (source)	^4.20250507.0 -> ^4.20250508.3
playwright-chromium (source)	^1.50.1 -> ^1.52.0
pnpm (source)	10.10.0 -> 10.11.0
preact (source)	^10.26.6 -> ^10.26.7
sass	^1.88.0 -> ^1.89.0
sass-embedded	^1.88.0 -> ^1.89.0
solid-js (source)	^1.9.6 -> ^1.9.7
svelte (source)	^5.28.6 -> ^5.33.2
svelte-check	^4.1.7 -> ^4.2.1
tailwindcss (source)	^4.1.6 -> ^4.1.7
terser (source)	^5.39.0 -> ^5.39.2
tinyglobby	^0.2.13 -> ^0.2.14
tsconfck (source)	^3.1.5 -> ^3.1.6
vitepress-plugin-group-icons	^1.5.2 -> ^1.5.5
vitepress-plugin-llms	^1.1.4 -> ^1.3.3
vitest (source)	^3.1.3 -> ^3.1.4
vue (source)	^3.5.13 -> ^3.5.14

---

Release Notes

QwikDev/qwik (@​builder.io/qwik)

v1.14.1

Compare Source

v1.14.0

Compare Source

Minor Changes

• ✨ Major improvements to prefetching with automatic bundle preloading (by @​wmertens in #​7453)

  • This removes the need for service workers, and instead utilize modulepreload link tags for better browser integration.
  • Improves initial load performance by including dynamic imports in the prefetch
  • Reduces complexity while maintaining similar (and even better) functionality
  • Enables some preloading capabilities in dev mode (SSR result only)
  • Includes path-to-bundle mapping in bundle graph (this improves the experience using the <Link> component, AKA "single page app" mode)
  • Server now has built-in manifest support (so no need to pass manifest around)
  • Moves insights-related build code to insights plugin

  ---

  ⚠️ ATTENTION:

  • Keep your service worker code as is (either <ServiceWorkerRegister/> or <PrefetchServiceWorker/>).
  • Configure your server to provide long caching headers.

  Service Worker:

  This new implementation will use it to uninstall the current service worker to reduce the unnecessary duplication.

  The builtin service workers components are deprecated but still exist for backwards compatibility.

  ⚠️ IMPORTANT: Caching Headers:

  The files under build/ and assets/ are named with their content hash and may therefore be cached indefinitely. Typically you should serve build/* and assets/* with Cache-Control: public, max-age=31536000, immutable.

  However, if you changed the rollup configuration for output filenames, you will have to adjust the caching configuration accordingly.

  ---

  You can configure the preload behavior in your SSR configuration:

  // entry.ssr.ts
  export default function (opts: RenderToStreamOptions) {
    return renderToStream(<Root />, {
      preload: {
        // Enable debug logging for preload operations
        debug: true,
        // Maximum simultaneous preload links
        maxIdlePreloads: 5,
        // Minimum probability threshold for preloading
        preloadProbability: 0.25
        // ...and more, see the type JSDoc on hover
      },
      ...opts,
    });
  }

Optional for legacy apps:

For legacy apps that still need service worker functionality, you can add it back using:

npm run qwik add service-worker

This will add a basic service worker setup that you can customize for specific caching strategies, offline support, or other PWA features beyond just prefetching.

Patch Changes

• 🐞🩹 linting errors which were previously being ignored across the monorepo. (by @​better-salmon in #​7418)

• 🐞🩹 now qwikloader is loaded only once in all cases (by @​wmertens in #​7506)

bombshell-dev/clack (@​clack/prompts)

v0.11.0

Compare Source

Minor Changes

• 07ca32d: Reverted a change where placeholders were being set as values on return.

Patch Changes

• Updated dependencies [07ca32d]
  • @​clack/core@​0.5.0

eslint/eslint (@​eslint/js)

v9.27.0

Compare Source

tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.1.7

Compare Source

Added

• Upgrade: Migrate bare values to named values (#​18000)
• Upgrade: Added cache to improve template migration performance (#​18025)

Fixed

• Allow _ before numbers during candidate extraction (#​17961)
• Prevent duplicate suggestions when using @theme and @utility together (#​17675)
• Ensure that media queries within ::before and ::after pseudo selectors create valid CSS rules in production builds (#​17979)
• Ensure that the standalone CLI does not leave temporary files behind (#​17981)
• Ensure -rotate-* utilities properly negate arbitrary values (#​18014)
• Ignore custom variants using :merge(…) selectors in legacy JS plugins (#​18020)
• Ensure classes containing . are properly extracted from Clojure files (#​18038)
• Upgrade: Fix error when using @import … source(…) (#​17963)
• Upgrade: Change casing of utilities with named values to kebab-case to match updated theme variables (#​18017)
• Upgrade: Don't migrate strings that match utility names in Vue attribute bindings other than class (#​18025)

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v4.5.0

Compare Source

Add filter for rolldown-vite #​470

Added filter so that it is more performant when running this plugin with rolldown-powered version of Vite.

Skip HMR for JSX files with hooks #​480

This removes the HMR warning for hooks with JSX.

vitejs/vite-plugin-react (@​vitejs/plugin-react-swc)

v3.10.0

Compare Source

Add filter for rolldown-vite #​470

Added filter so that it is more performant when running this plugin with rolldown-powered version of Vite.

Skip HMR preamble in Vitest browser mode #​478

This was causing annoying Sourcemap for "/@​react-refresh" points to missing source files and is unnecessary in test mode.

Skip HMR for JSX files with hooks #​480

This removes the HMR warning for hooks with JSX.

vuejs/core (@​vue/shared)

v3.5.14

Compare Source

Bug Fixes

• compat: correct deprecation message for v-bind.sync usage (#​13137) (466b30f), closes #​13133
• compiler-core: remove slot cache from parent renderCache during unmounting (#​13215) (5d166f3)
• compiler-sfc: fix scope handling for props destructure in function parameters and catch clauses (8e34357), closes #​12790
• compiler-sfc: treat the return value of useTemplateRef as a definite ref (#​13197) (8ae1122)
• compiler: fix spelling error in domTagConfig (#​13043) (388295b)
• customFormatter: properly accessing ref value during debugger (#​12948) (fdbd026)
• hmr/teleport: adjust static children traversal for HMR in dev mode (#​12819) (5e37dd0), closes #​12816
• hmr: avoid hydration for hmr root reload (#​12450) (1f98a9c), closes vitejs/vite-plugin-vue#146 vitejs/vite-plugin-vue#477
• hmr: avoid hydration for hmr updating (#​12262) (9c4dbbc), closes #​7706 #​8170
• reactivity: ensure markRaw objects are not reactive (#​12824) (295b5ec), closes #​12807
• reactivity: ensure multiple effectScope on() and off() calls maintains correct active scope (22dcbf3), closes #​12631 #​12632 #​12641
• reactivity: should not recompute if computed does not track reactive data (#​12341) (0b23fd2), closes #​12337
• runtime-core: stop tracking deps in setRef during unmount (#​13210) (016c472)
• runtime-core: update __vnode of static nodes when patching along the optimized path (#​13223) (b3ecee3)
• runtime-core: inherit comment nodes during block patch in production build (#​10748) (6264505), closes #​10747 #​12650
• runtime-core: prevent unmounted vnode from being inserted during transition leave (#​12862) (d6a6ec1), closes #​12860
• runtime-core: respect immutability for readonly reactive arrays in v-for (#​13091) (3f27c58), closes #​13087
• runtime-dom: always treat autocorrect as attribute (#​13001) (1499135), closes #​5705
• slots: properly warn if slot invoked in setup (#​12195) (9196222), closes #​12194
• ssr: properly init slots during ssr rendering (#​12441) (2206cd2), closes #​12438
• transition: fix KeepAlive with transition out-in mode behavior in production (#​12468) (343c891), closes #​12465
• TransitionGroup: reset prevChildren to prevent memory leak (#​13183) (8b848cb), closes #​13181
• types: allow return any for Options API lifecycle hooks (#​5914) (06310e8)
• types: the directive's modifiers should be optional (#​12605) (10e54dc)
• typos: fix comments referencing transformElement.ts (#​12551)[ci-skip] (11c053a)

Features

• types: add type TemplateRef (#​12645) (636a861)

web-platform-dx/baseline-browser-mapping (baseline-browser-mapping)

v2.4.3: - dependency changes

Compare Source

What's Changed

• Bump @​mdn/browser-compat-data from 6.0.15 to 6.0.16 by @​dependabot in https://github.com/web-platform-dx/baseline-browser-mapping/pull/44
• Bump @​types/node from 22.15.18 to 22.15.21 by @​dependabot in https://github.com/web-platform-dx/baseline-browser-mapping/pull/45
• Bump web-features from 2.35.1 to 2.35.3 by @​dependabot in https://github.com/web-platform-dx/baseline-browser-mapping/pull/46

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.4.2...v2.4.3

v2.4.2

Compare Source

What's Changed

• Bump @​mdn/browser-compat-data from 6.0.13 to 6.0.14 by @​dependabot in https://github.com/web-platform-dx/baseline-browser-mapping/pull/40
• Bump @​types/node from 22.15.17 to 22.15.18 by @​dependabot in https://github.com/web-platform-dx/baseline-browser-mapping/pull/41
• Bump web-features from 2.34.2 to 2.35.1
• Changed refresh static action to update @​mdn/browser-compat-data and web-features data every time it runs to ensure accuracy.

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.4.1...v2.4.2

v2.4.1: - bug fix

Compare Source

• v2.4.0 introduced an incorrect depenencies list, v2.4.1 fixes it

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.4.0...v2.4.1

v2.4.0

Compare Source

What's Changed

• Expand versions returned by getAllVersions(), fixes refresh-downstream bug by @​tonypconway in https://github.com/web-platform-dx/baseline-browser-mapping/pull/3
  Full Changelog: web-platform-dx/baseline-browser-mapping@v2.3.0...v2.4.0

eslint/eslint (eslint)

v9.27.0

Compare Source

un-ts/eslint-plugin-import-x (eslint-plugin-import-x)

v4.13.1

Compare Source

Patch Changes

• #​340 180785d Thanks @​JounQin! - fix(deps): bump eslint-import-context to v0.1.4

v4.13.0

Compare Source

Minor Changes

• #​335 371ebee Thanks @​JounQin! - feat: integrate eslint-import-context to get rule context without additional params

v4.12.2

Compare Source

Patch Changes

• #​332 0b3809b Thanks @​JounQin! - fix: remove buggy module-sync exports field

v4.12.1

Compare Source

Patch Changes

• #​329 4b284cb Thanks @​JounQin! - feat: add suggestions support for extensions unexpected case

v4.12.0

Compare Source

Minor Changes

• #​327 90c1cd0 Thanks @​JounQin! - feat(extensions): support pathGroupOverrides and fix options

sindresorhus/globals (globals)

v16.2.0

Compare Source

parcel-bundler/lightningcss (lightningcss)

v1.30.1

Compare Source

Fixed crash on process exit when lightningcss was loaded inside a Node.js worker thread on Linux

cloudflare/workers-sdk (miniflare)

v4.20250508.3

Compare Source

Patch Changes

• #​9277 db5ea8f Thanks @​penalosa! - Support Mixed Mode for more binding types

• #​9245 b87b472 Thanks @​penalosa! - Support Mixed Mode Dispatch Namespaces

v4.20250508.2

Compare Source

Patch Changes

• #​9256 3b384e2 Thanks @​penalosa! - Move the Analytics Engine simulator implementation from JSRPC to a Wrapped binding. This fixes a regression introduced in https://github.com/cloudflare/workers-sdk/pull/8935 that preventing Analytics Engine bindings working in local dev for Workers with a compatibility date prior to JSRPC being enabled.

v4.20250508.1

Compare Source

Patch Changes

• #​9246 d033a7d Thanks @​edmundhung! - fix: strip CF-Connecting-IP header within fetch

  In v4.15.0, Miniflare began stripping the CF-Connecting-IP header via a global outbound service, which led to a TCP connection regression due to a bug in Workerd. This PR patches the fetch API to strip the header during local wrangler dev sessions as a temporary workaround until the underlying issue is resolved.

v4.20250508.0

Compare Source

Patch Changes

• #​7914 37af035 Thanks @​andyjessop! - fix(miniflare): strip CF-Connecting-IP header from all outbound requests

• #​9174 ceeb375 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250507.0	1.20250508.0
  @​cloudflare/workers-types	^4.20250507.0	^4.20250508.0

• #​9181 349cffc Thanks @​penalosa! - Add a mixed-mode-only browser rendering plugin

• #​9186 362cb0b Thanks @​penalosa! - Support Mixed Mode Service Bindings in Miniflare

• #​9198 2cc8197 Thanks @​kylecarbs! - fix: ensure the fetch proxy message port is started

  While Node.js will start the message port automatically when a message event listener is added,
  this diverges from the standard Web API for message ports, which require you to explicitly start
  listening on the port.

• #​9168 6b42c28 Thanks @​dario-piotrowicz! - add mixedModeConnectionString to the various binding configs

microsoft/playwright (playwright-chromium)

v1.52.0

[Compare Source](https://github.com/microsoft/playwright/compare/v1.51.1...

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[JounQin]

dominikg/tsconfck#220 (comment)

cc @sapphi-red

[sapphi-red]

downgraded playwright for microsoft/playwright#35678

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[JounQin]

@sapphi-red Any schedule to release #20061 (comment)?

[sapphi-red]

@JounQin Probably in two weeks.