chore(deps): update all non-major npm dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/core (source)	^7.28.5 → ^7.28.6
@babel/preset-env (source)	^7.28.5 → ^7.28.6
@babel/runtime (source)	^7.28.4 → ^7.28.6
@hotwired/turbo-rails	^8.0.20 → ^8.0.21
axios (source)	^1.13.2 → ^1.13.3
caniuse-lite	^1.0.30001764 → ^1.0.30001766
core-js (source)	^3.47.0 → ^3.48.0
globals	^17.0.0 → ^17.1.0
postcss-html	^1.8.0 → ^1.8.1
puppeteer (source)	^24.35.0 → ^24.36.0
sass	^1.97.2 → ^1.97.3
stylelint-config-recess-order	^7.4.0 → ^7.6.0

---

Release Notes

babel/babel (@​babel/core)

v7.28.6

Compare Source

babel/babel (@​babel/preset-env)

v7.28.6

Compare Source

babel/babel (@​babel/runtime)

v7.28.6

Compare Source

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

• babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • #​17589 Improve Unicode handling in code-frame tokenizer (@​JLHwung)
• babel-plugin-transform-regenerator
  • #​17556 fix: transform-regenerator correctly handles scope (@​liuxingbaoyu)
• babel-plugin-transform-react-jsx
  • #​17538 fix: Keep jsx comments (@​liuxingbaoyu)

💅 Polish

• babel-core, babel-standalone
  • #​17606 Polish(standalone): improve message on invalid preset/plugin (@​JLHwung)

🏠 Internal

• babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex
  • #​17580 Allow Babel 8 in compatible Babel 7 plugins (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-plugin-transform-react-jsx
  • #​17555 perf: Use lighter traversal for jsx __source,__self (@​liuxingbaoyu)

Committers: 7

• Babel Bot (@​babel-bot)
• Eliot Pontarelli (@​kolvian)
• Huáng Jùnliàng (@​JLHwung)
• Kadhirash Sivakumar (@​kadhirash)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• coderaiser (@​coderaiser)

axios/axios (axios)

v1.13.3

Compare Source

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#​7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#​6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#​5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#​5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7257) (7d19335)
• turn AxiosError into a native error (#​5394) (#​5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#​5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#​7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#​6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#​5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#​6053) (65a7584)
• add Node.js coverage script using c8 (closes #​7289) (#​7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#​6265) (860e033)
• enhance pipeFileToResponse with error handling (#​7169) (88d7884)
• types: Intellisense for string literals in a widened union (#​6134) (f73474d), closes /github.com/microsoft/TypeScript/issues/33471#issuecomment-1376364329

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7…" (#​7298) (a4230f5), closes #​7253 #​7 #​7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#​7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad
• JohnTitor
• rohit miryala
• Wilson Mun
• techcodie
• Ved Vadnere
• svihpinc
• SANDESH LENDVE
• Lubos
• Jarred Sumner
• Adam Hines
• Subhan Kumar Rai
• Joseph Frazier
• KT0803
• Albie
• Jake Hayes

browserslist/caniuse-lite (caniuse-lite)

v1.0.30001766

Compare Source

v1.0.30001765

Compare Source

zloirock/core-js (core-js)

v3.48.0

Compare Source

• Changes v3.47.0...v3.48.0 (126 commits)
• Map upsert proposal:
  • Built-ins:
    • Map.prototype.getOrInsert
    • Map.prototype.getOrInsertComputed
    • WeakMap.prototype.getOrInsert
    • WeakMap.prototype.getOrInsertComputed
  • Moved to stable ES, January 2026 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Use CreateDataProperty / CreateDataPropertyOrThrow in some missed cases, #​1497
• Minor fix / optimization in the RegExp constructor (NCG and dotAll) polyfill
• Added some more workarounds for a Safari < 13 bug with silent ignore of non-writable array .length
• Added detection of a Webkit bug: Iterator.prototype.flatMap throws on iterator without return method
• Added detection of a V8 ~ Chromium < 144 bug: Uint8Array.prototype.setFromHex throws an error on length-tracking views over ResizableArrayBuffer
• Compat data improvements:
  • Map upsert proposal features marked as shipped in V8 ~ Chrome 145
  • Joint iteration proposal features marked as shipped in FF148
  • Iterator.concat marked as shipped in Bun 1.3.7
  • Added Rhino 1.9.0 compat data
  • Added Deno 2.6 compat data mapping
  • Added Opera Android 93 and 94 compat data mapping
  • Added Electron 41 compat data mapping
  • Iterator.prototype.flatMap marked as supported from Safari 26.2 and Bun 1.2.21 because of a bug: throws on iterator without return method
  • Uint8Array.prototype.setFromHex marked as supported from V8 ~ Chromium 144 because of a bug: throws an error on length-tracking views over ResizableArrayBuffer

sindresorhus/globals (globals)

v17.1.0

Compare Source

• Add webpack and rspack globals (#​333) 65cae73

---

ota-meshi/postcss-html (postcss-html)

v1.8.1

Compare Source

What's Changed

• fix: crash in toJSON() due to document property. by @​ota-meshi in #​147

Full Changelog: ota-meshi/postcss-html@v1.8.0...v1.8.1

puppeteer/puppeteer (puppeteer)

v24.36.0

Compare Source

🎉 Features

• roll to Chrome 144.0.7559.96 (#​14587) (35eaf7c)
• roll to Firefox 147.0 (#​14559) (63dd0e4)
• webdriver: use emulation.setClientHintsOverride (#​14588) (d63dafd)
• webdriver: use emulation.setTouchOverride (#​14566) (e726839)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.35.0 to 24.36.0

🛠️ Fixes

• HTTPResponse.text() method expected to throw when content is malformed (#​14450) (d967f6c)
• roll to Firefox 147.0.1 (#​14574) (c9bdb7a)

sass/dart-sass (sass)

v1.97.3

Compare Source

• Fix a bug where nesting an at-rule within multiple style rules in plain CSS
  could cause outer style rules to be omitted.

stormwarning/stylelint-config-recess-order (stylelint-config-recess-order)

v7.6.0

Compare Source

Minor Changes

• Add Anchor Positioning properties (#​449)
  • anchor-name
  • anchor-scope
  • anchor-center
  • position-area
  • position-anchor
  • position-try
  • position-try-order
  • position-try-fallbacks
  • position-visibility

v7.5.0

Compare Source

Minor Changes

• Add Corner Shape properties (#​442)
  Thanks @​aicest!
  • corner
  • longhand corner-* properties
  • corner-shape
  • longhand corner-*-shape properties

Patch Changes

• Add support for Stylelint v17 (#​447)

  Updated peerDependencies version ranges for stylelint and stylelint-order.

  Fixes #​446

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.11%. Comparing base (a214224) to head (3504885).
⚠️ Report is 1 commits behind head on staging.

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #1217   +/-   ##
========================================
  Coverage    77.11%   77.11%           
========================================
  Files           54       54           
  Lines         1372     1372           
========================================
  Hits          1058     1058           
  Misses         314      314           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.