fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@vitejs/devtools (source)	^0.1.5 → ^0.1.11
@vitest/utils (source)	4.1.0 → 4.1.2
@vue/shared (source)	^3.5.30 → ^3.5.31
@vue/tsconfig	^0.9.0 → ^0.9.1
baseline-browser-mapping	^2.10.10 → ^2.10.12
miniflare (source)	^4.20260317.1 → ^4.20260317.3
pnpm (source)	10.32.1 → 10.33.0
solid-js (source)	^1.9.11 → ^1.9.12
svelte (source)	^5.54.1 → ^5.55.1
typescript-eslint (source)	^8.57.1 → ^8.57.2
vite (source)	^8.0.1 → ^8.0.3
vitepress-plugin-group-icons	^1.7.1 → ^1.7.3
vitest (source)	^4.1.0 → ^4.1.2
vue (source)	^3.5.30 → ^3.5.31

---

Release Notes

vitejs/devtools (@​vitejs/devtools)

v0.1.11

Compare Source

   🐞 Bug Fixes

• Preserve user app output in build.withApp mode  -  by @​antfu in #​258 (bc844)

    View changes on GitHub

v0.1.10

Compare Source

   🐞 Bug Fixes

• Merge command shortcuts into user settings for persistence  -  by @​antfu and Claude Haiku 4.5 in #​257 (637d3)
• Make KeybindingBadge reactive to prop changes  -  by @​SaKaNa-Y in #​256 (c799c)

    View changes on GitHub

v0.1.9

Compare Source

   🚀 Features

• Visual differentiation for action buttons in docks  -  by @​antfu in #​245 (3293f)
• Add build.withApp option to auto-generate static devtools  -  by @​antfu and Claude Haiku 4.5 in #​249 (22621)
• Commands system, commands palette, shortcuts and when clauses  -  by @​antfu in #​247 (210d8)
• Prevent disabling settings dock and builtin category group  -  by @​antfu in #​251 (ddd77)

    View changes on GitHub

v0.1.8

Compare Source

No significant changes

    View changes on GitHub

vitest-dev/vitest (@​vitest/utils)

v4.1.2

Compare Source

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (#​9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in #​9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in #​9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in #​9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in #​9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in #​9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in #​9851 (6f97b)

    View changes on GitHub

v4.1.1

Compare Source

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in #​9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in #​9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in #​9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in #​9831 and #​9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in #​9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in #​9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in #​9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in #​9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in #​9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in #​9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in #​9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in #​9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in #​9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in #​9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in #​9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in #​9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in #​9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in #​9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in #​9949 (0d5f9)

    View changes on GitHub

vuejs/core (@​vue/shared)

v3.5.31

Compare Source

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#​13045) (95c3356), closes #​9919
• compiler-sfc: support template literal as defineModel name (#​14622) (bd7eef0), closes #​14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#​14625) (1bb28d0), closes #​12427 #​12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#​14624) (560def4), closes #​12708 #​12710
• runtime-core: preserve nullish event handlers in mergeProps (#​14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#​14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#​8619) (88ed045), closes #​8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#​14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#​14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#​9392) (908c6ad), closes #​7966
• suspense: update suspense vnode's el during branch self-update (#​12922) (a2c1700), closes #​12920
• transition: skip enter guard while hmr updating (#​14611) (be0a2f1), closes #​14608
• types: prevent shallowReactive marker from leaking into value unions (#​14493) (3b561db), closes #​14490

vuejs/tsconfig (@​vue/tsconfig)

v0.9.1

Compare Source

Notable Changes

• Align the TypeScript peer dependency requirement with the documentation (>= 5.8, including TypeScript 6)

Full Changelog: vuejs/tsconfig@v0.9.0...v0.9.1

web-platform-dx/baseline-browser-mapping (baseline-browser-mapping)

v2.10.12

Compare Source

v2.10.11

Compare Source

cloudflare/workers-sdk (miniflare)

v4.20260317.3

Compare Source

Minor Changes

• #​13027 9fcdfca Thanks @​G4brym! - feat: Add ai_search_namespaces and ai_search binding types

  Two new binding types for AI Search:

  • ai_search_namespaces: Namespace binding — namespace is required and auto-provisioned at deploy time if it doesn't exist (like R2 buckets)
  • ai_search: Single instance binding bound directly to a pre-existing instance in the default namespace

  Both are remote-only in local dev.

• #​13030 0386553 Thanks @​natewong1313! - Add local mode support for Stream bindings

  Miniflare and wrangler dev now support using Cloudflare Stream bindings locally.

  Supported operations:

  • upload() — upload video via URL
  • video(id).details(), .update(), .delete(), .generateToken()
  • videos.list()
  • captions.generate(), .list(), .delete()
  • downloads.generate(), .get(), .delete()
  • watermarks.generate(), .list(), .get(), .delete()

  The following are not yet supported in local mode and will throw:

  • createDirectUpload()
  • Caption upload via File
  • Watermark generation via File

  Data is persisted across restarts by default. You must set streamPersist: false in Miniflare options to disable persistence.

Patch Changes

• #​12686 1faff35 Thanks @​edmundhung! - Move internal proxy endpoint to reserved /cdn-cgi/ path

  The internal HTTP endpoint used by getPlatformProxy has been moved to a reserved path. This is an internal change with no impact on the getPlatformProxy API.

• #​13080 f4ea4ac Thanks @​penalosa! - fix: glob patterns for module rules no longer match double-extension filenames like foo.wasm.js

  Previously, the globsToRegExps helper compiled glob patterns without a trailing $ anchor. This caused patterns like **/*.wasm to match any path containing .wasm as a substring — including filenames such as foo.wasm.js or main.wasm.test.ts.

  When using @cloudflare/vitest-pool-workers with a wrangler.configPath, Wrangler's default CompiledWasm module rule (**/*.wasm) was silently applied to test files whose names contained .wasm, causing them to be loaded as WebAssembly binaries instead of JavaScript and failing at runtime.

  The fix restores the $ end anchor in the compiled regex so that **/*.wasm only matches paths that literally end in .wasm, while the leading ^ remains absent to allow matching anywhere within an absolute path.

v4.20260317.2

Compare Source

Patch Changes

• #​11753 b8f3309 Thanks @​ruifigueira! - Added the following improvements to local Browser Rendering binding in Miniflare:

  • Local Chrome version upgraded to 126.0.6478.182
  • Reciprocate browser websocket close events

• #​12986 5aaaab2 Thanks @​petebacondarwin! - fix: allow mixed d1Databases records containing both string and object entries

  Previously, passing a d1Databases config that mixed plain string values and object entries (e.g. { MY_DB: "db-name", OTHER_DB: { id: "...", remoteProxyConnectionString: ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #​12986 5aaaab2 Thanks @​petebacondarwin! - fix: allow mixed kvNamespaces records containing both string and object entries

  Previously, passing a kvNamespaces config that mixed plain string values and object entries (e.g. { MY_NS: "ns-name", OTHER_NS: { id: "...", remoteProxyConnectionString: ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #​12987 f8516dd Thanks @​petebacondarwin! - fix: allow mixed pipelines records containing both string and object entries

  Previously, passing a pipelines config that mixed plain string values and object entries (e.g. { MY_PIPELINE: "pipeline-name", OTHER_PIPELINE: { pipeline: "...", remoteProxyConnectionString: ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #​12952 9c9fe30 Thanks @​petebacondarwin! - fix: allow mixed r2Buckets records containing both string and object entries

  Previously, passing an r2Buckets config that mixed plain string values and object entries (e.g. { MY_BUCKET: "bucket-name", OTHER_BUCKET: { ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #​13015 6a6449e Thanks @​petebacondarwin! - fix: disable undici Pool request timeouts for local dev

  Miniflare's undici Pool instances were using the default headersTimeout and bodyTimeout of 300 seconds (5 minutes). Any request taking longer than that — streaming responses, large uploads, long-polling, or compute-heavy Workers — would be silently killed with a "request failed" error.

  Setting both timeouts to 0 disables them entirely, which is the correct behaviour for a local development tool where there is no reason to enforce request timeouts.

pnpm/pnpm (pnpm)

v10.33.0

Compare Source

sveltejs/svelte (svelte)

v5.55.1

Compare Source

Patch Changes

• fix: correctly handle bindings on the server (#​18009)

• fix: prevent hydration error on async {@​html ...} (#​17999)

• fix: cleanup superTypeParameters in ClassDeclarations/ClassExpression (#​18015)

• fix: improve duplicate module import error message (#​18016)

• fix: reschedule new effects in prior batches (#​18021)

v5.55.0

Compare Source

Minor Changes

• feat: export TweenOptions, SpringOptions, SpringUpdateOptions and Updater from svelte/motion (#​17967)

Patch Changes

• fix: ensure HMR wrapper forwards correct start/end nodes to active effect (#​17985)

typescript-eslint/typescript-eslint (typescript-eslint)

v8.57.2

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v8.0.3

Compare Source

Features

• update rolldown to 1.0.0-rc.12 (#​22024) (84164ef)

Bug Fixes

• html: cache unfiltered CSS list to prevent missing styles across entries (#​22017) (5464190)
• module-runner: handle non-ascii characters in base64 sourcemaps (#​21985) (77c95bf)
• module-runner: skip re-import if the runner is closed (#​22020) (ee2c2cd)
• optimizer: scan is not resolving sub path import if used in a glob import (#​22018) (ddfe20d)
• ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#​22019) (cff5f0c)

Miscellaneous Chores

• deps: bump picomatch from 4.0.3 to 4.0.4 (#​22027) (7e56003)

Tests

• html: add tests for getCssFilesForChunk (#​22016) (43fbbf9)

v8.0.2

Compare Source

Features

• update rolldown to 1.0.0-rc.11 (#​21998) (ff91c31)

Bug Fixes

• deps: update all non-major dependencies (#​21988) (9b7d150)

Miscellaneous Chores

• deps: update dependency @​vitejs/devtools to ^0.1.5 (#​21992) (b2dd65b)

yuyinws/vitepress-plugin-group-icons (vitepress-plugin-group-icons)

v1.7.3

Compare Source

   🚀 Features

• Migrate to vite-plus  -  by @​yuyinws in #​35 (ed34c)

   🐞 Bug Fixes

• types: Don't bundle markdown-it types  -  by @​brc-dd in #​36 (513e7)

    View changes on GitHub

v1.7.2

Compare Source

   🚀 Features

• Add decodeHtmlEntities function to handle HTML entity decoding  -  by @​yuyinws (c4e1c)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.