deps(frontend): bump the frontend-dependencies group in /app with 16 updates

[dependabot]

Bumps the frontend-dependencies group in /app with 16 updates:

Package	From	To
@next/third-parties	16.2.4	16.2.6
@slack/web-api	7.15.1	7.15.2
mermaid	11.14.0	11.15.0
next	16.2.4	16.2.6
posthog-js	1.372.9	1.373.4
react	19.2.5	19.2.6
react-dom	19.2.5	19.2.6
swagger-ui-react	5.32.5	5.32.6
tailwind-merge	3.5.0	3.6.0
zod	4.3.6	4.4.3
@types/node	25.6.0	25.7.0
jsdom	29.1.0	29.1.1
knip	6.8.0	6.13.1
postcss	8.5.12	8.5.14
vite	8.0.10	8.0.12
vitest	4.1.5	4.1.6

Updates @next/third-parties from 16.2.4 to 16.2.6

Release notes

Sourced from @​next/third-parties's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

• fix: preserve HTTP access fallbacks during prerender recovery (#92231)
• Fix fallback route params case in app-page handler (#91737)
• Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
• Patch setHeader for direct route handlers (#93101)
• Include deployment id in cacheHandlers keys (#93453)
• Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

• ee6e79b v16.2.6
• 766148f v16.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​next/third-parties since your current version.

Updates @slack/web-api from 7.15.1 to 7.15.2

Release notes

Sourced from @​slack/web-api's releases.

@​slack/web-api@​7.15.2

Patch Changes

• 4b6fe3a: feat: add authorship arguments - icon_emoji, icon_url, and username - to the assistant.threads.setStatus and chat.startStream methods
• Updated dependencies [4f03ee8]
  • @​slack/types@​2.21.0

Commits

• fde2a7a chore: release (#2577)
• 4b6fe3a feat(web-api): add authorship arguments to assistant threads and chat stream ...
• f5696c3 cli-test(fix): wait for cli run start trace instead of activity output (#2355)
• 11dd0f5 feat(types): add Card, Carousel, and Alert block types (#2567)
• 4f03ee8 feat(types): add Card, Carousel, and Alert block types (#2567)
• a5a2954 chore(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.3 (#2574)
• 14f98c9 chore(deps): bump dependabot/fetch-metadata from 3.0.0 to 3.1.0 (#2575)
• b8b88cb chore(deps): bump uuid from 13.0.1 to 14.0.0 in /examples/openid-connect (#2576)
• ea8998b chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#2573)
• 4af912d ci: simplify test scripts and separate coverage from test runs (#2566)
• Additional commits viewable in compare view

Updates mermaid from 11.14.0 to 11.15.0

Release notes

Sourced from mermaid's releases.

mermaid@11.15.0

Minor Changes

• #7174 0aca217 Thanks @​milesspencer35! - feat(sequence): Add support for decimal start and increment values in the autonumber directive

• #7512 8e17492 Thanks @​aruncveli! - feat(flowchart): add datastore shape

  In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with A@{ shape: datastore, label: "Datastore" }.

• #6440 9ad8dde Thanks @​yordis, @​lgazo! - feat: add Event Modeling diagram

• #7707 27db774 Thanks @​txmxthy! - feat(architecture): expose four fcose layout knobs for architecture-beta diagrams (nodeSeparation, idealEdgeLengthMultiplier, edgeElasticity, numIter) so authors can tune layout density and spread overlapping siblings without changing diagram source

• #7604 bf9502f Thanks @​M-a-c! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting

  If you have namespaces in class diagrams that use .s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set class.hierarchicalNamespaces=false in your mermaid config:

  config:
    class:
      hierarchicalNamespaces: false

• #7272 88cdd3d Thanks @​xinbenlv! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colors

Patch Changes

• #7737 e9b0f34 Thanks @​ashishjain0512! - fix: prevent unbalanced CSS styles in classDefs

• #7737 37ff937 Thanks @​ashishjain0512! - fix: create CSS styles using the CSSOM

  This removes some invalid CSS and normalizes some CSS formatting.

• #7508 bfe60cc Thanks @​biiab! - fix(stateDiagram): end note now only closes a note when used on a new line

• #7737 faafb5d Thanks @​ashishjain0512! - fix(gantt): add iteration limit for excludes field

• #7737 65f8be2 Thanks @​ashishjain0512! - fix: disallow some CSS at-rules in custom CSS

• #7726 1502f32 Thanks @​aloisklink! - fix(wardley): fix unnecessary sanitization of text

• #7578 1f98db8 Thanks @​Gaston202! - fix(class): self-referential class multiplicity labels no longer rendered multiple times

  Fixes #7560. Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions.

• #7592 2343e38 Thanks @​knsv-bot! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams

• #7589 7fb9509 Thanks @​NYCU-Chung! - fix(block): prevent column widths from shrinking when mixing different column spans

• #7632 3f9e0f1 Thanks @​ekiauhce! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams

... (truncated)

Commits

• 41646df Merge pull request #7739 from aloisklink/ci/fix-release
• 2671f5c docs: fix v11.15.0 release
• f4bf04b Merge pull request #7738 from mermaid-js/changeset-release/master
• abfb563 Version Packages
• 60b289f Release Candidate 11.15.0 (#7737)
• d37c0db Merge pull request #7730 from aloisklink/fix/fix-edgeLabelRightLeft-changes
• 5ab5a28 docs: improve nested namespace changeset
• 18f8b4c fix: revert endEdgeLabelLeft/endEdgeLabelRight change
• 504b2eb Merge pull request #7726 from aloisklink/fix/correct-unnecessary-html-escapes...
• 1502f32 fix(wardley): fix unnecessary sanitization of text
• Additional commits viewable in compare view

Updates next from 16.2.4 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

• fix: preserve HTTP access fallbacks during prerender recovery (#92231)
• Fix fallback route params case in app-page handler (#91737)
• Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
• Patch setHeader for direct route handlers (#93101)
• Include deployment id in cacheHandlers keys (#93453)
• Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

• ee6e79b v16.2.6
• afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
• 97a154e Turbopack: Fix middleware matcher suffix (#93590)
• 83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
• 7b222b9 [backport][test] Pin package manager to patch versions (#93595)
• a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
• 766148f v16.2.5
• 0dd9483 fix: add explicit checks for RSC header (#83) (#98)
• d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
• 9d50c0b Strip next-resume header from incoming requests (#92)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates posthog-js from 1.372.9 to 1.373.4

Release notes

Sourced from posthog-js's releases.

posthog-js@1.373.4

1.373.4

Patch Changes

• #3602 4b895bf Thanks @​marandaneto! - Validate gzip request bodies at the browser send boundary and fall back to JSON if the outgoing body is not gzip data. (2026-05-12)
• Updated dependencies [4b895bf]:
  • @​posthog/core@​1.29.1
  • @​posthog/types@​1.373.4

posthog-js@1.373.3

1.373.3

Patch Changes

• Updated dependencies [ad60818]:
  • @​posthog/core@​1.29.0
  • @​posthog/types@​1.373.3

posthog-js@1.373.2

1.373.2

Patch Changes

• #3568 223d925 Thanks @​marandaneto! - Validate native gzip output before sending requests and fall back when CompressionStream returns malformed data. (2026-05-11)
• Updated dependencies [223d925]:
  • @​posthog/core@​1.28.7
  • @​posthog/types@​1.373.2

posthog-js@1.373.1

1.373.1

Patch Changes

• #3566 7d027bc Thanks @​dustinbyrne! - Prevent browser log capture from throwing when console arguments contain unreadable properties. (2026-05-11)
• Updated dependencies []:
  • @​posthog/types@​1.373.1
  • @​posthog/core@​1.28.6

posthog-js@1.373.0

1.373.0

Minor Changes

• #3547 4c0c7d9 Thanks @​williamchong! - capture() now accepts an optional uuid on CaptureOptions. (2026-05-11)

... (truncated)

Commits

• 50480eb chore: update versions and lockfile [version bump]
• 4b895bf fix: validate gzip body before browser send (#3602)
• db56be8 ci: add notice for edits to auto-generated files (#3603)
• 417765c chore: update versions and lockfile [version bump]
• 4a4cf7e Revert reference files changes (#3601)
• ad60818 feat(node): expose UUID v7 and cookie helpers (#3599)
• 04e168f chore: update versions and lockfile [version bump]
• 223d925 fix: validate native gzip output (#3568)
• 5efb512 chore: update versions and lockfile [version bump]
• 7d027bc fix: handle unreadable console log properties (#3566)
• Additional commits viewable in compare view

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates swagger-ui-react from 5.32.5 to 5.32.6

Release notes

Sourced from swagger-ui-react's releases.

v5.32.6

5.32.6 (2026-05-12)

Bug Fixes

• deps-dev: address undici vulnerability (#10870) (35f5a6a)
• docker: address CVE-2026-27135 nghttp2-libs vulnerability (#10879) (0a63415)

Commits

• dcdca62 chore(release): cut the 5.32.6 release
• 871b897 chore(deps): swagger-client to 3.37.4 (#10880)
• 0a63415 fix(docker): address CVE-2026-27135 nghttp2-libs vulnerability (#10879)
• 9da9aed chore(deps-dev): bump fast-uri from 3.0.6 to 3.1.2 (#10875)
• 716b006 chore(deps): bump @​babel/plugin-transform-modules-systemjs (#10877)
• 70120da chore(deps-dev): replace html-webpack-skip-assets-plugin with native excludeC...
• f672bd2 chore(deps): bump axios from 1.15.0 to 1.16.0 (#10872)
• 35f5a6a fix(deps-dev): address undici vulnerability (#10870)
• 5210ab5 chore(deps-dev): bump postcss from 8.5.3 to 8.5.12 (#10859)
• See full diff in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
• e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
• e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
• 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
• bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
• 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
• 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
• 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
• c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

• 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
• 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
• cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
• edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
• 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits

• 1fb56a5 docs: document release procedure in AGENTS.md
• f3c9ec0 4.4.3
• c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
• 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 9195250 docs: remove Mintlify from bronze sponsors (churned)
• 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
• 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
• 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
• 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Updates @types/node from 25.6.0 to 25.7.0

Commits

• See full diff in compare view

Updates jsdom from 29.1.0 to 29.1.1

Release notes

Sourced from jsdom's releases.

v29.1.1

• Fixed 'border-radius' computed style serialization. (@​asamuzaK)
• Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@​asamuzaK)
• Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@​asamuzaK)

Commits

• 9b9ea7e 29.1.1
• 07efb78 Optimize computed style comparison
• 5f66329 Fix background-origin/background-clip in background shorthand
• ad8af77 Fix border shorthand handling
• See full diff in compare view

Updates knip from 6.8.0 to 6.13.1

Release notes

Sourced from knip's releases.

Release 6.13.1

• Add jest.config.{cts,mts} (#1743) (44738d678c9992799f5fe4909a01cc5ddd702aa2) - thanks @​joshkel!
• Update ecosystem tests (74420a614dfa15b81906266279c31ae0bf4e21bd)
• Fix export * as re-exported namespace case (5923af48fc33aa56c2f42f882aa185e66626453d)
• Add .mts and .cts config files to some plugins (69d1e83123e56c2c441f320c81bae099ba1eb014)
• Docusaurus: ignore @generated/*, handle local plugin paths (ce5f7672fced084bfb017410650b78d36133e1b0)
• Nx: expand {projectRoot} / {workspaceRoot} token variables (871531228b0cb67ff07fdb9d77316c4340ccaf33)

Release 6.13.0

• Add mercurial (hg) to command constants (#1737) (abb08b0958e08a12684deacf0ab62dc7ada38074) - thanks @​unrevised6419!
• Expand wildcards in Jest projects (#1710) (7cb2d37a5c46b54d8be9bee1fbb026b52bb71246) - thanks @​joshkel!
• Add knex visitor to scan source files for config (resolve #1736) (4c96fd297f33316921186293cf9f9d323ca48eb8)
• Refactor to a better split of ast helpers (6e726a2c66727c2346b4c249a2efcd7d752231f5)
• Handle package.json exports for outDir="." (resolve #1738) (42497c249545cd9e4ae8b7e64995e62cb0e8885d)
• Fix star re-exported namespace case (resolve #1739) (e566c4b1a1bc697c0997e8a4ef6bdeb746524166)
• Strip comments in scripts in compilers (resolve #1740) (a123d5c35ba6b9239f6ac1d20cf50b8b0f9b2d28)
• Update rolldown snapshot (edfee2b3b6bfc3085d432fa5765b4e7a60ba5783)
• Source-map subpath imports + collect pairs from referenced tsconfigs (7c5acc4a33047156205ff61413a83625bb9e05b4)
• Tighten source-mapping utilities (0b68b81b4a732b3db64d69fd8c47802ff3302564)
• Update dependencies (8788c1a64a93d568a9391693278a388af6980dec)
• Remove obsolete internal jsdoc tag (0fed9756b485deb1831fbc78d8053bc939bd6971)
• Add @​serhalp and @​stevennevins to sponsors (thank you!) (999a5e3551e0bafbcfa7a1540ae7f3fc4218828b)
• Fix astro config after bump (f63537aa40f42aa7d3ff4bc64dab20dd01ecba83)

Release 6.12.2

• Fix symbol reporter file paths with --directory (#1733) (d54074d4f5b9299aecb264897c7369fb81a499fc) - thanks @​cyphercodes!
• fix(webpack): reference TS loaders for .ts/.cts config (close #1732) (f37c5daa5403fdf78e2746fea83ce79e1577eb48)
• fix(serverless-framework): skip functions without handler (close #1735) (616739de3ee9c5c216c0efe098d837bb286c102f)
• ci(integration): disable minimumReleaseAge for test installs (081dfc83039324292ceb1018f73ab2c98fd51ccd)
• ci(snapshots): query — add CreateQueriesOptions to unused types (5dd0b8a15e1c8298b8bad7388a17951a70285f56)

Release 6.12.1

• fix: type-only imports in monorepos (#1715) (de33a2cb020f321f242bfb3884cdd597fb5f868c) - thanks @​lishaduck!
• Bump jiti to ^2.7.0 (#1729) (0fe8dc33dc60b05a814828046aa5207051fc4b6d) - thanks @​re-taro!
• Fix Vercel config detection (#1726) (370236d2e67058fb30c77a5f54d88b9774276eef) - thanks @​jakeleventhal!
• Fix inferred declaration export references (#1728) (4dcd756f0903c1045a7600201243decbc7184715) - thanks @​jakeleventhal!
• Remove stale root watch script (#1731) (2d555a18befc2576539491b5d66799e630689b38) - thanks @​jeffrey-takuma!
• Update sponsorships script/numbers (c3dcc8f4fd923f87baad444c5f8e23fd7be15497)
• Add orgs using knip (78fd581857c0b01fc2ab987bc86d888954e97a71)
• Yolo (7e689bf60b39c6a4af46e8d68e9a6986df0e6f04)

Release 6.12.0

• Use venz light/dark responsive svg img (2354194043354b67ed9463b6998d40a8e8cbab81)
• Fix types/path references (4afc873801bcca933dbc71c47b5557cbab646c6b)
• Move on to pnpm 11 (b1060652e85b8bf9a306135ca12ae22032099889)
• Fix up ecosystem tests (c226a72b8936397dab2fc6d30e27517c257c36ca)
• Add shell binaries to global ignore list (#1716) (ddcf7debd820b9deac9f29d1ed904f340c0ee91e) - thanks @​jakeleventhal!
• Fix declaration export regression and document (resolve #1722) (3a2c22b52cda834b4d8a9956d9089b3dea9422bd)
• Update snapshot after 3a2c22b (8300078b75913d94ef19dbd1990e2073db8541d8)
• Detect babel.plugins/presets in @​vitejs/plugin-react via function-form defineConfig (resolve #1723) (d56ee51c2162c29baf3564ded39639a1a258caa1)

... (truncated)

Commits

• f78246a Release knip@6.13.1
• 8715312 Nx: expand {projectRoot} / {workspaceRoot} token variables
• ce5f767 Docusaurus: ignore @generated/*, handle local plugin paths
• 69d1e83 Add .mts and .cts config files to some plugins
• 5923af4 Fix export * as re-exported namespace case
• 44738d6 Add jest.config.{cts,mts} (#1743)
• 4a0aa39 Release knip@6.13.0
• 8788c1a Update dependencies
• 0b68b81 Tighten source-mapping utilities
• 7c5acc4 Source-map subpath imports + collect pairs from referenced tsconfigs
• Additional commits viewable in compare view

Updates postcss from 8.5.12 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

Changelog

Sourced from postcss's changelog.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

Commits

• 3ec1394 Release 8.5.14 version
• f2bb827 Update dependencies
• d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
• 68bd213 fix: always call raw to retrieve raw values
• af58cf1 Release 8.5.13 version
• f227dbd Temporary ignore pnpm 11 config
• d3abd40 Update dependencies
• dd06c3e Revert stringifier changes because of the conflict with postcss-scss
...

Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
archestra	Ignored		May 20, 2026 1:48pm

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.