Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 21 updates#166

Merged
aliceout merged 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-a5d2a43b06
Jul 3, 2026
Merged

chore(deps): bump the minor-and-patch group across 1 directory with 21 updates#166
aliceout merged 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-a5d2a43b06

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 21 updates in the / directory:

Package From To
eslint 10.5.0 10.6.0
eslint-plugin-import-x 4.16.2 4.17.1
globals 17.6.0 17.7.0
lint-staged 17.0.7 17.0.8
typescript-eslint 8.61.1 8.62.1
@hono/node-server 2.0.5 2.0.6
@sentry/node 10.59.0 10.62.0
@simplewebauthn/server 13.3.1 13.3.2
hono 4.12.26 4.12.27
node-cron 4.4.1 4.5.0
nodemailer 9.0.1 9.0.3
puppeteer 25.1.0 25.2.1
@playwright/test 1.61.0 1.61.1
@sentry/react 10.59.0 10.62.0
@tailwindcss/vite 4.3.1 4.3.2
@tanstack/react-virtual 3.14.3 3.14.5
react-hook-form 7.79.0 7.80.0
react-router-dom 7.18.0 7.18.1
tailwindcss 4.3.1 4.3.2
@vitejs/plugin-react 6.0.2 6.0.3
vite 8.0.16 8.1.2

Updates eslint from 10.5.0 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)
Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates eslint-plugin-import-x from 4.16.2 to 4.17.1

Release notes

Sourced from eslint-plugin-import-x's releases.

v4.17.1

Patch Changes

  • #498 cf25a01 Thanks @​marcalexiei! - fix(extensions): don't require an extension for package subpaths that resolve to a .d.ts (e.g. vitest/config)

v4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Changelog

Sourced from eslint-plugin-import-x's changelog.

4.17.1

Patch Changes

  • #498 cf25a01 Thanks @​marcalexiei! - fix(extensions): don't require an extension for package subpaths that resolve to a .d.ts (e.g. vitest/config)

4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Commits
  • b767b8c chore: release eslint-plugin-import-x (#499)
  • cf25a01 fix(extensions): don't require extension for package subpaths resolving to .d...
  • b543300 docs: document the esmodule option for no-dynamic-require rule (#496)
  • 7578513 chore: release eslint-plugin-import-x (#472)
  • e3cc7e4 fix: strip querystrings and hash fragments when checking for file existence (...
  • 9a07009 fix: make extensions rule check Node.js subpath imports (#484)
  • 3e13121 fix: memoize legacyNodeResolve resolver to avoid native memory leak (#481)
  • fce29b1 fix(deps): replace @​package-json/types with an inline minimal type (#476)
  • 1c84235 fix: handle access errors during case checks (#494)
  • 96222bf chore: drop unused tmp (#487)
  • Additional commits viewable in compare view

Updates globals from 17.6.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

  • Update globals (2026-06-22) (#345) 33b75f9

sindresorhus/globals@v17.6.0...v17.7.0

Commits

Updates lint-staged from 17.0.7 to 17.0.8

Release notes

Sourced from lint-staged's releases.

v17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Changelog

Sourced from lint-staged's changelog.

17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Commits
  • 5f3b8f2 Merge pull request #1812 from lint-staged/changeset-release/main
  • 43a9b8d chore(changeset): release
  • 630e2f6 Merge pull request #1809 from lint-staged/restore-merge-status
  • 179b437 fix: restore Git merge status after creating backup stash
  • 6bae2e2 Merge pull request #1811 from lint-staged/exec-git-ignore-stderr
  • b82a830 ci: run npm audit omitting dev, including prod dependencies
  • 0b19b80 build(deps): update dependencies
  • 3d0b2c0 fix: ignore stderr when doing Git operations
  • See full diff in compare view

Updates typescript-eslint from 8.61.1 to 8.62.1

Release notes

Sourced from typescript-eslint's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.62.1 (2026-06-29)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @hono/node-server from 2.0.5 to 2.0.6

Release notes

Sourced from @​hono/node-server's releases.

v2.0.6

What's Changed

Full Changelog: honojs/node-server@v2.0.5...v2.0.6

Commits
  • ff75c61 2.0.6
  • 814720f fix: preserve status and statusText when cloning a Response with live headers...
  • a76209a ci: use npm Staged publishing (#364)
  • 44c365a ci: publish to npm from CI with OIDC trusted publishing and bump np (#361)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​hono/node-server since your current version.


Updates @sentry/node from 10.59.0 to 10.62.0

Release notes

Sourced from @​sentry/node's releases.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

Bundle size 📦

Path Size
@​sentry/browser 26.83 KB
@​sentry/browser - with treeshaking flags 25.3 KB
@​sentry/browser (incl. Tracing) 44.89 KB
@​sentry/browser (incl. Tracing + Span Streaming) 46.6 KB
@​sentry/browser (incl. Tracing, Profiling) 49.57 KB
@​sentry/browser (incl. Tracing, Replay) 83.22 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 73.06 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 87.8 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 100.17 KB
@​sentry/browser (incl. Feedback) 43.61 KB
@​sentry/browser (incl. sendFeedback) 31.5 KB
@​sentry/browser (incl. FeedbackAsync) 36.52 KB
@​sentry/browser (incl. Metrics) 27.87 KB
@​sentry/browser (incl. Logs) 28.11 KB
@​sentry/browser (incl. Metrics & Logs) 28.78 KB
@​sentry/react 28.59 KB
@​sentry/react (incl. Tracing) 47.15 KB

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

10.61.0

Important Changes

  • feat(core): Enable streamGenAiSpans by default (#21732)

    The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated by default. Set enableTruncation: true on the respective AI integration to re-enable truncation. To keep the previous behavior, set streamGenAiSpans: false.

    Self-hosted Sentry users should opt out with streamGenAiSpans: false, since streamed gen_ai spans may not be ingested by their Sentry instance.

Other Changes

  • feat(cloudflare): Add batch, exec, and withSession D1 instrumentation (#21292)
  • feat(cloudflare): Instrument SQL API in sqlite durable objects (#21656)
  • feat(core): Add db.query.summary functionality (#21670)
  • feat(core): Add top-level Sentry.setAttribute(s) APIs (#21705)
  • fix(hono): Name transactions after the matched route handler (#21700)
  • fix(react-router): Bump peerDependencies for react-router 8 (#21762)
  • fix(replays): Record replay trace_ids with span streaming (#21714)

... (truncated)

Commits
  • 1fc539e release: 10.62.0
  • 5ee7977 Merge pull request #21792 from getsentry/prepare-release/10.62.0
  • f36645c meta(changelog): Update changelog for 10.62.0
  • e562f94 ref(node): Streamline amqplib instrumentation (#21753)
  • e1312df ref(node): Fix server-utils name for VercelAI integration (#21809)
  • fc29e61 ref(node): Streamline Firebase instrumentation (#21748)
  • 2081179 ref(cloudflare): Revert vercelAi change (#21793)
  • 2309fb5 chore(github): Update tracked packages (#21789)
  • 3bfeb64 feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)
  • a15e2a8 fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)
  • Additional commits viewable in compare view

Updates @simplewebauthn/server from 13.3.1 to 13.3.2

Release notes

Sourced from @​simplewebauthn/server's releases.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Changelog

Sourced from @​simplewebauthn/server's changelog.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Commits
  • 84656ff Update version to 13.3.2
  • dd0d73c Fail cert path validation closed instead
  • 213e9ba Add test for failure to chain to trust anchor
  • 989507a Add tests for notAfter enforcement
  • b55f4b9 Move explanation into test
  • 7bed04c Update comments around cert chain validity
  • 6ee9644 Add new tests
  • c23890a Update existing test to use helpers
  • 8d02ed4 Add X.509 cert helpers for tests
  • 8a53d70 Use X509ChainBuilder for chain validation
  • Additional commits viewable in compare view

Updates hono from 4.12.26 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

Commits

Updates node-cron from 4.4.1 to 4.5.0

Release notes

Sourced from node-cron's releases.

v4.5.0

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run.
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday).

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call.
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker.
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search).
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation.
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero.
  • Bundle dist into flat files instead of preserving the module tree (reduces import time).

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression.
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks).
Changelog

Sourced from node-cron's changelog.

[4.5.0] - 2026-06-21

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run. (#557)
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday). (#560)

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call. (#561)
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker. (#562)
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search). (#563)
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation. (#564)
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero. (#565)
  • Bundle dist into flat files instead of preserving the module tree (reduces import time). (#566)

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression. (#567)
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks). (#568)
Commits
  • cd9a5a7 chore(release): 4.5.0 (#569)
  • fbdd883 Rewrite README to surface scheduling capabilities (#568)
  • c80a396 perf(build): bundle dist into flat files instead of preserving modules (#566)
  • b71b9b1 Fix typos in internal function names (#567)
  • 7c5015c perf(id): drop crypto.randomBytes from internal id generation (#564)
  • dd0a2a9 perf(pattern): parse cron expression once per TimeMatcher (#562)
  • cf69f32 perf(time): cache Intl.DateTimeFormat instances per timezone (#561)
  • dad56e1 perf(runner): run inline when no random delay is configured (#565)
  • a309d5f perf(time): compute the GMT offset lazily (#563)
  • c2db9d1 feat: support extended day-of-week tokens (# nth weekday and L last weekday) ...
  • Additional commits viewable in compare view

Updates nodemailer from 9.0.1 to 9.0.3

Release notes

Sourced from nodemailer's releases.

v9.0.3

9.0.3 (2026-06-30)

Bug Fixes

  • smtp-connection: harden STARTTLS upgrade and secure socket handling (#1835) (07d8253)

v9.0.2

9.0.2 (2026-06-29)

Bug Fixes

  • addressparser: keep operator chars inside an address-literal as text (#1829) (9ba1064)
  • harden smtp-connection low-severity issues (22ddcea)
  • harden smtp-connection response parsing and socket lifecycle (68860b9)
  • prevent SES transport callback double-invocation and hang on sync errors (#1831) (9517bc5)
  • reject...

    Description has been truncated

…1 updates

Bumps the minor-and-patch group with 21 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [eslint](https://github.com/eslint/eslint) | `10.5.0` | `10.6.0` |
| [eslint-plugin-import-x](https://github.com/un-ts/eslint-plugin-import-x) | `4.16.2` | `4.17.1` |
| [globals](https://github.com/sindresorhus/globals) | `17.6.0` | `17.7.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.7` | `17.0.8` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.61.1` | `8.62.1` |
| [@hono/node-server](https://github.com/honojs/node-server) | `2.0.5` | `2.0.6` |
| [@sentry/node](https://github.com/getsentry/sentry-javascript) | `10.59.0` | `10.62.0` |
| [@simplewebauthn/server](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/server) | `13.3.1` | `13.3.2` |
| [hono](https://github.com/honojs/hono) | `4.12.26` | `4.12.27` |
| [node-cron](https://github.com/node-cron/node-cron) | `4.4.1` | `4.5.0` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `9.0.1` | `9.0.3` |
| [puppeteer](https://github.com/puppeteer/puppeteer) | `25.1.0` | `25.2.1` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` |
| [@sentry/react](https://github.com/getsentry/sentry-javascript) | `10.59.0` | `10.62.0` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.3.1` | `4.3.2` |
| [@tanstack/react-virtual](https://github.com/TanStack/virtual/tree/HEAD/packages/react-virtual) | `3.14.3` | `3.14.5` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.79.0` | `7.80.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.18.0` | `7.18.1` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.1` | `4.3.2` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.2` |



Updates `eslint` from 10.5.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.5.0...v10.6.0)

Updates `eslint-plugin-import-x` from 4.16.2 to 4.17.1
- [Release notes](https://github.com/un-ts/eslint-plugin-import-x/releases)
- [Changelog](https://github.com/un-ts/eslint-plugin-import-x/blob/master/CHANGELOG.md)
- [Commits](un-ts/eslint-plugin-import-x@v4.16.2...v4.17.1)

Updates `globals` from 17.6.0 to 17.7.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.6.0...v17.7.0)

Updates `lint-staged` from 17.0.7 to 17.0.8
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v17.0.7...v17.0.8)

Updates `typescript-eslint` from 8.61.1 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint)

Updates `@hono/node-server` from 2.0.5 to 2.0.6
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v2.0.5...v2.0.6)

Updates `@sentry/node` from 10.59.0 to 10.62.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.59.0...10.62.0)

Updates `@simplewebauthn/server` from 13.3.1 to 13.3.2
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases)
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.2/packages/server)

Updates `hono` from 4.12.26 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.26...v4.12.27)

Updates `node-cron` from 4.4.1 to 4.5.0
- [Release notes](https://github.com/node-cron/node-cron/releases)
- [Changelog](https://github.com/node-cron/node-cron/blob/main/CHANGELOG.md)
- [Commits](node-cron/node-cron@v4.4.1...v4.5.0)

Updates `nodemailer` from 9.0.1 to 9.0.3
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v9.0.1...v9.0.3)

Updates `puppeteer` from 25.1.0 to 25.2.1
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-v25.1.0...puppeteer-v25.2.1)

Updates `@playwright/test` from 1.61.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.61.0...v1.61.1)

Updates `@sentry/react` from 10.59.0 to 10.62.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.59.0...10.62.0)

Updates `@tailwindcss/vite` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-vite)

Updates `@tanstack/react-virtual` from 3.14.3 to 3.14.5
- [Release notes](https://github.com/TanStack/virtual/releases)
- [Changelog](https://github.com/TanStack/virtual/blob/main/packages/react-virtual/CHANGELOG.md)
- [Commits](https://github.com/TanStack/virtual/commits/@tanstack/react-virtual@3.14.5/packages/react-virtual)

Updates `react-hook-form` from 7.79.0 to 7.80.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.79.0...v7.80.0)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `tailwindcss` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `@vitejs/plugin-react` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

Updates `vite` from 8.0.16 to 8.1.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.2/packages/vite)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: eslint-plugin-import-x
  dependency-version: 4.17.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: lint-staged
  dependency-version: 17.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: typescript-eslint
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@hono/node-server"
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@sentry/node"
  dependency-version: 10.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@simplewebauthn/server"
  dependency-version: 13.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: node-cron
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: nodemailer
  dependency-version: 9.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: puppeteer
  dependency-version: 25.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@sentry/react"
  dependency-version: 10.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@tanstack/react-virtual"
  dependency-version: 3.14.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-hook-form
  dependency-version: 7.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: vite
  dependency-version: 8.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 3, 2026
@aliceout aliceout merged commit dacef1d into main Jul 3, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/minor-and-patch-a5d2a43b06 branch July 3, 2026 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant