chore(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dev-dependencies group with 7 updates in the / directory:

Package	From	To
@release-it/conventional-changelog	10.0.6	11.0.0
eslint	10.2.1	10.3.0
release-it	19.2.4	20.0.1
turbo	2.9.6	2.9.8
vite	6.4.2	8.0.10
vitest	4.1.4	4.1.5
@opentelemetry/sdk-metrics	2.7.0	2.7.1

Updates @release-it/conventional-changelog from 10.0.6 to 11.0.0

Release notes

Sourced from @​release-it/conventional-changelog's releases.

Release 11.0.0

• Fix repository.url (23d3d9cd50fdb4475b8736273a776541833862c0)
• docs: fix broken links and remove outdated override warning (#138) (344bad3bf2f90618a86d3e38883a5d5eff12aaf1) - thanks @​aarondpn!
• fix: support release-it 20 (#142) (043242693e5c88244a25fbcf0dceafcbf955588f) - thanks @​twk3!
• Update dependencies & bump engines.node (1b746e6b5a26335cf01c314074dcf7e291c260a0)

Commits

• 981e7b0 Release 11.0.0
• 1b746e6 Update dependencies & bump engines.node
• 0432426 fix: support release-it 20 (#142)
• 344bad3 docs: fix broken links and remove outdated override warning (#138)
• 23d3d9c Fix repository.url
• See full diff in compare view

Updates eslint from 10.2.1 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])
• 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])
• 77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)
• 4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)
• 54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)
• f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)
• a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])
• 7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)
• b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])
• 2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)

Commits

• 7889204 10.3.0
• 5b69b4f Build: changelog update for 10.3.0
• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
• b6ae5cf fix: handle unavailable require cache (#20812)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
• 379571a feat: add suggestions for no-unused-private-class-members (#20773)
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
• Additional commits viewable in compare view

Updates release-it from 19.2.4 to 20.0.1

Release notes

Sourced from release-it's releases.

Release 20.0.1

• fix: allow false as npm config value in types (#1289) (f783e825944cf8114305606116ca61542f0031c6) - thanks @​ahippler!
• Bump actions/checkout from 5 to 6 (#1262) (19921fc2429b314912a139f66ed43ca12475ffd3) - thanks @​dependabot[bot]!
• fix: Replace @​nodeutils/defaults-deep with defu for deep-default merging (#1297) (8616a216ccf2be474732b1aefbe47dce0e6b4eb0) - thanks @​rajnsunny!
• Update dependencies (bee31380a2bbdda7aeaffe7658a3900290a1a181)

Release 20.0.0

• fix: remove leading slashes from owner (#1288) (5585b720e9389fa857ba50f86161245ccb3b9589) - thanks @​driiftkiing!
• Fix write: false guard in npm.bump (resolve #1267) (a2d1b99bfe52fff1b6768f904cae5c4aaa78cfb1)
• Format (f427a85758999073a5ea4f666c6ddb4cd5586d61)

Release 20.0.0-1

• Fix test (56cae4cd441e00a58d3d91fbc15b1503d423a775)
• Update changelog & docs for v20 (509e50b043003f8adf3f347af949819e2954b639)
• Improve guessPreReleaseTag → getRegistryDistTags (a62509e6c7374e3d6898b17ae9ec8c365296fe64)

Release 20.0.0-0

• fix: upgrade undici from 6.23.0 to 7.24.3 to resolve security vulnerabilities (#1285) (cd100eb1368d084f5892a9a2bbad0c14d511125e) - thanks @​nbouvrette!
• Fix Logger.info() on Node.js 25 (#1284) (dcc0b43fc6bb693b3ec176cd8d77bbb40f454164) - thanks @​bidord!
• Update proxy-agent to fix DEP0169 (#1287) (c660ef5f34536988abd203807f53ec3ea5c1c742) - thanks @​risantos!
• Update dependencies (9dc313e29e617af912ace05a5aaa5cc34fdf35a3)
• Fix lint issues (a0522ff8777fc6877bf03f5f441e33561c9dc25b)
• Bump engines.node (5654b9badae6dd08a3d654772d2f280f6b1d84c3)
• Don't roll back if isReleased is set (resolve #1281) (f2a31231f587cb4809415f4eae81a99617177341)
• Fix if not running test using npm (332f40536ec32bbd816f9872bb89bc864ee66136)
• Migrate to @​inquirer/prompts (resolve #1260) (6c21e95c9188e88d41bb30840672cbd5fe99f5b6)
• Pop it (c90c4c97e11da8f90b398f045e5337f8ec5e0439)

Changelog

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: [https://github.com/release-it/release-it/releases][1]

v20 (2026-03-24)

• Upgraded undici from v6 to v7 to resolve security vulnerabilities.
• Upgraded proxy-agent from v6 to v7 to fix DEP0169 (url.parse() deprecation).
• Migrated from deprecated inquirer to @inquirer/prompts.
• Bumped engines.node to minimum Node.js v20.19.0 (was v20.12.0).

v19 (2025-04-18)

• No breaking changes (dependency party)

v18 (2025-01-06)

• Removed support for Node.js v18.

v17 (2023-11-11)

• Removed support for Node.js v16.

v16 (2023-07-05)

• Removed support for Node.js v14.

v15 (2022-04-30)

• Removed support for Node.js v10 and v12.
• Removed support for GitLab v12.4 and lower.
• Removed anonymous metrics (and the option to disable it).
• Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

• Removed global property from plugins. Use this.config[key] instead.
• Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

• Dropped support for Node v8
• Dropped support for GitLab v11.6 and lower.
• Deprecated scripts are removed (in favor of [hooks][2]).
• Removed deprecated --non-interactive (-n) argument. Use --ci instead.
• Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

... (truncated)

Commits

• 55701a0 Release 20.0.1
• bee3138 Update dependencies
• 8616a21 fix: Replace @​nodeutils/defaults-deep with defu for deep-default merging (#1297)
• 19921fc Bump actions/checkout from 5 to 6 (#1262)
• f783e82 fix: allow false as npm config value in types (#1289)
• c03780d Release 20.0.0
• f427a85 Format
• a2d1b99 Fix write: false guard in npm.bump (resolve #1267)
• 5585b72 fix: remove leading slashes from owner (#1288)
• 5a36283 Release 20.0.0-1
• Additional commits viewable in compare view

Updates turbo from 2.9.6 to 2.9.8

Release notes

Sourced from turbo's releases.

Turborepo v2.9.8

What's Changed

@​turbo/repository

• chore: Update to Rust 1.95.0 by @​ognevny in vercel/turborepo#12636

Changelog

• release(turborepo): 2.9.7 by @​github-actions[bot] in vercel/turborepo#12679
• test: Add regression for gitignored output restore by @​anthonyshew in vercel/turborepo#12681
• docs: Clarify root task guidance by @​anthonyshew in vercel/turborepo#12683
• fix: Preserve concrete dependency precedence by @​anthonyshew in vercel/turborepo#12682
• release(turborepo): 2.9.8-canary.1 by @​github-actions[bot] in vercel/turborepo#12685
• fix: Resolve Yarn catalog affected packages by @​anthonyshew in vercel/turborepo#12684
• release(turborepo): 2.9.8-canary.2 by @​github-actions[bot] in vercel/turborepo#12687
• fix: Preserve Bun prune lockfile validity by @​anthonyshew in vercel/turborepo#12686
• release(turborepo): 2.9.8-canary.3 by @​github-actions[bot] in vercel/turborepo#12689
• fix: Create prune docker bin stubs by @​anthonyshew in vercel/turborepo#12688
• release(turborepo): 2.9.8-canary.4 by @​github-actions[bot] in vercel/turborepo#12690
• fix: Keep tbx shell connections stable by @​anthonyshew in vercel/turborepo#12692
• perf: Reduce turbo watch hash memory spikes by @​anthonyshew in vercel/turborepo#12695
• release(turborepo): 2.9.8-canary.5 by @​github-actions[bot] in vercel/turborepo#12696
• fix: Reduce parent-death watchdog CPU usage by @​anthonyshew in vercel/turborepo#12697
• release(turborepo): 2.9.8-canary.6 by @​github-actions[bot] in vercel/turborepo#12698

Full Changelog: vercel/turborepo@v2.9.7...v2.9.8

Turborepo v2.9.8-canary.6

What's Changed

Changelog

• release(turborepo): 2.9.8-canary.5 by @​github-actions[bot] in vercel/turborepo#12696
• fix: Reduce parent-death watchdog CPU usage by @​anthonyshew in vercel/turborepo#12697

Full Changelog: vercel/turborepo@v2.9.8-canary.5...v2.9.8-canary.6

Turborepo v2.9.8-canary.5

What's Changed

@​turbo/repository

• chore: Update to Rust 1.95.0 by @​ognevny in vercel/turborepo#12636

Changelog

• release(turborepo): 2.9.8-canary.4 by @​github-actions[bot] in vercel/turborepo#12690
• fix: Keep tbx shell connections stable by @​anthonyshew in vercel/turborepo#12692
• perf: Reduce turbo watch hash memory spikes by @​anthonyshew in vercel/turborepo#12695

... (truncated)

Commits

• 3a77153 publish 2.9.8 to registry
• 3895eef release(turborepo): 2.9.8-canary.6 (#12698)
• 97706ca fix: Reduce parent-death watchdog CPU usage (#12697)
• fe78c2c release(turborepo): 2.9.8-canary.5 (#12696)
• dab9979 perf: Reduce turbo watch hash memory spikes (#12695)
• 8451e86 fix: Keep tbx shell connections stable (#12692)
• c392227 chore: Update to Rust 1.95.0 (#12636)
• c37b3ff release(turborepo): 2.9.8-canary.4 (#12690)
• 364c177 fix: Create prune docker bin stubs (#12688)
• 1b7b8a9 release(turborepo): 2.9.8-canary.3 (#12689)
• Additional commits viewable in compare view

Updates vite from 6.4.2 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

• update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

• hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)
• css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)
• optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)
• remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

• enable some typecheck rules (#22278) (9437518)
• typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

• update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

• allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)
• build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)
• bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)
• css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)
• deps: update all non-major dependencies (#22219) (4cd0d67)
• deps: update all non-major dependencies (#22268) (c28e9c1)
• detect Deno workspace root (fix #22237) (#22238) (1b793c0)
• dev: handle errors in watchChange hook (#22188) (fc08bda)
• optimizer: handle more chars that will be sanitized (#22208) (3f24533)
• skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

• align the descriptions in READMEs (#22231) (44c42b9)
• fix reuses wording in dev environment comment (#22173) (9163412)
• fix wording in sass error comment (#22214) (bc5c6a7)
• update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

• deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

• update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

• 32c2978 release: v8.0.10
• a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
• a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
• 83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
• b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
• 40a0847 refactor: typecheck client directory (#22284)
• 5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
• 9437518 refactor: enable some typecheck rules (#22278)
• ce729f5 release: v8.0.9
• 605bb97 docs: update build CLI defaults (#22261)
• Additional commits viewable in compare view

Updates vitest from 4.1.4 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
• 663b99f fix: alias agent reporter to minimal (#10157)
• 122c25b fix: fix vi.defineHelper called as object method (#10163)
• 6abd557 feat(api): make test-specification options writable (#10154)
• 596f739 fix: project color label on html reporter (#10142)
• 9423dc0 fix: --project negation excludes browser instances (#10131)
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-metrics from 2.7.0 to 2.7.1

Release notes

Sourced from @​opentelemetry/sdk-metrics's releases.

v2.7.1

2.7.1

🐛 Bug Fixes

• fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
  • important: this bug fix may be breaking for certain uses of TraceState
    • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
    • unset now returns the same TraceState instance if key is not present.
    • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

• perf(sdk-trace-base): optimize TraceIdRatioBasedSampler performance #6284 @​AbhiPrasad
• perf(sdk-metrics): reduce loop overhead in sdk hot paths #6593 @​mcollina

Changelog

Sourced from @​opentelemetry/sdk-metrics's changelog.

2.7.1

🐛 Bug Fixes

• fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
  • important: this bug fix may be breaking for certain uses of TraceState
    • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
    • unset now returns the same TraceState instance if key is not present.
    • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

• perf(sdk-trace-base): optimize TraceIdRatioBasedSampler performance #6284 @​AbhiPrasad

Commits

• 2400d83 chore: prepare next release (#6647)
• f7a9b7c fix(otlp-transformer): pin protobufjs to 8.0.1 (#6646)
• cb38d7f test(otlp-transformer): add metrics transfrom benchmark (#6628)
• a28f12f fix(opentelemetry-core): defer tracestate vaidation (#6459)
• b27c514 refactor(opentelemetry-exporter-prometheus): do not call `enforcePrometheusNa...
• a2a8186 perf(sdk-trace-base): optimize TraceIdRatioBasedSampler hex parsing (#6284)
• 4c0f3f1 feat(sdk-node): set TracerProvider in startNodeSDK() (#6607)
• 417f2f1 fix(instr-xhr): do not unpatch XHR methods (#6611)
• 47ac523 Revert "chore: allow browser maintainers to approve changelog edits" (#6627)
• 86c621d fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix pr...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.44%. Comparing base (161f5b6) to head (471bd3a).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #13   +/-   ##
=======================================
  Coverage   97.44%   97.44%           
=======================================
  Files          11       11           
  Lines         549      549           
  Branches      132      132           
=======================================
  Hits          535      535           
  Misses         14       14           

Flag	Coverage Δ
unit	97.44% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.