Skip to content

Build(deps-dev): Bump the dependencies group across 1 directory with 13 updates#63

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dependencies-178ee96bb6
Open

Build(deps-dev): Bump the dependencies group across 1 directory with 13 updates#63
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dependencies-178ee96bb6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 13 updates in the / directory:

Package From To
@axe-core/playwright 4.11.3 4.12.1
@playwright/test 1.60.0 1.61.1
@types/node 24.13.1 26.1.1
@vitest/coverage-v8 4.1.8 4.1.10
eslint-plugin-playwright 2.10.4 2.10.5
eslint-plugin-sonarjs 4.0.3 4.1.0
fallow 2.89.0 3.2.0
oxfmt 0.51.0 0.58.0
oxlint 1.68.0 1.73.0
oxlint-tsgolint 0.23.0 0.24.0
typescript 6.0.3 7.0.2
vite 8.0.16 8.1.3
vitest 4.1.8 4.1.10

Updates @axe-core/playwright from 4.11.3 to 4.12.1

Changelog

Sourced from @​axe-core/playwright's changelog.

4.12.1 (2026-06-22)

Features

Commits

Updates @playwright/test from 1.60.0 to 1.61.1

Release notes

Sourced from @​playwright/test's releases.

v1.61.1

Bug Fixes

  • #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
  • #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
  • #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
  • #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
  • #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks

v1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();
// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
id: credentialId,
userHandle,
privateKey,
publicKey,
});
await context.credentials.install();
const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

Browser and Screencast

... (truncated)

Commits
  • 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
  • 4328122 chore: mark v1.61.1 (#41404)
  • 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
  • 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
  • 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
  • b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
  • b5a3175 cherry-pick(#41319): fix(loader): support other node versions
  • d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
  • 1cc5a90 cherry-pick(#41295): chore: PLAYWRIGHT_TRACING_NO_WEBSOCKET_FRAMES and PLAYWR...
  • a6772bd cherry-pick(#41280): Revert "fix(trace-viewer): add keyboard navigation to `N...
  • Additional commits viewable in compare view

Updates @types/node from 24.13.1 to 26.1.1

Commits

Updates @vitest/coverage-v8 from 4.1.8 to 4.1.10

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits

Updates eslint-plugin-playwright from 2.10.4 to 2.10.5

Release notes

Sourced from eslint-plugin-playwright's releases.

v2.10.5

2.10.5 (2026-07-06)

Bug Fixes

  • handle optional chaining in missing-playwright-await (#472) (c02becc)
Commits
  • 2985e02 chore(deps): Bump sigstore from 4.1.0 to 4.1.1 (#475)
  • 0c75897 chore(deps-dev): Bump vitest from 4.0.18 to 4.1.0 (#465)
  • 77cb84b chore(deps): Bump @​sigstore/verify from 3.1.0 to 3.1.1 (#474)
  • 66ce7e4 chore(deps): Bump vite from 7.3.2 to 7.3.5 (#468)
  • cdae58b chore(deps): Bump tar from 7.5.11 to 7.5.16 (#469)
  • cad8d1e chore(deps): Bump js-yaml from 4.1.1 to 4.3.0 (#471)
  • c02becc fix: handle optional chaining in missing-playwright-await (#472)
  • 63233f1 chore(deps): Bump @​sigstore/core from 3.1.0 to 3.2.1 (#473)
  • See full diff in compare view

Updates eslint-plugin-sonarjs from 4.0.3 to 4.1.0

Commits

Updates fallow from 2.89.0 to 3.2.0

Release notes

Sourced from fallow's releases.

v3.2.0: configurable large-function threshold, surfaced in the health summary

Health: a configurable "function too big" threshold, surfaced in the summary

This release makes the unit-size (large-function) check configurable and reports the effective ceiling in the health output.

health.maxUnitSize: raise the large-function bar instead of switching it off

The line count at which a function is reported as an oversized "large function" was hardcoded to 60 LOC. That made test suites noisy: a describe() callback spans hundreds of lines, and each large it() body trips the threshold too. The only escape was health.ignore, which drops every health signal (complexity, CRAP, hotspots) for those files, so you lost complexity checking on your test code as well.

You can now raise the bar rather than turning it off:

  • Set a global health.maxUnitSize (default 60).
  • Or scope it to a glob with a per-file thresholdOverrides entry, for example { "files": ["**/*.test.*"], "maxUnitSize": 500 }. Leave functions empty so the override covers both the describe() wrapper and the individual it() blocks.

Complexity, cognitive, and CRAP findings on those files are unchanged. Like the existing maxCyclomatic / maxCognitive / maxCrap overrides, this filters the reported "large functions" list; the descriptive unit-size profile and the health score still reflect raw sizes (use health.ignore to remove a file from the score entirely). Resolved thresholds are inspectable via fallow config. Thanks @​digulla for the request. (Closes #1731)

The health JSON summary reports the effective unit-size threshold

The summary block on fallow health --format json already carried max_cyclomatic_threshold, max_cognitive_threshold, and max_crap_threshold, but not a unit-size sibling, so a consumer reading the summary to learn which thresholds a run uses saw only three of the four. It now also carries max_unit_size_threshold (the effective global health.maxUnitSize, default 60). The human report's "Large functions" section reflects the configured global instead of a static "60" when health.maxUnitSize is raised project-wide. This is an additive-required field matching the existing max*Threshold siblings; no change to the unit-size check itself. (Closes #1750)

Other changes

  • Reuse the audit analysis context in the programmatic API path for less redundant work per run.
  • Benchmark-harness coverage and CI sharding improvements (internal).

Full Changelog: fallow-rs/fallow@v3.1.0...v3.2.0

v3.1.0: dev-dependency-in-production rule, member tracing, conditional dynamic imports

Features

New rule: dev-dependency-in-production

The promote-side mirror of test-only-dependency and type-only-dependency. A package in devDependencies that a production (non-test, non-config) file imports at runtime is flagged so you can promote it to dependencies, because pnpm install --prod omits devDependencies and the import breaks in production.

Only imports from files reachable from a runtime entry point count as evidence, so repo tooling (scripts/, benchmarks, rollup-config chains) does not trigger it, and workspace-owned files are governed by their own manifest. Type-only production imports are not flagged, and a package also present in dependencies / peerDependencies / optionalDependencies is left alone. Defaults to warn; suppress a package via ignoreDependencies. Surfaces in human, JSON, SARIF, Code Climate, compact, and markdown output, in fallow explain, and as an LSP diagnostic.

Thanks @​CallumHoward for the implementation.

Trace tooling now covers class, enum, and store members

fallow dead-code --trace FILE:MEMBER previously errored export 'X' not found when pointed at a class member, so a member finding could not be debugged from the trace tool. On an export miss the trace now falls back to a member trace that names the owning class, reports its reachability and usage, lists who imports it, and points at the right --unused-class-members inspection command. The MCP trace_export tool and Code Mode return the same member trace in-process, so AI agents get parity with the CLI. Trace not-found errors across trace_export / trace_file / trace_clone now carry an actionable help pointer to the right discovery tool.

Bug fixes

Conditional and logical dynamic imports are now traced

import(cond ? './a' : './b') and import(x || './b') previously produced no module-graph edge, so every file reachable only through such an import (and its whole transitive subtree) was falsely reported as unused-files / unused-exports. Extraction now emits one edge per statically-resolvable branch, including parenthesized and no-substitution template forms, across all dynamic-import shapes: bare expressions, const x = await import(...) declarations, .then() callbacks, React.lazy / next/dynamic arrow wrappers, and Angular/Vue route loadComponent / component callbacks. Genuinely runtime arguments (import(someVar)) still yield no edge, and repeated literals across branches deduplicate to a single edge.

Thanks @​Jerc92 for the contribution.

... (truncated)

Changelog

Sourced from fallow's changelog.

[3.2.0] - 2026-07-05

Added

  • The fallow health JSON summary now reports the effective unit-size threshold. summary on fallow health --format json already carried max_cyclomatic_threshold, max_cognitive_threshold, and max_crap_threshold, but not a unit-size sibling, so a consumer reading the summary to learn which thresholds a run uses saw only three of the four. It now also carries max_unit_size_threshold (the effective global health.maxUnitSize, default 60), and the human report's "Large functions" section reflects the configured global instead of a static "60" when health.maxUnitSize is raised project-wide. Additive-required field matching the existing max*Threshold siblings; no change to the unit-size check itself. (Closes #1750)

  • New health.maxUnitSize threshold for the "function too big" (unit-size) check, configurable globally and per file. Previously the line-count at which a function is reported as an oversized "large function" was hardcoded to 60 LOC with no way to change it, so test suites reported many large functions: a describe() block's callback spans hundreds of lines, and each big it() body trips the threshold too. The only workaround was health.ignore, which drops every health signal (complexity, CRAP, hotspots) for those files, so you also lost complexity checking on your test code. You can now raise the bar instead of switching it off: set a global health.maxUnitSize (default 60), or scope it to a glob with a per-file thresholdOverrides entry, e.g. { "files": ["**/*.test.*"], "maxUnitSize": 500 }. Leave functions empty so the override covers both the describe() wrapper and the individual it() blocks. Complexity, cognitive, and CRAP findings on those files are unchanged. Like the existing maxCyclomatic / maxCognitive / maxCrap overrides, this filters the reported "large functions" list; the descriptive unit-size profile and the health score still reflect raw sizes (use health.ignore to remove a file from the score entirely). Functions within their effective ceiling are simply omitted from the large_functions JSON array; the resolved thresholds are inspectable via fallow config. Thanks @​digulla for the request. (Closes #1731)

[3.1.0] - 2026-07-05

Added

  • New dev-dependency-in-production rule (promote-side dependency drift). Fallow already flagged production dependencies that belong in devDependencies (test-only-dependency, type-only-dependency); the new rule is the mirror that catches the opposite drift. A package in devDependencies that is imported by production (non-test, non-config) source code via a runtime/value import is flagged so it can be promoted to dependencies: a production-only install (pnpm install --prod) omits

... (truncated)

Commits
  • 0d56827 chore: release v3.2.0
  • afa3c17 fix(health): pluralize the large-functions unit-size footer (#1753)
  • 185c6a7 feat(health): expose max unit size threshold in summary
  • 47220ee ci: shard benchmarks by affected component
  • 9dc768e perf: broaden codspeed benchmark coverage
  • 1d14a77 feat(health): add maxUnitSize threshold override for the large-function check...
  • c6bbfa3 docs: align benchmark file count
  • ede3bcd docs: correct benchmark ratio claims
  • d461313 chore: guard benchmark harness drift
  • 9ea521d chore: stabilize codspeed benchmark shards
  • Additional commits viewable in compare view

Updates oxfmt from 0.51.0 to 0.58.0

Commits
  • 39677ba release(apps): oxlint v1.73.0 && oxfmt v0.58.0 (#24219)
  • 5306f24 release(apps): oxlint v1.72.0 && oxfmt v0.57.0 (#23935)
  • c4be770 release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)
  • aa79b5b release(apps): oxlint v1.70.0 && oxfmt v0.55.0 (#23442)
  • 9a2788b feat(linter/unicorn): implement prefer-export-from rule (#22935)
  • 44ae845 release(apps): oxlint v1.69.0 && oxfmt v0.54.0 (#23116)
  • dadafe3 docs(oxlint, oxfmt): mention migrate skills in npm READMEs (#22965)
  • f88961a docs(oxfmt): annotate each config option with supported languages (#22953)
  • 964a758 release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (#22883)
  • 68b455d release(apps): oxlint v1.67.0 && oxfmt v0.52.0 (#22735)
  • Additional commits viewable in compare view

Updates oxlint from 1.68.0 to 1.73.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.73.0] - 2026-07-06

🚀 Features

  • a2c97f3 linter/unicorn: Implement explicit-timer-delay rule (#23612) (Mikhail Baev)
  • 85735cb linter/unicorn: Implement no-confusing-array-with rule (#23638) (Shekhu☺️)
  • cb4fbb9 linter/eslint: Implement no-unreachable-loop rule (#23975) (Todor Andonov)
  • dc32112 linter/eslint/no-constant-binary-expression: Check relational comparisons (#24088) (camc314)
  • d963967 linter/unicorn/no-array-sort: Add allowAfterSpread option (#24043) (Boshen)
  • 0a75682 linter: Add per-rule timings for type-aware linting (#22488) (camchenry)
  • 743e222 linter/react: Add disallowedValues option for forbid-dom-props rule (#23970) (Mikhail Baev)

🐛 Bug Fixes

  • bdb51c7 linter/jest/prefer-ending-with-an-expect: Validate config patterns (#24122) (camc314)
  • 45d607d linter/react/forbid-component-props: Make allow/disallow lists optional in schema (#24024) (Boshen)

[1.72.0] - 2026-06-29

🚀 Features

  • 1c8f50c linter: Add schema for eslint/no-restricted-import (#23642) (Sysix)

🐛 Bug Fixes

  • 742be36 refactor/node/handle-callback-err: Reject invalid regex config (#23740) (camc314)

[1.71.0] - 2026-06-22

🚀 Features

  • 0dc2405 linter: Add schema for eslint/no-restricted-properties (#23619) (Sysix)
  • b638d0e linter: Add schema for node/callback-return (#23615) (Sysix)
  • eb8bedc linter: Add schema for import/extensions (#23557) (WaterWhisperer)
  • 46f3625 linter: Implement node/no-sync rule (#23589) (fujitani sora)
  • b01739a linter: Add schema for unicorn/numeric-separators-style (#23554) (Mikhail Baev)
  • 68afd2a linter/node: Implement no-mixed-requires rule (#23539) (fujitani sora)
  • a421215 linter: Add schema for eslint/prefer-destructuring (#23410) (WaterWhisperer)
  • 84438be linter/jsdoc: Added missing options to require-param-description (#23416) (kapobajza)
  • 51910df linter/jsdoc: Add missing options to require-param-type rule (#23418) (kapobajza)
  • e90925f linter/unicorn: Implement prefer-number-coercion rule (#23497) (Shekhu☺️)
  • dd1c866 linter/vue: Implement no-async-in-computed-properties rule (#23493) (bab)
  • b02444e linter: Add schema for react/jsx-no-script-url (#23475) (WaterWhisperer)
  • a8dce46 linter/unicorn: Implement max-nested-calls rule (#23461) (arieleli01212)

🐛 Bug Fixes

  • a303c23 linter/jsx-a11y: Align anchor-is-valid config with upstream (#23446) (camc314)

📚 Documentation

... (truncated)

Commits
  • 39677ba release(apps): oxlint v1.73.0 && oxfmt v0.58.0 (#24219)
  • a2c97f3 feat(linter/unicorn): implement explicit-timer-delay rule (#23612)
  • bdb51c7 fix(linter/jest/prefer-ending-with-an-expect): validate config patterns (#24122)
  • 85735cb feat(linter/unicorn): implement no-confusing-array-with rule (#23638)
  • cb4fbb9 feat(linter/eslint): implement no-unreachable-loop rule (#23975)
  • dc32112 feat(linter/eslint/no-constant-binary-expression): check relational compariso...
  • d963967 feat(linter/unicorn/no-array-sort): add allowAfterSpread option (#24043)
  • 45d607d fix(linter/react/forbid-component-props): make allow/disallow lists optional ...
  • 0a75682 feat(linter): add per-rule timings for type-aware linting (#22488)
  • 743e222 feat(linter/react): add disallowedValues option for forbid-dom-props rule...
  • Additional commits viewable in compare view

Updates oxlint-tsgolint from 0.23.0 to 0.24.0

Release notes

Sourced from oxlint-tsgolint's releases.

v0.24.0

What's Changed

... (truncated)

Commits
  • 5a37e89 fix(dot-notation): determine the relevant accessor (#1028)
  • 67a281f perf(consistent-return): defer per-function type resolution (#1031)
  • a5e2ff0 perf(no-unnecessary-qualifier): skip symbol resolution outside namespaces. (#...
  • a8fc668 perf(no-confusing-void-expression): check ancestor position before type query...
  • 03158cc perf(no-unnecessary-type-conversion): hoist constant builtin-name slices (#1040)
  • d9e645c perf(prefer-optional-chain): lazily allocate chain-processor caches (#1041)
  • 63f578a refactor(no-unnecessary-condition): remove dead containsUnguardedElementAcces...
  • f174876 chore(deps): update gomod (#1035)
  • 47de9cf chore(deps): update github actions (#1036)
  • e209b5b chore(deps): update actions/cache action to v6 (#1037)
  • Additional commits viewable in compare view

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Updates vite from 8.0.16 to 8.1.3

Release notes

Sourced from vite's releases.

v8.1.3

Please refer to CHANGELOG.md for details.

v8.1.2

Please refer to CHANGELOG.md for details.

v8.1.1

Please refer to CHANGELOG.md for details.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.3 (2026-07-02)

Bug Fixes

  • css: inject inlined CSS after the shebang line (#22717) (1534d36)
  • deps: bump es-module-lexer to 2.3.0 (#22838) (7103c3a)
  • preload css for nested dynamic imports (#22759) (2c53054)
  • ssr: correct stacktrace column position for first line (#22828) (

…13 updates

Bumps the dependencies group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm) | `4.11.3` | `4.12.1` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.13.1` | `26.1.1` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.8` | `4.1.10` |
| [eslint-plugin-playwright](https://github.com/mskelton/eslint-plugin-playwright) | `2.10.4` | `2.10.5` |
| [eslint-plugin-sonarjs](https://github.com/SonarSource/SonarJS) | `4.0.3` | `4.1.0` |
| [fallow](https://github.com/fallow-rs/fallow) | `2.89.0` | `3.2.0` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.51.0` | `0.58.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.68.0` | `1.73.0` |
| [oxlint-tsgolint](https://github.com/oxc-project/tsgolint) | `0.23.0` | `0.24.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` | `7.0.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.3` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.10` |



Updates `@axe-core/playwright` from 4.11.3 to 4.12.1
- [Release notes](https://github.com/dequelabs/axe-core-npm/releases)
- [Changelog](https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/dequelabs/axe-core-npm/commits)

Updates `@playwright/test` from 1.60.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.1)

Updates `@types/node` from 24.13.1 to 26.1.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitest/coverage-v8` from 4.1.8 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/coverage-v8)

Updates `eslint-plugin-playwright` from 2.10.4 to 2.10.5
- [Release notes](https://github.com/mskelton/eslint-plugin-playwright/releases)
- [Changelog](https://github.com/mskelton/eslint-plugin-playwright/blob/main/CHANGELOG.md)
- [Commits](mskelton/eslint-plugin-playwright@v2.10.4...v2.10.5)

Updates `eslint-plugin-sonarjs` from 4.0.3 to 4.1.0
- [Release notes](https://github.com/SonarSource/SonarJS/releases)
- [Changelog](https://github.com/SonarSource/SonarJS/blob/master/docs/RELEASE.md)
- [Commits](https://github.com/SonarSource/SonarJS/commits)

Updates `fallow` from 2.89.0 to 3.2.0
- [Release notes](https://github.com/fallow-rs/fallow/releases)
- [Changelog](https://github.com/fallow-rs/fallow/blob/main/CHANGELOG.md)
- [Commits](fallow-rs/fallow@v2.89.0...v3.2.0)

Updates `oxfmt` from 0.51.0 to 0.58.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.58.0/npm/oxfmt)

Updates `oxlint` from 1.68.0 to 1.73.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.73.0/npm/oxlint)

Updates `oxlint-tsgolint` from 0.23.0 to 0.24.0
- [Release notes](https://github.com/oxc-project/tsgolint/releases)
- [Commits](oxc-project/tsgolint@v0.23.0...v0.24.0)

Updates `typescript` from 6.0.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)

Updates `vite` from 8.0.16 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `vitest` from 4.1.8 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: "@axe-core/playwright"
  dependency-version: 4.12.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: eslint-plugin-playwright
  dependency-version: 2.10.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: eslint-plugin-sonarjs
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: fallow
  dependency-version: 3.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: oxfmt
  dependency-version: 0.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: oxlint
  dependency-version: 1.73.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: oxlint-tsgolint
  dependency-version: 0.24.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jul 9, 2026

Copy link
Copy Markdown

@codescene-delta-analysis codescene-delta-analysis Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No application code in the PR — skipped Code Health checks.

See analysis details in CodeScene

Quality Gate Profile: Custom Configuration
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants