chore(deps): bump the minor-and-patch group with 13 updates

[dependabot]

Bumps the minor-and-patch group with 13 updates:

Package	From	To
@astrojs/mdx	5.0.2	5.0.3
@astrojs/rss	4.0.17	4.0.18
@astrojs/sitemap	3.7.1	3.7.2
astro	6.0.8	6.1.2
mermaid	11.13.0	11.14.0
web-vitals	5.1.0	5.2.0
@biomejs/biome	2.4.9	2.4.10
@playwright/test	1.58.2	1.59.0
@vitest/coverage-v8	4.1.1	4.1.2
axe-core	4.11.1	4.11.2
happy-dom	20.8.8	20.8.9
playwright	1.58.2	1.59.0
vitest	4.1.1	4.1.2

Updates @astrojs/mdx from 5.0.2 to 5.0.3

Release notes

Sourced from @​astrojs/mdx's releases.

@​astrojs/mdx@​5.0.3

Patch Changes

• Updated dependencies [10a1a5a]:
  • @​astrojs/markdown-remark@​7.1.0

Changelog

Sourced from @​astrojs/mdx's changelog.

5.0.3

Patch Changes

• Updated dependencies [10a1a5a]:
  • @​astrojs/markdown-remark@​7.1.0

Commits

• 4a6ff2a [ci] release (#16020)
• a2c15bb fix(deps): update astro dependencies (#15913)
• See full diff in compare view

Updates @astrojs/rss from 4.0.17 to 4.0.18

Release notes

Sourced from @​astrojs/rss's releases.

@​astrojs/rss@​4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

Changelog

Sourced from @​astrojs/rss's changelog.

4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

Commits

• 4a6ff2a [ci] release (#16020)
• fdd2c5a fix(rss): unpin fast-xml-parser to resolve entity expansion CVEs (#16037)
• See full diff in compare view

Updates @astrojs/sitemap from 3.7.1 to 3.7.2

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.7.2

Patch Changes

• #15455 babf57f Thanks @​AhmadYasser1! - Fixes i18n fallback pages missing from the generated sitemap when using fallbackType: 'rewrite'.

Changelog

Sourced from @​astrojs/sitemap's changelog.

3.7.2

Patch Changes

• #15455 babf57f Thanks @​AhmadYasser1! - Fixes i18n fallback pages missing from the generated sitemap when using fallbackType: 'rewrite'.

Commits

• 4a6ff2a [ci] release (#16020)
• 28079e9 [ci] format
• babf57f feat(astro): Add fallbackRoutes to astro:routes:resolved's return type and ...
• See full diff in compare view

Updates astro from 6.0.8 to 6.1.2

Release notes

Sourced from astro's releases.

astro@6.1.2

Patch Changes

• #16104 47a394d Thanks @​matthewp! - Fixes astro preview ignoring vite.preview.allowedHosts set in astro.config.mjs

• #16047 711f837 Thanks @​matthewp! - Fixes catch-all routes incorrectly intercepting requests for static assets when using the @astrojs/node adapter in middleware mode.

• #15981 a60cbb6 Thanks @​moktamd! - Fix Zod v4 validation error formatting to show human-readable messages instead of raw JSON

astro@6.1.1

Patch Changes

• #16105 23d60de Thanks @​matthewp! - Fix dev toolbar audit crash when encountering the image ARIA role

• #16089 999c875 Thanks @​martrapp! - Fixes an issue with the client router where Vue's :deep() notation was ignored in dev mode.

astro@6.1.0

Minor Changes

• #15804 a5e7232 Thanks @​merlinnot! - Allows setting codec-specific defaults for Astro's built-in Sharp image service via image.service.config.

  You can now configure encoder-level options such as jpeg.mozjpeg, webp.effort, webp.alphaQuality, avif.effort, avif.chromaSubsampling, and png.compressionLevel when using astro/assets/services/sharp for compile-time image generation.

  These settings apply as defaults for the built-in Sharp pipeline, while per-image quality still takes precedence when set on <Image />, <Picture />, or getImage().

• #15455 babf57f Thanks @​AhmadYasser1! - Adds fallbackRoutes to the IntegrationResolvedRoute type, exposing i18n fallback routes to integrations via the astro:routes:resolved hook for projects using fallbackType: 'rewrite'.

  This allows integrations such as the sitemap integration to properly include generated fallback routes in their output.

  {
    'astro:routes:resolved': ({ routes }) => {
      for (const route of routes) {
        for (const fallback of route.fallbackRoutes) {
          console.log(fallback.pathname) // e.g. /fr/about/
        }
      }
    }
  }

• #15340 10a1a5a Thanks @​trueberryless! - Adds support for advanced configuration of SmartyPants in Markdown.

  You can now pass an options object to markdown.smartypants in your Astro configuration to fine-tune how punctuation, dashes, and quotes are transformed.

  This is helpful for projects that require specific typographic standards, such as "oldschool" dash handling or localized quotation marks.

  // astro.config.mjs
  export default defineConfig({

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.2

Patch Changes

• #16104 47a394d Thanks @​matthewp! - Fixes astro preview ignoring vite.preview.allowedHosts set in astro.config.mjs

• #16047 711f837 Thanks @​matthewp! - Fixes catch-all routes incorrectly intercepting requests for static assets when using the @astrojs/node adapter in middleware mode.

• #15981 a60cbb6 Thanks @​moktamd! - Fix Zod v4 validation error formatting to show human-readable messages instead of raw JSON

6.1.1

Patch Changes

• #16105 23d60de Thanks @​matthewp! - Fix dev toolbar audit crash when encountering the image ARIA role

• #16089 999c875 Thanks @​martrapp! - Fixes an issue with the client router where Vue's :deep() notation was ignored in dev mode.

6.1.0

Minor Changes

• #15804 a5e7232 Thanks @​merlinnot! - Allows setting codec-specific defaults for Astro's built-in Sharp image service via image.service.config.

  You can now configure encoder-level options such as jpeg.mozjpeg, webp.effort, webp.alphaQuality, avif.effort, avif.chromaSubsampling, and png.compressionLevel when using astro/assets/services/sharp for compile-time image generation.

  These settings apply as defaults for the built-in Sharp pipeline, while per-image quality still takes precedence when set on <Image />, <Picture />, or getImage().

• #15455 babf57f Thanks @​AhmadYasser1! - Adds fallbackRoutes to the IntegrationResolvedRoute type, exposing i18n fallback routes to integrations via the astro:routes:resolved hook for projects using fallbackType: 'rewrite'.

  This allows integrations such as the sitemap integration to properly include generated fallback routes in their output.

  {
    'astro:routes:resolved': ({ routes }) => {
      for (const route of routes) {
        for (const fallback of route.fallbackRoutes) {
          console.log(fallback.pathname) // e.g. /fr/about/
        }
      }
    }
  }

• #15340 10a1a5a Thanks @​trueberryless! - Adds support for advanced configuration of SmartyPants in Markdown.

  You can now pass an options object to markdown.smartypants in your Astro configuration to fine-tune how punctuation, dashes, and quotes are transformed.

  This is helpful for projects that require specific typographic standards, such as "oldschool" dash handling or localized quotation marks.

... (truncated)

Commits

• 15f1649 [ci] release (#16111)
• 47a394d Fix astro preview ignoring vite.preview.allowedHosts from astro.config.mjs (#...
• 711f837 Prevent static assets from being caught by catch-all routes (#16047)
• 6464425 Add diagnostic summaries to testing in CI (#15699)
• 4198232 test(shiki): move integration tests to unit tests (#16121)
• 1768ad5 Fix integration test package scripts (#16123)
• efb2e4b feat: run ts tests (#16102)
• 9117cac test: strengthen test coverage (#16099)
• a60cbb6 Fix content collection validation errors showing raw JSON (#15981)
• f649ae0 [ci] release (#16108)
• Additional commits viewable in compare view

Updates mermaid from 11.13.0 to 11.14.0

Release notes

Sourced from mermaid's releases.

mermaid@11.14.0

Thanks to our awesome mermaid community that contributed to this release: @​ashishjain0512, @​tractorjuice, @​autofix-ci[bot], @​aloisklink, @​knsv, @​kibanana, @​chandershekhar22, @​khalil, @​ytatsuno, @​sidharthv96, @​github-actions[bot], @​dripcoding, @​knsv-bot, @​jeroensmink98, @​Alex9583, @​GhassenS, @​omkarht, @​darshanr0107, @​leentaylor, @​lee-treehouse, @​veeceey, @​turntrout, @​Mermaid-Chart, @​BambioGaming, Claude

Releases

@​mermaid-js/examples@​1.2.0

Minor Changes

• #7526 efe218a - add new TreeView diagram

mermaid@11.14.0

Minor Changes

• #7526 efe218a - Add Wardley Maps diagram type (beta)

  Adds Wardley Maps as a new diagram type to Mermaid (available as wardley-beta). Wardley Maps are visual representations of business strategy that help map value chains and component evolution.

  Features:

  • Component positioning with [visibility, evolution] coordinates (OWM format)
  • Anchors for users/customers
  • Multiple link types: dependencies, flows, labeled links
  • Evolution arrows and trend indicators
  • Custom evolution stages with optional dual labels
  • Custom stage widths using @​boundary notation
  • Pipeline components with visibility inheritance
  • Annotations, notes, and visual elements
  • Source strategy markers: build, buy, outsource, market
  • Inertia indicators
  • Theme integration

  Implementation includes parser, D3.js renderer, unit tests, E2E tests, and comprehensive documentation.

• #7526 efe218a - feat: implement neo look styling for state diagrams

• #7526 efe218a - feat: implement neo look support for sequence diagrams with drop shadows, and enhanced styling

• #7526 efe218a - feat: add randomize config option for architecture diagrams, defaulting to false for deterministic layout

• #7526 efe218a - feat: Add option to change timeline direction

• #7526 efe218a - Fix duplicate SVG element IDs when rendering multiple diagrams on the same page. Internal element IDs (nodes, edges, markers, clusters) are now prefixed with the diagram's SVG element ID across all diagram types. Custom CSS or JS using exact ID selectors like #arrowhead should use attribute-ending selectors like [id$="-arrowhead"] instead.

• #7526 efe218a - feat: implement neo look styling for ER diagrams

• #7526 efe218a - feat: implement neo look styling for requirement diagrams

• #7526 efe218a - feat: add theme support for data label colour in xy chart

... (truncated)

Commits

• 2b9d054 Version Packages (#7561)
• efe218a Release candidate 11.14.0 (#7526)
• d2b5b2b chore: Editor Picker V2 (#7497)
• 07c554e Setting the link to Get started to the correct on
• See full diff in compare view

Updates web-vitals from 5.1.0 to 5.2.0

Changelog

Sourced from web-vitals's changelog.

v5.2.0 (2026-03-25)

• Replace filter()[0] with find() for better performance (#658)
• Use queueMicrotask for microtask scheduling (#660)
• Simplify the event and LoAF entry clean up logic (#662)
• Remove obsolete FID polyfill types (#675)
• Use LargestContentfulPaint.id as fallback when element is removed from DOM (#676)
• Fix bug for onLCP when attached late (#697)
• FHandle initially hidden pages and onLCP registered on visibility change (#698)
• Ensure we clear idle callbacks in whenIdleOrHidden (#707)
• Limit pending events to conserve memory (#710)
• Add includeProcessedEventEntries option (#714)
• Reduce bundle size by refactoring (#713)

Commits

• c071fd0 Release v5.2.0
• 15cd449 Prep changelog for v.5.2.0 (#693)
• 384dd9c Reduce bundle size by refactoring (#713)
• 1742e6b Add includeProcessedEventEntries option (#714)
• 4733a93 Bump flatted from 3.3.3 to 3.4.2 (#718)
• efc4845 Bump fast-xml-parser from 5.5.6 to 5.5.7 (#717)
• 8e4e689 Bump undici from 6.23.0 to 6.24.1 (#716)
• 9750cc9 Bump fast-xml-parser from 5.4.2 to 5.5.6 (#715)
• 8fb24d7 Limit pending events to conserve memory (#710)
• 1a8233e Address flaky test (#711)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates @biomejs/biome from 2.4.9 to 2.4.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.10

2.4.10

Patch Changes

• #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

  The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

  // Invalid
  setTimeout("alert('Hello');", 100);
  // Valid
  setTimeout(() => alert("Hello"), 100);

• #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

• #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

• #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

  Previously, only the global process object was flagged:

  import process from "node:process";
  // This was not flagged, but now it is:
  console.log(process.env.NODE_ENV);

• #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

• #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

  Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

  Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

• #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

• #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

• #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

• #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

• #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.10

Patch Changes

• #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

  The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

  // Invalid
  setTimeout("alert('Hello');", 100);
  // Valid
  setTimeout(() => alert("Hello"), 100);

• #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

• #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

• #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

  Previously, only the global process object was flagged:

  import process from "node:process";
  // This was not flagged, but now it is:
  console.log(process.env.NODE_ENV);

• #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

• #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

  Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

  Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

• #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

• #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

• #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

• #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

• #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

• #9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

... (truncated)

Commits

• fcf216d ci: release (#9622)
• 8b7f55c chore: update sponsors (#9714)
• 9856a87 feat(lint/js): add noUnsafePlusOperands (#9695)
• 5bfee36 fix(useVueValidVBind): don't flag missing arguments (#9643)
• f3a6a6b feat(linter): add noImpliedEval rule (#8838)
• See full diff in compare view

Updates @playwright/test from 1.58.2 to 1.59.0

Release notes

Sourced from @​playwright/test's releases.

v1.59.0

🎬 Screencast

New page.screencast API provides a unified interface for capturing page content with:

• Screencast recordings
• Action annotations
• Visual overlays
• Real-time frame capture
• Agentic video receipts

Screencast recording — record video with precise start/stop control, as an alternative to the recordVideo option:

await page.screencast.start({ path: 'video.webm' });
// ... perform actions ...
await page.screencast.stop();

Action annotations — enable built-in visual annotations that highlight interacted elements and display action titles during recording:

await page.screencast.showActions({ position: 'top-right' });

screencast.showActions() accepts position ('top-left', 'top', 'top-right', 'bottom-left', 'bottom', 'bottom-right'), duration (ms per annotation), and fontSize (px). Returns a disposable to stop showing actions.

Action annotations can also be enabled in test fixtures via the video option:

// playwright.config.ts
export default defineConfig({
  use: {
    video: {
      mode: 'on',
      show: {
        actions: { position: 'top-left' },
        test: { position: 'top-right' },
      },
    },
  },
});

Visual overlays — add chapter titles and custom HTML overlays on top of the page for richer narration:

... (truncated)

Commits

• 01b2b15 cherry-pick(#39980): chore: more release notes fixes
• a5cb6c9 cherry-pick(#39972): chore: expose browser.bind and browser.unbind APIs
• 99a17b5 cherry-pick(#39975): chore: support opening .trace files via .link indirection
• 43607c3 cherry-pick(#39974): chore(webkit): update Safari user-agent version to 26.4
• 62cabe1 cherry-pick(#39969): chore(npm): include all *.md from lib (#39970)
• 0c65a75 cherry-pick(#39968): chore: screencast.showActions api
• f04155b cherry-pick(#39958): chore: release notes for langs v1.59
• 5a842ee cherry-pick(#39957): fix(dashboard): light mode styles (#39959)
• 32f6a31 cherry-pick(#39953): fix(trace): redirect output to file via --filename (#39956)
• c23fe70 cherry-pick(#39930): fix: trace request should show bodies from resource (#39...
• Additional commits viewable in compare view

Updates @vitest/coverage-v8 from 4.1.1 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• See full diff in compare view

Updates axe-core from 4.11.1 to 4.11.2

Release notes

Sourced from axe-core's releases.

Release 4.11.2

This release addresses a number of false positives, including ones related to target size. It adds new affordances for ARIA, and adds a clarification around the scrollable regions rule.

Bug Fixes

• aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
• aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
• DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
• existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
• scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
• scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
• target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
• target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

Changelog

Sourced from axe-core's changelog.

4.11.2 (2026-03-30)

Bug Fixes

• aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
• aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
• DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
• existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
• scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
• scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
• target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
• target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

Commits

• 41093da chore(release): v4.11.2 (#5049)
• 66c26aa chore(release): 4.11.2
• cf8a3c0 fix(target-size): ignore widgets that are inline with other inline elements (...
• 3d80a37 chore: add CLAUDE.md and pull request checklist (#5035)
• a09204f chore: bump the npm-low-risk group with 6 updates (#5020)
• 431f621 chore: bump jsdom from 27.4.0 to 28.1.0 (#5021)
• 68aab66 test: fix chromedriver 146 failing to create session (#5026)