Skip to content

chore(deps): bump the dependencies group with 8 updates#12

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dependencies-45ecc8f89a
Open

chore(deps): bump the dependencies group with 8 updates#12
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dependencies-45ecc8f89a

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 31, 2026
edited
Loading

Bumps the dependencies group with 8 updates:

Package From To
turbo 2.8.20 2.9.1
typescript 5.9.3 6.0.2
next 15.2.0 16.2.1
@types/node 22.19.15 25.5.0
vitest 2.1.9 4.1.2
@vitest/coverage-v8 2.1.9 4.1.2
vite-tsconfig-paths 5.1.4 6.1.1
jsdom 25.0.1 29.0.1

Updates turbo from 2.8.20 to 2.9.1

Release notes

Sourced from turbo's releases.

Turborepo v2.9.1

What's Changed

@​turbo/codemod

@​turbo/repository

Changelog

Full Changelog: vercel/turborepo@v2.9.0...v2.9.1

Turborepo v2.9.1-canary.1

What's Changed

@​turbo/codemod

Changelog

Full Changelog: vercel/turborepo@v2.8.22-canary.8...v2.9.1-canary.1

Turborepo v2.9.0

What's Changed

Docs

create-turbo

... (truncated)

Commits
  • 7a2191f publish 2.9.1 to registry
  • a702a15 feat: Add cacheMaxAge and cacheMaxSize for local cache eviction (#12487)
  • fbf34a2 release(turborepo): 2.9.1-canary.1 (#12497)
  • 079366b feat: Handle package manager catalogs in migration codemod (#12496)
  • a7c6dd9 fix: Use previous minor/major tag for release notes on minor/major releases (...
  • 6bf87ec docs: Release post for 2.9 (#12441)
  • 9702dc8 release(turborepo): 2.9.0 (#12494)
  • 841fe79 release(turborepo): 2.8.22-canary.8 (#12492)
  • 664fd88 fix: Reduce inotify watch count via gitignore-aware directory walking on Linu...
  • c03cc5f release(turborepo): 2.8.22-canary.7 (#12491)
  • Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits

Updates next from 15.2.0 to 16.2.1

Release notes

Sourced from next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • docs: post release amends (#91715)
  • docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
  • Fix adapter outputs for dynamic metadata routes (#91680)
  • Turbopack: fix webpack loader runner layer (#91727)
  • Fix server actions in standalone mode with cacheComponents (#91711)
  • turbo-persistence: remove Unmergeable mmap advice (#91713)
  • Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
  • Turbopack: lazy require metadata and handle TLA (#91705)
  • [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.14

Core Changes

  • [ftl] Include cause of route types: #92056
  • Upgrade React from 9627b5a1-20260327 to 74568e86-20260328: #92109

Misc Changes

  • docs: clarify that use cache requires async functions: #92101
  • Revert "turbo-tasks: add hashed cell mode for hash-based change detection without cell data": #92103
  • Move expanded adapters docs to API reference: #92115
  • ci: relax adapter results upload gate: #92127

Credits

Huge thanks to @​aurorascharff, @​unstubbable, @​eps1lon, and @​ijjk for helping!

v16.2.1-canary.13

Misc Changes

  • docs: opengraph-image papercuts: #92018
  • Update revalidateTag examples to use the new two-argument signature: #92065

Credits

Huge thanks to @​icyJoseph and @​aurorascharff for helping!

v16.2.1-canary.12

Core Changes

  • Upgrade React from 3cb2c420-20260324 to 9627b5a1-20260327: #92015

... (truncated)

Commits
  • ed7d2ce v16.2.1
  • 3e37bb4 docs: post release amends (#91715)
  • a15ec6e docs: fix broken Activity Patterns demo link in preserving UI state guide (#9...
  • 600cd2f Fix adapter outputs for dynamic metadata routes (#91680)
  • 27886d3 Turbopack: fix webpack loader runner layer (#91727)
  • 88fc430 Fix server actions in standalone mode with cacheComponents (#91711)
  • 37aed86 turbo-persistence: remove Unmergeable mmap advice (#91713)
  • d6195ec Fix layout segment optimization: move app-page imports to server-utility tran...
  • 6cb97d6 Turbopack: lazy require metadata and handle TLA (#91705)
  • e6b101a [turbopack] Respect {eval:true} in worker_threads constructors (#91666)
  • Additional commits viewable in compare view

Updates @types/node from 22.19.15 to 25.5.0

Commits

Updates vitest from 2.1.9 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits
  • fc6f482 chore: release v4.1.2
  • 6f97b55 feat: disable colors if agent is detected (#9851)
  • b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
  • 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
  • f54abad chore: add typo-checker skill and fix typos (#9963)
  • 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
  • 1f2d318 chore: release v4.1.1
  • ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
  • 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
  • eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.


Updates @vitest/coverage-v8 from 2.1.9 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitest/coverage-v8 since your current version.


Updates vite-tsconfig-paths from 5.1.4 to 6.1.1

Release notes

Sourced from vite-tsconfig-paths's releases.

v6.1.0

Features

  • New importerFilter option: Provides fine-grained control over which files should have their imports resolved by this plugin. (Closes #175, #193)
  • Ignore .d.ts overrides: The plugin now ignores resolutions that point to .d.ts files, avoiding issues when tsconfig is used for opt-in type overrides. (Closes #179, #180)

Performance

  • Hoisted regular expressions out of the hot path in the resolver for better performance.

Internal

  • Added resolvedToDeclarationFile event to the debug log file.

v6.0.0

Note: No intentional breaking changes. Major version bump due to extensive internal refactoring; downgrade to v5 if needed.

Highlights

  • On-demand tsconfig discovery via projectDiscovery: "lazy", while eager discovery remains the default.
  • tsconfig/jsconfig files are watched and reloaded automatically in both modes, including during vite build --watch.
  • New logFile option for per-import resolution traces (pass true for vite-tsconfig-paths.log or provide a path).
  • Support for root /* aliases and other absolute-style imports.
  • Support for .astro files when allowJs/loose is enabled.

Fixes

  • More reliable tsconfig watching and resolver refreshes: handles lazy discovery edge cases, recreates resolvers after file changes, tolerates missing directories, and copes better with virtual importers.
  • Windows path handling now normalizes drive-letter casing to avoid missed matches (#183).

Upgrade notes

  • Install the stable release: pnpm add -D vite-tsconfig-paths.
  • Opt into lazy discovery or logging when needed:
import tsconfigPaths from 'vite-tsconfig-paths'
export default {
plugins: [
tsconfigPaths({
projectDiscovery: 'lazy',
logFile: true,
}),
],
}

  • Rooted path patterns such as "/*": ["src/*"] now resolve the same way tsserver does.

v6.0.0-beta.4

  • fix(windows): ensure drive letter is uppercase (#183)
  • feat: add .astro to JS-like extension regex (fbbc8edb86606c612565a6672c8e0ae93f0001a0)

... (truncated)

Commits
  • dff2e93 chore: release v6.1.1
  • 947f434 fix: skip .json resolutions in certain cases
  • 457211a chore(docs): mention the importerFilter option
  • 2152461 chore: upgrade vitest
  • c5659ce chore: release v6.1.0
  • 93dd887 chore: add "resolvedToDeclarationFile" event to log file
  • e1e7678 feat: ignore .d.ts-only overrides in tsconfig
  • c8e4ec3 chore(perf): hoist regexes out of hot path
  • d0ad01c feat: add importerFilter option
  • 0b47a6a chore: release v6.0.5
  • Additional commits viewable in compare view

Updates jsdom from 25.0.1 to 29.0.1

Release notes

Sourced from jsdom's releases.

v29.0.1

  • Fixed CSS parsing of border, background, and their sub-shorthands containing keywords or var(). (@​asamuzaK)
  • Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.

v29.0.0

Breaking changes:

  • Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

  • Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
  • Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
  • Added cssMediaRule.matches and cssSupportsRule.matches getters.
  • Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
  • Added cssKeyframeRule.keyText getter/setter validation.
  • Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
  • Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
  • Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
  • Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (@​thypon)
  • Fixed a memory leak when stylesheets were removed from the document.
  • Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
  • Fixed nested @media rule parsing.
  • Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
  • Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
  • Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
  • Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

  • Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
  • Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (@​asamuzaK)
  • Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
  • Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
  • Fixed getComputedStyle() to correctly handle !important priority. (@​asamuzaK)
  • Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
  • Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
  • Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
  • Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
  • Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

v28.0.0

  • Overhauled resource loading customization. See the new README for details on the new API.
  • Added MIME type sniffing to <iframe> and <frame> loads.
  • Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
  • Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
  • Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
  • Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
  • Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
  • Fixed require("url").parse() deprecation warning when using WebSockets.
  • Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.

... (truncated)

Commits
  • 34c7d6e 29.0.1
  • 8ffc811 Add benchmark for computed style property access
  • 5f2434c Update dependencies and dev dependencies
  • 1e8a7ff Handle global keywords in CSS shorthand property handlers
  • 0b79509 Wrap getComputedStyle return value for proper indexed access
  • d589a8e Fix border shorthand parsing
  • e528859 Modernize release infrastructure
  • 00522ce Version 29.0.0
  • a217975 Use undici's request() API for XHR dispatching
  • f29722d Convert CSSStyleDeclaration to webidl2js
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jsdom since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 31, 2026
@dependabot
chore(deps): bump the dependencies group with 8 updates
52b15fd 
Bumps the dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [turbo](https://github.com/vercel/turborepo) | `2.8.20` | `2.9.1` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.2` |
| [next](https://github.com/vercel/next.js) | `15.2.0` | `16.2.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.19.15` | `25.5.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.9` | `4.1.2` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `2.1.9` | `4.1.2` |
| [vite-tsconfig-paths](https://github.com/aleclarson/vite-tsconfig-paths) | `5.1.4` | `6.1.1` |
| [jsdom](https://github.com/jsdom/jsdom) | `25.0.1` | `29.0.1` |


Updates `turbo` from 2.8.20 to 2.9.1
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.8.20...v2.9.1)

Updates `typescript` from 5.9.3 to 6.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.2)

Updates `next` from 15.2.0 to 16.2.1
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.2.0...v16.2.1)

Updates `@types/node` from 22.19.15 to 25.5.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `vitest` from 2.1.9 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

Updates `@vitest/coverage-v8` from 2.1.9 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/coverage-v8)

Updates `vite-tsconfig-paths` from 5.1.4 to 6.1.1
- [Release notes](https://github.com/aleclarson/vite-tsconfig-paths/releases)
- [Commits](aleclarson/vite-tsconfig-paths@v5.1.4...v6.1.1)

Updates `jsdom` from 25.0.1 to 29.0.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v25.0.1...v29.0.1)

---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: next
  dependency-version: 16.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@types/node"
  dependency-version: 25.5.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: vite-tsconfig-paths
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: jsdom
  dependency-version: 29.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-45ecc8f89a branch from 0ec0af6 to 52b15fd Compare April 7, 2026 22:19
@dependabot dependabot bot requested a review from jakesterns as a code owner April 7, 2026 22:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jakesterns jakesterns Awaiting requested review from jakesterns jakesterns is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants