fix(deps): update npm - - package.json

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@aws-sdk/credential-providers (source)	^3.980.0 → ^3.1030.0			dependencies	minor	3.1032.0 (+1)
@babel/core (source)	^7.28.6 → ^7.29.0			devDependencies	patch
@esbuild/darwin-arm64	^0.27.2 → ^0.28.0			optionalDependencies	minor
@esbuild/darwin-x64	^0.27.2 → ^0.28.0			optionalDependencies	minor
@esbuild/linux-x64	0.27.2 → 0.28.0			optionalDependencies	minor
@esbuild/win32-x64	0.27.2 → 0.28.0			optionalDependencies	minor
@eslint/compat (source)	^2.0.2 → ^2.0.5			devDependencies	patch
@eslint/js (source)	^9.39.2 → ^9.39.4			devDependencies	patch
@eslint/json	^1.0.1 → ^1.2.0			devDependencies	minor
@fontsource/roboto (source)	^5.2.9 → ^5.2.10			dependencies	patch
@primer/octicons-react (source)	^19.21.2 → ^19.24.1			dependencies	minor
@types/lodash (source)	^4.17.23 → ^4.17.24			devDependencies	patch
@types/node (source)	^22.19.7 → ^22.19.17			devDependencies	patch
@vitejs/plugin-react (source)	^5.1.2 → ^5.2.0			devDependencies	minor
axios (source)	^1.13.4 → ^1.15.0			dependencies	patch
cypress (source)	^15.9.0 → ^15.13.1			devDependencies	minor	15.14.0
eslint (source)	^9.39.2 → ^9.39.4			devDependencies	patch
eslint-plugin-cypress	^5.2.1 → ^5.3.0			devDependencies	patch
express-rate-limit	^8.2.1 → ^8.3.2			dependencies	patch
fast-check (source)	^4.5.3 → ^4.6.0			devDependencies	minor	4.7.0
isomorphic-git (source)	^1.36.3 → ^1.37.5			dependencies	minor
lint-staged	^16.2.7 → ^16.4.0			devDependencies	minor
lodash (source)	^4.17.23 → ^4.18.1			dependencies	patch
mongo	606f8e0 → 43fddee				digest
node	5a593d7 → 33cf7f0			final	digest
node	5a593d7 → 33cf7f0			stage	digest
openid-client	^6.8.1 → ^6.8.3			dependencies	patch
prettier (source)	^3.8.1 → ^3.8.3			devDependencies	patch
simple-git (source)	^3.30.0 → ^3.36.0			dependencies	minor
typescript-eslint (source)	^8.54.0 → ^8.58.2			devDependencies	minor
validator	^13.15.26 → ^13.15.35			dependencies	patch
vite (source)	^7.3.1 → ^7.3.2			devDependencies	patch

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/credential-providers)

v3.1030.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1029.0

Compare Source

3.1029.0(2026-04-10)

New Features

• client-observabilityadmin: CloudWatch Observability Admin adds support for multi-region telemetry evaluation and telemetry enablement rules. (861e172a)
• client-rtbfabric: Adds optional health check configuration for Responder Gateways with ASG Managed Endpoints. When provided, RTB Fabric continuously probes customers' instance IPs and routes traffic only to healthy ones, reducing errors during deployments, scaling events, and instance failures. (3e890437)
• client-ecs: Minor updates to exceptions for completeness (788ab4a6)
• client-devops-agent: Devops Agent now supports associate Splunk, Datadog and custom MCP server to an Agent Space. (44503175)
• client-mediaconvert: Adds support for MV-HEVC video output and clear lead for AV1 DRM output. (812d3dad)
• client-imagebuilder: Image pipelines can now automatically apply tags to images they create. Set the imageTags property when creating or updating your pipelines to get started. (5eb366f5)
• client-sagemaker: Support new SageMaker StartClusterHealthCheck API for on-demand DHC on Hyperpod EKS cluster. Support updated CreateCluster, UpdateCluster, DescribeCluster, BatchAddClusterNodes APIs for flexible instance group on HyperPod cluster (dfcde032)
• client-connect: Conversational Analytics for Email (fd2820f8)

---

For list of updated packages, view updated-packages.md in assets-3.1029.0.zip

v3.1028.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1027.0

Compare Source

3.1027.0(2026-04-08)

New Features

• clients: update client endpoints as of 2026-04-08 (88eb6682)
• client-outposts: Add AWS Outposts APIs to view renewal pricing options and submit renewal requests for Outpost contracts (ba6c2a7e)
• client-ecr: Add UnableToListUpstreamImageReferrersException in ListImageReferrers (459df0bc)
• client-backup: Adding EKS specific backup vault notification types for AWS Backup. (c5badfde)
• client-marketplace-discovery: AWS Marketplace Discovery API provides an interface that enables programmatic access to the AWS Marketplace catalog, including searching and browsing listings, retrieving product details and fulfillment options, and accessing public and private offer pricing and terms. (1523d996)
• client-ivs-realtime: Adds support for Amazon IVS real-time streaming redundant ingest. (1a8caf9e)
• client-medialive: MediaLive is adding support for MediaConnect Router by supporting a new output type called MEDIACONNECT ROUTER. This new output type will provide seamless encrypted transport between your MediaLive channel and MediaConnect Router. (9d257a3f)
• client-drs: This changes adds support for modifying the replication configuration to support data replication using IPv6. (b2cd4452)

---

For list of updated packages, view updated-packages.md in assets-3.1027.0.zip

v3.1026.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1025.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1021.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1015.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1013.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1012.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1011.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1010.0

Compare Source

3.1010.0(2026-03-16)

New Features

• clients: update client endpoints as of 2026-03-16 (6ae1dd8a)
• client-ecs: Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances. (f165f183)
• client-bedrock-agentcore-control: Supporting hosting of public ECR Container Images in AgentCore Runtime (a3ca4b6e)
• client-bedrock: You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations. (e9c8b9ce)
• client-bedrock-agentcore: Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand API (14fb5577)
• middleware-flexible-checksums: allow custom checksums to be used in responses (#​7849) (213defa2)

Tests

• canary: use vitest 4.0.17 in canary tests (#​7848) (bda6c45a)

---

For list of updated packages, view updated-packages.md in assets-3.1010.0.zip

v3.1009.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1008.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1007.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1006.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1005.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1004.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1003.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1002.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1001.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1000.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.999.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.998.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.997.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.996.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.995.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.994.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.993.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

evanw/esbuild (@​esbuild/darwin-arm64)

v0.28.0

Compare Source

v0.27.7

Compare Source

v0.27.6

Compare Source

v0.27.5

Compare Source

v0.27.4

Compare Source

v0.27.3

Compare Source

eslint/rewrite (@​eslint/compat)

v2.0.5

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.2.0 to ^1.2.1

v2.0.4

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.1 to ^1.2.0

v2.0.3

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

eslint/eslint (@​eslint/js)

v9.39.4

Compare Source

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

eslint/json (@​eslint/json)

v1.2.0

Compare Source

Features

• implement autofix for sort-keys (#​216) (3534818)

v1.1.0

Compare Source

Features

• implement autofix for no-unnormalized-keys (#​151) (fc3beec)

Bug Fixes

• allow JSONRuleDefinition to report on tokens (#​210) (87ea56f)
• update eslint (#​218) (171d293)

fontsource/font-files (@​fontsource/roboto)

v5.2.10

Compare Source

primer/octicons (@​primer/octicons-react)

v19.24.1

Compare Source

Patch Changes

• #​1190 38dfb0d4 Thanks @​francinelucca! - Allow data-component attribute to be overridden by consumers

v19.24.0

Compare Source

Minor Changes

• #​1185 25e257ff Thanks @​francinelucca! - Add data-component="Octicon" attribute to all SVG elements for easier identification and styling

v19.23.1

Compare Source

Patch Changes

• #​1175 ea8e6bb7 Thanks @​kylewaynebenson! - - Remove set fill from svgs

v19.23.0

Compare Source

Minor Changes

• #​1165 63bc8d01 Thanks @​kylewaynebenson! - - Addition of lockup icon
  • adjustments to logo and mark

v19.22.1

Compare Source

Patch Changes

• #​1169 6567d755 Thanks @​francinelucca! - various dep updates

v19.22.0

Compare Source

Minor Changes

• #​1157 18e3b9fd Thanks @​janmaarten-a11y! - Add book-locked icon
  Add comment-locked icon
  Add issue-locked icon
  Add git-pull-request-locked icon

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v5.2.0

Compare Source

v5.1.4

Compare Source

Fix canSkipBabel not accounting for babel.overrides (#​1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

cypress-io/cypress (cypress)

v15.13.1

Compare Source

v15.13.0

Compare Source

v15.12.0

Compare Source

v15.11.0

Compare Source

v15.10.0

Compare Source

eslint/eslint (eslint)

v9.39.4

Compare Source

Bug Fixes

• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#​20564) (Milos Djermanovic)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#​20554) (Milos Djermanovic)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#​20549) (Andrej Beles)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#​20538) (루밀LuMir)

Documentation

• 4675152 docs: add deprecation notice partial (#​20520) (Milos Djermanovic)

Chores

• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#​20596) (Francesco Trotta)
• 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
• 1d16c2f ci: pin Node.js 25.6.1 (#​20563) (Milos Djermanovic)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

express-rate-limit/express-rate-limit (express-rate-limit)

v8.3.2

Compare Source

You can view the changelog here.

dubzzz/fast-check (fast-check)

v4.6.0

Compare Source

Better stringMatching with maxLength
[Code][Diff]

Features

• (PR#6599) Add basic maxLength support to stringMatching
• (PR#6600) Better clamp on regexes when maxLength on stringMatching
• (PR#6687) Deprecate Random::next(n) and Random::nextInt()

Fixes

• (PR#6502) Bug: Bad d.ts import in BuildInversedRelationsMapping
• (PR#6578) Bug: Don't crash when stringifying detached ArrayBuffers
• (PR#6700) Bug: Fix object unmapper and depth computation for special keys
• (PR#6432) CI: Move all dependencies to dev on examples/
• (PR#6443) CI: Migrate to Docusaurus v4 configuration format
• (PR#6456) CI: Enable persist-credentials in add-contributor workflow
• (PR#6501) CI: Bump module in tsconfig to node18
• (PR#6548) CI: Fix zizmor ignore config line numbers
• (PR#6554) CI: Drop tests against Node 20
• (PR#6563) CI: Fix check_publish status to be success on no error
• (PR#6565) CI: Add create release workflow
• (PR#6610) CI: Rework pnpm configuration
• (PR#6619) CI: Add PR template enforcement workflow
• (PR#6622) CI: Skip Netlify doc publish on PRs
• (PR#6625) CI: Run PR template check without approval
• (PR#6623) CI: Skip PR template check for Renovate bot
• (PR#6638) CI: Bundle fast-check using rolldown
• (PR#6662) CI: Rework configuration of examples
• (PR#6683) CI: Add Claude Code GitHub Action workflow
• (PR#6684) CI: Add configuration for pre and post tool Claude hooks
• (PR#6690) CI: Refine GH Action triggering CLAUDE
• (PR#6693) CI: Configure another Claude model
• (PR#6703) CI: Add top-level permissions: {} to workflows missing it
• (PR#6704) CI: Refactor Claude workflow custom instructions configuration
• (PR#6705) CI: Add SessionStart hook to ensure dependencies are installed
• (PR#6597) Clean: Drop runkit file
• (PR#6640) Clean: Drop unused "tsd" in package.json
• (PR#6441) Doc: Release note for 4.5.0
• (PR#6442) Doc: Replace generic blog tags with feature-specific taxonomy
• (PR#6458) Doc: Add adamni21 as doc contributor
• (PR#6496) Doc: Refine npm keywords
• (PR#6514) Doc: Skill for JavaScript testing expert
• (PR#6516) Doc: Add note to avoid overusing filter and fc.pre
• (PR#6517) Doc: Update testing skill to recommend mimicking existing test structure
• (PR#6523) Doc: Add PR template requirement to Copilot instructions
• (PR#6522) Doc: Add note on complementary testing approaches
• (PR#6524) Doc: Add snapshot vs screenshot guidance
• (PR#6527) Doc: Push to install missing tooling
• (PR#6530) Doc: Clearer guidelines for constraints of arbs in skill
• (PR#6526) Doc: Add AI-powered testing documentation
• (PR#6529) Doc: Add testing-library and browser testing part in skill
• (PR#6528) Doc: Add bigint type preference for integer computations in skill
• (PR#6531) Doc: Add TDD fashion thinking in skill
• (PR#6553) Doc: Add josephjunker as doc contributor
• (PR#6561) Doc: Add page on "What is property-based testing" and modify "Why property-based testing"
• (PR#6605) Doc: Drop Snyk link on Readme
• (PR#6603) Doc: Update CONTRIBUTING.md for AI
• (PR#6572) Doc: Rework issue templates
• (PR#6613) Doc: Update PR template
• (PR#6634) Doc: Rework bug-report template
• (PR#6635) Doc: Rework regression-report template
• (PR#6652) Doc: Update Readme to point to npmx
• (PR#6659) Doc: Update home to link to npmx
• (PR#6696) Doc: Add rushelex as code contributor
• (PR#6448) Performance: Optimize RunDetailsFormatter array allocations
• (PR#5718) Performance: Import less from pure-rand
• (PR#6679) Performance: Bump pure-rand to v8
• (PR#6446) Performance: Replace loose equality by strict one
• (PR#6444) Performance: Slightly faster code for RunExecution
• (PR#6437) Refactor: Replace fileURLToPath patterns with import.meta.*
• (PR#6567) Refactor: Remove ErrorWithCause, use Error directly
• (PR#6621) Refactor: Replace glob package with native Node.js fs.glob
• (PR#6675) Refactor: Drop @​rollup/plugin-replace for rolldown builtin
• (PR#6550) Security: Fix zizmor template-injection findings
• (PR#6472) Test: Provide cause when doc generation fails
• (PR#6381) Test: Migrate test-types to vitest
• (PR#6507) Test: Filter ESM-only packages from CommonJS mode checks
• (PR#6453) Typo: Fix typo for dictionary arbitrary constraint maxKeys
• (PR#6552) Typo: Replace flatMap with chain in error message

---

isomorphic-git/isomorphic-git (isomorphic-git)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	aa5a436
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/69e32145d3d1f00008a91738

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.

View full job summary

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.21%. Comparing base (2019faf) to head (aa5a436).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1379   +/-   ##
=======================================
  Coverage   90.21%   90.21%           
=======================================
  Files          69       69           
  Lines        5511     5511           
  Branches      944      944           
=======================================
  Hits         4972     4972           
  Misses        521      521           
  Partials       18       18           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.