fix(deps): update non-major-updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@types/node (source)	^25.6.0 → ^25.6.2			devDependencies	patch
@vitest/eslint-plugin	^1.6.16 → ^1.6.17			devDependencies	patch
github.com/aws/aws-sdk-go-v2/service/s3	1.100.1 → 1.101.0				minor
github/codeql-action (changelog)	e46ed2c → 68bde55			action	digest
github/codeql-action	v4.35.3 → v4.35.4			action	patch
go (source)	1.26.2 → 1.26.3			golang	patch
go	1.26.2 → 1.26.3			uses-with	patch
golang	1.26.2 → 1.26.3				patch
golang	1.26.2-alpine → 1.26.3-alpine			stage	patch
golang/go (source)	1.26.2 → 1.26.3				patch
golangci/golangci-lint	2.12.1 → 2.12.2				patch
golangci/golangci-lint	v2.12.1 → v2.12.2			uses-with	patch
i18next (source)	^26.0.9 → ^26.0.10			dependencies	patch
knip (source)	^6.11.0 → ^6.12.1			devDependencies	minor
react (source)	^19.2.5 → ^19.2.6			dependencies	patch
react-dom (source)	^19.2.5 → ^19.2.6			dependencies	patch
react-i18next	^17.0.6 → ^17.0.7			dependencies	patch
release-drafter/release-drafter (changelog)	563bf13 → c2e2804			action	digest
sigstore/cosign-installer	v4.1.1 → v4.1.2			action	patch
tar	^7.5.14 → ^7.5.15			devDependencies	patch
vite (source)	^8.0.10 → ^8.0.11			devDependencies	patch
vite (source)	8.0.10 → 8.0.11			overrides	patch

---

Release Notes

vitest-dev/eslint-plugin-vitest (@​vitest/eslint-plugin)

v1.6.17

Compare Source

   🐞 Bug Fixes

• Recommend toBeTypeOf instead of expectTypeOf in prefer-expect-type-of  -  by @​sheremet-va in #​896 (a4bcd)
• no-standalone-expect: Allow expect inside vi.defineHelper callbacks  -  by @​nami8824 in #​894 (fd8eb)

    View changes on GitHub

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/s3)

v1.101.0

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/cloudformation: v1.30.0
  • Feature: Specify desired CloudFormation behavior in the event of ChangeSet execution failure using the CreateChangeSet OnStackFailure parameter
• github.com/aws/aws-sdk-go-v2/service/ec2: v1.101.0
  • Feature: API changes to AWS Verified Access to include data from trust providers in logs
• github.com/aws/aws-sdk-go-v2/service/ecs: v1.27.4
  • Documentation: Documentation only update to address various tickets.
• github.com/aws/aws-sdk-go-v2/service/glue: v1.51.0
  • Feature: This release adds support for creating cross region table/database resource links
• github.com/aws/aws-sdk-go-v2/service/pricing: v1.20.0
  • Feature: This release updates the PriceListArn regex pattern.
• github.com/aws/aws-sdk-go-v2/service/route53domains: v1.15.0
  • Feature: Update MaxItems upper bound to 1000 for ListPricesRequest
• github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.85.0
  • Feature: Amazon Sagemaker Autopilot releases CreateAutoMLJobV2 and DescribeAutoMLJobV2 for Autopilot customers with ImageClassification, TextClassification and Tabular problem type config support.

github/codeql-action (github/codeql-action)

v4.35.4

Compare Source

• Update default CodeQL bundle version to 2.25.4. #​3881

golang/go (go)

v1.26.3

actions/go-versions (go)

v1.26.3: 1.26.3

Compare Source

Go 1.26.3

golangci/golangci-lint (golangci/golangci-lint)

v2.12.2

Compare Source

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

i18next/i18next (i18next)

v26.0.10

Compare Source

• feat: getFixedT accepts a fourth optional fixedOpts argument carrying scopeNs — the full namespace list the bound t was created for. The selector API uses scopeNs to detect when a path's first segment is a namespace prefix, without changing resolution scope. Resolution still uses the bound ns (a single primary string in the typical react-i18next setup), so plain t('key') lookups stay isolated to the primary namespace exactly as before — only t($ => $.secondaryNs.foo) selectors now route correctly under useTranslation([nsA, nsB]). Fixes the runtime side of #​2429 for the react-i18next default-nsMode case. The 4th argument is opt-in: existing 3-arg getFixedT(lng, ns, keyPrefix) callers see no behavior change.

webpro-nl/knip (knip)

v6.12.1: Release 6.12.1

Compare Source

• fix: type-only imports in monorepos (#​1715) (de33a2c) - thanks @​lishaduck!
• Bump jiti to ^2.7.0 (#​1729) (0fe8dc3) - thanks @​re-taro!
• Fix Vercel config detection (#​1726) (370236d) - thanks @​jakeleventhal!
• Fix inferred declaration export references (#​1728) (4dcd756) - thanks @​jakeleventhal!
• Remove stale root watch script (#​1731) (2d555a1) - thanks @​jeffrey-takuma!
• Update sponsorships script/numbers (c3dcc8f)
• Add orgs using knip (78fd581)
• Yolo (7e689bf)

v6.12.0: Release 6.12.0

Compare Source

• Use venz light/dark responsive svg img (2354194)
• Fix types/path references (4afc873)
• Move on to pnpm 11 (b106065)
• Fix up ecosystem tests (c226a72)
• Add shell binaries to global ignore list (#​1716) (ddcf7de) - thanks @​jakeleventhal!
• Fix declaration export regression and document (resolve #​1722) (3a2c22b)
• Update snapshot after 3a2c22b (8300078)
• Detect babel.plugins/presets in @​vitejs/plugin-react via function-form defineConfig (resolve #​1723) (d56ee51)
• Lift defineConfig-arg unwrapper to ast-helpers, route findCallArg through it (7195b0a)
• Fix PostCSS detection for @​tailwindcss/postcss (#​1719) (60f8482) - thanks @​jakeleventhal!
• Allow > inside SFC <script> attribute values (resolve #​1714) (9e5501f)
• Resolve Cypress reporter set per testing type (resolve #​1724) (7cc4fc1)
• Add Vercel config plugin (#​1720) (10f97c1) - thanks @​jakeleventhal!
• Direct config hint title to stderr (53236b5)
• Some light housekeeping (727f842)
• Fix up ecosystem tests (0db3300)
• Fix --no-exit-code condition for isTreatConfigHintsAsErrors (f27c3f4)
• A friendlier message (aab1e83)
• Mark plugin-name fallback binaries as optional in knownBinsOnly mode (c709a5a)

facebook/react (react)

v19.2.6: 19.2.6 (May 6th, 2026)

Compare Source

React Server Components

• Type hardening and performance improvements
  (by @​eps1lon and @​unstubbable)

i18next/react-i18next (react-i18next)

v17.0.7

Compare Source

• feat: useTranslation([nsA, nsB, ...]) now passes its full namespace list to getFixedT via the new scopeNs opt (requires i18next ≥ v26.0.10). This makes selector calls with a secondary-namespace prefix resolve correctly under default nsMode: t($ => $.nsB.foo) previously missed silently because the bound ns was the primary string only and i18next's selector rewrite needed an array. Resolution semantics are unchanged — plain t('key') lookups still stay isolated to the primary namespace by default; use nsMode: 'fallback' to opt into multi-ns fallback resolution as before. Fixes i18next#2429 for useTranslation-based callers.

sigstore/cosign-installer (sigstore/cosign-installer)

v4.1.2

Compare Source

What's Changed

• Bump cosign to 3.0.6 in #​232

isaacs/node-tar (tar)

v7.5.15

Compare Source

vitejs/vite (vite)

v8.0.11

Compare Source

Features

• update rolldown to 1.0.0-rc.18 (#​22360) (3f80524)

Bug Fixes

• deps: update all non-major dependencies (#​22334) (672c962)
• deps: update all non-major dependencies (#​22382) (5c0cfcb)
• glob: align hmr matcher options with glob enumeration (#​22306) (30028f9)
• make separate object instance for each environment (#​22276) (7c2aa3b)

Documentation

• create-vite: list react-compiler templates in README (#​22347) (7c3a61f)
• explain mergeConfig skips null/undefined (#​22325) (2151f70)
• mention native config loader in CLI options (#​22348) (0420c5d)
• update evan's x handle (640202a)

Miscellaneous Chores

• deps: update dependency tsdown to ^0.21.10 (#​22333) (3b51e05)
• deps: update rolldown-related dependencies (#​22383) (555ff36)
• deps: update transitive packages to fix npm audit alerts (#​22316) (86aee62)

Code Refactoring

• devtools integration (#​22312) (3c8bf06)
• remove unnecessary async (#​22296) (b31fd35)
• show direct path type in bad character warning (#​22339) (0c162e9)

Tests

• create-vite: use short help alias (#​22389) (994ab66)

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[github-actions]

✅ Supply Chain Verification Results

✅ PASSED

📦 SBOM Summary

• Components: 1487

🔍 Vulnerability Scan

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	4
🟢 Low	2
Total	6

📎 Artifacts

• SBOM (CycloneDX JSON) and Grype results available in workflow artifacts

---

_{Generated by Supply Chain Verification workflow • View Details}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: agent/go.sum

Command failed: go get -t ./...
go: downloading github.com/sirupsen/logrus v1.9.4
go: downloading github.com/gorilla/websocket v1.5.3
go: downloading github.com/hashicorp/yamux v0.1.2
go: downloading github.com/stretchr/testify v1.11.1
go: downloading golang.org/x/sys v0.43.0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: module . listed in go.work file requires go >= 1.26.3, but go.work lists go 1.26.2; to update it:
	go work use

File name: backend/go.sum

Command failed: go get -t ./...
go: downloading github.com/gin-gonic/gin v1.12.0
go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1
go: downloading github.com/glebarez/sqlite v1.11.0
go: downloading github.com/google/uuid v1.6.0
go: downloading gorm.io/gorm v1.31.1
go: downloading gorm.io/driver/sqlite v1.6.0
go: downloading golang.org/x/text v0.36.0
go: downloading github.com/mattn/go-sqlite3 v1.14.44
go: downloading github.com/gin-contrib/gzip v1.2.6
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading golang.org/x/crypto v0.50.0
go: downloading golang.org/x/time v0.15.0
go: downloading github.com/golang-jwt/jwt/v5 v5.3.1
go: downloading github.com/moby/moby/client v0.4.1
go: downloading github.com/oschwald/geoip2-golang/v2 v2.1.0
go: downloading github.com/robfig/cron/v3 v3.0.1
go: downloading golang.org/x/net v0.53.0
go: downloading software.sslmate.com/src/go-pkcs12 v0.7.1
go: downloading github.com/gin-contrib/sse v1.1.1
go: downloading github.com/mattn/go-isatty v0.0.22
go: downloading github.com/quic-go/quic-go v0.59.0
go: downloading github.com/glebarez/go-sqlite v1.22.0
go: downloading modernc.org/sqlite v1.50.0
go: downloading github.com/jinzhu/now v1.1.5
go: downloading github.com/stretchr/objx v0.5.3
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.67.5
go: downloading github.com/prometheus/procfs v0.20.1
go: downloading google.golang.org/protobuf v1.36.11
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading github.com/Microsoft/go-winio v0.6.2
go: downloading github.com/containerd/errdefs v1.0.0
go: downloading github.com/containerd/errdefs/pkg v0.3.0
go: downloading github.com/distribution/reference v0.6.0
go: downloading github.com/docker/go-connections v0.7.0
go: downloading github.com/moby/moby/api v1.54.2
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/opencontainers/image-spec v1.1.1
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0
go: downloading go.opentelemetry.io/otel/trace v1.43.0
go: downloading go.opentelemetry.io/otel v1.43.0
go: downloading github.com/oschwald/maxminddb-golang/v2 v2.2.0
go: downloading github.com/go-playground/validator/v10 v10.30.2
go: downloading github.com/goccy/go-yaml v1.19.2
go: downloading github.com/pelletier/go-toml/v2 v2.3.1
go: downloading github.com/ugorji/go/codec v1.3.1
go: downloading go.mongodb.org/mongo-driver/v2 v2.6.0
go: downloading github.com/bytedance/sonic v1.15.1
go: downloading github.com/goccy/go-json v0.10.6
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/quic-go/qpack v0.6.0
go: downloading modernc.org/libc v1.72.2
go: downloading github.com/jinzhu/inflection v1.0.0
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading go.yaml.in/yaml/v2 v2.4.4
go: downloading github.com/docker/go-units v0.5.0
go: downloading github.com/moby/docker-image-spec v1.3.1
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading go.opentelemetry.io/otel/metric v1.43.0
go: downloading github.com/gabriel-vasile/mimetype v1.4.13
go: downloading github.com/go-playground/universal-translator v0.18.1
go: downloading github.com/leodido/go-urn v1.4.0
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.2
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading github.com/ncruces/go-strftime v1.0.0
go: downloading modernc.org/mathutil v1.7.1
go: downloading modernc.org/memory v1.11.0
go: downloading github.com/go-logr/logr v1.4.3
go: downloading github.com/go-playground/locales v0.14.1
go: downloading github.com/bytedance/gopkg v0.1.4
go: downloading github.com/cloudwego/base64x v0.1.7
go: downloading golang.org/x/arch v0.26.0
go: downloading github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
go: downloading github.com/bytedance/sonic/loader v0.5.1
go: downloading github.com/klauspost/cpuid/v2 v2.3.0
go: downloading github.com/twitchyliquid64/golang-asm v0.15.1
go: module . listed in go.work file requires go >= 1.26.3, but go.work lists go 1.26.2; to update it:
	go work use
go: module ../agent listed in go.work file requires go >= 1.26.3, but go.work lists go 1.26.2; to update it:
	go work use

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.