fix(deps): update non-major-updates (feature/beta-release)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@eslint/css	^1.0.0 → ^1.1.0			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	^8.57.2 → ^8.58.0			devDependencies	minor
@typescript-eslint/parser (source)	^8.57.2 → ^8.58.0			devDependencies	minor
@typescript-eslint/utils (source)	^8.57.2 → ^8.58.0			devDependencies	minor
@vitest/coverage-istanbul (source)	^4.1.1 → ^4.1.2			devDependencies	patch
@vitest/coverage-v8 (source)	^4.1.1 → ^4.1.2			devDependencies	patch
@vitest/ui (source)	^4.1.1 → ^4.1.2			devDependencies	patch
actions/setup-go (changelog)	4b73464 → 4a36011			action	digest
actions/setup-go	v6.3.0 → v6.4.0			action	minor
axios (source)	^1.13.6 → ^1.14.1			dependencies	minor
github.com/gin-contrib/gzip	v1.2.5 → v1.2.6			require	patch
github.com/greenpau/caddy-security	1.1.57 → 1.1.58				patch
github.com/mattn/go-sqlite3	v1.14.37 → v1.14.38			require	patch
github/codeql-action (changelog)	3869755 → c10b806			action	digest
github/codeql-action	v4.34.1 → v4.35.1			action	minor
github/codeql-action	eedab83 → a899987			action	digest
i18next (source)	^25.10.9 → ^25.10.10			dependencies	patch
knip (source)	^6.0.5 → ^6.1.0			devDependencies	minor
lucide-react (source)	^1.6.0 → ^1.7.0			dependencies	patch
node	24.14.0-alpine → 24.14.1-alpine			stage	patch
renovatebot/github-action	v46.1.6 → v46.1.7			action	patch
sigstore/cosign-installer	v4.1.0 → v4.1.1			action	patch
typescript-eslint (source)	^8.57.2 → ^8.58.0			devDependencies	minor
vite (source)	^8.0.2 → ^8.0.3			devDependencies	patch
vite (source)	8.0.2 → 8.0.3			overrides	patch
vitest (source)	^4.1.1 → ^4.1.2			devDependencies	patch

---

Release Notes

eslint/css (@​eslint/css)

v1.1.0

Compare Source

Features

• add CSS unit baseline checking (#​403) (51f24f4)

Bug Fixes

• correctly extract baseline support for CSS functions (#​401) (a1b5c6f)
• update baseline data (#​399) (235f451)
• update baseline data (#​405) (616558e)
• update baseline data (#​412) (6f8c083)

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.58.0

Compare Source

🚀 Features

• support TypeScript 6 (#​12124)

🩹 Fixes

• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#​12161)
• eslint-plugin: [no-extraneous-class] handle index signatures (#​12142)
• eslint-plugin: crash in no-unnecessary-type-arguments (#​12163)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.58.0

Compare Source

🚀 Features

• support TypeScript 6 (#​12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/utils)

v8.58.0

Compare Source

🚀 Features

• support TypeScript 6 (#​12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (@​vitest/coverage-istanbul)

v4.1.2

Compare Source

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (#​9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in #​9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in #​9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in #​9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in #​9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in #​9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in #​9851 (6f97b)

    View changes on GitHub

actions/setup-go (actions/setup-go)

v6.4.0

Compare Source

What's Changed

Enhancement

• Add go-download-base-url input for custom Go distributions by @​gdams in #​721

Dependency update

• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​727

Documentation update

• Rearrange README.md, add advanced-usage.md by @​priyagupta108 in #​724
• Fix Microsoft build of Go link by @​gdams in #​734

New Contributors

• @​gdams made their first contribution in #​721

Full Changelog: actions/setup-go@v6...v6.4.0

axios/axios (axios)

v1.14.0

Compare Source

gin-contrib/gzip (github.com/gin-contrib/gzip)

v1.2.6

Compare Source

Changelog

Enhancements

• 873bbb8: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (@​appleboy)
• ade6e24: chore: update indirect dependencies to latest minor versions (@​appleboy)
• fb05b2a: chore: remove bearer.yml workflow (@​appleboy)
• 941d83d: chore(deps): bump actions/checkout from 4 to 6 (@​appleboy)
• 992c35f: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• 728cc31: chore(ci): update golangci-lint to v2.6 (@​appleboy)
• 7dab3cb: chore: add WithMinLength option to control when responses are gzipped (#​106) (@​takanuva15)
• 1984bfc: chore(deps): bump actions/cache from 4 to 5 (@​appleboy)
• 4fdf19e: chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0 (@​appleboy)
• c65ba86: chore(deps): upgrade gin to v1.12.0 and update CI Go versions (@​appleboy)
• 68f826a: chore(deps): upgrade golang.org/x/text to v0.35.0 (@​appleboy)

Build process updates

• 4c6db59: ci: integrate Trivy security scanning workflow and badge (@​appleboy)
• 68ed7ff: ci(workflow): bump goreleaser/goreleaser-action from v6 to v7 (@​appleboy)

Others

• db4e3d0: Add Go 1.26 to GitHub Actions test matrix (@​appleboy)
• 05b2770: Update golangci-lint version to v2.9 (@​appleboy)

greenpau/caddy-security (github.com/greenpau/caddy-security)

v1.1.58

Compare Source

Changelog

• a3338ba upgrade to github.com/greenpau/go-authcrunch v1.1.34

mattn/go-sqlite3 (github.com/mattn/go-sqlite3)

v1.14.38

Compare Source

github/codeql-action (github/codeql-action)

v4.35.1

Compare Source

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #​3781

v4.35.0

Compare Source

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #​3767
• Update default CodeQL bundle version to 2.25.1. #​3773

i18next/i18next (i18next)

v25.10.10

Compare Source

• feat: suppress support notice automatically in production environments (NODE_ENV=production)

webpro-nl/knip (knip)

v6.1.0: Release 6.1.0

Compare Source

• Add knip.nodeRuntimePath setting (resolve #​1643) (65e943c)
• Swap Astro sharp detection to match default behavior (#​1559) (84968bb)
• feat: stencil plugin (#​1644) (d5d20e5) - thanks @​johnjenkins!
• Enable metro plugin when expo is installed (#​1600) (14bc9d7) - thanks @​DaniFoldi!
• Resolve jsPlugins dependencies in oxlint plugin (#​1576) (e11c962) - thanks @​nikolailehbrink!
• Wrap up oxlint jsPlugins support (209a9f7)
• Update dependencies (close #​1646) (869020f)
• Fix config hint filePath edge case (e79c302)
• Rename oxlint config file in fixtures (5630204)

v6.0.6: Release 6.0.6

Compare Source

• Suppress issues initially to not overwhelm agent in mcp server (7793962)
• Auto-format (346247a)
• Fix false positive unused deps when run from workspace dir (resolve #​1642) (95f4431)
• Move from convertPathsToAlias → compilePathMappings (resolve #​1641) (ccc62d6)

nodejs/node (node)

v24.14.1: 2026-03-24, Version 24.14.1 'Krypton' (LTS), @​RafaelGSS prepared by @​juanarbol

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium
• (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
• (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
• (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
• (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low

Commits

• [6fae244080] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#828
• [cc0910c62e] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) nodejs-private/node-private#822
• [80cb042cf3] - deps: update undici to 7.24.4 (Node.js GitHub Bot) #​62271
• [f5b8667dc2] - deps: update undici to 7.24.3 (Node.js GitHub Bot) #​62233
• [08852637d9] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #​62035
• [61097db9fb] - deps: upgrade npm to 11.11.0 (npm team) #​61994
• [9ac0f9f81e] - deps: upgrade npm to 11.10.1 (npm team) #​61892
• [3dab3c4698] - deps: V8: override depot_tools version (Richard Lau) #​62344
• [87521e99d1] - deps: V8: backport 1361b2a (Joyee Cheung) nodejs-private/node-private#828
• [045013366f] - deps: V8: backport 185f0fe (Joyee Cheung) nodejs-private/node-private#828
• [af22629ea8] - deps: V8: backport 0a8b1cd (snek) nodejs-private/node-private#828
• [380ea72eef] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
• [d6b6051e08] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
• [bfdecef9da] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
• [c015edf313] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
• [cba66c48a5] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
• [df8fbfb93d] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

renovatebot/github-action (renovatebot/github-action)

v46.1.7

Compare Source

Documentation

• update references to renovatebot/github-action to v46.1.6 (3afa29f)

Miscellaneous Chores

• deps: update dependency typescript-eslint to v8.57.1 (3a47fac)
• deps: update node.js to v24.14.1 (28bb013)

Build System

• deps: lock file maintenance (be2fc08)

Continuous Integration

• deps: update ghcr.io/renovatebot/renovate docker tag to v43.86.1 (8795f0b)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.86.2 (9853f69)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.87.0 (f43553b)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.87.1 (266e52c)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.0 (15d8db4)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.1 (b711f08)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.2 (06c1ac0)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.3 (4509fbc)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.4 (8dd874b)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.5 (908aecf)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.6 (1a40ecc)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.89.8 (82662d1)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.91.1 (40328d7)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.91.4 (977b086)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.91.5 (398a399)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.91.6 (a416aeb)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.92.1 (8c59289)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.95.0 (5312d97)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.96.0 (6016202)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.98.0 (d4812c2)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.99.0 (47f20b6)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.99.1 (dadfa2f)

sigstore/cosign-installer (sigstore/cosign-installer)

v4.1.1

Compare Source

What's Changed

• chore: update default cosign-release to v3.0.5 in #​223

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

typescript-eslint/typescript-eslint (typescript-eslint)

v8.58.0

Compare Source

🚀 Features

• support TypeScript 6 (#​12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v8.0.3

Compare Source

Features

• update rolldown to 1.0.0-rc.12 (#​22024) (84164ef)

Bug Fixes

• html: cache unfiltered CSS list to prevent missing styles across entries (#​22017) (5464190)
• module-runner: handle non-ascii characters in base64 sourcemaps (#​21985) (77c95bf)
• module-runner: skip re-import if the runner is closed (#​22020) (ee2c2cd)
• optimizer: scan is not resolving sub path import if used in a glob import (#​22018) (ddfe20d)
• ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#​22019) (cff5f0c)

Miscellaneous Chores

• deps: bump picomatch from 4.0.3 to 4.0.4 (#​22027) (7e56003)

Tests

• html: add tests for getCssFilesForChunk (#​22016) (43fbbf9)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

✅ Supply Chain Verification Results

✅ PASSED

📦 SBOM Summary

• Components: 1487

🔍 Vulnerability Scan

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	4
🟢 Low	0
Total	4

📎 Artifacts

• SBOM (CycloneDX JSON) and Grype results available in workflow artifacts

---

_{Generated by Supply Chain Verification workflow • View Details}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.