chore(deps): bump the production-dependencies group with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates:

Package	From	To
flexsearch	0.7.43	0.8.164
lightningcss	1.29.3	1.30.0
preact	10.26.5	10.26.6
satori	0.12.2	0.13.0
shiki	1.26.2	3.4.0
@types/node	22.15.7	22.15.17
esbuild	0.25.3	0.25.4

Updates flexsearch from 0.7.43 to 0.8.164

Release notes

Sourced from flexsearch's releases.

v0.8.1

• Resolver Support for Documents
• Asynchronous Runtime Balancer, new option priority
• Export/Import Worker Indexes + Document Worker, new extern config options export and import
• Improved interoperability of the different build packages, including source folder
• Support custom filter function for encoder (stop-word filter)

v0.8.0

• Persistent indexes support for: IndexedDB (Browser), Redis, SQLite, Postgres, MongoDB, Clickhouse
• Enhanced language customization via the new Encoder class
• Result Highlighting
• Query performance achieve results up to 4.5 times faster compared to the previous generation v0.7.x by also improving the quality of results
• Enhanced support for larger indexes or larger result sets
• Improved offset and limit processing achieve up to 100 times faster traversal performance through large datasets
• Support for larger In-Memory index with extended key size (the defaults maximum keystore limit is: 2^24)
• Greatly enhanced performance of the whole text encoding pipeline
• Improved indexing of numeric content (Triplets)
• Intermediate result sets and Resolver
• Basic Resolver: and, or, xor, not, limit, offset, boost, resolve
• Improved charset collection
• New charset preset soundex which further reduces memory consumption by also increasing "fuzziness"
• Performance gain when polling tasks to the index by using "Event-Loop-Caches"
• Up to 100 times faster deletion/replacement when not using the additional "fastupdate" register
• Regex Pre-Compilation (transforms hundreds of regex rules into just a few)
• Extended support for multiple tags (DocumentIndex)
• Custom Fields ("Virtual Fields")
• Custom Filter
• Custom Score Function
• Added French language preset (stop-word filter, stemmer)
• Enhanced Worker Support
• Export / Import index in chunks
• Improved Build System + Bundler (Supported: CommonJS, ESM, Global Namespace), also the import of language packs are now supported for Node.js
• Full covering index.d.ts type definitions
• Fast-Boot Serialization optimized for Server-Side-Rendering (PHP, Python, Ruby, Rust, Java, Go, Node.js, ...)

Changelog

Sourced from flexsearch's changelog.

Changelog

Current Version

• Improved Stemmer Handling
• Improved Result Highlighting
• Use multi-language charset normalization as the default Encoder
• Simplified charset support for multi-language content
• Charset renamed LatinExact => Exact, LatinDefault => Default and LatinSimple => Normalize, these are universal charset presets for any languages
• Charset ArabicDefault and CyrillicDefault was removed, they are fully covered by the default universal charset presets
• Charset Charset.CjkDefault was renamed to Charset.CJK

v0.8.1

• Resolver Support for Documents
• Asynchronous Runtime Balancer, new option priority
• Export/Import Worker Indexes + Document Worker, new extern config options export and import
• Improved interoperability of the different build packages, including source folder
• Support custom filter function for encoder (stop-word filter)

v0.8.0

• Persistent indexes support for: IndexedDB (Browser), Redis, SQLite, Postgres, MongoDB, Clickhouse
• Enhanced language customization via the new Encoder class
• Result Highlighting
• Query performance achieve results up to 4.5 times faster compared to the previous generation v0.7.x by also improving the quality of results
• Enhanced support for larger indexes or larger result sets
• Improved offset and limit processing achieve up to 100 times faster traversal performance through large datasets
• Support for larger In-Memory index with extended key size (the defaults maximum keystore limit is: 2^24)
• Greatly enhanced performance of the whole text encoding pipeline
• Improved indexing of numeric content (Triplets)
• Intermediate result sets and Resolver
• Basic Resolver: and, or, xor, not, limit, offset, boost, resolve
• Improved charset collection
• New charset preset soundex which further reduces memory consumption by also increasing "fuzziness"
• Performance gain when polling tasks to the index by using "Event-Loop-Caches"
• Up to 100 times faster deletion/replacement when not using the additional "fastupdate" register
• Regex Pre-Compilation (transforms hundreds of regex rules into just a few)
• Extended support for multiple tags (DocumentIndex)
• Custom Fields ("Virtual Fields")
• Custom Filter
• Custom Score Function
• Added French language preset (stop-word filter, stemmer)
• Enhanced Worker Support
• Export / Import index in chunks
• Improved Build System + Bundler (Supported: CommonJS, ESM, Global Namespace), also the import of language packs are now supported for Node.js
• Full covering index.d.ts type definitions
• Fast-Boot Serialization optimized for Server-Side-Rendering (PHP, Python, Ruby, Rust, Java, Go, Node.js, ...)

v0.7.0

... (truncated)

Commits

• See full diff in compare view

Updates lightningcss from 1.29.3 to 1.30.0

Release notes

Sourced from lightningcss's releases.

v1.30.0

Features

• Update relative color parsing to latest spec: colors now support numbers in addition to percentages, and calcs in colors are now always numbers. Note that this was technically a breaking change in the spec. You may need to update code using relative color calculations on percentages to use numbers instead. See the PR for details. – #465
• Update nesting implementation for new spec: It is now possible to nest selectors with pseudo elements, and declarations and nested rules can be interleaved. See https://web.dev/blog/css-nesting-cssnesteddeclarations for more details. – parcel-bundler/lightningcss@6c465c1
• Skip generating unnecessary @supports rules when already nested in a @supports rule – #878, d398c1b86439dfd243a6c2ba627a8e7981118a44
• Improve error recovery for media queries – #954
• Add support for ::picker, ::picker-icon and ::checkmark – #957
• Add build support for Android – #932

Fixes

• Fix error message for invalid composes selectors – parcel-bundler/lightningcss#948
• Update browserslist – parcel-bundler/lightningcss#961
• Fix linear-gradient direction conversion for legacy vendor-prefixed values – #936
• Prevent new lines in license comments from breaking source maps – #971
• Do not inline layers before imports – 33ea2c149e2c94f6e45a86d6d666d092729c9523
• Statically link Visual Studio redistributables on Windows builds – e5c4139be325c03704072c948be38f8b1f990071
• update browser compat data – 17bdc80ff5282c410daf65d135ef6cac79200e55

Commits

• 474c67c v1.30.0
• 17bdc80 update browser compat data
• e5c4139 Statically link Visual Studio redistributables on Windows builds
• 33ea2c1 Do not inline layers before imports
• 4ebcb45 Update relative color parsing to latest spec (#465)
• 0f064ab Prevent new lines written by write_str from breaking source maps (#971)
• 16fdfd5 fix: remove grid feature (#972)
• 496f4f6 Add build support for Android (#932)
• 3e27005 Add support for ::picker, ::picker-icon and ::checkmark (#957)
• c5cbcfa Fix linear-gradient direction conversion for legacy vendor-prefixed values (#...
• Additional commits viewable in compare view

Updates preact from 10.26.5 to 10.26.6

Release notes

Sourced from preact's releases.

10.26.6

Fixes

• Ensure useId works in portals (#4752, thanks @​JoviDeCroock)

Types

• Change HTMLMediaElement.controlsList type to string (DOMTokenList) (#4744, thanks @​piotr-cz)

Maintenance

• Switch testing from karma to vitest (#4687, thanks @​JoviDeCroock)
• Dedupe preact in vitest setup (#4702, thanks @​sheremet-va)

Commits

• e92fdf8 10.26.6 (#4755)
• 8e05a6f Ensure useId works in portals (#4752)
• 8aac5fa Merge pull request #4753 from preactjs/bump-vitest
• 0e1893c Vitest switch (#4687)
• 94db9b4 Try some stuff
• a2dcfc6 Enable lint
• e7cfb64 bump vitest
• e6a4080 Bump some stuff
• 87eed69 Expand
• f8ddf37 Skip more files
• Additional commits viewable in compare view

Updates satori from 0.12.2 to 0.13.0

Release notes

Sourced from satori's releases.

0.13.0

0.13.0 (2025-05-12)

Features

• add text-wrap: "pretty" (#663) (df2e182)

Commits

• df2e182 feat: add text-wrap: "pretty" (#663)
• 4fa21c1 refactor: replace emoji-regex with emoji-regex-xs (#669)
• See full diff in compare view

Updates shiki from 1.26.2 to 3.4.0

Release notes

Sourced from shiki's releases.

v3.4.0

   🐞 Bug Fixes

• Update deps and grammars  -  by @​antfu (310d1)

    View changes on GitHub

v3.3.0

   🚀 Features

• Update deps  -  by @​antfu (ac6be)
• core: Add option to merge consecutive tokens with same style  -  by @​yvbopeng and @​antfu in shikijs/shiki#972 and shikijs/shiki#991 (c806a)

   🐞 Bug Fixes

• colorized-brackets: Handle correctly with dual themes  -  by @​oatmealproblem and Anthony Fu in shikijs/shiki#997 (71d1b)
• transformers: Whitespace rendering transformer for inline structure  -  by @​nvlang and Anthony Fu in shikijs/shiki#995 (93251)

    View changes on GitHub

v3.2.2

   🚀 Features

• Add handling for FontStyle.Strikethrough  -  by @​dhruvkb in shikijs/shiki#976 (f14f2)

    View changes on GitHub

v3.2.1

No significant changes

    View changes on GitHub

v3.2.0

   🚀 Features

• Upgrade deps, new langs and themes  -  by @​antfu (b11c6)

   🐞 Bug Fixes

• Faild to run shiki doc server locally  -  by @​Hephaest in shikijs/shiki#959 (3bbd8)

    View changes on GitHub

v3.1.0

   🚀 Features

• engine-js: Bump deps to work around Safari bug with some grammars  -  by @​slevithan in shikijs/shiki#941 (47205)
• twoslash: Upgrade twoslash v0.3, require typescript v5.5+, close #950, close #951  -  by @​antfu in shikijs/shiki#950 and shikijs/shiki#951 (5c6f9)

   🐞 Bug Fixes

... (truncated)

Commits

• f38148e chore: release v3.4.0
• 3a23e9d chore: release v3.3.0
• bf0174c build: use unbuild to build main package
• e32c28c chore: release v3.2.2
• 83b6794 chore: release v3.2.1
• ef6f296 chore: release v3.2.0
• b11c684 feat: upgrade deps, new langs and themes
• fdf376f test: migrate to monorepo exports snapshoting
• ece4b02 test: snapshot public exports
• ab672eb chore: release v3.1.0
• Additional commits viewable in compare view

Updates @types/node from 22.15.7 to 22.15.17

Commits

• See full diff in compare view

Updates esbuild from 0.25.3 to 0.25.4

Release notes

Sourced from esbuild's releases.

v0.25.4

• Add simple support for CORS to esbuild's development server (#4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

  To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

  Some examples:

  • CLI:

    esbuild --servedir=. --cors-origin=https://example.com
    

  • JS:

    const ctx = await esbuild.context({})
    await ctx.serve({
      servedir: '.',
      cors: {
        origin: 'https://example.com',
      },
    })

  • Go:

    ctx, _ := api.Context(api.BuildOptions{})
    ctx.Serve(api.ServeOptions{
      Servedir: ".",
      CORS: api.CORSOptions{
        Origin: []string{"https://example.com"},
      },
    })

  The special origin * can be used to allow any origin to access esbuild's development server. Note that this means any website you visit will be able to read everything served by esbuild.

• Pass through invalid URLs in source maps unmodified (#4169)

  This fixes a regression in version 0.25.0 where sources in source maps that form invalid URLs were not being passed through to the output. Version 0.25.0 changed the interpretation of sources from file paths to URLs, which means that URL parsing can now fail. Previously URLs that couldn't be parsed were replaced with the empty string. With this release, invalid URLs in sources should now be passed through unmodified.

• Handle exports named __proto__ in ES modules (#4162, #4163)

  In JavaScript, the special property name __proto__ sets the prototype when used inside an object literal. Previously esbuild's ESM-to-CommonJS conversion didn't special-case the property name of exports named __proto__ so the exported getter accidentally became the prototype of the object literal. It's unclear what this affects, if anything, but it's better practice to avoid this by using a computed property name in this case.

  This fix was contributed by @​magic-akari.

Changelog

Sourced from esbuild's changelog.

0.25.4

• Add simple support for CORS to esbuild's development server (#4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

  To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

  Some examples:

  • CLI:

    esbuild --servedir=. --cors-origin=https://example.com
    

  • JS:

    const ctx = await esbuild.context({})
    await ctx.serve({
      servedir: '.',
      cors: {
        origin: 'https://example.com',
      },
    })

  • Go:

    ctx, _ := api.Context(api.BuildOptions{})
    ctx.Serve(api.ServeOptions{
      Servedir: ".",
      CORS: api.CORSOptions{
        Origin: []string{"https://example.com"},
      },
    })

  The special origin * can be used to allow any origin to access esbuild's development server. Note that this means any website you visit will be able to read everything served by esbuild.

• Pass through invalid URLs in source maps unmodified (#4169)

  This fixes a regression in version 0.25.0 where sources in source maps that form invalid URLs were not being passed through to the output. Version 0.25.0 changed the interpretation of sources from file paths to URLs, which means that URL parsing can now fail. Previously URLs that couldn't be parsed were replaced with the empty string. With this release, invalid URLs in sources should now be passed through unmodified.

• Handle exports named __proto__ in ES modules (#4162, #4163)

  In JavaScript, the special property name __proto__ sets the prototype when used inside an object literal. Previously esbuild's ESM-to-CommonJS conversion didn't special-case the property name of exports named __proto__ so the exported getter accidentally became the prototype of the object literal. It's unclear what this affects, if anything, but it's better practice to avoid this by using a computed property name in this case.

... (truncated)

Commits

• 218d29e publish 0.25.4 to npm
• e66cd0b dev server: simple support for CORS requests (#4171)
• 8bf3368 js api: validate some options as arrays of strings
• 1e7375a js api: simplify comma-separated array validation
• 5f5964d release notes for #4163
• adb5284 fix: handle __proto__ as a computed property in exports and add tests for s...
• 0aa9f7b fix #4169: keep invalid source map URLs unmodified
• 5959289 add additional guards for #4114 when using :is()
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.