Skip to content

chore(deps): update devdependencies (non-major)#6326

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/dev-dependencies-non-major
Open

chore(deps): update devdependencies (non-major)#6326
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/dev-dependencies-non-major

Conversation

@renovate

@renovate renovate Bot commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@faker-js/faker (source) 10.4.010.5.0 age confidence
@playwright/test (source) 1.60.01.61.0 age confidence
@typescript-eslint/utils (source) 8.61.08.61.1 age confidence
@vitest/coverage-v8 (source) 4.1.84.1.9 age confidence
esbuild 0.28.00.28.1 age confidence
eslint-plugin-react-refresh 0.5.20.5.3 age confidence
happy-dom 20.10.220.10.6 age confidence
typescript-eslint (source) 8.61.08.61.1 age confidence
vitest (source) 4.1.84.1.9 age confidence

Release Notes

faker-js/faker (@​faker-js/faker)

v10.5.0

Compare Source

New Locales
Features
Bug Fixes
microsoft/playwright (@​playwright/test)

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();
New APIs
Network
Browser and Screencast
  • New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
  • New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
  • The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.
Test runner
  • The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
  • Supported expect.soft.poll(...).
  • New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
  • New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
  • testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
  • New -G command line shorthand for --grep-invert.
🛠️ Other improvements
  • Playwright now supports Ubuntu 26.04.
  • HAR and trace recordings now include WebSocket requests.
Browser Versions
  • Chromium 149.0.7827.55
  • Mozilla Firefox 151.0
  • WebKit 26.5

This version was also tested against the following stable channels:

  • Google Chrome 149
  • Microsoft Edge 149
typescript-eslint/typescript-eslint (@​typescript-eslint/utils)

v8.61.1

Compare Source

This was a version bump only for utils to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.9

Compare Source

🐞 Bug Fixes
  • Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
  • browser:
    • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
    • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
  • mocker:
    • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
  • pool:
    • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)
View changes on GitHub
evanw/esbuild (esbuild)

v0.28.1

Compare Source

  • Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

    This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

    Thanks to @​dellalibera for reporting this issue.

  • Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

    The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

    Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

    Thanks to @​sondt99 for reporting this issue.

  • Avoid inlining using and await using declarations (#​4482)

    Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

    // Original code
{
  using x = new Resource()
  x.activate()
}

// Old output (with --minify)
new Resource().activate();

// New output (with --minify)
{using e=new Resource;e.activate()}

  • Fix module evaluation when an error is thrown (#​4461, #​4467)

    If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

  • Fix some edge cases around the new operator (#​4477)

    Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

    // Original code
new (foo()`bar`)()
new (foo()?.bar)()

// Old output
new foo()`bar`();
new (foo())?.bar();

// New output
new (foo())`bar`();
new (foo()?.bar)();

  • Fix renaming of nested var declarations (#​4471)

    This release fixes a bug where var declarations in nested scopes that are hoisted up to module scope were not correctly being renamed during bundling. That could previously lead to name collisions when minification was disabled, which could potentially cause a behavior change. The bug has been fixed so that these hoisted declarations are now considered to be module-level symbols during the name collision avoidance pass.

  • Emit var instead of const for certain TypeScript-only constructs for ES5 (#​4448)

    While esbuild doesn't generally support converting const to var for ES5 due to nested scoping rules (which is currently a build-time error), esbuild previously incorrectly converted TypeScript-only import assignment constructs into a const declaration even when targeting ES5. With this release, esbuild will now use var for this case instead:

    // Original code
import x = require('y')

// Old output (with --target=es5)
const x = require("y");

// New output (with --target=es5)
var x = require("y");
ArnaudBarre/eslint-plugin-react-refresh (eslint-plugin-react-refresh)

v0.5.3

Compare Source

  • Fix check for non component class exported via export { } #​110 (fixes #​109)
capricorn86/happy-dom (happy-dom)

v20.10.6

Compare Source

👷‍♂️ Patch fixes

v20.10.5

Compare Source

👷‍♂️ Patch fixes
  • Adds cache to query selector parser - By @​capricorn86 in task #​2142
    • The selector parser degraded in performance in v20.6.3 to solve more complex selectors
    • Parsing is still a bit slower, but the cache will hopefully mitigate most of the problem

v20.10.4

Compare Source

👷‍♂️ Patch fixes
  • Coerce null qualifiedName to empty string in createDocument - By @​Firer in task #​2206

v20.10.3

Compare Source

👷‍♂️ Patch fixes
  • Fix "~=" attribute selector matching hyphenated substrings in CSS selectors - By @​mixelburg in task #​2194
typescript-eslint/typescript-eslint (typescript-eslint)

v8.61.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Configuration

📅 Schedule: (in timezone Europe/Paris)

  • Branch creation
    • Only on Sunday (* * * * 0)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file. filigran team Item from the Filigran team. labels Jun 21, 2026
Copilot AI review requested due to automatic review settings June 21, 2026 01:03
@renovate renovate Bot added dependencies Pull requests that update a dependency file. filigran team Item from the Filigran team. labels Jun 21, 2026
Copilot AI reviewed Jun 21, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@codecov

codecov Bot commented Jun 21, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.33%. Comparing base (da5c70b) to head (9ce220d).

❌ Your project check has failed because the head coverage (2.86%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #6326      +/-   ##
============================================
+ Coverage     43.30%   43.33%   +0.03%     
  Complexity     6900     6900              
============================================
  Files          2244     2244              
  Lines         61783    61783              
  Branches       8134     8134              
============================================
+ Hits          26755    26774      +19     
+ Misses        33304    33284      -20     
- Partials       1724     1725       +1
Flag Coverage Δ
backend 65.64% <ø> (ø)
e2e 18.82% <ø> (+0.68%) ⬆️
frontend 2.86% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file. filigran team Item from the Filigran team.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant