chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@babel/core (source)	7.28.5 → 7.28.6			devDependencies	patch
@types/bun (source)	1.3.5 → 1.3.6			devDependencies	patch
@types/node (source)	24.10.4 → 24.10.9			devDependencies	patch
@types/react (source)	19.2.7 → 19.2.8			devDependencies	patch	19.2.9
build-ts	17.0.13 → 17.0.14			devDependencies	patch
next (source)	16.1.1 → 16.1.4			devDependencies	patch
node (source)	24.12.0 → 24.13.0				minor
prettier (source)	3.7.4 → 3.8.0			devDependencies	minor
prettier-plugin-java (source)	2.8.0 → 2.8.1			devDependencies	patch
type-fest	5.3.1 → 5.4.1			devDependencies	minor
typescript-eslint (source)	8.52.0 → 8.53.0			devDependencies	minor	8.53.1
vitest (source)	4.0.16 → 4.0.17			devDependencies	patch

---

Release Notes

babel/babel (@​babel/core)

v7.28.6

Compare Source

WillBooster/build-ts (build-ts)

v17.0.14

Compare Source

Bug Fixes

• deps: update dependency rollup to v4.55.1 (#​461) (7549ea9)

vercel/next.js (next)

v16.1.4

Compare Source

v16.1.3

Compare Source

v16.1.2

Compare Source

nodejs/node (node)

v24.13.0: 2026-01-13, Version 24.13.0 'Krypton' (LTS), @​marco-ippolito

Compare Source

This is a security release.

Notable Changes

lib:

• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
  lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
  src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
  src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
  tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

Commits

• [2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #​60997
• [3e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #​61283
• [4ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [89adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
• [7302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [20075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [20591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

prettier/prettier (prettier)

v3.8.0

Compare Source

diff

🔗 Release note

jhipster/prettier-java (prettier-plugin-java)

v2.8.1: 2.8.1

Compare Source

What's Changed

• fix: indent ternary binary expressions in return statements by @​jtkiesel in #​803

Full Changelog: https://github.com/jhipster/prettier-java/compare/prettier-plugin-java@2.8.0...prettier-plugin-java@2.8.1

sindresorhus/type-fest (type-fest)

v5.4.1

Compare Source

• MergeDeep: Remove extra undefined from optional properties (#​1319) a6af489

---

v5.4.0

Compare Source

New types

• ObjectMerge (#​1324) ac06066
• UnwrapPartial (#​1296) 99b0b07
• ArrayReverse (#​1266) dfbefad

---

typescript-eslint/typescript-eslint (typescript-eslint)

v8.53.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (vitest)

v4.0.17

Compare Source

   🚀 Features

• Support openTelemetry for browser mode  -  by @​hi-ogawa in #​9180 (1ec3a)
• Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation  -  by @​Copilot, hi-ogawa and @​hi-ogawa in #​9295 (876cb)

   🐞 Bug Fixes

• Improve asymmetric matcher diff readability by unwrapping container matchers  -  by @​Copilot, sheremet-va, hi-ogawa and @​hi-ogawa in #​9330 (b2ec7)
• Improve runner error when importing outside of test context  -  by @​sheremet-va in #​9335 (2dd3d)
• Replace crypto.randomUUID to allow insecure environments (fix #​9…  -  by @​plusgut in #​9339 and #​9 (e6a3f)
• Handle null options in addEventHandler #​9371  -  by @​ThibautMarechal in #​9372 and #​9371 (40841)
• Typo in browser.provider error  -  by @​deammer in #​9394 (4b67f)
• browser:
  • Fix process.env and import.meta.env defines in inline project  -  by @​hi-ogawa in #​9239 (b70c9)
  • Fix upload File instance  -  by @​hi-ogawa in #​9294 (b6778)
  • Fix invalid project token for artifacts assets  -  by @​hi-ogawa in #​9321 (caa7d)
  • Log ErrorEvent.message when unhandled ErrorEvent.error is null  -  by @​hi-ogawa in #​9322 (5d84e)
  • Support fileParallelism on an instance  -  by @​sheremet-va in #​9328 (15006)
• coverage:
  • Remove unnecessary istanbul-lib-source-maps usage  -  by @​AriPerkkio in #​9344 (b0940)
  • Apply patch from istanbuljs/istanbuljs#837  -  by @​AriPerkkio and sapphi-red in #​9413 and #​837 (e05ce)
• fsModuleCache:
  • Don't store importers in cache  -  by @​sheremet-va in #​9422 (75136)
  • Add importers alongside importedModules  -  by @​sheremet-va in #​9423 (59f92)
• mocker:
  • Fix mock transform with class  -  by @​hi-ogawa in #​9421 (d390e)
• pool:
  • Validate environment options when reusing the worker  -  by @​sheremet-va in #​9349 (a8a88)
  • Handle worker start failures gracefully  -  by @​AriPerkkio in #​9337 (200da)
• reporter:
  • Report test module if it failed to run  -  by @​sheremet-va in #​9272 (c7888)
• runner:
  • Respect nested test.only within describe.only  -  by @​Ujjwaljain16 in #​9021 and #​9213 (55d5d)
• typecheck:
  • Improve error message when tsc outputs help text  -  by @​Ujjwaljain16 in #​9214 (7b10a)
• ui:
  • Detect gzip by magic numbers instead of Content-Type header in html reporter  -  by @​Copilot, hi-ogawa and @​hi-ogawa in #​9278 (dd033)
• webdriverio:
  • Fall back to WebDriver Classic #​9244  -  by @​JustasMonkev in #​9373 and #​9244 (c23dd)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - "after 5am on Saturday" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.