chore(deps-dev): bump the dev-dependencies group across 1 directory with 18 updates

[dependabot]

Bumps the dev-dependencies group with 18 updates in the / directory:

Package	From	To
@types/node	25.6.0	25.9.0
eslint-plugin-no-only-tests	3.3.0	3.4.0
eslint-plugin-promise	7.2.1	7.3.0
globals	17.5.0	17.6.0
jscpd	4.0.9	4.2.3
knip	6.4.1	6.14.1
tsx	4.21.0	4.22.2
turbo	2.9.6	2.9.14
typescript-eslint	8.58.2	8.59.4
vitest	4.1.4	4.1.6
@tailwindcss/postcss	4.2.2	4.3.0
postcss	8.5.10	8.5.14
tailwindcss	4.2.2	4.3.0
zod	4.3.6	4.4.3
orval	8.8.0	8.11.0
react-test-renderer	19.2.5	19.2.6
jsdom	29.0.2	29.1.1
fast-check	4.6.0	4.8.0

Updates @types/node from 25.6.0 to 25.9.0

Commits

• See full diff in compare view

Updates eslint-plugin-no-only-tests from 3.3.0 to 3.4.0

Release notes

Sourced from eslint-plugin-no-only-tests's releases.

v3.4.0

What's Changed

• Bump cross-spawn from 7.0.3 to 7.0.6 by @​dependabot[bot] in levibuzolic/eslint-plugin-no-only-tests#47
• Bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in levibuzolic/eslint-plugin-no-only-tests#51
• Update README for flat config by @​levibuzolic in levibuzolic/eslint-plugin-no-only-tests#52
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in levibuzolic/eslint-plugin-no-only-tests#54
• Document oxlint setup by @​AndreyYolkin in levibuzolic/eslint-plugin-no-only-tests#53
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in levibuzolic/eslint-plugin-no-only-tests#55
• Add common framework setup docs for focused tests by @​levibuzolic in levibuzolic/eslint-plugin-no-only-tests#57
• Optimize Oxlint integration and release v3.4.0 by @​levibuzolic in levibuzolic/eslint-plugin-no-only-tests#58
• Update Actions for npm trusted publishing by @​levibuzolic in levibuzolic/eslint-plugin-no-only-tests#59
• Remove npm registry auth from publish workflow by @​levibuzolic in levibuzolic/eslint-plugin-no-only-tests#60
• Update release workflow for trusted publishing by @​levibuzolic in levibuzolic/eslint-plugin-no-only-tests#61
• Fix GitHub release npm publish auth by @​levibuzolic in levibuzolic/eslint-plugin-no-only-tests#62

New Contributors

• @​AndreyYolkin made their first contribution in levibuzolic/eslint-plugin-no-only-tests#53

Full Changelog: levibuzolic/eslint-plugin-no-only-tests@v3.3.0...v3.4.0

Changelog

Sourced from eslint-plugin-no-only-tests's changelog.

v3.4.0

Added

• Add CLI E2E coverage for both ESLint and Oxlint, including --fix verification and config-specific assertions
• Add a package-contents check to ensure test assets are never published

Changed

• Optimize Oxlint usage by adopting Oxlint's performance-focused createOnce entrypoint while preserving ESLint compatibility

Internal

• Switch repository tooling from Yarn to Bun
• Replace Biome/Prettier usage with Oxlint and Oxfmt
• Update GitHub Actions to use Bun and a modern Node test matrix
• Move test infrastructure into a dedicated test/ directory
• Tighten package metadata and improve JSDoc/type coverage

v3.0.0

Added

• Block scope matchers can accept a trailing * to optionally match blocks by prefix #35

Breaking

• Block matchers no longer match prefixes of blocks by default, can now be configured via options #35

v2.6.0

• Disable auto fixing by default, allow it to be optionally enabled. #26

v2.5.0

• Add support for auto fixing violations - #19 @​tgreen7

v2.4.0

• Add support for defining 2 levels deep in blocks (ie. ava.default)

v2.3.1

• Bump js-yaml from 3.13.0 to 3.13.1 due to security vulnerability - #11

v2.3.0

• Allow test block names to be specified in options - #10

v2.2.0

... (truncated)

Commits

• 2279c51 Merge pull request #62 from levibuzolic/levi/fix-github-release-action
• e234e55 Use Publish environment for npm release
• d304af4 Fix npm release auth
• 435b3a2 Merge pull request #61 from levibuzolic/fix-release-script
• 968e9d9 Switch release workflow to published events
• a0edb1a Merge pull request #60 from levibuzolic/fix-release-script
• 42ca3d8 Remove npm registry auth from publish workflow
• b7051fc Merge pull request #59 from levibuzolic/fix-release-script
• 36e23a2 Update GitHub Actions for npm trusted publishing
• 17f7389 Fix release script
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-no-only-tests since your current version.

Updates eslint-plugin-promise from 7.2.1 to 7.3.0

Release notes

Sourced from eslint-plugin-promise's releases.

v7.3.0

7.3.0 (2026-04-27)

🌟 Features

• no-promise-in-callback: add exemptDeclarations option (#513) (550524f)
• add support for ESLint v10 (#617) (6096821)

🩹 Fixes

• no-native: fix to report Promise usage in eslint v9 or later (#619) (1230ced)

🧹 Chores

• add missing 'use strict' directive (#593) (4cd7ea1)
• deps-dev: update eslint-plugin-eslint-plugin to v6.4.0 (#583) (45385a3)
• deps-dev: update eslint-plugin-jest to v28.11.0 (#585) (a33ffb6)
• deps-dev: update eslint-plugin-n to v17.14.0 (#575) (fad9049)
• deps-dev: update eslint-plugin-prettier to v5.2.3 (#586) (b2095cb)
• deps-dev: update eslint-plugin-prettier to v5.2.4 (#600) (fad5029)
• deps-dev: update lint-staged to v15.4.3 (#582) (d1e23e5)
• deps-dev: update prettier to v3.4.1 (#578) (3fae241)
• deps-dev: update prettier to v3.4.2 (#580) (7219528)
• deps-dev: update prettier to v3.5.0 (#588) (5da83c4)
• deps: update globals to v15.13.0 (#579) (75defcf)
• deps: update globals to v15.14.0 (#584) (846ad48)
• deps: update typescript to v5.7.3 (#589) (79b0eff)
• package: explicitly declare js module type (#592) (b19e133)
• update typescript to ~5.7.0 (#577) (04d0b2b)

Changelog

Sourced from eslint-plugin-promise's changelog.

7.3.0 (2026-04-27)

🌟 Features

• no-promise-in-callback: add exemptDeclarations option (#513) (550524f)
• add support for ESLint v10 (#617) (6096821)

🩹 Fixes

• no-native: fix to report Promise usage in eslint v9 or later (#619) (1230ced)

🧹 Chores

• add missing 'use strict' directive (#593) (4cd7ea1)
• deps-dev: update eslint-plugin-eslint-plugin to v6.4.0 (#583) (45385a3)
• deps-dev: update eslint-plugin-jest to v28.11.0 (#585) (a33ffb6)
• deps-dev: update eslint-plugin-n to v17.14.0 (#575) (fad9049)
• deps-dev: update eslint-plugin-prettier to v5.2.3 (#586) (b2095cb)
• deps-dev: update eslint-plugin-prettier to v5.2.4 (#600) (fad5029)
• deps-dev: update lint-staged to v15.4.3 (#582) (d1e23e5)
• deps-dev: update prettier to v3.4.1 (#578) (3fae241)
• deps-dev: update prettier to v3.4.2 (#580) (7219528)
• deps-dev: update prettier to v3.5.0 (#588) (5da83c4)
• deps: update globals to v15.13.0 (#579) (75defcf)
• deps: update globals to v15.14.0 (#584) (846ad48)
• deps: update typescript to v5.7.3 (#589) (79b0eff)
• package: explicitly declare js module type (#592) (b19e133)
• update typescript to ~5.7.0 (#577) (04d0b2b)

Commits

• f1dd605 chore(main): release 7.3.0 (#576)
• 6096821 feat: add support for ESLint v10 (#617)
• 1230ced fix(no-native): fix to report Promise usage in eslint v9 or later (#619)
• 6cf7adb ci: trusted publishing (#610)
• fad5029 chore(deps-dev): update eslint-plugin-prettier to v5.2.4 (#600)
• 4cd7ea1 chore: add missing 'use strict' directive (#593)
• b19e133 chore(package): explicitly declare js module type (#592)
• 5da83c4 chore(deps-dev): update prettier to v3.5.0 (#588)
• d1e23e5 chore(deps-dev): update lint-staged to v15.4.3 (#582)
• b2095cb chore(deps-dev): update eslint-plugin-prettier to v5.2.3 (#586)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-promise since your current version.

Updates globals from 17.5.0 to 17.6.0

Release notes

Sourced from globals's releases.

v17.6.0

• Update globals (2026-05-01) (#343) 00a4dd9

---

sindresorhus/globals@v17.5.0...v17.6.0

Commits

• 6b15870 17.6.0
• 00a4dd9 Update globals (2026-05-01) (#343)
• See full diff in compare view

Updates jscpd from 4.0.9 to 4.2.3

Release notes

Sourced from jscpd's releases.

jscpd v4.2.0

Breaking Changes

• Vue SFC tokenization — .vue files are no longer tokenized as markup. Each block is now dispatched to its own sub-format: <script> → javascript, <script lang="ts"> → typescript, \<template> → markup, <style> → css, <style lang="scss"> → scss, <style lang="less"> → less. Clone reports for .vue files now appear under these resolved sub-format names. Any tooling or configuration that relied on .vue clones being reported under markup must be updated.
• --formatsExts users — custom mappings that pointed .vue to markup (e.g. "formatsExts": { "markup": ["vue"] }) will no longer take effect because .vue is handled by the dedicated vue format processor. Remove or update such mappings.

New Features

• Custom tokenizer backend — replaced the prismjs npm package with a self-contained reprism-based grammar engine. ~11.5% faster tokenization on real projects (avg 1126 ms → 997 ms on a 548-file, 223-format scan).
• Cross-format detection — Vue SFC (.vue), Svelte (.svelte), Astro (.astro), and Markdown files are now tokenized per-block/per-section. A <script> block in a .vue file can match a .ts file; a fenced code block in Markdown can match a .py file.
• 223 supported formats — Apex, CFML/ColdFusion, GDScript, Svelte, Astro, and 70+ additional languages added (up from 152). See https://github.com/kucherenko/jscpd/blob/HEAD/supported_formats.md.
• Shebang detection — extensionless executable scripts (e.g. /usr/bin/env python3) are auto-detected by their #! shebang line and tokenized in the correct language.
• --store-path — configure a custom directory for the LevelDB cache, eliminating collisions when multiple jscpd processes run in parallel on the same machine.
• --skipComments — shorthand flag for --mode weak, which strips comments before detection.
• --formats-names — map specific filenames (e.g. Makefile, Dockerfile) to a detection format.

Bug Fixes

• Entire-file duplicates silently dropped (@jscpd/core #728) — RabinKarp flushed the pending clone on a store hit at end-of-file instead of on a miss. Files that are complete copies of each other were undetected. Fixed.
• ReDoS hang on Lisp/Elisp files (@jscpd/tokenizer #737) — the Lisp string regex /"(?:[^"\\]*|\\.)*"/ could catastrophically backtrack (O(2ⁿ)) on unterminated strings. Replaced with a linear /"(?:[^"\\]|\\[\s\S])*"/ pattern.
• Process crash on malformed package.json (#739) — readJSONSync threw an unhandled SyntaxError when package.json contained invalid JSON, killing the process. Now emits a warning and continues with an empty config.
• Vue SFC cross-file detection broken — the detector used the file-level format (vue) as the store namespace for all SFC blocks, preventing a <script> block in one .vue file from ever matching a <script> block in another. The namespace now reflects each block's resolved sub-format.
• Vue SFC incorrect column numbers — tokens on the first line of a block carried block-relative column 1 instead of file-absolute column numbers. Fixed in @jscpd/tokenizer.
• 50 dependency security vulnerabilities remediated across the monorepo (Dependabot batches).

Known Limitations

• Malformed SFC blocks (e.g. unclosed tags, invalid attributes) are silently skipped and do not contribute tokens.

Changelog

Sourced from jscpd's changelog.

Changelog

All notable changes to jscpd are documented here. Releases follow Semantic Versioning.

---

4.2.0 — 2026-05-14

Breaking Changes

• Vue SFC tokenization — .vue files are no longer tokenized as markup. Each block is now dispatched to its own sub-format: <script> → javascript, <script lang="ts"> → typescript, \<template> → markup, <style> → css, <style lang="scss"> → scss, <style lang="less"> → less. Clone reports for .vue files now appear under these resolved sub-format names. Any tooling or configuration that relied on .vue clones being reported under markup must be updated.
• --formatsExts users — custom mappings that pointed .vue to markup (e.g. "formatsExts": { "markup": ["vue"] }) will no longer take effect because .vue is handled by the dedicated vue format processor. Remove or update such mappings.

New Features

• Custom tokenizer backend — replaced the prismjs npm package with a self-contained reprism-based grammar engine. ~11.5% faster tokenization on real projects (avg 1126 ms → 997 ms on a 548-file, 223-format scan).
• Cross-format detection — Vue SFC (.vue), Svelte (.svelte), Astro (.astro), and Markdown files are now tokenized per-block/per-section. A <script> block in a .vue file can match a .ts file; a fenced code block in Markdown can match a .py file.
• 223 supported formats — Apex, CFML/ColdFusion, GDScript, Svelte, Astro, and 70+ additional languages added (up from 152). See https://github.com/kucherenko/jscpd/blob/master/FORMATS.md.
• Shebang detection — extensionless executable scripts (e.g. /usr/bin/env python3) are auto-detected by their #! shebang line and tokenized in the correct language.
• --store-path — configure a custom directory for the LevelDB cache, eliminating collisions when multiple jscpd processes run in parallel on the same machine.
• --skipComments — shorthand flag for --mode weak, which strips comments before detection.
• --formats-names — map specific filenames (e.g. Makefile, Dockerfile) to a detection format.

Bug Fixes

• Entire-file duplicates silently dropped (@jscpd/core #728) — RabinKarp flushed the pending clone on a store hit at end-of-file instead of on a miss. Files that are complete copies of each other were undetected. Fixed.
• ReDoS hang on Lisp/Elisp files (@jscpd/tokenizer #737) — the Lisp string regex /"(?:[^"\\]*|\\.)*"/ could catastrophically backtrack (O(2ⁿ)) on unterminated strings. Replaced with a linear /"(?:[^"\\]|\\[\s\S])*"/ pattern.
• Process crash on malformed package.json (#739) — readJSONSync threw an unhandled SyntaxError when package.json contained invalid JSON, killing the process. Now emits a warning and continues with an empty config.
• Vue SFC cross-file detection broken — the detector used the file-level format (vue) as the store namespace for all SFC blocks, preventing a <script> block in one .vue file from ever matching a <script> block in another. The namespace now reflects each block's resolved sub-format.
• Vue SFC incorrect column numbers — tokens on the first line of a block carried block-relative column 1 instead of file-absolute column numbers. Fixed in @jscpd/tokenizer.
• 50 dependency security vulnerabilities remediated across the monorepo (Dependabot batches).

Known Limitations

• Malformed SFC blocks (e.g. unclosed tags, invalid attributes) are silently skipped and do not contribute tokens.

---

4.1.0 — 2026-05-09

New Features

• AI Reporter — new ai reporter that produces compact, token-efficient clone output specifically designed for feeding results into language models and AI tooling. Use --reporters ai to activate it.
• MCP Server enhancements — the Model Context Protocol server now exposes a jscpd://statistics resource and supports a recheck endpoint so AI agents can trigger a rescan without restarting the process.
• Apex & CFML language support — jscpd can now detect duplicate code in Salesforce Apex and ColdFusion Markup Language (CFML) files (closes #83, #619).
• GDScript support — detect copy-paste duplication in Godot Engine GDScript files.
• HTML reporter footer — the HTML report now displays a branded footer with the jscpd version and a sponsor link.
• --noTips flag — suppress the usage-tip messages that appear after a detection run.
• CI: Node.js 22.x / 24.x — continuous integration updated to test against the latest Node.js LTS and current releases.

... (truncated)

Commits

• See full diff in compare view

Updates knip from 6.4.1 to 6.14.1

Release notes

Sourced from knip's releases.

Release 6.14.1

• Detect dynamic imports in Svelte compiler (#1747) (e1c1b1705f96ed7d6ac537a7969cbd07d238246a) - thanks @​jinhyuk9714!
• Detect dynamic import attributes; share import matcher with Astro-MDX (9dae64166bbc45be1abeb8d741127d109d48d351)
• Work the docs (close #1746) (919cba2f11d1979b854c7abaaca8992ee8b08e23)

Release 6.14.0

• Resolve imports satisfied via transitive peerDeps (d654ec74d)
• Don't flag undeclared sibling workspace imports as unlisted (#1742) (e7122a1ae)
• Update github-actions reporter snapshots (2308b5a42)
• Cache syncGlob() results like defaultGlob() does (6c34287a5)
• Trim redundant statSync calls in FileEntryCache (eee3b899b)
• Cache parsed .gitignore patterns across --cache runs (7ffdc2ff3)
• Tighten cache module callsites (64e507265)
• Extract shared disk-cache helper used by glob and gitignore caches (0987421d9)
• Simplify CacheConsultant: replace trampoline with default arrow methods (bebe750d3)
• Pin pnpm minimumReleaseAge and trustPolicy (77efb32e5)
• Eliminate rescanFrontier polling in walkAndAnalyze (38d91b6e3)
• Reduce findWorkspaceByFilePath per-call overhead (91494378f)
• Memoize DependencyDeputy.getDependencies (a661a2142)
• Tighten module-graph map helpers (drop double-lookup + optional chains) (c11d62fb0)
• Add --duration flag for zero-overhead duration measurement (d4b59d89b)
• Cover analysis pipeline with --performance timerify (694dbf44d)
• Align --help text (6f12997b1)
• Add cli arg shorthands: -p, -s, -w, -D, -f, -F, -u (f21a58710)
• Format (8db5346e4)
• This one's okay (662ceaf46)

Release 6.13.1

• Add jest.config.{cts,mts} (#1743) (44738d678c9992799f5fe4909a01cc5ddd702aa2) - thanks @​joshkel!
• Update ecosystem tests (74420a614dfa15b81906266279c31ae0bf4e21bd)
• Fix export * as re-exported namespace case (5923af48fc33aa56c2f42f882aa185e66626453d)
• Add .mts and .cts config files to some plugins (69d1e83123e56c2c441f320c81bae099ba1eb014)
• Docusaurus: ignore @generated/*, handle local plugin paths (ce5f7672fced084bfb017410650b78d36133e1b0)
• Nx: expand {projectRoot} / {workspaceRoot} token variables (871531228b0cb67ff07fdb9d77316c4340ccaf33)

Release 6.13.0

• Add mercurial (hg) to command constants (#1737) (abb08b0958e08a12684deacf0ab62dc7ada38074) - thanks @​unrevised6419!
• Expand wildcards in Jest projects (#1710) (7cb2d37a5c46b54d8be9bee1fbb026b52bb71246) - thanks @​joshkel!
• Add knex visitor to scan source files for config (resolve #1736) (4c96fd297f33316921186293cf9f9d323ca48eb8)
• Refactor to a better split of ast helpers (6e726a2c66727c2346b4c249a2efcd7d752231f5)
• Handle package.json exports for outDir="." (resolve #1738) (42497c249545cd9e4ae8b7e64995e62cb0e8885d)
• Fix star re-exported namespace case (resolve #1739) (e566c4b1a1bc697c0997e8a4ef6bdeb746524166)
• Strip comments in scripts in compilers (resolve #1740) (a123d5c35ba6b9239f6ac1d20cf50b8b0f9b2d28)
• Update rolldown snapshot (edfee2b3b6bfc3085d432fa5765b4e7a60ba5783)
• Source-map subpath imports + collect pairs from referenced tsconfigs (7c5acc4a33047156205ff61413a83625bb9e05b4)
• Tighten source-mapping utilities (0b68b81b4a732b3db64d69fd8c47802ff3302564)
• Update dependencies (8788c1a64a93d568a9391693278a388af6980dec)
• Remove obsolete internal jsdoc tag (0fed9756b485deb1831fbc78d8053bc939bd6971)
• Add @​serhalp and @​stevennevins to sponsors (thank you!) (999a5e3551e0bafbcfa7a1540ae7f3fc4218828b)
• Fix astro config after bump (f63537aa40f42aa7d3ff4bc64dab20dd01ecba83)

... (truncated)

Commits

• b99f1a5 Release knip@6.14.1
• 919cba2 Work the docs (close #1746)
• 9dae641 Detect dynamic import attributes; share import matcher with Astro-MDX
• e1c1b17 Detect dynamic imports in Svelte compiler (#1747)
• f7b9cc5 Release knip@6.14.0
• 8db5346 Format
• f21a587 Add cli arg shorthands: -p, -s, -w, -D, -f, -F, -u
• 6f12997 Align --help text
• 694dbf4 Cover analysis pipeline with --performance timerify
• d4b59d8 Add --duration flag for zero-overhead duration measurement
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.2

Release notes

Sourced from tsx's releases.

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.0

4.22.0 (2026-05-14)

Features

• upgrade esbuild to 0.28 (#789) (b29f6ee)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.21.1

4.21.1 (2026-05-14)

Bug Fixes

• support Node 20.11/21.2 import.meta paths (acf3d8f)
• support Node.js 24.15.0 (c1d2d45)
• support Node.js 26.1.0 and 25.9.0 (1d7e528)

---

This release is also available on:

... (truncated)

Commits

• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• 674bb30 test: consolidate tsImport commonjs mts coverage
• e6972ac test: stabilize process interaction tests
• 9736a80 test: safely decode stdout stream tex
• 11de737 fix: preserve named exports from CommonJS TypeScript
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates turbo from 2.9.6 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

• GHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection

Low:

• GHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation
• GHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection

What's Changed

Changelog

• release(turborepo): 2.9.12 by @​github-actions[bot] in vercel/turborepo#12774
• fix: Restore docs mobile menu by @​anthonyshew in vercel/turborepo#12782
• ci: Use pull_request for PR title linting by @​anthonyshew in vercel/turborepo#12787
• ci: Scope GitHub Actions caches by branch by @​anthonyshew in vercel/turborepo#12788
• test: Validate lockfiles without dependency downloads by @​anthonyshew in vercel/turborepo#12789
• Removed unneeded import form hash creation script in docs by @​dancrumb in vercel/turborepo#12799
• fix: Validate auth callback state by @​anthonyshew in vercel/turborepo#12802
• fix: Harden VS Code extension command execution by @​anthonyshew in vercel/turborepo#12800
• fix: Avoid project-local Yarn during detection by @​anthonyshew in vercel/turborepo#12801
• chore: Release 2.9.13 by @​anthonyshew in vercel/turborepo#12803

New Contributors

• @​dancrumb made their first contribution in vercel/turborepo#12799

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

• release(turborepo): 2.9.11-canary.7 by @​github-actions[bot] in vercel/turborepo#12768
• fix: Allow $TURBO_EXTENDS$ in LSP diagnostics by @​anthonyshew in vercel/turborepo#12770
• release(turborepo): 2.9.11 by @​github-actions[bot] in vercel/turborepo#12771
• fix: Allow transit nodes in LSP diagnostics by @​anthonyshew in vercel/turborepo#12773
• release(turborepo): 2.9.12 by @​github-actions[bot] in vercel/turborepo#12774
• fix: Restore docs mobile menu by @​anthonyshew in vercel/turborepo#12782
• ci: Use pull_request for PR title linting by @​anthonyshew in vercel/turborepo#12787
• ci: Scope GitHub Actions caches by branch by @​anthonyshew in vercel/turborepo#12788
• test: Validate lockfiles without dependency downloads by @​anthonyshew in vercel/turborepo#12789
• Removed unneeded import form hash creation script in docs by @​dancrumb in vercel/turborepo#12799
• fix: Validate auth callback state by @​anthonyshew in vercel/turborepo#12802
• fix: Harden VS Code extension command execution by @​anthonyshew in vercel/turborepo#12800
• fix: Avoid project-local Yarn during detection by @​anthonyshew in vercel/turborepo#12801

... (truncated)

Commits

• fc62fe0 publish 2.9.14 to registry
• fb8c9ae chore: Release 2.9.13 (#12803)
• e8e629d fix: Avoid project-local Yarn during detection (#12801)
• 91c90cb fix: Harden VS Code extension command execution (#12800)
• 84f4508 fix: Validate auth callback state (#12802)
• 1779ad7 Removed unneeded import form hash creation script in docs (#12799)
• 71f8c90 test: Validate lockfiles without dependency downloads (#12789)
• 5fcb960 ci: Scope GitHub Actions caches by branch (#12788)
• 4cf9fab ci: Use pull_request for PR title linting (#12787)
• 859c629 fix: Restore docs mobile menu (#12782)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.58.2 to 8.59.4

Release notes

Sourced from typescript-eslint's releases.

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)
• project-service: throw error cause in getParsedConfigFileFromTSServer (#12321)
• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

8.59.3 (2026-05-11)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

8.59.1 (2026-04-27)

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.59.4 (2026-05-18)

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

T...

Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
tx-agent-kit-docs	Ready	Preview, Comment	May 19, 2026 6:07am