fix(deps): update all non-major updates

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@ark-ui/svelte (source)	5.21.2 → 5.22.1			dependencies	minor
@astrojs/check (source)	0.9.8 → 0.9.9			devDependencies	patch
@astrojs/sitemap (source)	3.7.2 → 3.7.3			dependencies	patch
@axe-core/playwright	4.11.2 → 4.11.3			devDependencies	patch
@chenglou/pretext	^0.0.6 → ^0.0.7			dependencies	patch	0.0.8
@cloudflare/workers-types	4.20260426.1 → 4.20260607.1			devDependencies	minor	4.20260621.1 (+11)
@iconify-json/lucide	1.2.103 → 1.2.111			devDependencies	patch	1.2.114 (+2)
@logtape/logtape (source)	2.0.5 → 2.1.1			dependencies	minor	2.1.5 (+3)
@playwright/test (source)	1.59.1 → 1.60.0			devDependencies	minor	1.61.0
@sveltejs/kit (source)	2.58.0 → 2.63.0			devDependencies	minor	2.66.0 (+5)
@sveltejs/vite-plugin-svelte (source)	7.0.0 → 7.1.2			devDependencies	minor
@tailwindcss/vite (source)	4.2.4 → 4.3.0			dependencies	minor	4.3.1
@tailwindcss/vite (source)	4.2.4 → 4.3.0			devDependencies	minor	4.3.1
@tauri-apps/api	2.10.1 → 2.11.0			dependencies	minor	2.11.1
@tauri-apps/cli	2.10.1 → 2.11.2			devDependencies	minor	2.11.3
@tauri-apps/plugin-dialog	2.7.0 → 2.7.1			dependencies	patch
@tauri-apps/plugin-fs	2.5.0 → 2.5.1			dependencies	patch
@tauri-apps/plugin-opener	2.5.3 → 2.5.4			dependencies	patch
@tauri-apps/plugin-store	2.4.2 → 2.4.3			dependencies	patch
@types/node (source)	25.6.0 → 25.9.2			devDependencies	minor	25.9.4 (+1)
@vitest/coverage-v8 (source)	4.1.5 → 4.1.8			devDependencies	patch	4.1.9
actions/cache	v5.0.4 → v5.0.5			action	patch
actions/checkout (changelog)	de0fac2 → df4cb1c			action	digest
alphanumeric-sort	1.5.6 → 1.5.7			dependencies	patch
alpine	3.21 → 3.23			stage	minor	3.24
astro (source)	6.1.9 → 6.4.4			dependencies	minor	6.4.8 (+3)
axe-core (source)	4.11.3 → 4.12.0			devDependencies	minor	4.12.1
bitflags	2.11.1 → 2.13.0			dependencies	minor
chrono	0.4.44 → 0.4.45			dependencies	patch
eslint (source)	10.2.1 → 10.4.1			devDependencies	minor	10.5.0
eslint-plugin-svelte (source)	3.17.1 → 3.19.0			devDependencies	minor
exacl	0.12 → 0.13			dependencies	minor
file_icon_provider	1.0.0 → 1.0.1			dependencies	patch
filetime	0.2.27 → 0.2.29			dependencies	patch
genai	=0.6.0-beta.19 → =0.6.5			dependencies	patch
gix	0.81 → 0.84			dependencies	minor
globals	17.5.0 → 17.6.0			devDependencies	minor
go	1.25.11 → 1.26.4				minor
golang.org/x/term	v0.42.0 → v0.43.0			require	minor	v0.44.0
happy-dom	20.9.0 → 20.10.2			devDependencies	minor	20.10.6 (+3)
hono (source)	4.12.15 → 4.12.23			dependencies	patch	4.12.26 (+2)
html-validate (source)	10.13.1 → 10.17.0			devDependencies	minor
intl-messageformat	11.2.7 → 11.2.8			dependencies	patch
jdx/mise-action (changelog)	1648a78 → e6a8b39			action	digest
jsdom	29.0.2 → 29.1.1			devDependencies	minor
knip (source)	6.7.0 → 6.16.1			devDependencies	minor	6.17.1 (+1)
listmonk/listmonk	v6.0.0 → v6.1.0			final	minor
log	0.4.29 → 0.4.32			dependencies	patch	0.4.33
marked (source)	18.0.2 → 18.0.5			dependencies	patch
mdns-sd	0.19 → 0.20			dependencies	minor
memchr	2.8.0 → 2.8.1			dependencies	patch	2.8.2
mimalloc	0.1.50 → 0.1.52			dependencies	patch
oxfmt (source)	^0.46.0 → ^0.53.0			devDependencies	minor	0.55.0 (+1)
oxlint (source)	1.61.0 → 1.68.0			devDependencies	minor	1.70.0 (+1)
pnpm (source)	11.1.2 → 11.5.2			packageManager	minor	11.8.0 (+3)
pnpm (source)	11.0.9 → 11.5.2				minor	11.8.0 (+3)
prettier-plugin-svelte	3.5.1 → 3.5.2			devDependencies	patch
rand (source)	0.9 → 0.10			dependencies	minor
rand_core (source)	0.6 → 0.10			dev-dependencies	minor
reqwest	0.13.2 → 0.13.4			dependencies	patch
resend	6.12.2 → 6.12.4			dependencies	patch	6.14.0 (+1)
rusqlite	0.39 → 0.40			dependencies	minor
rust (source, changelog)	1.95.0 → 1.96.0			toolchain	minor
serde_json	1.0.149 → 1.0.150			dependencies	patch
smb	0.11.1 → 0.11.2			dependencies	patch
smb-rpc	=0.11.1 → =0.11.2			dependencies	patch
specta	=2.0.0-rc.24 → =2.0.0-rc.25			dependencies	patch
specta-typescript	=0.0.11 → =0.0.12			dev-dependencies	patch
sspi	=0.18.7 → =0.21.0			dependencies	minor
stylelint (source)	17.9.0 → 17.13.0			devDependencies	minor
svelte (source)	5.55.5 → 5.56.3			devDependencies	minor
svelte-check	4.4.6 → 4.6.0			devDependencies	minor
svelte-eslint-parser	1.6.0 → 1.8.0			devDependencies	minor
sysinfo	0.38.4 → 0.39.0			dependencies	minor	0.39.4
tailwindcss (source)	4.2.4 → 4.3.0			dependencies	minor	4.3.1
tailwindcss (source)	4.2.4 → 4.3.0			devDependencies	minor	4.3.1
tar	0.4.45 → 0.4.46			dependencies	patch
tauri	2.10.3 → 2.11.2			dependencies	minor	2.11.3
tauri-apps/tauri-action (changelog)	73fb865 → 84b9d35			action	digest
tauri-build	2.5.6 → 2.6.2			build-dependencies	minor	2.6.3
tauri-plugin-dialog	2.7.0 → 2.7.1			dependencies	patch
tauri-plugin-fs	2.5.0 → 2.5.1			dependencies	patch
tauri-plugin-global-shortcut	=2.3.1 → =2.3.2			dependencies	patch
tauri-plugin-mcp-bridge	0.11.1 → 0.11.2			dependencies	patch
tauri-plugin-opener	2.5.3 → 2.5.4			dependencies	patch
tauri-plugin-store	2.4.2 → 2.4.3			dependencies	patch
tauri-specta	=2.0.0-rc.24 → =2.0.0-rc.25			dependencies	patch
tokio	1.51.0 → 1.52.3			dependencies	minor
tokio	1.52.1 → 1.52.3			dependencies	patch
tokio1	1.52.1 → 1.52.3			dev-dependencies	patch
tokio1	1.52.1 → 1.52.3			dependencies	patch
tower-http	0.6.8 → 0.6.11			dependencies	patch	0.7.0
trash	5.2.5 → 5.2.6			dependencies	patch
tsx (source)	4.21.0 → 4.22.4			devDependencies	minor
typescript-eslint (source)	8.59.0 → 8.60.1			devDependencies	minor	8.61.1 (+1)
umputun/remark42 (source)	v1.15.0 → v1.16.1				minor
uuid	1.23.1 → 1.23.2			dependencies	patch	1.23.3
vite (source)	8.0.10 → 8.0.16			devDependencies	patch
vitest (source)	4.1.5 → 4.1.8			devDependencies	patch	4.1.9
wrangler (source)	4.85.0 → 4.98.0			devDependencies	minor	4.103.0 (+4)
zbus	5.15.0 → 5.16.0			dependencies	minor

---

Release Notes

chakra-ui/ark (@​ark-ui/svelte)

v5.22.1

Compare Source

Fixed

• Fix missing presence properties (e.g. onExitComplete) on Drawer.RootProvider and Dialog.RootProvider type
  declarations.

• • Date Input: Fix segment placeholders for locales with explicit script subtags.
  • Drawer: Fix flickering when a controlled drawer is swiped or backdrop-closed while the open setter is async
    (e.g. the History API or a delayed state update).
  • Image Cropper: Fix getCroppedImage and getCropData returning the wrong region when the image is shown at a
    size different from its natural resolution (e.g. width / height of 100%).
  • Pin Input: Fix data-filled being set on every input on first render.
  • Signature Pad: Fix the dir prop being accepted but never forwarded to the DOM.

v5.22.0

Compare Source

Added

• Floating Components: Add data-side to placement-aware parts so you can style them based on the current placement
  (top, bottom, left, right).

  Affects Color Picker, Combobox, Date Picker, Hover Card, Menu, Popover, Select, Tooltip, and Tour.

• Date Input: Add hideTimeZone prop. When the value is a ZonedDateTime, the timeZoneName segment now renders
  automatically — set hideTimeZone to hide it. Arrow navigation and auto-advance after typing now reach read-only
  focusable segments too.

• Splitter

  • Accept CSS units (px, em, rem, vh, vw) for defaultSize, minSize, and maxSize in addition to
    percentages.

    <Splitter.Root
      panels={[
        { id: 'nav', minSize: '240px', maxSize: '480px' },
        { id: 'main', minSize: 30 },
      ]}
      defaultSize={['240px', '60vw']}
    />

  • Add resizeBehavior per panel. Set to "preserve-pixel-size" to keep a panel's pixel size constant when the parent
    splitter group resizes.

  • Allow non-panel children (toolbars, rails, status bars) inside the splitter root. Use partial trigger ids
    ("left:", ":right") to bind handles around the fixed element.

Fixed

• Accordion: Remove redundant aria-disabled from item triggers.

• Color Picker: Fire onValueChangeEnd when you pick a color with the EyeDropper API — matches the behavior when
  ending a drag on the area or channel sliders.

• Combobox: Stop Enter from submitting the form when an item is highlighted, or when the typed value will be
  rejected by allowCustomValue: false.

• Date Input

  • Preserve entered segments when applying min/max. Values clamp segment-by-segment on blur, so 06/15/1999 with min
    2000-01-01 becomes 06/15/2000 instead of snapping to 01/01/2000.

  • Fix range mode keyboard navigation so ArrowRight moves from the last segment of the start date to the first
    segment of the end date.

  • Fix time-only formatters (no year segment) never firing onValueChange.

  • Fix setSegmentValue reading stale display values.

  • Fix dayPeriod (AM/PM) arrow up/down not updating the visible segment when hourCycle changes at runtime.

  • Fix typing "A" / "P" on the dayPeriod segment not updating the visible AM/PM.

• Date Picker

  • Fix clearing the value not resetting activeIndex and hoveredValue in range mode when input parts are not
    rendered.

  • Fix date input not being writable in locales with multi-character separators (e.g. cs-CZ, sk-SK, hu-HU,
    ko-KR).

  • Fix Firefox issue where the native month/year <select> was not interactive when the picker is inside a modal
    dialog.

  • Fix range selection with outsideDaySelectable: hovering outside-month days no longer changes the visible month;
    hover preview for the end date still updates.

• Dialog, Drawer, Hover Card, Menu, Popover, Tooltip: Fix custom trigger elements (via ids.trigger) being ignored
  when shared across components — e.g. wrapping a Popover.Trigger in a Tooltip with the same id no longer breaks
  positioning. Also fix trigger lookups in shadow root.

• Dialog, Drawer, Popover: Fix dismissable layers losing their pointer-events in Svelte and Vue, where a spread
  update could rewrite the whole style attribute and wipe the value.

• Drawer

  • Fix controlled drawers snapping back open before the close animation when dismissed by swipe.

  • Fix the indent and indent background snapping into place after the close animation instead of transitioning in sync.

  • Fix --drawer-swipe-progress jumping straight to 1 at the start of a dismiss swipe — it now moves smoothly from
    0 (at rest) to 1 (fully dismissed).

  • Fix the drawer freezing mid-drag on release when its content mounts lazily, which left snap points unmeasured.

• React 19 Strict Mode: Fix dialog, drawer, and popover leaving <body> uninteractive (data-scroll-lock,
  data-inert, overflow: hidden, pointer-events: none) after closing.

• Number Input: Fix inconsistent blur behavior when the input is cleared and min is greater than 0.

• Splitter

  • Fix clicking a resize trigger not moving focus to it, which prevented arrow keys from resizing the splitter until it
    was tab-focused (notably on Safari).

  • Fix data-focus being applied on hover — it now only sets when the trigger is actually focused.

• Tabs: Observe the tab list with ResizeObserver so the indicator updates when the list resizes without individual
  tab triggers changing size (e.g. responsive grid reflow).

• Floating Panel: Re-export additional types (ResizeTriggerAxis, Stage, ElementIds, IntlTranslations,
  AnchorPositionDetails, Point, Size) and the resizeTriggerAxes constant from @zag-js/floating-panel.

withastro/astro (@​astrojs/check)

v0.9.9

Compare Source

Patch Changes

• #​16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

withastro/astro (@​astrojs/sitemap)

v3.7.3

Compare Source

Patch Changes

• #​16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.

dequelabs/axe-core-npm (@​axe-core/playwright)

v4.11.3

Compare Source

Bug Fixes

• Update axe-core to v4.11.4 (#​1330) (eed87f5)

chenglou/pretext (@​chenglou/pretext)

v0.0.7

Compare Source

Changed

• The package now declares itself side-effect-free so bundlers can tree-shake unused entrypoints (#​160).
• layoutNextLine() and layoutNextLineRange() now avoid redundant chunk lookup in chunk-heavy manual layout paths (#​140).

Fixed

• { wordBreak: 'keep-all' } now handles no-space mixed Latin, numeric, and CJK text more like browsers.
• No-space punctuation chains now stay together for non-ASCII word-like text too, instead of only ASCII words.
• Opening punctuation such as ¡, ¿, German low quotes, and ⸘ now stays with the following word instead of dangling at line end (#​165).
• Numeric prefix/postfix symbols like $, %, €, +, −, and ° now stay attached to adjacent text the way browser line breaking does (#​105).
• Soft-hyphen breaks now stay at the soft-hyphen insertion point instead of pulling post-hyphen graphemes onto the broken line (#​162).
• Line geometry now preserves browser-style terminal letter spacing, including rich-inline item boundaries and visible soft-hyphen breaks (#​171).
• Rich-inline item boundaries no longer overflow the requested width after a forced-progress break (#​132).
• The markdown chat demo now drops parsed link URLs unless they resolve to HTTP(S) hrefs (#​168).

cloudflare/workerd (@​cloudflare/workers-types)

v4.20260607.1

Compare Source

v4.20260606.1

Compare Source

v4.20260605.1

Compare Source

v4.20260604.1

Compare Source

v4.20260603.1

Compare Source

v4.20260602.1

Compare Source

v4.20260601.1

Compare Source

v4.20260531.1

Compare Source

v4.20260530.1

Compare Source

v4.20260529.1

Compare Source

v4.20260528.1

Compare Source

v4.20260527.1

Compare Source

v4.20260526.1

Compare Source

v4.20260525.1

Compare Source

v4.20260524.1

Compare Source

v4.20260523.1

Compare Source

v4.20260522.1

Compare Source

v4.20260521.1

Compare Source

v4.20260520.1

Compare Source

v4.20260519.1

Compare Source

v4.20260518.1

Compare Source

v4.20260517.1

Compare Source

v4.20260516.1

Compare Source

v4.20260515.1

Compare Source

v4.20260514.1

Compare Source

v4.20260511.1

Compare Source

v4.20260510.1

Compare Source

[v4.20260509.1](https://redirect.github.com/cloudflare/workerd/compare/2ab8992cd4d249245397b0d747c76812a37b567d...21840a6f9cd33fb

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Budapest)

• Branch creation
  • "before 6am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path apps/desktop/src-tauri/Cargo.toml --package alphanumeric-sort@1.5.6 --precise 1.5.7
    Updating crates.io index
    Updating git repository `https://github.com/vdavid/tauri-playwright.git`
From https://github.com/vdavid/tauri-playwright
 * [new ref]         9dd13e838d16c0cfd440afc955398d10eb903ee2 -> refs/commit/9dd13e838d16c0cfd440afc955398d10eb903ee2
error: failed to select a version for `rand_core`.
    ... required by package `cmdr v0.29.0 (/tmp/renovate/repos/github/vdavid/cmdr/apps/desktop/src-tauri)`
    ... which satisfies path dependency `cmdr` (locked to 0.29.0) of package `index-query v0.0.0 (/tmp/renovate/repos/github/vdavid/cmdr/crates/index-query)`
versions that meet the requirements `^0.10` are: 0.10.0, 0.10.1

package `cmdr` depends on `rand_core` with feature `getrandom` but `rand_core` does not have that feature.


failed to select a version for `rand_core` which could resolve this conflict

File name: benchmarks/smb/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path benchmarks/smb/Cargo.toml --package chrono@0.4.44 --precise 0.4.45
    Updating crates.io index
error: failed to select a version for `curve25519-dalek`.
    ... required by package `sspi v0.18.7`
    ... which satisfies dependency `sspi = "=0.18.7"` of package `smb v0.11.2`
    ... which satisfies dependency `smb = "^0.11.1"` of package `smb-benchmark v0.1.0 (/tmp/renovate/repos/github/vdavid/cmdr/benchmarks/smb)`
versions that meet the requirements `=5.0.0-pre.1` are: 5.0.0-pre.1

all possible versions conflict with previously selected packages

  previously selected package `curve25519-dalek v5.0.0-pre.6`
    ... which satisfies dependency `curve25519-dalek = "=5.0.0-pre.6"` of package `sspi v0.21.0`
    ... which satisfies dependency `sspi = "=0.21.0"` of package `smb-benchmark v0.1.0 (/tmp/renovate/repos/github/vdavid/cmdr/benchmarks/smb)`

failed to select a version for `curve25519-dalek` which could resolve this conflict

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path crates/index-query/Cargo.toml --workspace
    Updating crates.io index
error: failed to select a version for `rand_core`.
    ... required by package `cmdr v0.29.0 (/tmp/renovate/repos/github/vdavid/cmdr/apps/desktop/src-tauri)`
    ... which satisfies path dependency `cmdr` (locked to 0.29.0) of package `index-query v0.0.0 (/tmp/renovate/repos/github/vdavid/cmdr/crates/index-query)`
versions that meet the requirements `^0.10` are: 0.10.0, 0.10.1

package `cmdr` depends on `rand_core` with feature `getrandom` but `rand_core` does not have that feature.


failed to select a version for `rand_core` which could resolve this conflict

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path crates/fsevent-stream/Cargo.toml --package bitflags@2.11.1 --precise 2.13.0
    Updating crates.io index
error: failed to select a version for `rand_core`.
    ... required by package `cmdr v0.29.0 (/tmp/renovate/repos/github/vdavid/cmdr/apps/desktop/src-tauri)`
    ... which satisfies path dependency `cmdr` (locked to 0.29.0) of package `index-query v0.0.0 (/tmp/renovate/repos/github/vdavid/cmdr/crates/index-query)`
versions that meet the requirements `^0.10` are: 0.10.0, 0.10.1

package `cmdr` depends on `rand_core` with feature `getrandom` but `rand_core` does not have that feature.


failed to select a version for `rand_core` which could resolve this conflict

File name: pnpm-lock.yaml

Scope: all 5 workspace projects
? Verifying lockfile against supply-chain policies (1388 entries)...

   ╭─────────────────────────────────────────╮
   │                                         │
   │   Update available! 11.5.2 → 11.8.0.    │
   │   Changelog: https://pnpm.io/v/11.8.0   │
   │    To update, run: pnpm add -g pnpm     │
   │                                         │
   ╰─────────────────────────────────────────╯

✗ Lockfile failed supply-chain policy check (1388 entries in 25.4s)
[ERR_PNPM_TRUST_DOWNGRADE] 3 lockfile entries failed verification:
  chokidar@4.0.3 High-risk trust downgrade for "chokidar@4.0.3" (possible package takeover)
  semver@5.7.2 High-risk trust downgrade for "semver@5.7.2" (possible package takeover)
  semver@6.3.1 High-risk trust downgrade for "semver@6.3.1" (possible package takeover)

The lockfile contains entries that the active policies reject. This can mean the lockfile is stale, or that someone committed a lockfile that bypassed the policy locally — inspect recent changes to pnpm-lock.yaml before trusting it. If the changes look expected, run "pnpm clean --lockfile" and then "pnpm install" to rebuild from a fresh resolution. Alternatively, relax the policy that flagged them.