chore(deps): bump the minor group across 1 directory with 21 updates

[dependabot]

Bumps the minor group with 20 updates in the / directory:

Package	From	To
@fortawesome/react-fontawesome	3.3.0	3.3.1
@prisma/adapter-pg	7.3.0	7.8.0
@prisma/client	7.3.0	7.8.0
@react-email/render	2.0.6	2.0.9
eslint-plugin-react-hooks	7.0.1	7.1.1
next	16.2.4	16.2.9
next-auth	4.24.13	4.24.14
react	19.2.4	19.2.7
@types/react	19.2.10	19.2.17
react-dom	19.2.4	19.2.7
sass	1.97.3	1.101.0
sharp	0.34.5	0.35.1
@jest/globals	30.3.0	30.4.1
@stylistic/stylelint-plugin	5.0.1	5.2.0
@types/node	25.6.0	25.9.3
eslint-config-next	16.1.6	16.2.9
jest	30.3.0	30.4.2
prisma	7.7.0	7.8.0
ts-jest	29.4.6	29.4.11
tsx	4.21.0	4.22.4

Updates @fortawesome/react-fontawesome from 3.3.0 to 3.3.1

Release notes

Sourced from @​fortawesome/react-fontawesome's releases.

v3.3.1

3.3.1 (2026-04-20)

Just a few dependency bumps to close off CVEs (not that our lib is really affected anyway).

Chores

• deps-dev: bump handlebars from 4.7.8 to 4.7.9 (f1d6d94)
• deps-dev: bump lodash-es from 4.17.23 to 4.18.1 (212496a)
• deps-dev: bump picomatch from 2.3.1 to 2.3.2 (557ceaf)
• deps: bump lodash from 4.17.23 to 4.18.1 (2d06890)
• deps: node 22.22.2, bump all dev dependencies (99ba500)

Changelog

Sourced from @​fortawesome/react-fontawesome's changelog.

3.3.1 (2026-04-20)

Chores

• deps-dev: bump handlebars from 4.7.8 to 4.7.9 (f1d6d94)
• deps-dev: bump lodash-es from 4.17.23 to 4.18.1 (212496a)
• deps-dev: bump picomatch from 2.3.1 to 2.3.2 (557ceaf)
• deps: bump lodash from 4.17.23 to 4.18.1 (2d06890)
• deps: node 22.22.2, bump all dev dependencies (99ba500)

Commits

• 75b30aa chore(release): 3.3.1 [skip ci]
• 99ba500 chore(deps): node 22.22.2, bump all dev dependencies
• 31a2676 Merge pull request #639 from FortAwesome/dependabot/npm_and_yarn/lodash-4.18.1
• 2d06890 chore(deps): bump lodash from 4.17.23 to 4.18.1
• 741a193 Merge pull request #638 from FortAwesome/dependabot/npm_and_yarn/lodash-es-4....
• 212496a chore(deps-dev): bump lodash-es from 4.17.23 to 4.18.1
• 8deeceb Merge pull request #636 from FortAwesome/dependabot/npm_and_yarn/handlebars-4...
• 5df5ade Merge pull request #635 from FortAwesome/dependabot/npm_and_yarn/picomatch-2.3.2
• f1d6d94 chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9
• 557ceaf chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2
• See full diff in compare view

Updates @prisma/adapter-pg from 7.3.0 to 7.8.0

Release notes

Sourced from @​prisma/adapter-pg's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

• Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

• Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
• Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
• Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
• Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
• Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

• Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
• Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
• Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

• @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits

• f2ca67e feat: pg statement name generator (#29395)
• 4131568 fix: set @​types/pg to ^8.16.0 (#29390)
• 33667c3 fix(adapter-pg): handle both quoted/unquoted column names in ColumnNotFound e...
• e97b3e0 feat(adapter-pg): accept connection string URL in PrismaPg constructor (#29287)
• fc38fb7 Make @​types/pg a direct dependency of adapter-pg (#29277)
• 6091e02 feat: add support for nested transaction rollbacks via savepoints in sql (#21...
• See full diff in compare view

Updates @prisma/client from 7.3.0 to 7.8.0

Release notes

Sourced from @​prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

• Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

• Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
• Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
• Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
• Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
• Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

• Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
• Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
• Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

• @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits

• 62b44ac chore(deps): update engines to 7.8.0-5.e96eae70cf4ade6a15d7e6064d5b0b4f7d835d...
• 4104864 feat: add a query plan cache size parameter (#29503)
• 723ba7b chore(deps): update engines to 7.8.0-4.8c287008617e9b12f313df99e2c821ae61ea9a...
• cadbafe chore(deps): update engines to 7.8.0-2.3187e3937290320ba3c7dbd5aa94af67942b44...
• f705533 chore(deps): update engines to 7.8.0-1.7b80cc56c645c6e03c7541474e6a7c8d91b70d...
• fbab4e8 Fix 29271 (#29303)
• 6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
• 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
• 30f0af6 feat: dmmf streaming with an E2E test (#29377)
• 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
• Additional commits viewable in compare view

Updates @react-email/render from 2.0.6 to 2.0.9

Release notes

Sourced from @​react-email/render's releases.

@​react-email/render@​2.0.9

Patch Changes

• 60a5b09: Add npm support metadata for the package homepage and issue tracker.

@​react-email/render@​2.0.8

Patch Changes

• e0e896f: Strip nul bytes from React 18 renderToPipeableStream output to prevent emails with multi-byte characters from being truncated.

@​react-email/render@​2.0.7

Patch Changes

• 7fc539d: fix export map ordering between convex and node

@​react-email/render@​2.0.7-canary.0

Patch Changes

• 7fc539d: fix export map ordering between convex and node

Changelog

Sourced from @​react-email/render's changelog.

2.0.9

Patch Changes

• 60a5b09: Add npm support metadata for the package homepage and issue tracker.

2.0.8

Patch Changes

• e0e896f: Strip nul bytes from React 18 renderToPipeableStream output to prevent emails with multi-byte characters from being truncated.

2.0.7

Patch Changes

• 7fc539d: fix export map ordering between convex and node

2.0.7-canary.0

Patch Changes

• 7fc539d: fix export map ordering between convex and node

Commits

• d87fd18 chore(root): version packages (#3562)
• 60a5b09 chore(render): add package support metadata (#3559)
• 7ae89d3 chore: remove @​types/prettier (#3496)
• 6671a74 feat(render): e2e test for vite and nextjs (#2176)
• 961d1d2 chore(root): version packages (#3445)
• e0e896f fix(render): remove nul bytes when using React 18 (#3406)
• 12f4620 chore(root): version packages (#3322)
• 48daf18 chore(root): version packages (canary) (#3271)
• 7fc539d fix(render): reorder node above convex in exports map (#3276)
• See full diff in compare view

Updates eslint-plugin-react-hooks from 7.0.1 to 7.1.1

Release notes

Sourced from eslint-plugin-react-hooks's releases.

eslint-plugin-react-hooks@7.1.1 (April 17, 2026)

Note: 7.1.0 accidentally removed the component-hook-factories rule, causing errors for users who referenced it in their ESLint config. This is now fixed.

• Add deprecated no-op component-hook-factories rule for backwards compatibility. (@​mofeiZ in #36307)

eslint-plugin-react-hooks@7.1.0 (April 16, 2026)

This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better set-state-in-effect detection, improved ref validation, and more helpful error reporting.

• Add ESLint v10 support. (@​azat-io in #35720)
• Skip compilation for non-React files to improve performance. (@​josephsavona in #35589)
• Fix exhaustive deps bug with Flow type casting. (@​jorge-cab in #35691)
• Fix useEffectEvent checks in component syntax. (@​jbrown215 in #35041)
• Improved set-state-in-effect validation with fewer false negatives. (@​jorge-cab in #35134, @​josephsavona in #35147, @​jackpope in #35214, @​chesnokov-tony in #35419, @​jsleitor in #36107)
• Improved ref validation for non-mutating functions and event handler props. (@​josephsavona in #35893, @​kolvian in #35062)
• Compiler now reports all errors instead of stopping at the first. (@​josephsavona in #35873–#35884)
• Improved source locations and error display in compiler diagnostics. (@​nathanmarks in #35348, @​josephsavona in #34963)

Changelog

Sourced from eslint-plugin-react-hooks's changelog.

7.1.1

Note: 7.1.0 accidentally removed the component-hook-factories rule, causing errors for users who referenced it in their ESLint config. This is now fixed.

• Add deprecated no-op component-hook-factories rule for backwards compatibility. (@​mofeiZ in #36307)

7.1.0

This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better set-state-in-effect detection, improved ref validation, and more helpful error reporting.

• Add ESLint v10 support. (@​azat-io in #35720)
• Skip compilation for non-React files to improve performance. (@​josephsavona in #35589)
• Fix exhaustive deps bug with Flow type casting. (@​jorge-cab in #35691)
• Fix useEffectEvent checks in component syntax. (@​jbrown215 in #35041)
• Improved set-state-in-effect validation with fewer false negatives. (@​jorge-cab in #35134, @​josephsavona in #35147, @​jackpope in #35214, @​chesnokov-tony in #35419, @​jsleitor in #36107)
• Improved ref validation for non-mutating functions and event handler props. (@​josephsavona in #35893, @​kolvian in #35062)
• Compiler now reports all errors instead of stopping at the first. (@​josephsavona in #35873–#35884)
• Improved source locations and error display in compiler diagnostics. (@​nathanmarks in #35348, @​josephsavona in #34963)

Commits

• See full diff in compare view

Updates next from 16.2.4 to 16.2.9

Release notes

Sourced from next's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Backport documentation fixes for v16.2 (#93804)
• [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
• [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
• [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
• [backport] Encode non-ASCII characters in cache tags at construction (#93918)
• [backport] Fix server action forwarding loop with middleware rewrites (#93919)
• [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
• [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
• [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
• [backport] Propagate adapter preferred regions (#94200)
• [16.2.x] Don't drop FormData entries (#94240)
• [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

... (truncated)

Commits

• f37fad9 v16.2.9
• d9aaaed [cd] Allow tagging semver-lower releases as @latest if @latest po… (#94627)
• 6f16804 v16.2.8
• 0dbc1d5 [16.2.x][cd] Ensure release can be triggered on old branches (#94598)
• 90e3c81 [16.2.x] Align Actions dependencies with Canary (#94339)
• 83f402c [16.2.x][cd] Stop fetching all tags when searching parent tag (#94334)
• 411c455 v16.2.7
• c63224f [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...
• 63115c7 [16.2.x] Don't drop FormData entries (#94240)
• aef22fd [backport] Propagate adapter preferred regions (#94200)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next-auth from 4.24.13 to 4.24.14

Release notes

Sourced from next-auth's releases.

next-auth@4.24.14

Bugfixes

• providers: add issuer to GitHub provider for RFC 9207 compliance (#13412)

GitHub now returns an iss parameter in OAuth callbacks. openid-client validates it unconditionally, which was breaking authentication for apps that didn't configure an issuer. This sets the default GitHub provider issuer to https://github.com/login/oauth.

Commits

• e9a892a chore(release): bump version [skip ci]
• 0497da4 fix(providers): add issuer to github (#13412)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for next-auth since your current version.

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.10 to 19.2.17

Commits

• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates sass from 1.97.3 to 1.101.0

Release notes

Sourced from sass's releases.

Dart Sass 1.101.0

To install Sass 1.101.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

See the full changelog for changes in earlier releases.

Dart Sass 1.100.0

To install Sass 1.100.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

  See the Sass website for details.

See the full changelog for changes in earlier releases.

Dart Sass 1.99.0

To install Sass 1.99.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

• User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

... (truncated)

Changelog

Sourced from sass's changelog.

1.101.0

• Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

1.100.0

• Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

  See the Sass website for details.

1.99.0

• Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

• User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

• Calls to functions whose names begin with - and end with -progid:... are deprecated.

... (truncated)

Commits

• 63b9922 Load import-only files through package.json exports (#2772)
• c7e9947 Migrate from bufbuild/buf-setup-action to bufbuild/buf-action (#2773)
• 7674a4c Bump postcss from 8.5.13 to 8.5.15 in /pkg/sass-parser (#2774)
• 5fd18c7 Bump node engine requirement to >=20.19.0 and chokidar requirement to ^5.0.0 ...
• 8c1d984 Deprecate adjacent compound selectors (#2765)
• 8e5f718 Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (#2767)
• 1447f9b Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (#2766)
• 83c39fe Support the top-level parent selector (#2758)
• ec85871 Bump EndBug/add-and-commit from 9 to 10 (#2756)
• a604acd [Function Name] Implement changes (#2731)
• Additional commits viewable in compare view

Updates sharp from 0.34.5 to 0.35.1

Release notes

Sourced from sharp's releases.

v0.35.1

• TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.1

• TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.0

• TypeScript: Ensure type definitions are published #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.0

• Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

• Breaking: Remove install script from package.json file. Compiling from source is now opt-in via the build script.

• Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

• Breaking: Add limitInputChannels with a default value of 5.

• Breaking: Remove deprecated failOnError constructor property.

• Breaking: Remove deprecated paletteBitDepth from metadata response.

• Breaking: Remove deprecated properties from sharpen operation.

• Breaking: Rename format.jp2k as format.jp2 for API consistency.

• Upgrade to libvips v8.18.3 for upstream bug fixes.

• Remove experimental status from WebAssembly binaries.

• Add prebuilt binaries for FreeBSD (WebAssembly).

• Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

• Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

• Add AVIF/HEIF tune option for control over quality metrics.

... (truncated)

Commits

• d781a2d Release v0.35.1
• 84fa853 Prerelease v0.35.1-rc.1
• 21263c3 TypeScript: Switch type defs to ESM, convert back to CJS #4537
• 8deceb4 Docs: fix link in changelog (#4541)
• c9f08eb Revert "Docs: Highlight that Windows ARM64 support is experimental" (#4540)
• 3ec892f Prerelease v0.35.1-rc.0
• fbdeac5 CI: Run packaging linter on sub-packages
• 1da92b3 WebAssembly: Ensure wrapper file is published #4538
• 32c029e Add packaging linter to help prevent regression e.g. #4537
• 98dc1df TypeScript: Ensure type definitions are published #4537
• Additional commits viewable in compare view

Updates @jest/globals from 30.3.0 to 30.4.1

Release notes

Sourced from @​jest/globals's releases.

v30.4.1

Features

• [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

• [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

Full Changelog: jestjs/jest@v30.4.0...v30.4.1

v30.4.0

Big release! 😀

Main feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work require(esm) module is now supported on Node 24.9+ (still requires --experimental-vm-modules like before).

In addition we now support fake timers for the recently released Temporal API in Node v26.

React 19 is also supported properly in pretty-format, meaning snapshots of React components now work like they should.

Due to all the changes, there might be regressions that snuck in. Please report them!

Full list of changes below

Features

• [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
• [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
• [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
• [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
• [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#1613...

  Description has been truncated