Bump the patch-updates group across 1 directory with 12 updates

[dependabot]

Bumps the patch-updates group with 12 updates in the / directory:

Package	From	To
@astrojs/check	0.9.6	0.9.9
@astrojs/rss	4.0.14	4.0.18
@astrojs/svelte	7.2.2	7.2.5
@fancyapps/ui	6.1.6	6.1.14
@fontsource/roboto	5.2.9	5.2.10
@iconify-json/material-symbols	1.2.48	1.2.74
@iconify-json/simple-icons	1.2.60	1.2.83
dayjs	1.11.19	1.11.20
sanitize-html	2.17.0	2.17.4
@types/sanitize-html	2.16.0	2.16.1
tailwindcss	3.4.18	3.4.19
@astrojs/ts-plugin	1.10.6	1.10.9

Updates @astrojs/check from 0.9.6 to 0.9.9

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Changelog

Sourced from @​astrojs/check's changelog.

0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

0.9.8

Patch Changes

• #15892 a2f597d Thanks @​Princesseuh! - Fixes Astro not being able to find astro check sometimes

• Updated dependencies [7b4b254]:

  • @​astrojs/language-server@​2.16.5

0.9.7

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #15198 55107a1 Thanks @​HiDeoo! - Updates to Astro 6 beta

• Updated dependencies [bbb5811, df6d2d7]:

  • @​astrojs/language-server@​2.16.1

0.9.7-beta.1

Patch Changes

• #15198 55107a1 Thanks @​HiDeoo! - Updates to Astro 6 beta

0.9.6-beta.1

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• Updated dependencies [bbb5811]:

  • @​astrojs/language-server@​2.16.1-beta.1

0.9.6-alpha.0

Patch Changes

• Updated dependencies [df6d2d7]:
  • @​astrojs/language-server@​2.16.1-alpha.0

Commits

• c1f2e4f [ci] release (#16467)
• f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
• 184700c fix(deps): update language tools (#16230)
• 88fcc98 fix integrations links across docs (#16098)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• 09ecdd7 [ci] release (#15889)
• a2f597d fix(check): Revert publint lint fix (#15892)
• 48e5c4d [ci] release (#15808)
• 1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
• ddeb230 chore: address publint suggestions (#15653)
• Additional commits viewable in compare view

Updates @astrojs/rss from 4.0.14 to 4.0.18

Release notes

Sourced from @​astrojs/rss's releases.

@​astrojs/yaml2ts@​0.2.4

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

Changelog

Sourced from @​astrojs/rss's changelog.

4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

4.0.17

Patch Changes

• #15830 8d3f3aa Thanks @​Princesseuh! - Pin fast-xml-parser to 5.4.1 in order to fix an upstream bug

4.0.16

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #14956 0ff51df Thanks @​matthewp! - Updates usage of zod to own dependency rather than relying on astro/zod

• #15561 413b0f7 Thanks @​renovate! - Updates fast-xml-parser to v5.3.6

• #15283 daf41c6 Thanks @​eldair! - Updates validation to use Zod v4

• #15373 14252b2 Thanks @​renovate! - Updates zod to v4

4.0.15-beta.4

Patch Changes

• #15561 413b0f7 Thanks @​renovate! - Updates fast-xml-parser to v5.3.6

4.0.15-beta.3

Patch Changes

• #15373 14252b2 Thanks @​renovate! - Updates zod to v4

4.0.15-beta.2

Patch Changes

• #15283 daf41c6 Thanks @​eldair! - Updates validation to use Zod v4

4.0.15-beta.1

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

... (truncated)

Commits

• 4a6ff2a [ci] release (#16020)
• fdd2c5a fix(rss): unpin fast-xml-parser to resolve entity expansion CVEs (#16037)
• a2fff74 [ci] release (#15826)
• 8d3f3aa fix(rss): Pin fast-xml-parser until upstream fix (#15830)
• 48e5c4d [ci] release (#15808)
• 6453380 fix: manually updates packages who had main releases later than betas (#15816)
• 6414732 Spelling (#15601)
• 1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
• 10088fd fix(deps): update all non-major dependencies (#15707)
• 4d49632 [ci] release (beta) (#15590)
• Additional commits viewable in compare view

Updates @astrojs/svelte from 7.2.2 to 7.2.5

Changelog

Sourced from @​astrojs/svelte's changelog.

7.2.5

Patch Changes

• #15070 fa9c464 Thanks @​antonyfaris! - Improve Svelte children prop type checking

7.2.4

Patch Changes

• #15004 16f3994 Thanks @​antonyfaris! - Fixes an issue where Svelte components used in Astro files would incorrectly report type errors when using client:* directives.

7.2.3

Patch Changes

• #14934 4264a36 Thanks @​antonyfaris! - Fixes an issue where Svelte 5 components used in Astro files would not have proper type checking and IntelliSense.

Commits

• e73deb8 [ci] release (#15031)
• fa9c464 fix(svelte): improve Svelte children prop type checking (#15070)
• 1847601 fix(deps): update astro client runtimes (#15085)
• 0343993 [ci] release (#14997)
• 16f3994 fix(svelte): allow client directives (#15004)
• 02c19eb [ci] release (#14959)
• 00c06ef fix(deps): update astro client runtimes (#14978)
• deb6f14 fix(deps): update all non-major dependencies (#14977)
• 4264a36 fix: svelte 5 prop types (#14934)
• b31183d fix(deps): update astro client runtimes (#14881)
• See full diff in compare view

Updates @fancyapps/ui from 6.1.6 to 6.1.14

Release notes

Sourced from @​fancyapps/ui's releases.

v6.1.14

Please refer to CHANGELOG.md for details.

v6.1.13

Please refer to CHANGELOG.md for details.

v6.1.12

Please refer to CHANGELOG.md for details.

v6.1.11

Please refer to CHANGELOG.md for details.

v6.1.10

Please refer to CHANGELOG.md for details.

v6.1.9

Please refer to CHANGELOG.md for details.

v6.1.8

Please refer to CHANGELOG.md for details.

v6.1.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from @​fancyapps/ui's changelog.

6.1.14 (2026-04-29)

Bug Fixes

• Panzoom Fix an issue where a vertical image could not be dragged correctly after rotating
• Panzoom Fix pin positioning in some cases

Features

• Carousel Add support for external controls

6.1.13 (2026-03-02)

Bug Fixes

• Panzoom Avoid content duplication when performing multiple reinitializations
• Panzoom Show default buttons on the toolbar if none are specified
• Fancybox Make image visible outside viewport when closing and using sidebar plugin

Features

• Fancybox Add additional CSS variables to the sidebar plugin
• Add translations into Turkish, Ukrainian and Chinese

6.1.12 (2026-02-23)

Bug Fixes

• Carousel Fix an issue when combining the adaptiveHeight option and the Autoplay plugin (840)
• Fancybox Fix an issue with history.scrollRestoration in the Hash plugin (841)

6.1.11 (2026-02-18)

Bug Fixes

• Carousel Support "complex" values for gap (839)
• Fancybox Fix an issue with slug option (835)

Features

• Panzoom Enable the creation of a custom click zoom flow by making the clickAction and dblClickAction options to accept a method that returns a number
• Fancybox Add closeButtonTpl option to the close button template created above the content
• Fancybox Add a new plugin "Sidebar" that changes the layout to create a sidebar

6.1.10 (2026-01-29)

Bug Fixes

• Carousel Fix an issue with non-infinite carousels when swiping the page vertically
• Fancybox Fix an issue with the Hash plugin when an iframe element is active

... (truncated)

Commits

• 70177db 6.1.14
• 70cd2c6 6.1.13
• ee12cc2 6.1.12
• 175d9c4 6.1.11
• 04649ff 6.1.10
• 59cd97a 6.1.9
• 63bf5d5 6.1.8
• 1494b16 6.1.7
• See full diff in compare view

Updates @fontsource/roboto from 5.2.9 to 5.2.10

Commits

• See full diff in compare view

Updates @iconify-json/material-symbols from 1.2.48 to 1.2.74

Commits

• See full diff in compare view

Updates @iconify-json/simple-icons from 1.2.60 to 1.2.83

Commits

• See full diff in compare view

Updates dayjs from 1.11.19 to 1.11.20

Release notes

Sourced from dayjs's releases.

v1.11.20

1.11.20 (2026-03-12)

Bug Fixes

• Update locale km.js to support meridiem (#3017) (9d2b6a1)
• update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

Changelog

Sourced from dayjs's changelog.

1.11.20 (2026-03-12)

Bug Fixes

• Update locale km.js to support meridiem (#3017) (9d2b6a1)
• update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

Commits

• af6e1f8 chore(release): 1.11.20 [skip ci]
• 82babd6 D2M (#3018)
• bbe4ab1 chore: fix lint error
• 99691c5 fix: update updateLocale plugin to merge nested object properties instead of ...
• 9d2b6a1 fix: Update locale km.js to support meridiem (#3017)
• acf21cd chore: update doc
• 55a64e1 chore: update doc
• 807face chore: update doc
• 54f4470 chore: update doc
• 9ea23c7 chore: update doc
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for dayjs since your current version.

Updates sanitize-html from 2.17.0 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

2.17.3 (2026-04-15)

Security

• Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

2.17.2 (2026-03-19)

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &[#0000001](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/0000001)) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

2.17.1 (2026-02-18)

Fixes

• Fix unclosed tags (e.g., <hello) returning empty string in escape and recursiveEscape modes. Fixes #706. Thanks to Byeong Hyeon for the fix.

Commits

• See full diff in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

• See full diff in compare view

Updates tailwindcss from 3.4.18 to 3.4.19

Release notes

Sourced from tailwindcss's releases.

v3.4.19

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

Changelog

Sourced from tailwindcss's changelog.

[3.4.19] - 2025-12-10

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

[4.1.16] - 2025-10-23

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

[4.1.15] - 2025-10-20

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)(tailwindlabs/tailwindcss#19149)

[4.1.14] - 2025-10-01

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)

... (truncated)

Commits

• See full diff in compare view

Updates @astrojs/ts-plugin from 1.10.6 to 1.10.9

Release notes

Sourced from @​astrojs/ts-plugin's releases.

@​astrojs/ts-plugin@​1.10.9

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

• Updated dependencies [03b8f7f]:

  • @​astrojs/yaml2ts@​0.2.4

@​astrojs/ts-plugin@​1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @​astrojs/ts-plugin's changelog.

1.10.9

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

• Updated dependencies [03b8f7f]:

  • @​astrojs/yaml2ts@​0.2.4

1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

1.10.7

Patch Changes

• #15820 e20474b Thanks @​Princesseuh! - Fixes broken publish

• Updated dependencies [e20474b]:

  • @​astrojs/yaml2ts@​0.2.3

Commits

• 45b7fa9 [ci] release (#16742)
• 03b8f7f chore: update typescript to v6 (#16661)
• e345bcd [ci] release (#16653)
• 04fdbb2 Update pnpm to v11 (#16716)
• 5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
• 0c0ae11 refactor(ts-plugin): migrate tests to typescript (#16417)
• 5557dca feat: erasableSyntaxOnly (#15719)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• 9a8eb99 [ci] release (#15822)
• 1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
• Additional commits viewable in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions