fix(deps): update non-major-updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
github.com/aws/aws-sdk-go-v2/service/s3	1.100.1 → 1.101.0				minor
golangci/golangci-lint	2.12.1 → 2.12.2				patch
golangci/golangci-lint	v2.12.1 → v2.12.2			uses-with	patch
knip (source)	^6.11.0 → ^6.12.0			devDependencies	minor
react (source)	^19.2.5 → ^19.2.6			dependencies	patch
react-dom (source)	^19.2.5 → ^19.2.6			dependencies	patch
sigstore/cosign-installer	v4.1.1 → v4.1.2			action	patch

---

Release Notes

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/s3)

v1.101.0

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/cloudformation: v1.30.0
  • Feature: Specify desired CloudFormation behavior in the event of ChangeSet execution failure using the CreateChangeSet OnStackFailure parameter
• github.com/aws/aws-sdk-go-v2/service/ec2: v1.101.0
  • Feature: API changes to AWS Verified Access to include data from trust providers in logs
• github.com/aws/aws-sdk-go-v2/service/ecs: v1.27.4
  • Documentation: Documentation only update to address various tickets.
• github.com/aws/aws-sdk-go-v2/service/glue: v1.51.0
  • Feature: This release adds support for creating cross region table/database resource links
• github.com/aws/aws-sdk-go-v2/service/pricing: v1.20.0
  • Feature: This release updates the PriceListArn regex pattern.
• github.com/aws/aws-sdk-go-v2/service/route53domains: v1.15.0
  • Feature: Update MaxItems upper bound to 1000 for ListPricesRequest
• github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.85.0
  • Feature: Amazon Sagemaker Autopilot releases CreateAutoMLJobV2 and DescribeAutoMLJobV2 for Autopilot customers with ImageClassification, TextClassification and Tabular problem type config support.

golangci/golangci-lint (golangci/golangci-lint)

v2.12.2

Compare Source

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

webpro-nl/knip (knip)

v6.12.0: Release 6.12.0

Compare Source

• Use venz light/dark responsive svg img (2354194)
• Fix types/path references (4afc873)
• Move on to pnpm 11 (b106065)
• Fix up ecosystem tests (c226a72)
• Add shell binaries to global ignore list (#​1716) (ddcf7de) - thanks @​jakeleventhal!
• Fix declaration export regression and document (resolve #​1722) (3a2c22b)
• Update snapshot after 3a2c22b (8300078)
• Detect babel.plugins/presets in @​vitejs/plugin-react via function-form defineConfig (resolve #​1723) (d56ee51)
• Lift defineConfig-arg unwrapper to ast-helpers, route findCallArg through it (7195b0a)
• Fix PostCSS detection for @​tailwindcss/postcss (#​1719) (60f8482) - thanks @​jakeleventhal!
• Allow > inside SFC <script> attribute values (resolve #​1714) (9e5501f)
• Resolve Cypress reporter set per testing type (resolve #​1724) (7cc4fc1)
• Add Vercel config plugin (#​1720) (10f97c1) - thanks @​jakeleventhal!
• Direct config hint title to stderr (53236b5)
• Some light housekeeping (727f842)
• Fix up ecosystem tests (0db3300)
• Fix --no-exit-code condition for isTreatConfigHintsAsErrors (f27c3f4)
• A friendlier message (aab1e83)
• Mark plugin-name fallback binaries as optional in knownBinsOnly mode (c709a5a)

facebook/react (react)

v19.2.6: 19.2.6 (May 6th, 2026)

Compare Source

React Server Components

• Type hardening and performance improvements
  (by @​eps1lon and @​unstubbable)

sigstore/cosign-installer (sigstore/cosign-installer)

v4.1.2

Compare Source

What's Changed

• Bump cosign to 3.0.6 in #​232

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[github-actions]

✅ Supply Chain Verification Results

✅ PASSED

📦 SBOM Summary

• Components: 1487

🔍 Vulnerability Scan

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	4
🟢 Low	2
Total	6

📎 Artifacts

• SBOM (CycloneDX JSON) and Grype results available in workflow artifacts

---

_{Generated by Supply Chain Verification workflow • View Details}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!