fix(deps): update weekly-non-major-updates (development)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@playwright/test (source)	^1.57.0 → ^1.58.0			devDependencies	minor
@tanstack/react-query (source)	^5.90.19 → ^5.90.20			dependencies	patch
@types/node (source)	^25.0.9 → ^25.0.10			devDependencies	patch
@types/react (source)	^19.2.8 → ^19.2.9			devDependencies	patch
@typescript-eslint/eslint-plugin (source)	^8.53.1 → ^8.54.0			devDependencies	minor
@typescript-eslint/parser (source)	^8.53.1 → ^8.54.0			devDependencies	minor
@vitest/coverage-istanbul (source)	^4.0.17 → ^4.0.18			devDependencies	patch
@vitest/coverage-v8 (source)	^4.0.17 → ^4.0.18			devDependencies	patch
@vitest/ui (source)	^4.0.17 → ^4.0.18			devDependencies	patch
anchore/sbom-action	v0.21.1 → v0.22.0			action	minor
axios (source)	^1.13.2 → ^1.13.3			dependencies	patch
github/codeql-action	v4.31.10 → v4.32.0			action	minor
github/codeql-action (changelog)	cdefb33 → b20883b			action	digest
i18next (source)	^25.7.4 → ^25.8.0			dependencies	minor
lucide-react (source)	^0.562.0 → ^0.563.0			dependencies	minor
react (source)	^19.2.3 → ^19.2.4			dependencies	patch
react-dom (source)	^19.2.3 → ^19.2.4			dependencies	patch
react-router-dom (source)	^7.12.0 → ^7.13.0			dependencies	minor
release-drafter/release-drafter (changelog)	267d2e0 → 6db134d			action	digest
renovatebot/github-action	v44.2.5 → v44.2.6			action	patch
typescript-eslint (source)	^8.53.1 → ^8.54.0			devDependencies	minor
vitest (source)	^4.0.17 → ^4.0.18			devDependencies	patch

---

Release Notes

microsoft/playwright (@​playwright/test)

v1.58.0

Compare Source

TanStack/query (@​tanstack/react-query)

v5.90.20

Compare Source

Patch Changes

• Updated dependencies [e7258c5]:
  • @​tanstack/query-core@​5.90.20

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.54.0

Compare Source

🚀 Features

• eslint-plugin-internal: add prefer-tsutils-methods rule (#​11974, #​11625)
• typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#​11965, #​11955)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#​11967, #​11559)
• deps: update dependency prettier to v3.8.0 (#​11991)
• scope-manager: fix catch clause scopes def.name (#​11982)
• eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#​11785)

❤️ Thank You

• Brad Zacher @​bradzacher
• Josh Goldberg
• MinJae @​Ju-MINJAE
• Minyeong Kim @​minyeong981
• overlookmotel
• Yuya Yoshioka @​YuyaYoshioka
• 김현수 @​Kimsoo0119

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.54.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (@​vitest/coverage-istanbul)

v4.0.18

Compare Source

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in #​9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in #​9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in #​9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in #​9472 (22543)

    View changes on GitHub

anchore/sbom-action (anchore/sbom-action)

v0.22.0

Compare Source

Changes in v0.22.0

⬆️ Dependencies

• chore(deps-dev): bump the dev-dependencies group with 19 updates (#​566) [@​dependabot]
• chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#​567) [@​dependabot]
• chore(deps): update Syft to v1.40.1 (#​563) [@​anchore-actions-token-generator[bot]]

axios/axios (axios)

v1.13.3

Compare Source

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#​7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#​6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#​5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#​5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7257) (7d19335)
• turn AxiosError into a native error (#​5394) (#​5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#​5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#​7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#​6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#​5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#​6053) (65a7584)
• add Node.js coverage script using c8 (closes #​7289) (#​7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#​6265) (860e033)
• enhance pipeFileToResponse with error handling (#​7169) (88d7884)
• types: Intellisense for string literals in a widened union (#​6134) (f73474d), closes /github.com/microsoft/TypeScript/issues/33471#issuecomment-1376364329

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7…" (#​7298) (a4230f5), closes #​7253 #​7 #​7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#​7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad
• JohnTitor
• rohit miryala
• Wilson Mun
• techcodie
• Ved Vadnere
• svihpinc
• SANDESH LENDVE
• Lubos
• Jarred Sumner
• Adam Hines
• Subhan Kumar Rai
• Joseph Frazier
• KT0803
• Albie
• Jake Hayes

github/codeql-action (github/codeql-action)

v4.32.0

Compare Source

v4.31.11

Compare Source

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #​3409
• Improved error handling throughout the CodeQL Action. #​3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #​3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #​3403

i18next/i18next (i18next)

v25.8.0

Compare Source

• fix: TFunctionReturn fallback 2360

lucide-icons/lucide (lucide-react)

v0.563.0: Version 0.563.0

Compare Source

What's Changed

• chore(dev): Enable ligatures in font build configuration by @​dcxo in #​3876
• chore(repo): add Android to brand stopwords by @​karsa-mistmere in #​3895
• fix(site): add missing titles and a title template by @​taimar in #​3920
• fix(site): unify and improve the styling of input fields by @​taimar in #​3919
• fix(icons): changed star-off icon by @​jguddas in #​3952
• fix(icons): changed tickets-plane icon by @​jguddas in #​3928
• fix(icons): changed monitor-off icon by @​jguddas in #​3962
• fix(icons): changed lasso icon by @​jguddas in #​3961
• fix(icons): changed cloud-off icon by @​jguddas in #​3942
• docs(site): added lucide-web-components third-party package by @​midesweb in #​3948
• chore(deps-dev): bump preact from 10.27.2 to 10.27.3 by @​dependabot[bot] in #​3955
• feat(icon): add globe-x icon with metadata by @​Muhammad-Aqib-Bashir in #​3827
• fix(icons): changed waypoints icon by @​karsa-mistmere in #​3990
• fix(icons): changed bookmark icon by @​jguddas in #​2906
• fix(icons): changed message-square-dashed icon by @​jguddas in #​3959
• fix(icons): changed cloudy icon by @​jguddas in #​3966
• fix(github-actions): resolved spelling mistake in gh issue close command by @​jguddas in #​4000
• Update LICENSE by @​alxgraphy in #​4009
• feat(packages): Added aria-hidden fallback for decorative icons to all packages by @​ericfennis in #​3604
• chore(deps): bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in #​4020
• chore(deps): bump lodash-es from 4.17.21 to 4.17.23 by @​dependabot[bot] in #​4019
• Suggest anchoring to a specific lucide version when using a cdn by @​drago1520 in #​3727
• feat(docs): upgraded backers block by @​karsa-mistmere in #​4014
• fix(site): hide native search input clear "X" icon by @​epifaniofrancisco in #​3933
• feat(icons): added printer-x icon by @​lt25106 in #​3941

New Contributors

• @​dcxo made their first contribution in #​3876
• @​midesweb made their first contribution in #​3948
• @​alxgraphy made their first contribution in #​4009
• @​drago1520 made their first contribution in #​3727
• @​lt25106 made their first contribution in #​3941

Full Changelog: lucide-icons/lucide@0.562.0...0.563.0

facebook/react (react)

v19.2.4: 19.2.4 (January 26th, 2026)

Compare Source

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (@​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

remix-run/react-router (react-router-dom)

v7.13.0

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.13.0

renovatebot/github-action (renovatebot/github-action)

v44.2.6

Compare Source

Documentation

• update references to actions/checkout to v6.0.2 (c493b2d)
• update references to ghcr.io/renovatebot/renovate to v42.92.4 (75fe498)
• update references to renovatebot/github-action to v44.2.5 (8627919)

Miscellaneous Chores

• deps: update dependency @​types/node to v20.19.29 (b8ce015)
• deps: update dependency @​types/node to v20.19.30 (c2d6419)
• deps: update dependency prettier to v3.8.0 (d0197d9)
• deps: update dependency prettier-plugin-packagejson to v2.5.21 (0725f72)
• deps: update dependency typescript-eslint to v8.53.0 (c3071bc)

Build System

• deps: lock file maintenance (8267212)

Continuous Integration

• deps: update actions/checkout action to v6.0.2 (bca8c02)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.85.4 (52745be)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.85.5 (6ebcfac)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.85.6 (e3e66f1)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.85.7 (312511e)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.85.8 (d94ec39)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.86.0 (3bab076)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.86.1 (48d3490)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.87.0 (bbd25ac)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.88.2 (d587065)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.89.2 (9d5f277)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.89.4 (f7d4fc7)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.90.0 (28f1aa9)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.90.1 (fe77734)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.90.2 (6e8ea66)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.92.0 (#​987) (0d4c9d2)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.92.1 (c4feabe)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.92.2 (be0a612)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.92.3 (fd97c3a)
• deps: update ghcr.io/renovatebot/renovate docker tag to v42.92.4 (5ec2068)
• deps: update renovate docker tag to v42.85.3 (f0b16d5)
• deps: update renovate docker tag to v42.85.4 (19046c0)
• deps: update renovate docker tag to v42.85.5 (2523d2e)
• deps: update renovate docker tag to v42.85.6 (7ffd65f)
• deps: update renovate docker tag to v42.85.7 (4171b3b)
• deps: update renovate docker tag to v42.85.8 (1c5ac30)
• deps: update renovate docker tag to v42.86.0 (0256625)
• deps: update renovate docker tag to v42.86.1 (5430625)
• deps: update renovate docker tag to v42.87.0 (c8fd526)
• deps: update renovate docker tag to v42.88.2 (32fbc45)
• deps: update renovate docker tag to v42.89.2 (f5b09cb)
• deps: update renovate docker tag to v42.89.3 (2128873)
• deps: update renovate docker tag to v42.89.4 (80dcf09)
• deps: update renovate docker tag to v42.90.0 (481c844)
• deps: update renovate docker tag to v42.90.2 (65f6aaf)
• deps: update renovate docker tag to v42.92.0 (7cf9d8e)
• deps: update renovate docker tag to v42.92.1 (e39ac1d)
• deps: update renovate docker tag to v42.92.2 (39f256b)
• deps: update renovate docker tag to v42.92.3 (67fe0c3)
• deps: update renovate docker tag to v42.92.4 (9216196)

typescript-eslint/typescript-eslint (typescript-eslint)

v8.54.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - "before 8am on monday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.