Bump the workspace-deps group with 8 updates

[dependabot]

Bumps the workspace-deps group with 8 updates:

Package	From	To
typescript-eslint	8.59.1	8.59.2
astro	6.2.1	6.3.1
react	19.2.5	19.2.6
react-dom	19.2.5	19.2.6
lighthouse	13.2.0	13.3.0
puppeteer-core	24.42.0	24.43.0
zod	4.4.1	4.4.3
@types/node	25.6.0	25.6.2

Updates typescript-eslint from 8.59.1 to 8.59.2

Release notes

Sourced from typescript-eslint's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 2ec35f1 chore(release): publish 8.59.2
• See full diff in compare view

Updates astro from 6.2.1 to 6.3.1

Release notes

Sourced from astro's releases.

astro@6.3.1

Patch Changes

• #16646 15fbc41 Thanks @​matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

astro@6.3.0

Minor Changes

• #16366 d69f858 Thanks @​matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

  Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

  When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

  Enabling advanced routing

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  experimental: {
  advancedRouting: true,
  },
  });

  Two ways to build your pipeline

  Astro ships two entrypoints for advanced routing: astro/fetch and astro/hono.

  astro/fetch is a low-level, framework-free API built on the Web Fetch standard. You create a FetchState from the incoming request, then call handler functions in sequence. Each handler takes the state, does its work, and returns a Response (or undefined to pass through). This is the core primitive that everything else is built on:

  // src/app.ts
  import {
    FetchState,
    trailingSlash,
    redirects,
    actions,
    middleware,
    pages,
    i18n,
  } from 'astro/fetch';
  export default {
  async fetch(request: Request) {
  const state = new FetchState(request);
  // Early exits — these return a Response only when they apply.

... (truncated)

Changelog

Sourced from astro's changelog.

6.3.1

Patch Changes

• #16646 15fbc41 Thanks @​matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

6.3.0

Minor Changes

• #16366 d69f858 Thanks @​matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

  Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

  When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

  Enabling advanced routing

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  experimental: {
  advancedRouting: true,
  },
  });

  Two ways to build your pipeline

  Astro ships two entrypoints for advanced routing: astro/fetch and astro/hono.

  astro/fetch is a low-level, framework-free API built on the Web Fetch standard. You create a FetchState from the incoming request, then call handler functions in sequence. Each handler takes the state, does its work, and returns a Response (or undefined to pass through). This is the core primitive that everything else is built on:

  // src/app.ts
  import {
    FetchState,
    trailingSlash,
    redirects,
    actions,
    middleware,
    pages,
    i18n,
  } from 'astro/fetch';
  export default {
  async fetch(request: Request) {
  const state = new FetchState(request);

... (truncated)

Commits

• 868892b [ci] release (#16651)
• 8abfc7d [ci] format
• 15fbc41 Skip isRemoteAllowed check for local images in generic endpoint (#16646)
• 4886184 test: merge astro-assets-prefix test files into one (#16645)
• c397908 [ci] format
• 5311b78 test: parallel testing (#16382)
• 2ffa0ba [ci] release (#16596)
• c68a9da fix(docs): missing version and verb tense (#16632)
• f54be80 fix(logger): add flush/close to AstroIntegrationLogger (#16629)
• 9c6efc5 Escape interpolated values in redirect HTML template (#16592)
• Additional commits viewable in compare view

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates lighthouse from 13.2.0 to 13.3.0

Release notes

Sourced from lighthouse's releases.

v13.3.0

Full Changelog

We expect this release to ship in the DevTools of Chrome 150, and to PageSpeed Insights within 2 weeks.

Notable Changes

• New agentic browsing category added to default config (#17002)

Core

• agentic-web: add links to category and audit descriptions (#16997)
• llms-txt: adjust titles and descriptions and add smoketests (#17005)

Deps

• upgrade dependencies (#17006)

Tests

• smoke: widen byte efficiency wastedBytes range for ToT (#16996)
• webmcp: add webmcp smoketests (#16999)

Misc

• bundle: update build-bundle-mcp (#16995)

Changelog

Sourced from lighthouse's changelog.

13.3.0 (2026-05-07)

Full Changelog

We expect this release to ship in the DevTools of Chrome 150, and to PageSpeed Insights within 2 weeks.

Notable Changes

• New agentic browsing category added to default config (#17002)

Core

• agentic-web: add links to category and audit descriptions (#16997)
• llms-txt: adjust titles and descriptions and add smoketests (#17005)

Deps

• upgrade dependencies (#17006)

Tests

• smoke: widen byte efficiency wastedBytes range for ToT (#16996)
• webmcp: add webmcp smoketests (#16999)

Misc

• bundle: update build-bundle-mcp (#16995)

Commits

• 7d8dcf5 v13.3.0 (#17008)
• f146050 deps: upgrade dependencies (#17006)
• ec66b4a core(llms-txt): adjust titles and descriptions and add smoketests (#17005)
• 147d04c tests(webmcp): add webmcp smoketests (#16999)
• e120fad Revert "clients(devtools): include agentic browsing config in devtools entry"...
• e796f1b core(agentic browsing): add agentic browsing category to default config (#17002)
• e148cc6 Revert "clients(devtools): include agentic browsing config in devtools entry"...
• 081b1f2 clients(devtools): include agentic browsing config in devtools entry (#16998)
• 7db9ab8 core(agentic-web): add links to category and audit descriptions (#16997)
• 8c6a64e misc(bundle): update build-bundle-mcp (#16995)
• Additional commits viewable in compare view

Updates puppeteer-core from 24.42.0 to 24.43.0

Release notes

Sourced from puppeteer-core's releases.

puppeteer-core: v24.43.0

24.43.0 (2026-05-06)

🎉 Features

• Implement allowlist (#14897) (e7e31f8)
• roll to Chrome 148.0.7778.56 (#14918) (65890b7)
• roll to Firefox 150.0 (#14900) (beab61b)
• support checkboxes and radios in locator.fill (#14939) (fec05a0)
• webmcp: Add support for untrustedContent WebMCPAnnotation (#14901) (0314942)

🛠️ Fixes

• Disable WebUIReloadButton experiment (#14925) (d9639e9)
• do not open DevTools if it is already open (#14922) (84c9d34)
• do not set global offline flag for allowlist (#14931) (d6a1003)
• roll to Chrome 148.0.7778.97 (#14929) (536eb11)
• roll to Firefox 150.0.1 (#14923) (50438cf)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.13.0 to 2.13.1

Changelog

Sourced from puppeteer-core's changelog.

24.43.0 (2026-05-06)

🎉 Features

• Implement allowlist (#14897) (e7e31f8)
• roll to Chrome 148.0.7778.56 (#14918) (65890b7)
• roll to Firefox 150.0 (#14900) (beab61b)
• support checkboxes and radios in locator.fill (#14939) (fec05a0)
• webmcp: Add support for untrustedContent WebMCPAnnotation (#14901) (0314942)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.13.0 to 2.13.1

🛠️ Fixes

• Disable WebUIReloadButton experiment (#14925) (d9639e9)
• do not open DevTools if it is already open (#14922) (84c9d34)
• do not set global offline flag for allowlist (#14931) (d6a1003)
• roll to Chrome 148.0.7778.97 (#14929) (536eb11)
• roll to Firefox 150.0.1 (#14923) (50438cf)

Commits

• 07e2a1d chore: release main (#14902)
• 8451125 chore: Add a special treatment for EPERM error for windows test (#14943)
• 924eb69 test: Add form node to an accessibility tree (#14942)
• e54b90a chore: add iframe blocking tests (#14926)
• fec05a0 feat: support checkboxes and radios in locator.fill (#14939)
• d6a1003 fix: do not set global offline flag for allowlist (#14931)
• 2ee0f10 chore(deps-dev): bump the dev-dependencies group with 5 updates (#14935)
• 7e57729 chore(deps): bump the all group in /website with 11 updates (#14936)
• e51242d chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the all group...
• 50438cf fix: roll to Firefox 150.0.1 (#14923)
• Additional commits viewable in compare view

Updates zod from 4.4.1 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

• 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
• 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
• 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
• 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
• 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
• b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
• f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
• 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
• e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
• e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
• 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
• bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
• 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
• 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
• 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
• c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

Commits

• 1fb56a5 docs: document release procedure in AGENTS.md
• f3c9ec0 4.4.3
• c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
• 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
• b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
• 9195250 docs: remove Mintlify from bronze sponsors (churned)
• 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
• 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
• 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
• 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
• Additional commits viewable in compare view

Updates @types/node from 25.6.0 to 25.6.2

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying framework-tracker with    Cloudflare Pages

Latest commit:	6936990
Status:	✅  Deploy successful!
Preview URL:	https://50a9ef72.framework-tracker.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-work-ftkj.framework-tracker.pages.dev

View logs