Skip to content

build(deps-dev): bump the npm-development-minor-patch group with 7 updates#303

Merged
chhoumann-agents-fsn1[bot] merged 1 commit into
masterfrom
dependabot/npm_and_yarn/npm-development-minor-patch-30391b0500
Jul 17, 2026
Merged

build(deps-dev): bump the npm-development-minor-patch group with 7 updates#303
chhoumann-agents-fsn1[bot] merged 1 commit into
masterfrom
dependabot/npm_and_yarn/npm-development-minor-patch-30391b0500

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-development-minor-patch group with 7 updates:

Package From To
@sveltejs/vite-plugin-svelte 7.1.2 7.2.0
@types/node 22.20.0 22.20.1
oxfmt 0.57.0 0.58.0
oxlint 1.72.0 1.73.0
svelte-check 4.7.1 4.7.2
vite 8.1.3 8.1.4
wrangler 4.107.0 4.107.1

Updates @sveltejs/vite-plugin-svelte from 7.1.2 to 7.2.0

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​7.2.0

Minor Changes

  • feat(inspector): add a context menu with current component stack (#1370)

@​sveltejs/vite-plugin-svelte@​7.1.4

Patch Changes

  • fix: enforce ltr styles for inspector (#1324)

@​sveltejs/vite-plugin-svelte@​7.1.3

Patch Changes

  • fix: ensure the inspector is injected into the client correctly for Vite+ projects (#1355)
Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

7.2.0

Minor Changes

  • feat(inspector): add a context menu with current component stack (#1370)

7.1.4

Patch Changes

  • fix: enforce ltr styles for inspector (#1324)

7.1.3

Patch Changes

  • fix: ensure the inspector is injected into the client correctly for Vite+ projects (#1355)
Commits

Updates @types/node from 22.20.0 to 22.20.1

Commits

Updates oxfmt from 0.57.0 to 0.58.0

Commits

Updates oxlint from 1.72.0 to 1.73.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.73.0] - 2026-07-06

🚀 Features

  • a2c97f3 linter/unicorn: Implement explicit-timer-delay rule (#23612) (Mikhail Baev)
  • 85735cb linter/unicorn: Implement no-confusing-array-with rule (#23638) (Shekhu☺️)
  • cb4fbb9 linter/eslint: Implement no-unreachable-loop rule (#23975) (Todor Andonov)
  • dc32112 linter/eslint/no-constant-binary-expression: Check relational comparisons (#24088) (camc314)
  • d963967 linter/unicorn/no-array-sort: Add allowAfterSpread option (#24043) (Boshen)
  • 0a75682 linter: Add per-rule timings for type-aware linting (#22488) (camchenry)
  • 743e222 linter/react: Add disallowedValues option for forbid-dom-props rule (#23970) (Mikhail Baev)

🐛 Bug Fixes

  • bdb51c7 linter/jest/prefer-ending-with-an-expect: Validate config patterns (#24122) (camc314)
  • 45d607d linter/react/forbid-component-props: Make allow/disallow lists optional in schema (#24024) (Boshen)
Commits
  • 39677ba release(apps): oxlint v1.73.0 && oxfmt v0.58.0 (#24219)
  • a2c97f3 feat(linter/unicorn): implement explicit-timer-delay rule (#23612)
  • bdb51c7 fix(linter/jest/prefer-ending-with-an-expect): validate config patterns (#24122)
  • 85735cb feat(linter/unicorn): implement no-confusing-array-with rule (#23638)
  • cb4fbb9 feat(linter/eslint): implement no-unreachable-loop rule (#23975)
  • dc32112 feat(linter/eslint/no-constant-binary-expression): check relational compariso...
  • d963967 feat(linter/unicorn/no-array-sort): add allowAfterSpread option (#24043)
  • 45d607d fix(linter/react/forbid-component-props): make allow/disallow lists optional ...
  • 0a75682 feat(linter): add per-rule timings for type-aware linting (#22488)
  • 743e222 feat(linter/react): add disallowedValues option for forbid-dom-props rule...
  • See full diff in compare view

Updates svelte-check from 4.7.1 to 4.7.2

Release notes

Sourced from svelte-check's releases.

svelte-check@4.7.2

Patch Changes

  • fix: resolve tsgo bin path with package.json (#3074)

  • fix: report tsconfig errors in --tsgo-experimental-api (#3070)

Commits

Updates vite from 8.1.3 to 8.1.4

Release notes

Sourced from vite's releases.

v8.1.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.4 (2026-07-09)

Features

Bug Fixes

  • build: add workaround for building on stackblitz (#22840) (575c32c)
  • build: keep import.meta.url in preload function as-is (#22839) (f1f90ed)
  • deps: update all non-major dependencies (#22865) (d4295a9)
  • deps: update rolldown-related dependencies (#22866) (7cf07e4)
  • html: avoid backtracking in import-only check (#22848) (b5868c0)
  • optimizer: avoid optimizer run for transform request before init (#22852) (72a5e21)
  • ssr: align named export function call stacktrace column with Node (#22829) (173a1b6)
  • strip pure CSS chunk imports when chunkImportMap is enabled (#22841) (648bd04)

Documentation

Miscellaneous Chores

  • deps: update dependency postcss-modules to v9 (#22867) (a9539d6)

Code Refactoring

Tests

Build System

Commits

Updates wrangler from 4.107.0 to 4.107.1

Release notes

Sourced from wrangler's releases.

wrangler@4.107.1

Patch Changes

  • #14514 d88555e Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260701.1 1.20260702.1
  • #14564 5fd8bee Thanks @​jibin7jose! - Fix an issue where wrangler dev would not override config vars with values from .dev.vars during local development when the secrets field was defined in the configuration file.

  • #14332 5d9990e Thanks @​Divkix! - Fix misleading error guidance when deploying a new Worker with secrets.required

    When a Worker declares secrets.required and has never been deployed before, the previous error message suggested running wrangler secret put <NAME>, which doesn't work because the Worker doesn't exist yet.

    The one path that does work — wrangler deploy --secrets-file <path> — was not mentioned anywhere in the error output.

    The pre-deploy error now explains that wrangler secret put cannot be used for a new Worker, and directs users to the --secrets-file flag instead. The post-deploy error for existing Workers now also mentions --secrets-file alongside wrangler secret put.

  • #14507 bf49a41 Thanks @​joey727! - Fix a potential crash when displaying certain CLI output

    Previously, some CLI output with no content lines could cause a crash. This is now handled correctly.

  • #14492 1ac96a1 Thanks @​penalosa! - Replace the CommonJS xdg-app-paths dependency with a vendored pure-ESM implementation

    xdg-app-paths (and its xdg-portable/os-paths dependencies) are CommonJS only, which caused "Dynamic require of 'path' is not supported" errors when the surrounding code was bundled to ESM. The global config/cache directory resolution is now provided by a small, dependency-free pure-ESM module in @cloudflare/workers-utils that reproduces the previous path resolution exactly (verified against the real package in unit tests), so existing config and credential locations are unchanged. This also drops the transitive fsevents optional dependency that xdg-app-paths pulled in.

    Miniflare and create-cloudflare now consume the shared helpers from @cloudflare/workers-utils instead of maintaining their own copies, importing node-only leaf entry points (@cloudflare/workers-utils/fs-helpers, @cloudflare/workers-utils/global-wrangler-config-path) where ESM bundling is required.

  • #14572 f416dd9 Thanks @​petebacondarwin! - Key local rate limit counters by namespace_id instead of binding name

    wrangler dev and Miniflare previously tracked each rate limit binding's counter by its binding name, so two bindings that referenced the same namespace_id were treated as separate limiters. Counters are now keyed by namespace_id, matching production: bindings that share a namespace_id share a limit, while distinct namespaces stay isolated. This also re-enables rate limit bindings in multiworker wrangler dev sessions, where they were previously stripped from secondary Workers to avoid a startup crash.

  • #14570 1ca8d8f Thanks @​penalosa! - Upgrade signal-exit from v3 to v4

    The bundled signal-exit dependency was CJS-only. Upgrading to v4 (which ships a dual ESM/CJS build) unblocks ESM output. Exit-cleanup behaviour is unchanged, though v4 no longer registers handlers for a few signals that are no longer supported by the OS (SIGUNUSED on Linux; SIGABRT/SIGALRM on Windows).

  • #14561 b973ed3 Thanks @​martijnwalraven! - Emit an error event for watch-mode rebuild failures in unstable_startWorker

    Initial build failures already dispatch an error event (surfaced as buildFailed on the DevEnv bus), but watch-mode rebuild failures were only logged from inside the esbuild plugin, so programmatic consumers had no way to observe them while dev kept serving the previous bundle. Rebuild failures now route through the same error path as initial-build failures: terminal output is unchanged and buildFailed fires symmetrically.

  • Updated dependencies [e7e5780, d88555e, 1ac96a1, f416dd9, 16fbf81]:

    • miniflare@4.20260702.0
Commits
  • c5d5e89 Version Packages (#14536)
  • 5fd8bee fix(wrangler): override config vars with .dev.vars when secrets is de… (#14564)
  • f416dd9 [miniflare] Key local rate limit counters by namespace_id (#14572)
  • b973ed3 fix(wrangler): emit an error event for watch-mode rebuild failures (#14561)
  • b8439fb [miniflare][wrangler] Fix Windows CI flakes: local-explorer ECONNRESET retry,...
  • 1ca8d8f [wrangler] Upgrade signal-exit to v4 for ESM compatibility (#14570)
  • 5d9990e [wrangler] Fix first-deploy guidance for required secrets (#14332)
  • bf49a41 [wrangler] Fix drawBox crash on empty content array (#14507)
  • 421ae96 [wrangler] Add unit tests for shell-quote and source-maps utilities (#14508)
  • 1ac96a1 [workers-utils] Replace CJS xdg-app-paths with a vendored pure-ESM implementa...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…dates

Bumps the npm-development-minor-patch group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@sveltejs/vite-plugin-svelte](https://github.com/sveltejs/vite-plugin-svelte/tree/HEAD/packages/vite-plugin-svelte) | `7.1.2` | `7.2.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.20.0` | `22.20.1` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.57.0` | `0.58.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.72.0` | `1.73.0` |
| [svelte-check](https://github.com/sveltejs/language-tools) | `4.7.1` | `4.7.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.1.3` | `8.1.4` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.107.0` | `4.107.1` |


Updates `@sveltejs/vite-plugin-svelte` from 7.1.2 to 7.2.0
- [Release notes](https://github.com/sveltejs/vite-plugin-svelte/releases)
- [Changelog](https://github.com/sveltejs/vite-plugin-svelte/blob/main/packages/vite-plugin-svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/vite-plugin-svelte/commits/@sveltejs/vite-plugin-svelte@7.2.0/packages/vite-plugin-svelte)

Updates `@types/node` from 22.20.0 to 22.20.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `oxfmt` from 0.57.0 to 0.58.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.58.0/npm/oxfmt)

Updates `oxlint` from 1.72.0 to 1.73.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.73.0/npm/oxlint)

Updates `svelte-check` from 4.7.1 to 4.7.2
- [Release notes](https://github.com/sveltejs/language-tools/releases)
- [Commits](https://github.com/sveltejs/language-tools/compare/svelte-check@4.7.1...svelte-check@4.7.2)

Updates `vite` from 8.1.3 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `wrangler` from 4.107.0 to 4.107.1
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.107.1/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@sveltejs/vite-plugin-svelte"
  dependency-version: 7.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development-minor-patch
- dependency-name: "@types/node"
  dependency-version: 22.20.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development-minor-patch
- dependency-name: oxfmt
  dependency-version: 0.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development-minor-patch
- dependency-name: oxlint
  dependency-version: 1.73.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development-minor-patch
- dependency-name: svelte-check
  dependency-version: 4.7.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development-minor-patch
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development-minor-patch
- dependency-name: wrangler
  dependency-version: 4.107.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 16, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 16, 2026

Copy link
Copy Markdown

Deploying podnotes with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4f0cf81
Status: ✅  Deploy successful!
Preview URL: https://5c30fbb6.podnotes.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-npm-sury.podnotes.pages.dev

View logs

@chhoumann-agents-fsn1

Copy link
Copy Markdown

Manual validation at head 4f0cf81:

Passed:

  • clean npm install; npm audit reports 0 vulnerabilities
  • npm registry signatures verified for 515 packages and attestations for 139 packages
  • dependency provenance, integrity, maintainer, repository, and lifecycle-script review
  • lint, format check, typecheck, production build, 1,132 Vitest tests, Svelte checks, and MkDocs build
  • isolated Obsidian 1.12.7 desktop runtime: 14/14 obsidian-e2e tests, plugin/API/protocol/player view checks, and no captured runtime errors

Required mobile validation is not complete:

  • OMD iOS diagnose found no trusted USB device
  • OMD Android was attempted with official API 34 and API 30 x86_64 images on this Linux host, which has no KVM. API 30 reached boot completion, but Android Watchdog killed system_server during installation of the checksum- and signature-verified official Obsidian 1.12.7 APK because package and UI handlers were blocked. The plugin could not be deployed or probed.

Leaving this PR open intentionally. Do not merge until the OMD mobile probe passes on a stable physical device or hardware-accelerated emulator.

@chhoumann-agents-fsn1

Copy link
Copy Markdown

Verification update: PASS

Validated exact head 4f0cf81643210cef9cbd364b48640d0ed6233483.

Desktop evidence:

  • Obsidian 1.12.7 through the isolated obsidian-e2e runtime
  • 14/14 E2E tests passed
  • no Obsidian runtime errors

Mobile evidence through OMD:

  • OMD booted digest-pinned Android 14 x86_64 ReDroid on this no-KVM VPS
  • ADB was bound only to 127.0.0.1:5555
  • official Obsidian 1.12.7 APK SHA-256 verified as 74a0741f43b0ebb2e8777d4c22b2c33830a97b6be284385e53c3586117136f84
  • exactly one APK signer, pinned certificate bd3bd52f4427b5ab7f8059d071a35e3de943c646546d32313da5f1cac254b7e4, APK Signature Scheme v2 verified
  • Android package UID and live process UID both 10087
  • WebView 125.0.6422.113 multiprocess isolation enabled
  • two CDP evaluations passed 30 seconds apart with the same app/system process and zero target transitions
  • exact PR build installed, enabled, and instantiated as PodNotes 2.20.1 in an app-scoped scratch vault
  • OMD core_smoke passed with platform: mobile
  • podnotes:podnotes-show-leaf executed and produced one active podcast_player_view titled Podcast Player; PodNotes API present
  • disable/enable lifecycle passed, followed by three consecutive reload cycles with one leaf and complete Queue/Favorites/Local Files/Played/empty-state content each time
  • app PID and system_server PID stayed unchanged through the observation window; no fatal exception, native signal, renderer crash, or PodNotes exception marker

The ReDroid backend is explicitly test-only because its privileged container cannot provide guest SELinux on this AppArmor host. OMD reports that limitation and never treats it as device-equivalent confinement. The earlier official Google emulator boot did restore SELinux Enforcing before installation, but Chromium WebView is not viable under this VPS's pure TCG path. ReDroid removes TCG while still exercising the real signed Obsidian Android APK and PodNotes mobile bundle.

Supply-chain checks also remain clean: npm audit found 0 vulnerabilities, lockfile signatures/attestations were verified, and the full local lint, format, type, build, test, and docs gates passed.

Verdict: merge-ready.

@chhoumann-agents-fsn1
chhoumann-agents-fsn1 Bot merged commit f6245f1 into master Jul 17, 2026
3 checks passed
@chhoumann-agents-fsn1
chhoumann-agents-fsn1 Bot deleted the dependabot/npm_and_yarn/npm-development-minor-patch-30391b0500 branch July 17, 2026 00:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants