chore(deps): lock file maintenance npm packages

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
		lockFileMaintenance	All locks refreshed
@tailwindcss/vite (source)	devDependencies	patch	4.1.13 -> 4.1.16
@types/react (source)	devDependencies	minor	19.1.13 -> 19.2.2
@types/react-dom (source)	devDependencies	minor	19.1.9 -> 19.2.2
lucide-react (source)	dependencies	minor	^0.545.0 -> ^0.548.0
oxlint-tsgolint	devDependencies	minor	^0.2.1 -> ^0.3.0
playwright (source)	devDependencies	minor	1.55.0 -> 1.56.1
pnpm (source)	packageManager	minor	10.18.2 -> 10.19.0
react (source)	dependencies	minor	19.1.1 -> 19.2.0
react-dom (source)	dependencies	minor	19.1.1 -> 19.2.0
typescript (source)	pnpm.catalog.default	patch	5.9.2 -> 5.9.3
rolldown-vite (source)	devDependencies	patch	7.1.16 -> 7.1.19
semver	dependencies	patch	7.7.2 -> 7.7.3
react-router-dom (source)	dependencies	patch	7.9.1 -> 7.9.4
tailwindcss (source)	devDependencies	patch	4.1.13 -> 4.1.16
vite (source)	pnpm.overrides	patch	7.1.17 -> 7.1.19

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.1.16

Compare Source

Fixed

• Discard candidates with an empty data type (#​19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#​19176)
• Fix invalid colors due to nested & (#​19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#​19178)

v4.1.15

Compare Source

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#​19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#​19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#​19097)
• Allow named groups in combination with not-*, has-*, and in-* (#​19100)
• Prevent important utilities from affecting other utilities (#​19110)
• Don’t index into strings with the theme(…) function (#​19111)
• Fix parsing issue when \t is used in at-rules (#​19130)
• Upgrade: Canonicalize utilities containing 0 values (#​19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#​19157)

Changed

• Remove the postinstall script from oxide ([#​19149])(#​19149)

v4.1.14

Compare Source

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#​18888)
• Handle @variant inside @custom-variant (#​18885)
• Merge suggestions when using @utility (#​18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#​18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#​18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#​18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#​18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#​18918)
• Use default export condition for @tailwindcss/vite (#​18948)
• Re-throw errors from PostCSS nodes (#​18373)
• Detect classes in markdown inline directives (#​18967)
• Ensure files with only @theme produce no output when built (#​18979)
• Support Maud templates when extracting classes (#​18988)
• Upgrade: Do not migrate variant = 'outline' during upgrades (#​18922)
• Upgrade: Show version mismatch (if any) when running upgrade tool (#​19028)
• Upgrade: Ensure first class inside className is migrated (#​19031)
• Upgrade: Migrate classes inside *ClassName and *Class attributes (#​19031)

lucide-icons/lucide (lucide-react)

v0.548.0: Version 0.548.0

Compare Source

What's Changed

• feat(docs): add new package for Slint by @​cnlancehu in #​3698
• docs(site): add introductions for packages in documentation by @​mattheskaiser in #​3643
• Fix default prop by @​ericfennis in #​3730
• feat(icons): added gamepad-directional icon by @​felipeajzanetti in #​3693

New Contributors

• @​cnlancehu made their first contribution in #​3698
• @​mattheskaiser made their first contribution in #​3643
• @​felipeajzanetti made their first contribution in #​3693

Full Changelog: lucide-icons/lucide@0.547.0...0.548.0

v0.547.0: Version 0.547.0

Compare Source

What's Changed

• fix(docs): update brand logo statement link in github action by @​karsa-mistmere in #​3630
• chore(deps): bump astro from 5.5.2 to 5.14.4 by @​dependabot[bot] in #​3683
• fix(packages/lucide): replace elements inside <template> (#​2635) by @​KhalidAlansary in #​3576
• feat(icons): added birdhouse icon by @​hieu-onefold in #​3378

New Contributors

• @​KhalidAlansary made their first contribution in #​3576
• @​hieu-onefold made their first contribution in #​3378

Full Changelog: lucide-icons/lucide@0.546.0...0.547.0

v0.546.0: Version 0.546.0

Compare Source

What's Changed

• fix(icons): changed receipt-text icon by @​jguddas in #​3553
• fix(docs): removed duplicate text in intro text by @​nielsswinkels in #​3673
• feat(icons): add VS Code squircle base shape snippet by @​danielbayley in #​3674
• fix(icons): changed sword icon by @​jguddas in #​3421
• feat(icons): added monitor-cloud icon by @​karsa-mistmere in #​3037

New Contributors

• @​nielsswinkels made their first contribution in #​3673

Full Changelog: lucide-icons/lucide@0.545.0...0.546.0

oxc-project/tsgolint (oxlint-tsgolint)

v0.3.0

Compare Source

What's Changed

• chore(deps): update typescript-go digest to 48b739c by @​renovate[bot] in #​311
• chore(deps): update typescript-go digest to 06a7b84 by @​renovate[bot] in #​312
• chore(deps): update vitest to v4 by @​camc314 in #​314
• feat(rules): Implement strict_boolean_expressions by @​nnnnoel in #​222
• fix: resolve panic when compiling wildcard directory patterns and add tests for non-ASCII characters by @​camc314 in #​319
• fix(strict-boolean-expressions): fix memory leak by @​camc314 in #​316

New Contributors

• @​nnnnoel made their first contribution in #​222

Full Changelog: oxc-project/tsgolint@v0.2.1...v0.3.0

microsoft/playwright (playwright)

v1.56.1

Compare Source

Highlights

#​37871 chore: allow local-network-access permission in chromium
#​37891 fix(agents): remove workspaceFolder ref from vscode mcp
#​37759 chore: rename agents to test agents
#​37757 chore(mcp): fallback to cwd when resolving test config

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

v1.56.0

Compare Source

Playwright Agents

Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test:

• 🎭 planner explores the app and produces a Markdown test plan
• 🎭 generator transforms the Markdown plan into the Playwright Test files
• 🎭 healer executes the test suite and automatically repairs failing tests

Run npx playwright init-agents with your client of choice to generate the latest agent definitions:

### Generate agent files for each agentic loop
### Visual Studio Code
npx playwright init-agents --loop=vscode

### Claude Code
npx playwright init-agents --loop=claude

### opencode
npx playwright init-agents --loop=opencode

[!NOTE]
VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality!

Learn more about Playwright Agents

New APIs

• New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page
• New method page.requests() for retrieving the most recent network requests from the page
• Added --test-list and --test-list-invert to allow manual specification of specific tests from a file

UI Mode and HTML Reporter

• Added option to 'html' reporter to disable the "Copy prompt" button
• Added option to 'html' reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list
• Added option to UI Mode mirroring the --update-snapshots options
• Added option to UI Mode to run only a single worker at a time

Breaking Changes

• Event browserContext.on('backgroundpage') has been deprecated and will not be emitted. Method browserContext.backgroundPages() will return an empty list

Miscellaneous

• Aria snapshots render and compare input placeholder
• Added environment variable PLAYWRIGHT_TEST to Playwright worker processes to allow discriminating on testing status

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

v1.55.1

Compare Source

Highlights

#​37479 - [Bug]: Upgrade Chromium to 140.0.7339.186.
#​37147 - [Regression]: Internal error: step id not found.
#​37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects.
#​37137 - Revert "fix(a11y): track inert elements as hidden".
#​37532 - chore: do not use -k option

Browser Versions

• Chromium 140.0.7339.186
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

pnpm/pnpm (pnpm)

v10.19.0

Compare Source

Minor Changes

• You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

  onlyBuiltDependencies:
    - [email protected] || 21.6.5
    - [email protected]

  Related PR: #​10104.

• Added support for exact versions in minimumReleaseAgeExclude #​9985.

  You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - [email protected]
    - [email protected] || 5.102.1

v10.18.3

Compare Source

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
• Fixed EISDIR error when bin field points to a directory #​9441.
• Preserve version and hasBin for variations packages #​10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
• Prevent a table width error in pnpm outdated --long #​10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

facebook/react (react)

v19.2.0

Compare Source

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #​33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #​34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #​32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #​34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #​33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #​32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #​34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #​33629, #​33724, #​32735, #​33723)
• Add cacheSignal (@​sebmarkbage #​33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #​33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #​32001, #​33342#​33099, #​33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #​34264)
• Allow nonce to be used on hoistable styles (@​Andarist #​32461)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #​32774)
• s/HTML/text for for error messages if text hydration mismatches (@​rickhanlonii #​32763)
• Fix a bug with React.use inside React.lazy-ed Component (@​hi-ogawa #​33941)
• Enable the progressiveChunkSize option for server-side-rendering APIs (@​sebmarkbage #​33027)
• Fix a bug with deeply nested Suspense inside Suspense fallback when server-side-rendering (@​gnoff #​33467)
• Avoid hanging when suspending after aborting while rendering (@​gnoff #​34192)
• Add Node Web Streams to server-side-rendering APIs for Node.js (@​sebmarkbage #​33475)

React Server Components

• Preload <img> and <link> using hints before they're rendered (@​sebmarkbage #​34604)
• Log error if production elements are rendered during development (@​eps1lon #​34189)
• Fix a bug when returning a Temporary reference (e.g. a Client Reference) from Server Functions (@​sebmarkbage #​34084, @​denk0403 #​33761)
• Pass line/column to filterStackFrame (@​eps1lon #​33707)
• Support Async Modules in Turbopack Server References (@​lubieowoce #​34531)
• Add support for .mjs file extension in Webpack (@​jennyscript #​33028)
• Fix a wrong missing key warning (@​unstubbable #​34350)
• Make console log resolve in predictable order (@​sebmarkbage #​33665)

React Reconciler

• createContainer and createHydrationContainer had their parameter order adjusted after on* handlers to account for upcoming experimental APIs

microsoft/TypeScript (typescript)

v5.9.3: TypeScript 5.9.3

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

vitejs/rolldown-vite (rolldown-vite)

v7.1.19

Compare Source

Features

• update rolldown (#​456) (f9d348e)

Bug Fixes

• module-runner: resolve resolvedSources correctly (#​20959) (c4f6039)
• resolve default export consistently (#​444) (46e89c0)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20965) (6ad5424)
• fix type (8455590)
• fix types (db4d46d)

Code Refactoring

• avoid deprecated rolldown options (e.g. top level define) (61f4caa)
• revert #​322 (b8970d0)

Build System

• use isolated declarations (#​20928) (dad7643)

v7.1.18

Compare Source

Bug Fixes

• dev: trim trailing slash before server.fs.deny check (#​20968) (f479cc5)

Miscellaneous Chores

• deps: update all non-major dependencies (#​20966) (6fb41a2)

Code Refactoring

• revert #​313 (5305fc7)
• use subpath imports for types module reference (#​20921) (d0094af)

Build System

• remove cjs reference in files field (#​20945) (ef411ce)
• remove hash from built filenames (#​20946) (a817307)

v7.1.17

Compare Source

Features

• update rolldown (08ea49e)

Bug Fixes

• css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#​20767) (3a92bc7)
• css: respect emitAssets when cssCodeSplit=false (#​20883) (d3e7eee)
• deps: update all non-major dependencies (879de86)
• deps: update all non-major dependencies (#​20894) (3213f90)
• dev: allow aliases starting with // (#​20760) (b95fa2a)
• dev: remove timestamp query consistently (#​20887) (6537d15)
• esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#​20906) (446eb38)
• normalize path before calling fileToBuiltUrl (#​20898) (73b6d24)
• preserve original sourcemap file field when combining sourcemaps (#​20926) (c714776)

Documentation

• correct WebSocket spelling (#​20890) (29e98dc)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20923) (a5e3b06)
• fix type error (2ac79ea)

npm/node-semver (semver)

v7.7.3

Compare Source

Bug Fixes

• e37e0ca #​813 faster paths for compare (#​813) (@​H4ad)
• 2471d75 #​811 x-range build metadata support (i529015)

Chores

• 8f05c87 #​807 bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#​807) (@​dependabot[bot], @​owlstronaut)

remix-run/react-router (react-router-dom)

v7.9.4

Compare Source

Patch Changes

• Updated dependencies:
  • [email protected]

v7.9.3

Compare Source

Patch Changes

• Updated dependencies:
  • [email protected]

v7.9.2

Compare Source

Patch Changes

• Updated dependencies:
  • [email protected]

---

Configuration

📅 Schedule: Branch creation - "before 9am on monday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 5 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/voidzero-dev/vibe-dashboard/apps/dashboard:
 ERR_PNPM_NO_MATCHING_VERSION  No matching version found for lucide-react@^0.548.0 published by Fri Oct 24 2025 16:51:10 GMT+0000 (Coordinated Universal Time) while fetching it from https://registry.npmjs.org/. Version 0.548.0 satisfies the specs but was released at Fri Oct 24 2025 18:32:36 GMT+0000 (Coordinated Universal Time)

This error happened while installing a direct dependency of /tmp/renovate/repos/github/voidzero-dev/vibe-dashboard/apps/dashboard

The latest release of lucide-react is "0.548.0". Published at 10/24/2025 6:32:36 PM

Other releases are:
  * beta: 0.266.0-beta.0 published at 8/9/2023

If you need the full list of all 618 published versions run "$ pnpm view lucide-react versions".

If you want to install the matched version ignoring the time it was published, you can add the package name to the minimumReleaseAgeExclude setting. Read more about it: https://pnpm.io/settings#minimumreleaseageexclude