chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@babel/core (source)	^8.0.0-rc.6 → ^8.0.1			devDependencies	patch
@babel/plugin-proposal-decorators (source)	^8.0.0-rc.6 → ^8.0.2			devDependencies	patch
@babel/plugin-transform-runtime (source)	^8.0.0-rc.6 → ^8.0.1			devDependencies	patch
@babel/runtime (source)	^8.0.0-rc.6 → ^8.0.0			devDependencies	patch
@swc/core (source)	^1.15.41 → ^1.15.43			pnpm.catalog.default	patch
@swc/plugin-emotion (source)	^14.12.0 → ^14.14.0			pnpm.catalog.default	minor
@swc/plugin-react-remove-properties (source)	^12.12.0 → ^12.14.0			pnpm.catalog.default	minor
@swc/plugin-styled-jsx (source)	^13.12.0 → ^13.14.0			pnpm.catalog.default	minor
@swc/plugin-transform-imports (source)	^12.12.0 → ^12.14.0			pnpm.catalog.default	minor
@typescript/native-preview (source)	7.0.0-dev.20260613.1 → 7.0.0-dev.20260622.1			devDependencies	patch
oxfmt (source)	^0.54.0 → ^0.56.0			devDependencies	minor
oxlint (source)	^1.69.0 → ^1.71.0			devDependencies	minor
playwright-chromium (source)	^1.60.0 → ^1.61.0			devDependencies	minor
pnpm (source)	11.6.0 → 11.8.0			packageManager	minor
pnpm/action-setup	v6.0.8 → v6.0.9			action	patch
vitest (source)	^4.1.8 → ^4.1.9			devDependencies	patch
zizmorcore/zizmor-action	v0.5.6 → v0.5.7			action	patch

---

Release Notes

babel/babel (@​babel/core)

v8.0.1

Compare Source

💥 Breaking Change

• babel-core, babel-plugin-transform-object-rest-spread, babel-plugin-transform-runtime, babel-preset-env, babel-standalone
  • #​18079 Actually remove preset-env's useBuiltIns (@​nicolo-ribaudo)

v8.0.0

Compare Source

👓 Spec Compliance

• babel-core
  • #​18039 perf: Only extract source map comments at the end of the file (@​liuxingbaoyu)

💥 Breaking Change

• babel-cli, babel-node, babel-plugin-proposal-decorators, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-plugin-transform-modules-commonjs, babel-plugin-transform-object-rest-spread, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-regenerator, babel-preset-env, babel-register
  • #​18069 Fallback to assuming ESM support with modules: auto (@​nicolo-ribaudo)
• babel-plugin-transform-runtime, babel-runtime-corejs3, babel-runtime
  • #​18036 Remove corejs exports for @babe/runtime-corejs3 (@​liuxingbaoyu)
• babel-parser
  • #​18034 Remove locations: "packed" (@​liuxingbaoyu)

🐛 Bug Fix

• babel-generator
  • #​18046 fix(generator): improve new callee parens check (@​JLHwung)
• babel-plugin-transform-modules-systemjs
  • #​18032 fix(systemjs): support proto as an export name (@​JLHwung)

📝 Documentation

• #​18070 Add EOL date for Babel 7 (end of June 2027) to SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• #​18018 ci: enforce yarn integrity (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #​18039 perf: Only extract source map comments at the end of the file (@​liuxingbaoyu)

swc-project/swc (@​swc/core)

v1.15.43

Compare Source

Bug Fixes

• (es/es2022) Correct scope for private property brand checks (#​11953) (fb5afa2)

• (es/minifier) Preserve cooked when concatenating template literals (#​11939) (a7244a6)

• (es/minifier) Gate Number(x) -> +x on unsafe flag (#​11944) (#​11949) (6176019)

• (es/parser) Parse Flow bare renders types (#​11929) (a71c8eb)

• (es/parser) Allow no-default builds (#​11956) (baab240)

• (es/react-compiler) Skip TypeScript this pseudo-params in scope collector (#​11940) (9066c43)

• (es/react-compiler) Scope ClassStaticBlock and TsModuleBlock as var boundaries (#​11943) (1ee74a0)

• (react-compiler) Avoid reporting non-fatal success errors as diagnostics (#​11951) (cb4cb23)

• (react-compiler) React compiler AST conversion for wrapped assignment targets (#​11952) (fc9b453)

• (react-compiler) Disable parser default features (#​11957) (75ddb28)

Documentation

• Document untrusted input security scope (#​11937) (677305b)

Features

• (es/react-compiler) Add React Compiler (#​11917) (b182fbd)

• (swc) Gate react compiler re-export (#​11941) (dcc0f2d)

Miscellaneous Tasks

• (es/react-compiler) Update forked react compiler to 0.2.0 (#​11946) (6fbe188)

Refactor

• (es/react-compiler) Preserve TS metadata during AST roundtrip (#​11950) (9c4dec3)

• Remove production tracing hooks (#​11945) (0dffdc4)

swc-project/plugins (@​swc/plugin-emotion)

v14.14.0

Minor Changes

• 7cc5e96: build: Update swc_core to v72

v14.13.0

Minor Changes

• c3013d7: build: Update swc_core to v69

Patch Changes

• 49044fc: Fix extraneous spaces in compiled template strings

swc-project/plugins (@​swc/plugin-react-remove-properties)

v12.14.0

Minor Changes

• 7cc5e96: build: Update swc_core to v72

v12.13.0

Minor Changes

• c3013d7: build: Update swc_core to v69

swc-project/plugins (@​swc/plugin-styled-jsx)

v13.14.0

Minor Changes

• 7cc5e96: build: Update swc_core to v72

v13.13.0

Minor Changes

• c3013d7: build: Update swc_core to v69

swc-project/plugins (@​swc/plugin-transform-imports)

v12.14.0

Minor Changes

• 7cc5e96: build: Update swc_core to v72

v12.13.0

Minor Changes

• c3013d7: build: Update swc_core to v69

microsoft/typescript-go (@​typescript/native-preview)

v7.0.0-dev.20260622.1

Compare Source

v7.0.0-dev.20260621.1

Compare Source

v7.0.0-dev.20260620.1

Compare Source

v7.0.0-dev.20260619.1

Compare Source

v7.0.0-dev.20260618.1

Compare Source

v7.0.0-dev.20260617.2

Compare Source

v7.0.0-dev.20260616.1

Compare Source

v7.0.0-dev.20260615.1

Compare Source

v7.0.0-dev.20260614.1

Compare Source

oxc-project/oxc (oxfmt)

v0.56.0

Compare Source

v0.55.0

Compare Source

🚀 Features

• 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)

oxc-project/oxc (oxlint)

v1.71.0

Compare Source

🚀 Features

• 0dc2405 linter: Add schema for eslint/no-restricted-properties (#​23619) (Sysix)
• b638d0e linter: Add schema for node/callback-return (#​23615) (Sysix)
• eb8bedc linter: Add schema for import/extensions (#​23557) (WaterWhisperer)
• 46f3625 linter: Implement node/no-sync rule (#​23589) (fujitani sora)
• b01739a linter: Add schema for unicorn/numeric-separators-style (#​23554) (Mikhail Baev)
• 68afd2a linter/node: Implement no-mixed-requires rule (#​23539) (fujitani sora)
• a421215 linter: Add schema for eslint/prefer-destructuring (#​23410) (WaterWhisperer)
• 84438be linter/jsdoc: Added missing options to require-param-description (#​23416) (kapobajza)
• 51910df linter/jsdoc: Add missing options to require-param-type rule (#​23418) (kapobajza)
• e90925f linter/unicorn: Implement prefer-number-coercion rule (#​23497) (Shekhu☺️)
• dd1c866 linter/vue: Implement no-async-in-computed-properties rule (#​23493) (bab)
• b02444e linter: Add schema for react/jsx-no-script-url (#​23475) (WaterWhisperer)
• a8dce46 linter/unicorn: Implement max-nested-calls rule (#​23461) (arieleli01212)

🐛 Bug Fixes

• a303c23 linter/jsx-a11y: Align anchor-is-valid config with upstream (#​23446) (camc314)

📚 Documentation

• b50bf4d linter: Remove manually written options doc for eslint/arrow-body-style (#​23490) (Mikhail Baev)

v1.70.0

Compare Source

🚀 Features

• 2e8bda4 linter/vue: Implement no-dupe-keys rule (#​23350) (bab)
• 1490a0a linter/react: Implement react-compiler rule (#​23202) (Boshen)
• dd560ae linter/unicorn: Implement no-array-fill-with-reference-type rule (#​23397) (Mikhail Baev)
• af36c2f linter: Add schema for react/jsx-curly-brace-presence (#​23400) (WaterWhisperer)
• 47d34a3 linter: Add schema for react/jsx-handler-names (#​23393) (WaterWhisperer)
• f4250d0 linter: Add schema for unicorn/import-style (#​23386) (WaterWhisperer)
• 30c74ce linter: Add schema for jsx_a11y/no-noninteractive-element-to-interactive-role (#​23384) (Sysix)
• cfbe8dc linter: Add schema for jsx_a11y/no-interactive-element-to-noninteractive-role (#​23382) (WaterWhisperer)
• d15b7ff linter: Add schema for typescript/no-restricted-types (#​23381) (WaterWhisperer)
• 028a811 linter: Add schema for jsx-a11y/media-has-caption (#​23377) (Sysix)
• b3b1038 linter: Add schema for jsx-a11y/label-has-associated-control (#​23376) (Sysix)
• 7ada6b2 linter: Add schema for jsx_a11y/no-distracting-elements (#​23379) (WaterWhisperer)
• ee3dd49 linter: Add schema for jsx-a11y/img-redundant-alt (#​23374) (Sysix)
• df5f8dd linter: Add short descriptions to most lint rules. (#​23365) (Connor Shea)
• e3fd735 linter: Add schema for jsx_a11y/alt-text (#​23369) (Sysix)
• 0f2fff4 linter: Add schema for react/exhaustive-deps (#​23372) (Mikhail Baev)
• e3e4e10 linter: Add schema for react_perf/jsx-no-new-object-as-prop (#​23368) (Mikhail Baev)
• 9366d44 linter: Add schema for unicorn/prefer-at (#​23366) (WaterWhisperer)
• f57b55d linter: Add schema for typescript/array-type (#​23355) (Sysix)
• 0dcf912 linter: Add schema for typescript/ban-ts-comment (#​23354) (Sysix)
• 51fa83e linter: Add schema for react/no-did-update-set-state (#​23357) (Mikhail Baev)
• 59db0bd linter: Add schema for consistent-generic-constructors (#​23353) (Sysix)
• c4775c0 linter: Add schema for typescript/consistent-type-assertions (#​23349) (Sysix)
• 6e516f7 linter: Add schema for typescript/consistent-type-imports (#​23348) (Sysix)
• 012134d linter: Add schema for react/jsx-no-target-blank (#​23345) (WaterWhisperer)
• 0806aae linter: Add schema for jsx_a11y/no-noninteractive-tabindex (#​23337) (Mikhail Baev)
• 0708b5a linter: Add schema for react/jsx-filename-extension (#​23315) (Mikhail Baev)
• 150bce1 linter: Add schema for typescript/no-empty-object-type (#​23309) (Sysix)
• f9e36f1 linter: Add schema for typescript/no-duplicate-type-constituents (#​23308) (Sysix)
• 937accf linter: Add schema for typescript/no-invalid-void-type (#​23307) (Sysix)
• 3e042b9 linter: Add schema for typescript/no-misused-promises (#​23306) (Sysix)
• da212d1 linter: Add schema for typescript/no-unnecessary-condition (#​23305) (Sysix)
• f8f0d38 linter: Add schema for typescript/parameter-properties (#​23304) (Sysix)
• 2275fc7 linter: Add schema for typescript/prefer-nullish-coalescing (#​23302) (Sysix)
• d353858 linter: Add schema for typescript/prefer-string-starts-ends-with (#​23301) (Sysix)
• 03060f5 linter: Add schema for typescript/triple-slash-reference (#​23300) (Sysix)
• 6619cee linter: Add schema for promise/param-names (#​23298) (Sysix)
• 8bf108e linter: Add schema for promise/catch-or-return (#​23297) (Sysix)
• 48158d0 linter: Add schema for vitest/consistent-each-for (#​23294) (Sysix)
• 7e74c98 linter: Add schema for vitest/consistent-test-filename (#​23293) (Sysix)
• ff94d4a linter: Add schema for vitest/consistent-vitest-vi (#​23292) (Sysix)
• 2409a10 linter: Add schema for vitest/prefer-import-in-mock (#​23291) (Sysix)
• 3d782b7 linter: Add schema for react/no-unstable-nested-components (#​23287) (Mikhail Baev)
• 0a0bc2f linter/jsx-a11y: Add allowedRedundantRoles option to no-redundant-roles (#​22820) (bab)
• 80758a5 linter/vue: Implement no-side-effects-in-computed-properties rule (#​23282) (bab)
• e3869ac linter: Add schema for react/no-object-type-as-default-prop (#​23279) (Mikhail Baev)
• 4480609 linter: Add schema for react/jsx-props-no-spreading (#​23276) (Mikhail Baev)
• 08d68a5 linter/react: Implement jsx-no-literals rule (#​23145) (kapobajza)
• 9a2788b linter/unicorn: Implement prefer-export-from rule (#​22935) (AliceLanniste)
• bdb723c linter/unicorn: Implement prefer-single-call rule (#​23235) (Yuzhe Shi)
• 31543ed linter: Add schema for vue/define-props-destructuring (#​23252) (Sysix)
• 21b6c3d linter: Add schema for oxc/no-async-endpoint-handlers (#​23251) (Sysix)
• e77ff81 linter: Add schema for unicorn/prefer-object-from-entries (#​23249) (Mikhail Baev)
• bcac2d6 linter: Add schema for jest/vitest/no-restricted-matchers (#​23247) (Sysix)
• 539f036 linter: Add schema for jest/vitest/no-restricted-*-methods (#​23246) (Sysix)
• dd1b927 linter/vue: Implement require-default-prop rule (#​22951) (bab)
• 3f018e7 linter: Add schema for unicorn/no-instanceof-builtins (#​23225) (Mikhail Baev)
• e0d0f78 linter: Verify promise/no-callback-in-promise schema (#​23141) (beanscg)
• 123d4f4 linter: Add schema for jest/vitest/valid-expect (#​23185) (Sysix)
• 46c8a21 linter: Add schema for jest/vitest/require-top-level-describe (#​23184) (Sysix)
• 41465cf linter: Add schema for jest/vitest/prefer-snapshot-hint (#​23183) (Sysix)
• d068b9b linter: Add schema for jest/vitest/prefer-expect-assertions (#​23181) (Sysix)
• 064a1ee linter: Add schema for jest/prefer-ending-with-an-expect (#​23180) (Sysix)
• d046797 linter: Add schema for jest/vitest/no-standalone-expect (#​23179) (Sysix)
• 137b9a6 linter: Add schema for jest/vitest/no-large-snapshots (#​23178) (Sysix)
• 0f3e4a5 linter: Add schema for jest/vitest/no-hooks (#​23177) (Sysix)
• cd0b384 linter: Add schema for unicorn/explicit-length-check (#​23155) (Mikhail Baev)
• 01b74c4 linter: Add schema for jest/no-deprecated-functions (#​23136) (Sysix)
• 9d6a387 linter: Add schema for unicorn/catch-error-name (#​23137) (Mikhail Baev)
• 0da8efa linter: Add schema for jest/vitest/max-nested-describe (#​23131) (Sysix)
• d71c9fd linter: Add schema for eslint/no-use-before-define (#​23129) (Sysix)

🐛 Bug Fixes

• 26ddac6 linter: Avoid config schema generation for jsx_a11y/no-noninteractive-element-interactions (#​23385) (Sysix)
• 40556ad linter: Parse jsx-a11y/control-has-associated-label config with DefaultRuleConfig (#​23373) (Sysix)
• 71e9648 linter: Expose no-noninteractive-element-interactions schema (#​23283) (camc314)
• 6c86d1c linter/react-perf: Correct nativeAllowList all schema (#​23229) (camc314)
• 4dd52de linter/react-perf: Re-generate stale snapshots (#​23228) (camc314)
• 8f3db61 linter: Allow options for eslint/capitalized-comments (#​23139) (Sysix)

⚡ Performance

• f09707e linter: jest/no-deprecated-functions store config version as usize (#​23138) (Sysix)

📚 Documentation

• f682e25 linter: Remove manually written options doc for eslint/prefer-arrow-callback (#​23438) (Mikhail Baev)
• 64c942c linter: Remove manually written options doc for eslint/no-sequences (#​23420) (Mikhail Baev)
• 14abf32 linter/react-perf: Use autogenerated docs (#​23227) (camc314)

microsoft/playwright (playwright-chromium)

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

• apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

• New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
• New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
• The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

• The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
• Supported expect.soft.poll(...).
• New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
• New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
• testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
• New -G command line shorthand for --grep-invert.

🛠️ Other improvements

• Playwright now supports Ubuntu 26.04.
• HAR and trace recordings now include WebSocket requests.

Browser Versions

• Chromium 149.0.7827.55
• Mozilla Firefox 151.0
• WebKit 26.5

This version was also tested against the following stable channels:

• Google Chrome 149
• Microsoft Edge 149

pnpm/pnpm (pnpm)

v11.8.0

Compare Source

Minor Changes

• c112b61: Added a --dry-run option to pnpm install. It runs a full dependency resolution and reports what an install would change, but writes nothing to disk (no lockfile, no node_modules) and always exits with code 0. This mirrors the preview semantics of npm install --dry-run #​7340.

• 179ebc4: pnpm run --no-bail now exits with a non-zero exit code when any of the executed scripts fail, while still running every matched script to completion. This makes the exit-code behavior of --no-bail consistent between recursive and non-recursive runs (recursive runs already failed at the end). Previously, a non-recursive pnpm run --no-bail always exited with code 0, even when a script failed #​8013.

• 0474a9c: Added support for generating Node.js package maps at node_modules/.package-map.json during isolated and hoisted installs. Added the node-experimental-package-map setting to inject the generated map into pnpm-managed Node.js script environments, and the node-package-map-type setting to choose between standard and loose package maps.

• dcededc: pnpm sbom now marks components reachable only through devDependencies with CycloneDX scope: "excluded" and the cdx:npm:package:development property. The excluded scope documents "component usage for test and other non-runtime purposes", which matches the semantics of a devDependency; the property is the CycloneDX npm-taxonomy marker emitted by @cyclonedx/cyclonedx-npm, so both modern (scope) and existing (property) consumers are covered. Components reachable at runtime (including installed optionalDependencies) omit scope and default to required.

• 1495cb0: Added per-package SBOM generation with --out and --split flags. Use --out out/%s.cdx.json to write one SBOM per workspace package to individual files, or --split for NDJSON output to stdout. When --filter selects a single package, the SBOM root component now uses that package's metadata. Workspace inter-dependencies (workspace: protocol) and their transitive dependencies are included. Author, repository, and license fall back to the root manifest when the package doesn't define them.

• 293921a: feat(view): support searching project manifest upward when package name is omitted

  When running pnpm view without a package name, the command now searches
  upward for the nearest project manifest (package.json, package.yaml, or package.json5) and uses its name field.
  If the manifest exists but lacks a name field, an error is thrown.

  This change also replaces the find-up dependency with empathic for
  improved performance and consistency across workspace tools.

Patch Changes

• 29ab905: Fixed pnpm update overriding the version range policy of a named catalog whose name parses as a version (e.g. catalog:express4-21). The catalog: reference carries no pinning of its own, so the prefix from the catalog entry (such as ~) is now preserved instead of being widened to ^ #​10321.

• bee4bf4: Security: validate config dependency names and versions from the env lockfile (pnpm-lock.yaml) before using them to build filesystem paths. A committed lockfile with a traversal-shaped configDependencies name (such as ../../PWNED) or version (such as ../../../PWNED) could previously cause pnpm install to create symlinks or write package files outside node_modules/.pnpm-config and the store. Names must now be valid npm package names and versions must be exact semver versions; the same validation is applied to optional subdependencies of config dependencies, and to the legacy workspace-manifest format before any lockfile is written. See GHSA-qrv3-253h-g69c.

• 96bdd57: Fix link: workspace protocol switching to file: after pnpm rm is run from inside a workspace package whose target workspace dependency has its own dependencies, when injectWorkspacePackages: true is set. Follow-up to #​10575, which fixed the same symptom for workspace packages without dependencies.

• 302a2f7: No longer warn about using both packageManager and devEngines.packageManager when the two fields pin the same package manager at the same version with the same integrity hash (e.g. both pnpm@11.5.1+sha512.…). Previously the hash was stripped from the legacy packageManager field but not from devEngines.packageManager, so even identical specifications looked like a mismatch #​12028.

  The warning still fires on any genuine divergence, and several cases now state the specific reason instead of a single generic message: a different package manager, a different version, or contradictory integrity hashes for the same version.

• 3f0fb21: Fixed the progress line showing leftover characters from external processes that write to the terminal between progress updates (e.g. an SSH passphrase prompt would leave a fragment like added 0sa':). The interactive reporter now redraws each frame in place, erasing to the end of the display before reprinting, so any such remnants are cleared #​12350.

• 564619f: Fixed pnpm approve-builds reporting "no packages awaiting approval" when a build-script dependency whose approval was revoked (e.g. after git stash drops the allowBuilds from pnpm-workspace.yaml) is re-added. The revoked packages are now correctly recorded in .modules.yaml so approve-builds can find them. #​12221

• 3d1fd20: Skip the redundant "target bin directory already contains an exe called node" warning on Windows when the existing node.exe already matches the target (same hard link or identical content) pnpm/pnpm#12203.

• 1b02b47: Fix macOS Gatekeeper blocking native binaries (.node, .dylib, .so) by removing the com.apple.quarantine extended attribute after importing them from the store.

  When pnpm imports files from its content-addressable store into node_modules, macOS preserves extended attributes, including com.apple.quarantine. If this xattr is present on a store blob (e.g. it was first written under a Gatekeeper-enabled app such as a Git client), it propagates to node_modules, and Gatekeeper blocks the native binary from loading even though pnpm already verified the file's integrity against the lockfile.

  After importing a package, pnpm now strips com.apple.quarantine from its native binaries, matching Homebrew's behaviour of dropping quarantine from verified downloads. The cleanup is macOS-only, runs in a single batched xattr call per package, is restricted to native binaries (other files are untouched), and is non-fatal (it logs a warning on unexpected errors).

  Fixes #​11056

• 61969fb: Fix pnpm install with optimisticRepeatInstall incorrectly reporting Already up to date when pnpm-lock.yaml changed but project manifests did not. This affected workflows such as checking out or restoring only the lockfile #​12100.

  Also fixes checkDepsStatus to use the correct lockfile path when useGitBranchLockfile is enabled

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	playwright-chromium@​1.60.0 ⏵ 1.61.0	+11			+1
	@​babel/​plugin-proposal-decorators@​8.0.0-rc.6 ⏵ 8.0.2			+1	+4
	@​babel/​runtime@​8.0.0-rc.6 ⏵ 8.0.0			+1	+2
	vitest@​4.1.8 ⏵ 4.1.9	+1		+1	+2
	@​babel/​core@​8.0.0-rc.6 ⏵ 8.0.1	+1		+1
	@​swc/​core@​1.15.41 ⏵ 1.15.43				+2
	oxlint@​1.69.0 ⏵ 1.71.0	+1		+1	+1
	@​typescript/​native-preview@​7.0.0-dev.20260613.1 ⏵ 7.0.0-dev.20260622.1	+1		+19	+1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report