chore(deps-dev): bump the minor-and-patch group with 8 updates

[dependabot]

Bumps the minor-and-patch group with 8 updates:

Package	From	To
@playwright/test	1.59.1	1.60.0
@types/node	25.5.2	25.9.2
@types/vscode	1.110.0	1.120.0
eslint	10.2.0	10.4.1
knip	6.3.0	6.16.1
prettier	3.8.1	3.8.3
tsx	4.21.0	4.22.4
typescript-eslint	8.58.0	8.60.1

Updates @playwright/test from 1.59.1 to 1.60.0

Release notes

Sourced from @​playwright/test's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

• 87bb9dd cherry-pick(#40747): fix(yauzl): vendor yauzl with destroy-lifecycle fix
• 9a9c51c cherry-pick(#40733): chore(electron): revert #40184 (move Electron API to a s...
• 4b3b628 cherry-pick(#40736): Revert "feat(electron): add timeout option to electronAp...
• f869f96 chore: bump version to v1.60.0 (#40714)
• 7eb6918 cherry-pick(#40710): docs: release notes v1.60
• 118d2aa cherry-pick(#40693): chore(python): formdata path type
• 54012f5 chore(deps): bump ip-address and express-rate-limit (#40680)
• 9fa531d fix(screencast): unblock frame ack when an async client disconnects (#40674)
• 3649db5 chore(mcp): bump default extension protocol to v2 (#40678)
• bb6c009 chore(extension): mark 0.2.1 (#40679)
• Additional commits viewable in compare view

Updates @types/node from 25.5.2 to 25.9.2

Commits

• See full diff in compare view

Updates @types/vscode from 1.110.0 to 1.120.0

Commits

• See full diff in compare view

Updates eslint from 10.2.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Updates knip from 6.3.0 to 6.16.1

Release notes

Sourced from knip's releases.

Release 6.16.1

• Resolve SvelteKit ./$types in monorepos (resolve #1778) (370ef4cefec6540ee7d58249cc402f479ec76405)

Release 6.16.0

• Update sponsors data + fix sponsors layout on narrow screen (fadf13aad5ebc36f7bc2fbc7615bfa77681d3660)
• Detect binaries and entry files in node:child_process calls (fc3598cfac640a2ae53b0113883574bf15bc5d47)
• It works™ (2d9ce845121484ef3ff84e4a761cfd98891d6c09)
• Extend known issues doc w/ workaround (close #1763) (fcd444bf4c6b2ddc5d7bb0ebfd6f3991cf5d0be2)
• Support ignoreExportsUsedInFile per workspace (close #1495) (4b898a971105d865d86d4dc81bc694721bff8793)
• feat(vscode): add workspaceRoot config option to enable use in a VSCode workspace that does not have package.json at the workspace root (#1667) (7c1ebef6ab6d1c5a7f2f920d4243241246b53f4b) - thanks @​anmilleriii!
• Replace minimist with node:util.parseArgs (resolve #1492) (b360c5ce1acfbb2cbd5f4e92ecca6c9b461ae094)
• Preserve minimist numeric coercion and --no-x negation (c12153ce0601378354421e454a6b6bbab74ae9fb)
• Simplify parseArgs adapter (ba15e413be7515620e4224b21483a1a87659dc34)
• Detect and credit registered custom elements (resolve #1394) (62dcda5fa46ccf6bdd94175b725fd38678049319)
• Add Lit and FAST plugins to detect @​customElement classes (348d2c9decf09bb61ab47477bc6cc57e4b089ec3)
• Add new testimonials (77fd7ed7dffaccfa8bc024105fe81dbe09b70671)
• Scope custom path aliases per workspace (resolve #1775) (d908099b52e4fd93b7947bafecbabeddfc7847f3)
• Restructure tests (ec4c77941d42aef54bed9e4dd1cae8e8784aa147)
• Simplify boolean check in parseArgs adapter (ba6865de03785eb49b2adf833f7f769eece78d49)
• Scope static custom-element define detection to the FAST plugin (94632cddd15f75eadd204cb480b3df6c1f2a842d)
• Add Custom Elements feature docs page (230bd734652f3a269b70da09cd26ac7e80a210cd)
• Update known-issues.md (f1f4c1bceef9a6575d7b31cc1340538ea894f824)
• Fix crash on backtick string literals in plugin config (resolve #1776) (f1adc7fbd68fc52a89a4d2a4d6b17d905d051de7)
• Format (e4720cab435be48e1a40afa8c548e21bdb74b14e)
• Fix backtick string literals in require() and plugin-name config arrays (#1776) (d14eb053331daaaeaec89c3c8e04cfeeba7580af)
• Credit custom elements via aliases, scoped registries, and static blocks (d7cbe12bd904f65b20016bdd2dfd4a5d7c5c1524)
• Improve Stencil plugin: credit @​Component and recognize test files (152d73052f87f29b348abbab90e117cfb97dd69b)
• Add Catalyst plugin to credit bare @​controller custom elements (8a37f8c25b03cd4e55bd18ba822906be35fcd97b)
• Document Stencil, Catalyst, static-block custom el reg. (105fba3a829f1cf4cf871035dbc9c170b0de7bc1)
• Auto-format md (f4fcf4e1c6a399d761151fc367125416e7741675)

Release 6.15.0

• Report exported type used only in inferred-return function body (resolve #1765) (2413408753f7abc7a9dfdba520990afd18c53ee0)
• Work that EXPORTS.md again (7e13451fab7ad85362fb63a4715ea450690aedef)
• Update npmx ecosystem snapshot (dfc401145a880f156c66eb83ea1622a99540304a)
• Link dependencies key with notes (closes #1764) (e3e66cea9e946558940bf8705129efea3f23b3ba)
• Resolve tsconfig paths when loading plugin configs (#1762) (0177c7466559e2ae99b5e1cd1e3a8043ca494edc) - thanks @​jakeleventhal!
• Avoid caching failed plugin config loads (#1768) (5e201cde9b1ba2568ead2ae790ab888c966828ae) - thanks @​jakeleventhal!
• Resolve extensionless .sass imports in SCSS compiler (#1770) (30c22835383b2355787cc2a871b22de80ff75544) - thanks @​sebacardello!
• fix(vite): detect inline module script entry points in index.html (#1772) (51f4eddc9e1b2fed1ba25e81fc596e9fb514ce01) - thanks @​lucas-spin!
• Harden vite inline module script import detection (b8abcfd2f4f5486aea08a934514bc55de86be030)
• Use RecordableHistogram for timerified function stats (d575c6905704af1b0b4620edd874fc09bc86ed28)
• Add orval plugin (resolves #1751) (4c82aa82c2a02fbda27a316389f210d11621f8cb)
• Add treatTagHintsAsErrors and --no-tag-hints (resolves #1767) (4b6a573e0c1e0daf65c76c32f7336ea71db6bb64)
• Add nano-spawn plugin (resolves #1769) (b2cad06dfd9958485537c5545c6c497fc8823ac3)
• Simplify glob cache validation and ignore-list assembly (df1a9603a5ea8ed7bad9588bf13672cedf37c90e)
• Dedupe ignore-pattern collection and dependency fixing (d49b626ad6736d7123d44568ef8c42a3e1d28aa3)
• Simplify installed-binaries collection in manifest metadata (55143941eebbc8dac12c79b77c1f65a8b61dfbef)
• Flatten control flow in ConfigurationChief (010d5709b0f9a3adc5ebe6e7169b9f5c4f29abc5)
• Inline trivial installed-binaries and types-included accessors (b5afb9f29e3474eee4bf276c1de83cb0682a5663)

... (truncated)

Commits

• a3169ec Release knip@6.16.1
• 370ef4c Resolve SvelteKit ./$types in monorepos (resolve #1778)
• e9a5a64 Release knip@6.16.0
• 8a37f8c Add Catalyst plugin to credit bare @​controller custom elements
• 152d730 Improve Stencil plugin: credit @​Component and recognize test files
• d7cbe12 Credit custom elements via aliases, scoped registries, and static blocks
• d14eb05 Fix backtick string literals in require() and plugin-name config arrays (#1776)
• f1adc7f Fix crash on backtick string literals in plugin config (resolve #1776)
• 94632cd Scope static custom-element define detection to the FAST plugin
• ba6865d Simplify boolean check in parseArgs adapter
• Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

• decode typed loader source (dce02fc)
• preserve entrypoint with TypeScript preload hooks (68f72f3)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

... (truncated)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• dce02fc fix: decode typed loader source
• 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
• 69455cf test: cover package exports for ambiguous ESM reexports
• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates typescript-eslint from 8.58.0 to 8.60.1

Release notes

Sourced from typescript-eslint's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)
• project-service: throw error cause in getParsedConfigFileFromTSServer (#12321)
• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Kirk Waiblinger @​kirkwaiblinger

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.4 (2026-05-18)

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

... (truncated)

Commits

• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• f891c29 chore(release): publish 8.60.0
• ca6ca14 chore(release): publish 8.59.4
• 4b927c6 fix(typescript-eslint): export Compatible* types from typescript-eslint to re...
• 48e13c0 chore(release): publish 8.59.3
• 44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• ea9ae4f chore(release): publish 8.59.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[falkoro]

🧠 Grok Composer review (grok-composer-2.5)

Review

1. Brand consistency

No findings. The diff touches only package.json and package-lock.json; there are no logos, favicons, og:image/schema assets, hero mockups, or customer-facing copy.

2. Spot Suite architecture

No findings. No Workers, D1, tenant scoping, OAuth, cron handlers, migrations, secrets handling, or Pages deploy config.

3. Correctness + security

No findings. No runtime or application logic changes; no auth paths, injection surfaces, tenant isolation, or plaintext secrets. Dev-tooling bumps only (eslint, typescript-eslint, knip, playwright, etc.).

Notes (non-blocking)

• package.json:83-96 — Routine devDependency semver bumps; engines.vscode stays ^1.105.0 while @types/vscode moves to ^1.120.0, which is normal (types ahead of minimum engine).
• package-lock.json — Lockfile refresh from those bumps, including transitive updates (e.g. unbash 2.x → 3.x, knip 6.3 → 6.16). Worth a quick npm run lint / npm test after merge, but nothing in the diff itself violates suite rules.

Verdict: Clean — a dev-only dependency refresh with no brand, architecture, or security issues in scope.