fix(deps): update npm-non-major

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@playwright/test (source)	^1.60.0 → ^1.61.0
@radix-ui/react-checkbox (source)	^1.3.4 → ^1.3.5
@radix-ui/react-dialog (source)	^1.1.16 → ^1.1.17
@radix-ui/react-progress (source)	^1.1.9 → ^1.1.10
@radix-ui/react-select (source)	^2.3.0 → ^2.3.1
@radix-ui/react-tabs (source)	^1.1.14 → ^1.1.15
@radix-ui/react-tooltip (source)	^1.2.9 → ^1.2.10
@typescript-eslint/eslint-plugin (source)	^8.61.0 → ^8.61.1
@typescript-eslint/parser (source)	^8.61.0 → ^8.61.1
@typescript-eslint/utils (source)	^8.61.0 → ^8.61.1
@vitest/coverage-istanbul (source)	^4.1.8 → ^4.1.9
@vitest/coverage-v8 (source)	^4.1.8 → ^4.1.9
@vitest/ui (source)	^4.1.8 → ^4.1.9
axios (source)	1.17.0 → 1.18.0
knip (source)	^6.16.1 → ^6.17.1
lucide-react (source)	^1.18.0 → ^1.20.0
tldts	^7.4.2 → ^7.4.3
typescript-eslint (source)	^8.61.0 → ^8.61.1
vitest (source)	^4.1.8 → ^4.1.9

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

microsoft/playwright (@​playwright/test)

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

• apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

• New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
• New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
• The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

• The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
• Supported expect.soft.poll(...).
• New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
• New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
• testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
• New -G command line shorthand for --grep-invert.

🛠️ Other improvements

• Playwright now supports Ubuntu 26.04.
• HAR and trace recordings now include WebSocket requests.

Browser Versions

• Chromium 149.0.7827.55
• Mozilla Firefox 151.0
• WebKit 26.5

This version was also tested against the following stable channels:

• Google Chrome 149
• Microsoft Edge 149

radix-ui/primitives (@​radix-ui/react-checkbox)

v1.3.5

• Updated dependencies: @radix-ui/react-primitive@2.1.6

radix-ui/primitives (@​radix-ui/react-dialog)

v1.1.17

• Removed dev-only warnings for dialogs when title and/or description is not rendered.
• Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
• Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12

radix-ui/primitives (@​radix-ui/react-progress)

v1.1.10

• Updated dependencies: @radix-ui/react-primitive@2.1.6

radix-ui/primitives (@​radix-ui/react-select)

v2.3.1

• Allowed a Select.Item with an empty string value to act as a "clear" option. Selecting it resets the selection back to the placeholder, restoring the native <select> behavior for optional selects.
• Fixed a bug where typeahead search resulted in focusing an element that no longer exists.
• Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

radix-ui/primitives (@​radix-ui/react-tabs)

v1.1.15

• Updated dependencies: @radix-ui/react-primitive@2.1.6, @radix-ui/react-roving-focus@1.1.13

radix-ui/primitives (@​radix-ui/react-tooltip)

v1.2.10

• Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.61.1

Compare Source

🩹 Fixes

• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#​12388)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#​12413)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#​12394, #​12393)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#​12281)
• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#​12396, #​10577)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.61.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/utils)

v8.61.1

Compare Source

This was a version bump only for utils to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (@​vitest/coverage-istanbul)

v4.1.9

Compare Source

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #​10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in #​10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in #​10497 and #​10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in #​10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in #​10543 and #​10564 (934b0)

View changes on GitHub

vitest-dev/vitest (@​vitest/ui)

v4.1.9

Compare Source

axios/axios (axios)

v1.18.0

Compare Source

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#​10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#​11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#​10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#​10984, #​10988, #​10992, #​10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#​10989, #​10996, #​10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#​11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#​10984)
• @​eyupcanakman (#​10899)
• @​Adi-Beker (#​10995)

Full Changelog

webpro-nl/knip (knip)

v6.17.1: Release 6.17.1

Compare Source

• Remove ignoreBinaries w/ tar (b13d0ca)
• Wrap up docs/refs (29f3e46)
• Update dependencies (7b2f345)
• Fix up vscode-languageclient imports (820c233)

v6.17.0: Release 6.17.0

Compare Source

• chore(mcp): add package metadata links (#​1783) (e3d93b9) - thanks @​sh962214-hub!
• fix(capacitor): detect iOS platform with Swift Package Manager (#​1787) (e6cc533) - thanks @​jthrilly!
• Support ignoreIssues per workspace (resolve #​1782) (15a329a)
• Add commitlint.config.mts (resolve #​1784) (fa8eb6d)
• Treat scoped and tilde SCSS imports as packages (resolve #​1786) (98aa962)
• Add followCursor setting for Imports/Exports views (resolve #​1788) (67a0be8)
• Flag undeclared sibling imports in published workspaces (resolve #​1792) (aeabff7)
• Fix type-check errors in vscode-knip (12f266e)
• Note Markdown formatting with pnpm remark (bdffeec)
• Bump some doc-related dependencies (3334193)
• Update vscode-knip tool descriptions (be34178)
• Overhaul docs (55e3f3b)
• Improve mcp guidance (67483f0)
• Fix repeated --fix-type arg (9bb0512)
• Resolve module paths from selected tsconfig (resolve #​1794) (1c2f398)
• Update sanity snapshot (4ebce9c)
• Add tar to globally ignored binaries (resolve #​1796) (8c028e5)

lucide-icons/lucide (lucide-react)

v1.20.0: Version 1.20.0

Compare Source

What's Changed

• fix(icons): decreased size of arrows inside square-arrow-* icons by @​jguddas in #​3926
• chore(tags): Add tags to search- icons by @​jamiemlaw in #​4099
• feat(icons): added save-check icon by @​Konixy in #​3120
• feat(icons): added tag-plus and tag-x icons by @​adam-kov in #​3980
• feat(icons): added banknote-check icon by @​mfjramirezf in #​3956
• feat(icons): added clock-arrow-in icon by @​jguddas in #​2403
• feat(icons): added summary icon by @​jpjacobpadilla in #​3114
• feat(icons): added user-round-arrow-in icon by @​jguddas in #​2283
• feat(icons): added clock-arrow-out icon by @​jguddas in #​2404
• docs(docs): fix broken Svelte package source link in README by @​SRKrukowski in #​4468
• chore(deps-dev): bump @​angular/compiler from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4474
• chore(deps-dev): bump @​angular/core from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4470
• chore(deps-dev): bump vitest from 4.0.12 to 4.1.0 by @​dependabot[bot] in #​4429
• chore(deps-dev): bump markdown-it from 14.1.1 to 14.2.0 by @​dependabot[bot] in #​4475
• chore(deps-dev): bump @​angular/common from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4471
• feat(icons): added pencil-sparkles icon by @​jennieboops in #​4445

New Contributors

• @​Konixy made their first contribution in #​3120
• @​adam-kov made their first contribution in #​3980
• @​mfjramirezf made their first contribution in #​3956
• @​SRKrukowski made their first contribution in #​4468
• @​jennieboops made their first contribution in #​4445

Full Changelog: lucide-icons/lucide@1.19.0...1.20.0

v1.19.0: Version 1.19.0

Compare Source

What's Changed

• chore(deps): upgrade pnpm to version 11.6.0 by @​ericfennis in #​4458
• feat(icons): added star-* icons by @​RajnishKMehta in #​3918
• chore(suggest-tags): Update metadata suggestion script by @​ericfennis in #​4462
• feat(icons): added save-pen icon by @​vaporvee in #​4179
• feat(icons): added wrench-off icon by @​nilsjonsson in #​4434
• feat(icons): added ad icon by @​jamiemlaw in #​4323
• feat(icons): added eye-dashed icon by @​karsa-mistmere in #​4415
• feat(icons): added save-plus icon by @​jwlinqx in #​4448
• feat(icons): added list-sort-descending icon by @​ericfennis in #​4457
• fix(lucide-react-native): Fix provider exports by @​ericfennis in #​4463
• fix(site): reserve space for icon detail drawer by @​vyctorbrzezowski in #​4344
• fix(icons): changed wallet-cards icon by @​jguddas in #​3888
• feat(site): Improve search and add sorting options by @​ericfennis in #​4453
• feat(icons): added podium icon by @​jguddas in #​2124

New Contributors

• @​vaporvee made their first contribution in #​4179
• @​nilsjonsson made their first contribution in #​4434
• @​jwlinqx made their first contribution in #​4448
• @​vyctorbrzezowski made their first contribution in #​4344

Full Changelog: lucide-icons/lucide@1.18.0...1.19.0

remusao/tldts (tldts)

v7.4.3

Compare Source

📜 Update Public Suffix List

• tldts-experimental, tldts
  • Update upstream public suffix list #​2605 (@​remusao)

🔩 Dependencies

• Bump rollup from 4.61.0 to 4.61.1 #​2602 (@​dependabot[bot])
• Bump typescript-eslint from 8.60.0 to 8.60.1 #​2601 (@​dependabot[bot])
• Bump rollup from 4.60.4 to 4.61.0 #​2600 (@​dependabot[bot])

Authors: 2

• @​dependabot[bot]
• Rémi (@​remusao)

---

typescript-eslint/typescript-eslint (typescript-eslint)

v8.61.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

✅ Supply Chain Verification Results

✅ PASSED

📦 SBOM Summary

• Components: 1485

🔍 Vulnerability Scan

Severity	Count
🔴 Critical	0
🟠 High	0
🟡 Medium	12
🟢 Low	3
Total	15

📎 Artifacts

• SBOM (CycloneDX JSON) and Grype results available in workflow artifacts

---

_{Generated by Supply Chain Verification workflow • View Details}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.