Update devDependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/core (source)	7.26.9 -> 7.26.10
@babel/eslint-parser (source)	7.26.8 -> 7.26.10
@babel/plugin-transform-runtime (source)	7.26.9 -> 7.26.10
@babel/runtime (source)	7.26.9 -> 7.26.10
@babel/types (source)	7.26.9 -> 7.26.10
@codemirror/language	6.10.8 -> 6.11.0
@ember/test-waiters	4.0.0 -> 4.1.0
@embroider/addon-dev (source)	7.1.1 -> 7.1.3
@​embroider/broccoli-side-watch	0.0.2-unstable.ba9fd29 -> 0.0.2-unstable.fad2387
@embroider/webpack (source)	4.0.10 -> 4.1.0
@glimmer/compiler (source)	^0.92.4 -> ^0.94.0
@glimmer/interfaces (source)	0.94.5 -> 0.94.6
@glimmer/reference (source)	^0.92.3 -> ^0.94.0
@glimmer/syntax (source)	0.94.7 -> 0.94.8
@glimmer/util (source)	0.94.6 -> 0.94.7
@glint/core	1.4.1-unstable.0e0d936 -> 1.5.2
@glint/environment-ember-loose	1.4.1-unstable.0e0d936 -> 1.5.2
@glint/environment-ember-template-imports	1.4.1-unstable.0e0d936 -> 1.5.2
@glint/template	1.4.1-unstable.0e0d936 -> 1.5.2
@nullvoxpopuli/eslint-configs	5.0.1 -> 5.1.1
@rollup/plugin-commonjs (source)	28.0.2 -> 28.0.3
@types/node (source)	22.13.8 -> 22.13.10
autoprefixer	10.4.20 -> 10.4.21
ember-cli (source)	6.2.2 -> 6.2.3
ember-source (source)	6.4.0-alpha.4 -> 6.4.0-alpha.6
esbuild	0.25.0 -> 0.25.1
eslint (source)	9.21.0 -> 9.22.0
publint (source)	^0.2.12 -> ^0.3.0
release-plan	^0.13.1 -> ^0.16.0
rollup (source)	4.34.9 -> 4.35.0
rollup (source)	~4.25.0 -> ~4.35.0
tailwindcss (source)	4.0.9 -> 4.0.14
type-fest	4.35.0 -> 4.37.0
typescript (source)	5.7.3 -> 5.8.2
vite (source)	6.2.0 -> 6.2.1
vitest (source)	3.0.7 -> 3.0.8

---

Release Notes

babel/babel (@​babel/core)

v7.26.10

Compare Source

👓 Spec Compliance

• babel-parser
  • #​17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #​17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #​17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #​17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #​17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #​17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #​17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #​17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #​17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #​17160 Left-value parsing cleanup (@​JLHwung)

codemirror/language (@​codemirror/language)

v6.11.0

Compare Source

New features

Stream parsers now support a mergeTokens option that can be used to turn off automatic merging of adjacent tokens.

typed-ember/glint (@​glint/core)

v1.5.2

Compare Source

v1.5.1

Compare Source

🐛 Bug Fix

• core
  • #​781 Resolve config from extends package (@​iarroyo)

Committers: 1

• Ivan Arroyo Escobar (@​iarroyo)

v1.5.0

Compare Source

🚀 Enhancement

• core
  • #​748 check if template is in heritage clause (@​patricklx)

Committers: 1

• Patrick Pircher (@​patricklx)

v1.4.1-unstable.ff9ea6c

Compare Source

v1.4.1-unstable.fd8b303

Compare Source

v1.4.1-unstable.fcc2294

Compare Source

v1.4.1-unstable.fab82a0

Compare Source

v1.4.1-unstable.f45caf8

Compare Source

v1.4.1-unstable.e8d1c9a

Compare Source

v1.4.1-unstable.e88e08e

Compare Source

v1.4.1-unstable.e45fffc

Compare Source

v1.4.1-unstable.e2be29b

Compare Source

v1.4.1-unstable.c9300e5

Compare Source

v1.4.1-unstable.b6f19ff

Compare Source

v1.4.1-unstable.b29a807

Compare Source

v1.4.1-unstable.b0ff255

Compare Source

v1.4.1-unstable.acdc718

Compare Source

v1.4.1-unstable.ac03de6

Compare Source

v1.4.1-unstable.aa212c7

Compare Source

v1.4.1-unstable.a8cefd1

Compare Source

v1.4.1-unstable.9efe7b1

Compare Source

v1.4.1-unstable.9b657e4

Compare Source

v1.4.1-unstable.4c8177d

Compare Source

v1.4.1-unstable.4b93fbb

Compare Source

v1.4.1-unstable.469c15e

Compare Source

v1.4.1-unstable.4675b5c

Compare Source

v1.4.1-unstable.45026b1

Compare Source

v1.4.1-unstable.34c4510

Compare Source

v1.4.1-unstable.2e45a79

Compare Source

v1.4.1-unstable.130d85f

Compare Source

v1.4.1-unstable.0fbe14f

Compare Source

rollup/plugins (@​rollup/plugin-commonjs)

v28.0.3

2025-03-06

Bugfixes

• fix: fix error when bundle contains require() of module with falsy __esModule export (#​1850)

postcss/autoprefixer (autoprefixer)

v10.4.21

Compare Source

• Fixed old -moz- prefix for :placeholder-shown (by @​Marukome0743).

ember-cli/ember-cli (ember-cli)

v6.2.3

Compare Source

Blueprint Changes

• ember new diff
• ember addon diff

Changelog

• #​10646 [Bugfix release]: Fix eslint parser for js when using --typescript @​NullVoxPopuli

Thank you to all who took the time to contribute!

emberjs/ember.js (ember-source)

v6.4.0-alpha.6

Compare Source

v6.4.0-alpha.5

Compare Source

evanw/esbuild (esbuild)

v0.25.1

Compare Source

• Fix incorrect paths in inline source maps (#​4070, #​4075, #​4105)

  This fixes a regression from version 0.25.0 where esbuild didn't correctly resolve relative paths contained within source maps in inline sourceMappingURL data URLs. The paths were incorrectly being passed through as-is instead of being resolved relative to the source file containing the sourceMappingURL comment, which was due to the data URL not being a file URL. This regression has been fixed, and this case now has test coverage.

• Fix invalid generated source maps (#​4080, #​4082, #​4104, #​4107)

  This release fixes a regression from version 0.24.1 that could cause esbuild to generate invalid source maps. Specifically under certain conditions, esbuild could generate a mapping with an out-of-bounds source index. It was introduced by code that attempted to improve esbuild's handling of "null" entries in source maps (i.e. mappings with a generated position but no original position). This regression has been fixed.

  This fix was contributed by @​jridgewell.

• Fix a regression with non-file source map paths (#​4078)

  The format of paths in source maps that aren't in the file namespace was unintentionally changed in version 0.25.0. Path namespaces is an esbuild-specific concept that is optionally available for plugins to use to distinguish paths from file paths and from paths meant for other plugins. Previously the namespace was prepended to the path joined with a : character, but version 0.25.0 unintentionally failed to prepend the namespace. The previous behavior has been restored.

• Fix a crash with switch optimization (#​4088)

  The new code in the previous release to optimize dead code in switch statements accidentally introduced a crash in the edge case where one or more switch case values include a function expression. This is because esbuild now visits the case values first to determine whether any cases are dead code, and then visits the case bodies once the dead code status is known. That triggered some internal asserts that guard against traversing the AST in an unexpected order. This crash has been fixed by changing esbuild to expect the new traversal ordering. Here's an example of affected code:

  switch (x) {
    case '':
      return y.map(z => z.value)
    case y.map(z => z.key).join(','):
      return []
  }

• Update Go from 1.23.5 to 1.23.7 (#​4076, #​4077)

  This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses.

  This PR was contributed by @​MikeWillCook.

eslint/eslint (eslint)

v9.22.0

Compare Source

publint/publint (publint)

v0.3.9

Compare Source

Patch Changes

• Support the formatMessage utility in the browser. It has a new color: 'html' option to highlight important parts with <strong> tags instead of ANSI colors. It also has a new reference: boolean option so the messages are worded in reference of the message location. (e1cfef0)

• If formatMessage is passed a package.json object with missing keys, the message part that references the value will now fallback to "undefined" instead of completely erroring out. (45962d1)

v0.3.8

Compare Source

Patch Changes

• Support passing a tarball path to the publint CLI. This allows to easily lint any tarball files at hand. (#​166)

  npx publint ./mylib-1.0.0.tgz

• The publint API now returns a pkg object as a convenience to pass it to formatMessage (#​166)

• Updated dependencies [02d169b]:

  • @​publint/pack@​0.1.2

v0.3.7

Compare Source

Patch Changes

• The "imports" field is now linted with the following rules: (#​162)

  • IMPORTS_KEY_INVALID: Ensure the imports key starts with a #
  • IMPORTS_VALUE_INVALID: Ensure the imports value is a valid path that starts with a ./
  • IMPORTS_GLOB_NO_MATCHED_FILES: Ensure the imports glob matches at least one file
  • IMPORTS_DEFAULT_SHOULD_BE_LAST: Ensure the "default" condition is last in an entrypoint's object
  • IMPORTS_MODULE_SHOULD_BE_ESM: Ensure the "module" condition file is ESM
  • IMPORTS_MODULE_SHOULD_PRECEDE_REQUIRE: Ensure the "module" condition precedes the "require" condition in an entrypoint's object

• Improve SSH git URL detection when checking the "repository" field. Values like "git@github.com:user/project.git" is now detected as a valid git URL, but will be suggested to use a full git URL instead, like "git+ssh://git@github.com/user/project.git" (28da844)

• Fix exports types message when the "require" or "import" condition already exists but the dts file format is still invalid (a731ec3)

v0.3.6

Compare Source

Patch Changes

• Fix checking bin field file path that omits .js or /index.js (04f289e)

v0.3.5

Compare Source

Patch Changes

• Check the "bin" field if the referenced file exists, has the correct JS format, and can be executed (#​150)

• Deprecate the deps command. The command has been tricky to maintain and incomplete (e.g. doesn't lint recursively). A separate tool can be used to run publint on dependencies instead, e.g. npx renoma --filter-rules "publint". (#​149)

v0.3.4

Compare Source

Patch Changes

• When globbing "exports" values that contains *, also respect "exports" keys that mark paths as null. For example: (b9605ae)

  {
    "exports": {
      "./*": "./dist/*",
      "./browser/*": null
    }
  }

  The glob in "./*": "./dist/*" will no longer match and lint files in "./browser/*" as it's marked null (internal).

• Update logs when running the publint CLI: (58d96a2)

  • The publint version is now displayed.
  • The packing command is also displayed.
  • Messages are now logged in the order of errors, warnings, and suggestions, instead of the other way round, to prioritize errors.
  • The publint deps command no longer logs passing dependencies. Only failing dependencies are logged.

  Examples:

  $ npx publint
  $ Running publint v0.X.X for my-library...
  $ Packing files with `npm pack`...
  $ All good!

  $ npx publint deps
  $ Running publint v0.X.X for my-library deps...
  $ x my-dependency
  $ Errors:
  $ 1. ...

• Fix detecting shorthand repository URLs with the . character (09d8cbb)

• Clarify message when "types" is not the first condition in the "exports" field (5a6ba00)

• Correctly detect if a "types" value in "exports" is used for dual publishing (3f3d8b2)

v0.3.3

Compare Source

Patch Changes

• Rename EXPORT_TYPES_INVALID_FORMAT message to EXPORTS_TYPES_INVALID_FORMAT (#​139)

• Allow versioned types conditions (e.g. "types@>=5.2") in "exports" when checking for "types" condition ordering (#​138)

v0.3.2

Compare Source

Patch Changes

• (Potentially breaking) Disable running lifecycle scripts, such as prepare, prepack, and postpack, when running the pack command internally. This returns to the behavior in v0.2. (Note that this change does not apply to yarn as it does not support ignoring lifecycle scripts for local projects) (#​128)

  This change is made as running lifecycle scripts was an unintentional behavior during the v0.3 breaking change, which could cause the linting process to take longer than expected, or even cause infinite loops if publint is used in a lifecycle script.

• Update repository and bugs URLs to point to the new publint organization (1eda033)

• Updated dependencies [1eda033, 10e3891]:

  • @​publint/pack@​0.1.1

v0.3.1

---

Configuration

📅 Schedule: Branch creation - "after 9pm on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[github-actions]

Project	Preview URL1	Manage
Limber	https://renovate-devdependencies.limber-glimdown.pages.dev	on Cloudflare
Tutorial	https://renovate-devdependencies.limber-glimmer-tutorial.pages.dev	on Cloudflare

Logs

Footnotes

1. if these branch preview links are not working, please check the logs for the commit-based preview link. There is a character limit of 28 for the branch subdomain, as well as some other heuristics, described here for the sake of implementation ease in deploy-preview.yml, that algo has been omitted. The URLs are logged in the wrangler output, but it's hard to get outputs from a matrix job. ↩