chore(deps): bump the production-dependencies group across 1 directory with 15 updates

[dependabot]

Bumps the production-dependencies group with 15 updates in the / directory:

Package	From	To
@clack/prompts	0.9.1	0.10.0
globby	14.0.2	14.1.0
hast-util-to-html	9.0.4	9.0.5
hast-util-to-jsx-runtime	2.3.2	2.3.5
pixi.js	8.7.3	8.8.1
preact	10.25.4	10.26.4
rehype-mathjax	6.0.0	7.1.0
remark-gfm	4.0.0	4.0.1
shiki	1.26.2	3.1.0
ws	8.18.0	8.18.1
@types/node	22.13.0	22.13.8
esbuild	0.24.2	0.25.0
prettier	3.4.2	3.5.3
tsx	4.19.2	4.19.3
typescript	5.7.3	5.8.2

Updates @clack/prompts from 0.9.1 to 0.10.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​0.10.0

Minor Changes

• 613179d: Adds a new indicator option to spinner, which supports the original "dots" loading animation or a new "timer" loading animation.

  import * as p from "@clack/prompts";
  const spin = p.spinner({ indicator: "timer" });
  spin.start("Loading");
  await sleep(3000);
  spin.stop("Loaded");

• a38b2bc: Adds stream API which provides the same methods as log, but for iterable (even async) message streams. This is particularly useful for AI responses which are dynamically generated by LLMs.

  import * as p from "@clack/prompts";
  await p.stream.step(
  (async function* () {
  yield* generateLLMResponse(question);
  })()
  );

Changelog

Sourced from @​clack/prompts's changelog.

0.10.0

Minor Changes

• 613179d: Adds a new indicator option to spinner, which supports the original "dots" loading animation or a new "timer" loading animation.

  import * as p from "@clack/prompts";
  const spin = p.spinner({ indicator: "timer" });
  spin.start("Loading");
  await sleep(3000);
  spin.stop("Loaded");

• a38b2bc: Adds stream API which provides the same methods as log, but for iterable (even async) message streams. This is particularly useful for AI responses which are dynamically generated by LLMs.

  import * as p from "@clack/prompts";
  await p.stream.step(
  (async function* () {
  yield* generateLLMResponse(question);
  })()
  );

Commits

• fe1ee54 [ci] release (#232)
• 613179d feat: timer indicator for spinner (#230)
• 251518b [ci] format
• a38b2bc Adds stream API (#231)
• d444439 [ci] format
• See full diff in compare view

Updates globby from 14.0.2 to 14.1.0

Release notes

Sourced from globby's releases.

v14.1.0

• Export isIgnoredByIgnoreFiles and isIgnoredByIgnoreFilesSync functions (#269) cba8941

---

sindresorhus/globby@v14.0.2...v14.1.0

Commits

• 60d7de5 14.1.0
• 86822f2 Meta tweaks
• cba8941 Export isIgnoredByIgnoreFiles and isIgnoredByIgnoreFilesSync functions (#...
• See full diff in compare view

Updates hast-util-to-html from 9.0.4 to 9.0.5

Release notes

Sourced from hast-util-to-html's releases.

9.0.5

• 329625e Update property-information

Full Changelog: syntax-tree/hast-util-to-html@9.0.4...9.0.5

Commits

• d115f5b 9.0.5
• 13cfb3e Refactor package.json
• 17c1b1b Refactor docs
• 329625e Update property-information
• d1b5d73 Update dev-dependencies
• See full diff in compare view

Updates hast-util-to-jsx-runtime from 2.3.2 to 2.3.5

Release notes

Sourced from hast-util-to-jsx-runtime's releases.

2.3.5

• d25e00a Remove no longer working type hack

Full Changelog: syntax-tree/hast-util-to-jsx-runtime@2.3.4...2.3.5

2.3.4

Types

• bf5ccaa Fix type error if JSX is not defined

Full Changelog: syntax-tree/hast-util-to-jsx-runtime@2.3.3...2.3.4

2.3.3

• da03821 Update property-information

Full Changelog: syntax-tree/hast-util-to-jsx-runtime@2.3.2...2.3.3

Commits

• 09c32dc 2.3.5
• d25e00a Remove no longer working type hack
• 5271dd5 2.3.4
• bf5ccaa Fix type error if JSX is not defined
• 4a0148e 2.3.3
• 1c5bb11 Refactor docs
• 644db29 Update React in dev-dependencies
• da03821 Update property-information
• 78a94db Update dev-dependencies
• b8ccc74 Update actions
• Additional commits viewable in compare view

Updates pixi.js from 8.7.3 to 8.8.1

Release notes

Sourced from pixi.js's releases.

v8.8.1

💾 Download

Development Build:

• https://pixijs.download/v8.8.1/pixi.js
• https://pixijs.download/v8.8.1/pixi.mjs

Production Build:

• https://pixijs.download/v8.8.1/pixi.min.js
• https://pixijs.download/v8.8.1/pixi.min.mjs

Documentation:

• https://pixijs.download/v8.8.1/docs/index.html

Changed

pixijs/pixijs@v8.8.0...v8.8.1

🐛 Fixed

• fix: gif loader base64 path matching by @​MechaKnightz in pixijs/pixijs#11285
• fix: Don't bundle GIF dependencies by @​bigtimebuddy in pixijs/pixijs#11298

New Contributors

• @​MechaKnightz made their first contribution in pixijs/pixijs#11285

v8.8.0

💾 Download

Development Build:

• https://pixijs.download/v8.8.0/pixi.js
• https://pixijs.download/v8.8.0/pixi.mjs

Production Build:

• https://pixijs.download/v8.8.0/pixi.min.js
• https://pixijs.download/v8.8.0/pixi.min.mjs

Documentation:

• https://pixijs.download/v8.8.0/docs/index.html

Changed

pixijs/pixijs@v8.7.3...v8.8.0

🚨 Behavior Change 🚨

Since 8.0.0 PixiJS has been incorrectly applying gradients and graphics fill textures. Instead of using normalized "local space" coordinates (0–1), gradients were using "global space" values in pixels. This was an unintended change that made working with gradients/texture fills much harder. In this release, we have changed the default behavior back to "local space" to match v7.

For anyone who needs the old behavior, you can change the default options globally or you can control it individually as all APIs now accept a textureSpace property that can be set to "global". For example:

FillGradient.defaultLinearOptions.textureSpace = 'global'
FillGradient.defaultRadialOptions.textureSpace = 'global'
// or individually
new FillGraident(0, 0, 100, 100, 'global')
</tr></table> 

... (truncated)

Commits

• 931d883 v8.8.1
• 1500808 fix: gif loader base64 path matching (#11285)
• 9d3cba8 fix: Don't bundle GIF dependencies (#11298)
• 8c04fba v8.8.0
• 58ba165 fix: texture options set for spritesheet aren't propagating to multipacked sp...
• ea1a102 feat: add returnTexture for CanvasTextSystem (#11269)
• 7f5e337 fix: increase didViewChangeTick on removeChildren call (#11245)
• 723c605 feat: add mixins for leaf nodes (#11253)
• 16f45bf fix graphics prepare bug (#11258)
• 47e4932 fix texture update bug on mesh (#11259)
• Additional commits viewable in compare view

Updates preact from 10.25.4 to 10.26.4

Release notes

Sourced from preact's releases.

10.26.4

Fixes

• Address context fragments issue (#4717, thanks @​JoviDeCroock)

10.26.3

Fixes

• Keyed nullish placeholders cause re-mounts (#4700, thanks @​JoviDeCroock)

Types

• Add command invoker types (#4692, thanks @​lukewarlow)
• Flesh out HTMLMediaElement types (#4705, thanks @​rschristian)
• Add onBeforeToggle event handler type (#4694, thanks @​lukewarlow)
• Add dialog closedby types (#4693, thanks @​lukewarlow)
• Add fetchPriority to img (#4713, thanks @​JoviDeCroock)
• Refactor AllHTMLAttributes interface (#4706, thanks @​rschristian)

Maintenance

• Remove console log in debug package (#4709, thanks @​rschristian)
• Remove unused deps (#4707, thanks @​JoviDeCroock)
• Fix mocha in Node v22+ (#4701, thanks @​rschristian)
• Fix TS lang server support in our .d.ts files (#4698, thanks @​rschristian)

10.26.2

This is a hotfix release! If you are encountering bundling issues with regards to unallowed import syntax, this will fix it!

Fixes

• Remove pkg type (#4689, thanks @​rschristian)

Maintenance

• Skip benches during release workflows (#4686, thanks @​rschristian)

10.26.1

Fixes

• Fixes memory leak when wrapping Fragment is captured by an effect closure (#4680, thanks @​JoviDeCroock)

Optimization

• Created NULL constant (#4682, thanks @​Ben-Brady)

Maintenance

• Simplify compat build script (#4677, thanks @​rschristian)

... (truncated)

Commits

• ccd1e71 10.26.4 (#4718)
• 58703d6 Address context fragments issue (#4717)
• ecf6c40 10.26.3 (#4714)
• daba002 types: Refactor 'AllHTMLAttributes' interface (#4706)
• 55e9f52 Add fetchPriority (#4713)
• 1effaa6 chore: Remove console log in debug (#4709)
• 94fbcbd Remove unused deps (#4707)
• eb9c8ab feat: Add command invoker types (#4692)
• 46bace7 types: Flesh out HTMLMediaElement types (#4705)
• d7b4787 chore: Fix mocha in Node v22+ (#4701)
• Additional commits viewable in compare view

Updates rehype-mathjax from 6.0.0 to 7.1.0

Release notes

Sourced from rehype-mathjax's releases.

[email protected]

• 7250ec6 Add catching of mathjax exceptions

[email protected]

• b353e49 Remove dependency on jsdom migrate: this should be a patch, but there could be small differences: do let us know if you see problems

Commits

• 76c1497 rehype-mathjax: 7.1.0
• ebd70ae Add mention of rehype-mathml and Temml to docs
• 7250ec6 Add catching of mathjax exceptions
• ce40b18 rehype-mathjax: 7.0.0
• e7d0c02 Refactor code-style
• ea70922 Remove note for removed idea
• 8c57175 Remove license year
• aa311dd Refactor .prettierignore
• 9f490f0 Refactor .editorconfig
• e6823cb Refactor package.jsons
• Additional commits viewable in compare view

Updates remark-gfm from 4.0.0 to 4.0.1

Release notes

Sourced from remark-gfm's releases.

4.0.1

Types

• 4af823a Refactor to use interface for exposed types
• 3a57a5b Add declaration maps
• 76559f9 Refactor to use @imports

Docs

• 173394d Add docs on footnote option
• 21cae6a Fix typo by @​leafac in remarkjs/remark-gfm#73

Full Changelog: remarkjs/remark-gfm@4.0.0...4.0.1

Commits

• 109972e 4.0.1
• 173394d Add docs on footnote option
• 030dd8d Update dev-dependencies
• 21cae6a Fix typo
• 4af823a Refactor to use interface for exposed types
• 3a57a5b Add declaration maps
• 76559f9 Refactor to use @imports
• da38235 Refactor package.json
• a5e8993 Remove license year
• 4e1d55f Refactor .editorconfig
• Additional commits viewable in compare view

Updates shiki from 1.26.2 to 3.1.0

Release notes

Sourced from shiki's releases.

v3.1.0

   🚀 Features

• engine-js: Bump deps to work around Safari bug with some grammars  -  by @​slevithan in shikijs/shiki#941 (47205)
• twoslash: Upgrade twoslash v0.3, require typescript v5.5+, close #950, close #951  -  by @​antfu in shikijs/shiki#950 and shikijs/shiki#951 (5c6f9)

   🐞 Bug Fixes

• monaco: Handle missing settings in textmate theme func  -  by @​felipetodev in shikijs/shiki#939 (19f75)

    View changes on GitHub

v3.0.0

   🚨 Breaking Changes

• Remove deprecated apis for v3.0  -  by @​antfu in shikijs/shiki#900 (55c15)
• Remove node10 typescript resolution support  -  by @​userquin in shikijs/shiki#923 (ccb58)
• twoslash: Make default moduleResolution to bundler  -  by @​antfu in shikijs/shiki#936 (e924d)

   🐞 Bug Fixes

• transformers:
  • Also remove extra newline token, fix #915  -  by @​antfu in shikijs/shiki#915 (cc591)
  • Support matching comments in comments, fix #934  -  by @​antfu in shikijs/shiki#934 (6efc8)
  • Fix matching indices for word-highlight  -  by @​artt in shikijs/shiki#909 (57a09)

    View changes on GitHub

v2.5.0

   🐞 Bug Fixes

• transformers:
  • Also remove extra newline token, fix #915  -  by @​antfu in shikijs/shiki#915 (457b0)
  • Support matching comments in comments, fix #934  -  by @​antfu in shikijs/shiki#934 (9221e)
  • Fix matching indices for word-highlight  -  by @​artt in shikijs/shiki#909 (58ea0)

    View changes on GitHub

v2.4.2

   🚀 Features

• Replace picocolors and chalk with ansis  -  by @​webdiscus in shikijs/shiki#935 (ecc4a)
• core: Expose flatTokenVariants utility, refactor utils folder  -  by @​antfu (634fa)

   🐞 Bug Fixes

• Missing types for CodeToTokensWithThemesOptions  -  by @​antfu (d6195)
• transformers: Update utils order  -  by @​antfu (7c60c)

    View changes on GitHub

... (truncated)

Commits

• ab672eb chore: release v3.1.0
• ba9172d chore: release v3.0.0
• 4edb178 Merge branch 'v2'
• 516322e chore: release v2.5.0
• ccb5856 build!: remove node10 typescript resolution support (#923)
• 55c1554 feat!: remove deprecated apis for v3.0 (#900)
• d52da67 chore: release v2.4.2
• aa84bbc chore: release v2.4.1
• 89ae773 feat: expose guessEmbeddedLanguages from core
• be1d614 chore: release v2.4.0
• Additional commits viewable in compare view

Updates ws from 8.18.0 to 8.18.1

Release notes

Sourced from ws's releases.

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

Commits

• b92745a [dist] 8.18.1
• b3d9747 [doc] Fix nit
• 021f7b8 [test] Shorten the path lengths
• b9ca55b [pkg] Update eslint-config-prettier to version 10.0.1
• c798dd4 [doc] Fix typo (#2271)
• 6861472 [ci] Test on node 23
• 019f28f [minor] Improve JSDoc-inferred types (#2242)
• bfe1b2a [doc] Remove unnecessary period (#2240)
• f7dc469 [doc] Fix the type of the data argument
• See full diff in compare view

Updates @types/node from 22.13.0 to 22.13.8

Commits

• See full diff in compare view

Updates esbuild from 0.24.2 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates prettier from 3.4.2 to 3.5.3

Release notes

Sourced from prettier's releases.

3.5.3

🔗 Changelog

3.5.2

🔗 Changelog

3.5.1

🔗 Changelog

3.5.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.5.3

diff

Flow: Fix missing parentheses in ConditionalTypeAnnotation (#17196 by @​fisker)

// Input
type T<U> = 'a' | ('b' extends U ? 'c' : empty);
type T<U> = 'a' & ('b' extends U ? 'c' : empty);
// Prettier 3.5.2
type T<U> = "a" | "b" extends U ? "c" : empty;
type T<U> = "a" & "b" extends U ? "c" : empty;
// Prettier 3.5.3
type T<U> = "a" | ("b" extends U ? "c" : empty);
type T<U> = "a" & ("b" extends U ? "c" : empty);

3.5.2

diff

Remove module-sync condition (#17156 by @​fisker)

In Prettier 3.5.0, we added module-sync condition to package.json, so that require("prettier") can use ESM version, but turns out it doesn't work if CommonJS and ESM plugins both imports builtin plugins. To solve this problem, we decide simply remove the module-sync condition, so require("prettier") will still use the CommonJS version, we'll revisit until require(ESM) feature is more stable.

3.5.1

diff

Fix CLI crash when cache for old version exists (#17100 by @​sosukesuzuki)

Prettier 3.5 uses a different cache format than previous versions, Prettier 3.5.0 crashes when reading existing cache file, Prettier 3.5.1 fixed the problem.

Support dockercompose and github-actions-workflow in VSCode (#17101 by @​remcohaszing)

Prettier now supports the dockercompose and github-actions-workflow languages in Visual Studio Code.

3.5.0

diff

🔗 Release Notes

Commits

• 4ff5dc5 Release 3.5.3
• a2e560e Fix missing parentheses in ConditionalTypeAnnotation (#17196)
• fa95c97 Add mergeBlogPost step to release script (#17199)
• b47cd50 Add title to patch release changelog (#17197)
• de30788 Minor fix in release script
• ecee6a0 Clean changelog_unreleased
• fd06512 Bump Prettier dependency to 3.5.2
• 1f74dd5 Update dependents count
• 399f427 Release 3.5.2
• bf5aab8 Revert "Use ESM entrypoint for require(ESM)" (#17156)
• Additional commits viewable in compare view

Updates tsx from 4.19.2 to 4.19.3

Release notes

Sourced from tsx's releases.

v4.19.3

4.19.3 (2025-02-19)

Bug Fixes

• upgrade esbuild to ~0.25.0 to address vuln report (#698) (e04e6c6)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• e04e6c6 fix: upgrade esbuild to ~0.25.0 to address vuln report (#698)
• 28a3e7d docs: update links to npx (#680)
• 38b7135 docs: add carbon ads
• See full diff in compare view

Updates typescript from 5.7.3 to 5.8.2

Release notes

Sourced from typescript's releases.

TypeScript 5.8

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.8.0 (Beta).
• fixed issues query for Typescript 5.8.1 (RC).
• fixed issues query for Typescript 5.8.2 (Stable).

Downloads are available on:

• npm

TypeScript 5.8 RC

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.8.0 (Beta).
• fixed issues query for Typescript 5.8.1 (RC).

Downloads are available on:

• npm

TypeScript 5.8 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.8.0 (Beta).

Downloads are available on:

• npm

Commits

• beb69e4 Bump version to 5.8.2 and LKG
• 8fdbd54 🤖 Pick PR #61210 (Fix mistakenly disallowed default e...) into release-5.8 (#...
• f4a3a8a 🤖 Pick PR #61175 (Ban import=require and export= unde...) into release-5.8 (#...
• 420ff06 Bump version to 5.8.1-rc and LKG
• 48eb13f Update LKG
• fb59c19 Merge remote-tracking branch 'origin/main' into release-5.8
• df342b7 Fixed rewriteRelativeImportExtensions for import() within call expression...
• 775412a Bump github/codeql-action from 3.28.8 to 3.28.9 in the github-actions group (...
• e1629e5 Pass ignoreErrors=true to more resolveEntityName callers (#61144)
• 6fd1799 Update LKG
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
exocortex	❌ Failed (Inspect)			Mar 3, 2025 6:44am

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.