chore(deps): Bump the prod-dependencies-minor group across 1 directory with 7 updates

[dependabot]

Bumps the prod-dependencies-minor group with 7 updates in the / directory:

Package	From	To
css-tree	3.1.0	3.2.1
lucide-react	1.8.0	1.12.0
mermaid	11.12.3	11.14.0
overlayscrollbars	2.14.0	2.15.1
react-frame-component	5.2.7	5.3.2
simple-icons	16.17.0	16.18.0
ws	8.19.0	8.20.0

Updates css-tree from 3.1.0 to 3.2.1

Release notes

Sourced from css-tree's releases.

3.2.1

• Fixed parsing of nested function in a group in definition syntax (#358)

3.2.0

• Added "sideEffects": false in package.json
• Added list option to the parse() method to specify whether the parser should produce a List (by default, list: true) or an array (list: false) for node's children (e.g., SelectorList, Block, etc.)
• Added support for Functional Notation in definition syntax (for now by wrapping function arguments into an implicit group when necessary, see #292)
• Added support for stacked multipliers {A}? and {A,B}? according to spec in definition syntax parsing (#346)
• Added math functions support in syntax matching (e.g., min(), max(), etc.) (#344)
• Added onToken option to the parse() method, which can be either an array or a function:
  • When the value is an array, it is populated with objects { type, start, end } (token type, and its start and end offsets).
  • When the value is a function, it accepts type, start, end, and index parameters, and is invoked with a token API as this, enabling advanced token handling (see onToken). For example, the following demonstrates checking if all block tokens have matching pairs:

    parse(css, {
        onToken(type, start, end, index) {
            if (this.isBlockOpenerTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No closing pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            } else if (this.isBlockCloserTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No opening pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            }
        }
    });

• Extended TokenStream with the following methods:
  • getTokenEnd(tokenIndex) – returns the token's end offset by index, complementing getTokenStart(tokenIndex)
  • getTokenType(tokenIndex) – returns the token's type by index
  • isBlockOpenerTokenType(tokenType) – returns true for <function-token>, <(-token>, <[-token>, and <{-token>
  • isBlockCloserTokenType(tokenType) – returns true for <)-token>, <]-token>, and <}-token>
  • getBlockTokenPairIndex(tokenIndex) – returns the index of the pair token for a block, or -1 if no pair exists
• Changed generate() to not auto insert whitespaces between tokens for raw values (#356)
• Fixed fork() to extend node definitions instead of overriding them. For example, fork({ node: { Dimension: { generate() { /* ... */ } } } }) will now update only the generate() method on the Dimension node, while inheriting all other properties from the previous syntax definition.
• Bumped mdn/data to 2.27.1 and various fixes in syntaxes

Changelog

Sourced from css-tree's changelog.

3.2.1 (March 5, 2026)

• Fixed parsing of nested function in a group in definition syntax (#358)

3.2.0 (March 4, 2026)

• Added "sideEffects": false in package.json
• Added list option to the parse() method to specify whether the parser should produce a List (by default, list: true) or an array (list: false) for node's children (e.g., SelectorList, Block, etc.)
• Added support for Functional Notation in definition syntax (for now by wrapping function arguments into an implicit group when necessary, see #292)
• Added support for stacked multipliers {A}? and {A,B}? according to spec in definition syntax parsing (#346)
• Added math functions support in syntax matching (e.g., min(), max(), etc.) (#344)
• Added onToken option to the parse() method, which can be either an array or a function:
  • When the value is an array, it is populated with objects { type, start, end } (token type, and its start and end offsets).
  • When the value is a function, it accepts type, start, end, and index parameters, and is invoked with a token API as this, enabling advanced token handling (see onToken). For example, the following demonstrates checking if all block tokens have matching pairs:

    parse(css, {
        onToken(type, start, end, index) {
            if (this.isBlockOpenerTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No closing pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            } else if (this.isBlockCloserTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No opening pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            }
        }
    });

• Extended TokenStream with the following methods:
  • getTokenEnd(tokenIndex) – returns the token's end offset by index, complementing getTokenStart(tokenIndex)
  • getTokenType(tokenIndex) – returns the token's type by index
  • isBlockOpenerTokenType(tokenType) – returns true for <function-token>, <(-token>, <[-token>, and <{-token>
  • isBlockCloserTokenType(tokenType) – returns true for <)-token>, <]-token>, and <}-token>
  • getBlockTokenPairIndex(tokenIndex) – returns the index of the pair token for a block, or -1 if no pair exists
• Changed generate() to not auto insert whitespaces between tokens for raw values (#356)
• Fixed fork() to extend node definitions instead of overriding them. For example, fork({ node: { Dimension: { generate() { /* ... */ } } } }) will now update only the generate() method on the Dimension node, while inheriting all other properties from the previous syntax definition.
• Bumped mdn/data to 2.27.1 and various fixes in syntaxes

Commits

• 8a6caba 3.2.1
• 7c7f9ee Fix parsing of nested function in a group in definition syntax (fixes #358)
• c42fee2 3.2.0
• aad332e Add Function Notation in syntax definition (#292)
• 264d09d Fix GitHub actions
• 5766a65 Fix syntax definition issues
• 307d8df Bump deps
• c008c01 Add support for stacked multipliers {A}? and {A,B}? in definition syntax ...
• 20f5671 Add list option for parser (fixes #348)
• 39a0c72 Update nodejs versions
• Additional commits viewable in compare view

Updates lucide-react from 1.8.0 to 1.12.0

Release notes

Sourced from lucide-react's releases.

Version 1.12.0

What's Changed

• feat(icon): add folder-bookmark icon by @​swastik7805 in lucide-icons/lucide#4262
• docs(readme): Update readme files by @​ericfennis in lucide-icons/lucide#4320
• feat(icons): added astroid icon by @​whoisBugsbunny in lucide-icons/lucide#4217

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Version 1.11.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by @​swastik7805 in lucide-icons/lucide#4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in lucide-icons/lucide#4299
• feat(icons): added layers-minus icon by @​Spleefies in lucide-icons/lucide#4005
• feat(icons): added bell-check icon by @​pettelau in lucide-icons/lucide#4152

New Contributors

• @​jglu made their first contribution in lucide-icons/lucide#4309
• @​pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

• docs: add missing period to TypeScript Support description by @​jglu in lucide-icons/lucide#4309
• fix(@​lucide/svelte): proper doc comments for svelte components by @​blt-r in lucide-icons/lucide#4267
• chore(deps): bump svgo from 3.3.2 to 3.3.3 by @​dependabot[bot] in lucide-icons/lucide#4119
• chore(deps-dev): bump astro from 6.0.8 to 6.1.6 by @​dependabot[bot] in lucide-icons/lucide#4310
• feat(icons): add power and quick tags to zap and zap-off by @​swastik7805 in lucide-icons/lucide#4268
• test(build-font): added comprehensive unit tests on build-font tool by @​karsa-mistmere in lucide-icons/lucide#4315
• feat(docs): blur background of framework-select by @​Spleefies in lucide-icons/lucide#4238
• feat(icon): add heart-x icon by @​swastik7805 in lucide-icons/lucide#4264
• fix(icons): optimised rotate-3d icon by @​jamiemlaw in lucide-icons/lucide#4299
• feat(icons): added layers-minus icon by @​Spleefies in lucide-icons/lucide#4005
• feat(icons): added bell-check icon by @​pettelau in lucide-icons/lucide#4152

New Contributors

• @​jglu made their first contribution in lucide-icons/lucide#4309
• @​pettelau made their first contribution in lucide-icons/lucide#4152

Full Changelog: lucide-icons/lucide@1.9.0...1.10.0

Version 1.9.0

... (truncated)

Commits

• 50d8af5 docs(readme): Update readme files (#4320)
• 653e44b feat(packages): use .mjs for ESM bundles (#4285)
• See full diff in compare view

Updates mermaid from 11.12.3 to 11.14.0

Release notes

Sourced from mermaid's releases.

mermaid@11.14.0

Thanks to our awesome mermaid community that contributed to this release: @​ashishjain0512, @​tractorjuice, @​autofix-ci[bot], @​aloisklink, @​knsv, @​kibanana, @​chandershekhar22, @​khalil, @​ytatsuno, @​sidharthv96, @​github-actions[bot], @​dripcoding, @​knsv-bot, @​jeroensmink98, @​Alex9583, @​GhassenS, @​omkarht, @​darshanr0107, @​leentaylor, @​lee-treehouse, @​veeceey, @​turntrout, @​Mermaid-Chart, @​BambioGaming, Claude

Releases

@​mermaid-js/examples@​1.2.0

Minor Changes

• #7526 efe218a - add new TreeView diagram

mermaid@11.14.0

Minor Changes

• #7526 efe218a - Add Wardley Maps diagram type (beta)

  Adds Wardley Maps as a new diagram type to Mermaid (available as wardley-beta). Wardley Maps are visual representations of business strategy that help map value chains and component evolution.

  Features:

  • Component positioning with [visibility, evolution] coordinates (OWM format)
  • Anchors for users/customers
  • Multiple link types: dependencies, flows, labeled links
  • Evolution arrows and trend indicators
  • Custom evolution stages with optional dual labels
  • Custom stage widths using @​boundary notation
  • Pipeline components with visibility inheritance
  • Annotations, notes, and visual elements
  • Source strategy markers: build, buy, outsource, market
  • Inertia indicators
  • Theme integration

  Implementation includes parser, D3.js renderer, unit tests, E2E tests, and comprehensive documentation.

• #7526 efe218a - feat: implement neo look styling for state diagrams

• #7526 efe218a - feat: implement neo look support for sequence diagrams with drop shadows, and enhanced styling

• #7526 efe218a - feat: add randomize config option for architecture diagrams, defaulting to false for deterministic layout

• #7526 efe218a - feat: Add option to change timeline direction

• #7526 efe218a - Fix duplicate SVG element IDs when rendering multiple diagrams on the same page. Internal element IDs (nodes, edges, markers, clusters) are now prefixed with the diagram's SVG element ID across all diagram types. Custom CSS or JS using exact ID selectors like #arrowhead should use attribute-ending selectors like [id$="-arrowhead"] instead.

• #7526 efe218a - feat: implement neo look styling for ER diagrams

• #7526 efe218a - feat: implement neo look styling for requirement diagrams

• #7526 efe218a - feat: add theme support for data label colour in xy chart

... (truncated)

Commits

• 2b9d054 Version Packages (#7561)
• efe218a Release candidate 11.14.0 (#7526)
• d2b5b2b chore: Editor Picker V2 (#7497)
• 07c554e Setting the link to Get started to the correct on
• b1a5e9b Version Packages (#7466)
• bdd7abd fix: use correct package name for elk
• a900618 dummy commit
• a60e615 Fix: ER diagram edge label positioning (#7453)
• 1d17c14 Merge branch 'master' of https://github.com/mermaid-js/mermaid
• 500be12 chore: Update coupon
• Additional commits viewable in compare view

Updates overlayscrollbars from 2.14.0 to 2.15.1

Changelog

Sourced from overlayscrollbars's changelog.

2.15.1

Improvements

• The instance.sleep function will now also put the scrollbars.autoHide timer to sleep.

2.15.0

Features

• The option options.scrollbars.clickScroll now also accepts a function which can be used to customize the click scroll behavior. #754
• Added the instance.sleep function. Can be used to optimize performance or visual feedback. (for example during animations) #755

Commits

• See full diff in compare view

Updates react-frame-component from 5.2.7 to 5.3.2

Release notes

Sourced from react-frame-component's releases.

v5.3.2

Patch Changes

• f191d58: Add types condition to package.json exports to fix TypeScript resolution with TSGo and modern ESM tools

• 1820bc3: ## Fix race condition in getMountTarget() (issue #250)

  Fixed "Cannot read properties of null" errors when initialContent changes rapidly by adding null checks for doc and doc.body in getMountTarget().

  Changes

  • src/Frame.jsx: Added null check in getMountTarget() to handle cases when iframe document is temporarily unavailable during rapid rerenders

v5.3.0

What's Changed

Add fallback to document.write() for initial frame rendering via dangerouslyUseDocWrite prop to support libraries like Repcaptcha and Google Maps that depend on the frame's location/origin.

PR #248: Add document.write() fallback (@​andrewpye)

---

Previous releases: https://github.com/ryanseddon/react-frame-component/releases

Changelog

Sourced from react-frame-component's changelog.

5.3.2

Patch Changes

• f191d58: Add types condition to package.json exports to fix TypeScript resolution with TSGo and modern ESM tools

• 1820bc3: ## Fix race condition in getMountTarget() (issue #250)

  Fixed "Cannot read properties of null" errors when initialContent changes rapidly by adding null checks for doc and doc.body in getMountTarget().

  Changes

  • src/Frame.jsx: Added null check in getMountTarget() to handle cases when iframe document is temporarily unavailable during rapid rerenders

5.3.1

Patch Changes

• 14c215c: Fix React 19 and Vite compatibility by externalizing react/jsx-runtime

  The ESM and UMD builds were incorrectly bundling react/jsx-runtime inline from CommonJS source, which caused two issues:

  1. ESM builds contained __require("react") calls - This failed in browser ESM environments with "Could not dynamically require react" errors when using Vite.
  2. UMD builds referenced __SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED.ReactCurrentOwner - This internal API was removed in React 19, causing "Cannot read properties of undefined" errors.

  The fix adds react/jsx-runtime and react/jsx-dev-runtime to the external dependencies list in the Vite configuration. This ensures the JSX transform is loaded from the proper module format rather than being bundled inline from CJS source.

  Bundle size improvements:

  • ESM: 35.7 KB → 4.6 KB (-87%)
  • UMD: 37.9 KB → 6.8 KB (-82%)

  Fixes #280

5.3.0

Minor Changes

• 8d922c3: Add fallback to document.write() for initial frame rendering via dangerouslyUseDocWrite prop to support libraries like Repcaptcha and Google Maps that depend on the frame's location/origin.

Commits

• 3f4cb97 Update npm to latest for OIDC trusted publishing (#290)
• eddb677 Revert "Update npm to latest for OIDC trusted publishing"
• 194d769 Update npm to latest for OIDC trusted publishing
• ed62652 Version Packages (#289)
• fb302a0 Bump follow-redirects from 1.15.0 to 1.15.11
• c44e385 Merge pull request #285 from ryanseddon/dependabot/npm_and_yarn/picomatch-2.3.2
• 722560a Bump picomatch from 2.3.1 to 2.3.2
• d6b8e30 Merge pull request #288 from ryanseddon/fix/issue-287-types-exports
• f191d58 Add changeset
• 1820bc3 fix: add null check in getMountTarget to prevent race condition (#286)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-frame-component since your current version.

Updates simple-icons from 16.17.0 to 16.18.0

Release notes

Sourced from simple-icons's releases.

Release 16.18.0

4 new icons

• DeepSeek (#14635) (@​cscnk52)
• Moonshot AI (#14636) (@​cscnk52)
• Neon (#14612) (@​cscnk52, @​Owen G)
• QWen (#14634) (@​cscnk52)

3 updated icons

• 1Password (#14616) (@​AlightSoulmate)
• ESPHome (#14614) (@​cscnk52)
• Simple Icons (#14640) (@​cscnk52)

Commits

• c8b5906 Replace README CDN theme image links
• e17fdfa Release 16.18.0
• b65d17c Bump version to 16.18.0
• af8a20b Change .nvmrc to a symlink of .node-version (#14648)
• 75ccb87 Add Moonshot AI icon (#14636)
• 6e41e4e Add Qwen icon (#14634)
• 4479446 Update 1Password icon (#14616)
• 8f56a0b Add DeepSeek icon (#14635)
• e15783d Fix label link in icon_update.yml (#14647)
• 203eade Update Simple icons icon (#14640)
• Additional commits viewable in compare view

Updates ws from 8.19.0 to 8.20.0

Release notes

Sourced from ws's releases.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

Commits

• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• ca533a5 [pkg] Update globals to version 17.0.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.