Skip to content

chore(deps-dev): Bump the npm-development group with 9 updates#110

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/main/npm-development-0a0c8d4b16
Open

chore(deps-dev): Bump the npm-development group with 9 updates#110
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/main/npm-development-0a0c8d4b16

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-development group with 9 updates:

Package From To
@sveltejs/adapter-cloudflare 7.2.8 7.2.9
@sveltejs/kit 2.65.1 2.66.0
@vitest/browser-playwright 4.1.8 4.1.9
@vitest/coverage-v8 4.1.8 4.1.9
@vitest/ui 4.1.8 4.1.9
playwright 1.60.0 1.61.0
typescript-eslint 8.61.0 8.61.1
vitest 4.1.8 4.1.9
wrangler 4.100.0 4.103.0

Updates @sveltejs/adapter-cloudflare from 7.2.8 to 7.2.9

Release notes

Sourced from @​sveltejs/adapter-cloudflare's releases.

@​sveltejs/adapter-cloudflare@​7.2.9

Patch Changes

Changelog

Sourced from @​sveltejs/adapter-cloudflare's changelog.

7.2.9

Patch Changes

Commits

Updates @sveltejs/kit from 2.65.1 to 2.66.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.66.0

Minor Changes

  • feat: precompress prerendered .md and .mdx files (#15893)

  • feat: warn the user when they forget to make boolean inputs optional in their form schemas (#15804)

Patch Changes

  • fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#15452)

  • fix: ensure base is available from $service-worker during development (#15882)

  • fix: use correct relative asset paths when rendering an error page for a missing __data.json request (#15884)

  • fix: preserve active for await consumers across query.live reconnects (#16022)

  • fix: settle query.live reconnect promise on all exit paths, preventing invalidateAll() from deadlocking when a live query is offline or interrupted (#16022)

  • fix: preserve last value when a query.live stream completes without yielding on reconnect (#16022)

  • fix: remove types: ['node'] from generated tsconfig to avoid errors when @types/node is not installed (#15709)

  • fix: prefer pages over endpoints when prerendering (#16076)

  • fix: restore snapshots after afterNavigate callbacks (#16066)

  • fix: support ws:/wss: and trusted-types-eval for CSP sources (#15938)

  • fix: omit empty file inputs from remote form data (#15898)

  • fix: fail early if a route with +page and +server is marked as prerenderable (#16075)

  • fix: wait a tick before resetting forms (#15805)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.66.0

Minor Changes

  • feat: precompress prerendered .md and .mdx files (#15893)

  • feat: warn the user when they forget to make boolean inputs optional in their form schemas (#15804)

Patch Changes

  • fix: blur active element before component update during navigation so that blur/focusout handlers fire while old component data is still valid (#15452)

  • fix: ensure base is available from $service-worker during development (#15882)

  • fix: use correct relative asset paths when rendering an error page for a missing __data.json request (#15884)

  • fix: preserve active for await consumers across query.live reconnects (#16022)

  • fix: settle query.live reconnect promise on all exit paths, preventing invalidateAll() from deadlocking when a live query is offline or interrupted (#16022)

  • fix: preserve last value when a query.live stream completes without yielding on reconnect (#16022)

  • fix: remove types: ['node'] from generated tsconfig to avoid errors when @types/node is not installed (#15709)

  • fix: prefer pages over endpoints when prerendering (#16076)

  • fix: restore snapshots after afterNavigate callbacks (#16066)

  • fix: support ws:/wss: and trusted-types-eval for CSP sources (#15938)

  • fix: omit empty file inputs from remote form data (#15898)

  • fix: fail early if a route with +page and +server is marked as prerenderable (#16075)

  • fix: wait a tick before resetting forms (#15805)

... (truncated)

Commits
  • 4c9b8f1 Version Packages (#16062)
  • 276744d fix: preflight schemas apply correctly when chained before for (#15863)
  • e8c8d84 chore: DRY out __sveltekit_xyz123 stuff (#16085)
  • 4eabadc fix: fail early if a route with +page and +server is marked as prerendera...
  • de47227 chore: correctly type keys of the URL object (#16078)
  • f8c842c fix: prefer pages over endpoints when prerendering (#16076)
  • 63f1b0b fix: blur active element before component update during navigation (#15452)
  • 860b3c7 fix: remove types: ['node'] from generated tsconfig (#15709)
  • 8740132 fix: show error.html when root layout load() throws in SPA mode (#15798)
  • 0d8ef59 chore: await web-first assertions in basics client tests (#16068)
  • Additional commits viewable in compare view

Updates @vitest/browser-playwright from 4.1.8 to 4.1.9

Release notes

Sourced from @​vitest/browser-playwright's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits

Updates @vitest/coverage-v8 from 4.1.8 to 4.1.9

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits

Updates @vitest/ui from 4.1.8 to 4.1.9

Release notes

Sourced from @​vitest/ui's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits

Updates playwright from 1.60.0 to 1.61.0

Release notes

Sourced from playwright's releases.

v1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();
// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
id: credentialId,
userHandle,
privateKey,
publicKey,
});
await context.credentials.install();
const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

Browser and Screencast

  • New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
  • New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
  • The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

  • The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
  • Supported expect.soft.poll(...).
  • New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
  • New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
  • testInfo.errors now lists each sub-error of an AggregateError as a separate entry.

... (truncated)

Commits
  • 1cc5a90 cherry-pick(#41295): chore: PLAYWRIGHT_TRACING_NO_WEBSOCKET_FRAMES and PLAYWR...
  • a6772bd cherry-pick(#41280): Revert "fix(trace-viewer): add keyboard navigation to `N...
  • 8133dcf cherry-pick(#41283): docs: add Ubuntu 26.04 and Node.js 26.x to system requir...
  • 812432e chore: mark v1.61.0 (#41277)
  • ac05145 fix(fetch): report serverAddr and securityDetails for reused sockets (#41267)
  • 056efc9 fix(trace-viewer): add keyboard navigation to NetworkFilters component (#41...
  • 41f7b9a chore: fixes uncovered by the .NET 1.61 roll (#41266)
  • ba50778 fix(mcp): assign caps as array for legacy --vision flag (#41253)
  • b8ee5ae docs: release notes for v1.61 (#41261)
  • 49c1f69 fix(trace viewer): load trace from a local file (#41263)
  • Additional commits viewable in compare view

Updates typescript-eslint from 8.61.0 to 8.61.1

Release notes

Sourced from typescript-eslint's releases.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.61.1 (2026-06-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • See full diff in compare view

Updates wrangler from 4.100.0 to 4.103.0

Release notes

Sourced from wrangler's releases.

wrangler@4.103.0

Minor Changes

  • #14295 cfd6205 Thanks @​dario-piotrowicz! - Move unstable_getWorkerNameFromProject from wrangler to @cloudflare/workers-utils

    The unstable_getWorkerNameFromProject export has been removed from the wrangler package. This function is now available as getWorkerNameFromProject (without the unstable_ prefix) from @cloudflare/workers-utils. If you were importing this function from wrangler, update your import to use @cloudflare/workers-utils instead.

  • #14295 cfd6205 Thanks @​dario-piotrowicz! - Remove experimental autoconfig exports

    The experimental autoconfig exports (experimental_getDetailsForAutoConfig, experimental_runAutoConfig, experimental_AutoConfigFramework) have been removed. This logic has been moved to the @cloudflare/autoconfig package (without the experimental_ prefixes since the package itself is pre-v1).

Patch Changes

  • #14366 c6579d3 Thanks @​jamesopstad! - Resolve relative cf-worker entrypoint imports relative to the importing module

    When loading the experimental cloudflare.config.ts, a relative entrypoint imported with import ... with { type: "cf-worker" } (e.g. ./src/index.ts) is now anchored to the module where the import is written, rather than being passed through verbatim and later resolved against the top-level config file. This fixes incorrect resolution when the import lives in a file other than the entry config — for example a config that re-exports from a nested file.

    Bare specifiers (such as @scope/pkg) and virtual modules (such as virtual:foo) are still left unresolved so that consumers can apply their own resolution.

  • #14316 444b75e Thanks @​matingathani! - Prevent wrangler dev crash when source-mapping a truncated error chunk

    When a worker logs many errors in quick succession, the stderr chunks received by wrangler dev can be truncated mid-stack-frame, leaving a call site with an invalid column number. The source map library throws in that case, which was crashing the wrangler process entirely. The error is now caught and the original (un-source-mapped) text is returned instead.

  • #14118 b38823f Thanks @​aicayzer! - Fix Uint8Array step outputs in local Workflows being persisted with the full backing ArrayBuffer

    A Uint8Array returned from a Workflows step under wrangler dev was serialised together with its full underlying ArrayBuffer, causing a raw SQLITE_TOOBIG error at view sizes well below the documented 1MiB step-output limit. For example, a 200KB view sliced from an 800KB buffer (a common pattern from crypto.getRandomValues or arr.slice(...) on a larger pool) would fail. The view's bytes are now copied to a tight buffer before persistence, bringing local behaviour in line with production. Fixes #14101.

  • Updated dependencies [b38823f]:

    • miniflare@4.20260617.1

wrangler@4.102.0

Minor Changes

  • #14340 f6e49dd Thanks @​emily-shen! - Add cf-wrangler build delegate support

    The experimental cf-wrangler delegate binary now accepts build and emits the Build Output API directory through Wrangler's new-config build path. This lets parent tools invoke Wrangler's build-output implementation with cf-wrangler build instead of shelling out through the public Wrangler CLI.

  • #14324 36777db Thanks @​jamesopstad! - Add experimental --experimental-cf-build-output flag to wrangler build

    When used alongside --experimental-new-config, wrangler build now emits a self-contained Build Output API directory under .cloudflare/output/v0/ instead of delegating to wrangler deploy --dry-run.

Patch Changes

  • #14347 673b09e Thanks @​jamesopstad! - Update undici from 7.24.8 to 7.28.0

  • #14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #14314 5c3bb11 Thanks @​harryzcy! - Bump esbuild to 0.28.1

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): Bump the npm-development group with 9 updates
797cc78 
Bumps the npm-development group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [@sveltejs/adapter-cloudflare](https://github.com/sveltejs/kit/tree/HEAD/packages/adapter-cloudflare) | `7.2.8` | `7.2.9` |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.65.1` | `2.66.0` |
| [@vitest/browser-playwright](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser-playwright) | `4.1.8` | `4.1.9` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.8` | `4.1.9` |
| [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `4.1.8` | `4.1.9` |
| [playwright](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.61.0` | `8.61.1` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.9` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.100.0` | `4.103.0` |


Updates `@sveltejs/adapter-cloudflare` from 7.2.8 to 7.2.9
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/adapter-cloudflare/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/adapter-cloudflare@7.2.9/packages/adapter-cloudflare)

Updates `@sveltejs/kit` from 2.65.1 to 2.66.0
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.66.0/packages/kit)

Updates `@vitest/browser-playwright` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/browser-playwright)

Updates `@vitest/coverage-v8` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/coverage-v8)

Updates `@vitest/ui` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/ui)

Updates `playwright` from 1.60.0 to 1.61.0
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.0)

Updates `typescript-eslint` from 8.61.0 to 8.61.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/typescript-eslint)

Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

Updates `wrangler` from 4.100.0 to 4.103.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.103.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@sveltejs/adapter-cloudflare"
  dependency-version: 7.2.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.66.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@vitest/browser-playwright"
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@vitest/ui"
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: playwright
  dependency-version: 1.61.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.61.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: wrangler
  dependency-version: 4.103.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 21, 2026
github-actions[bot]
github-actions Bot approved these changes Jun 21, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Auto-approved by GitHub Actions based on SemVer policy.

@github-actions github-actions Bot enabled auto-merge (squash) June 21, 2026 18:05
@github-actions github-actions Bot temporarily deployed to Preview June 21, 2026 18:06 Inactive
@github-actions

github-actions Bot commented Jun 21, 2026

Copy link
Copy Markdown

⚡ Deploying with Cloudflare Workers

Status ✅ Success!
Environment Preview
Commit 797cc78
URL https://6272e121-blog.wooyng825.workers.dev
Author avatar dependabot[bot]
Details ➡️ GitHub Actions
➡️ Cloudflare Dashboard

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@herokwon herokwon

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@herokwon