chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@eslint/js (source)	9.39.2 → 9.39.3
@nx/eslint (source)	22.4.5 → 22.5.2
@nx/vite (source)	22.4.5 → 22.5.2
@nx/vitest (source)	22.4.5 → 22.5.2
@nx/web (source)	22.4.5 → 22.5.2
@types/node (source)	24.10.12 → 24.10.13
astro (source)	5.17.1 → 5.17.3
eslint (source)	9.39.2 → 9.39.3
nx (source)	22.4.5 → 22.5.2
pnpm (source)	10.29.2 → 10.30.2
typescript-eslint (source)	8.55.0 → 8.56.1

---

Release Notes

eslint/eslint (@​eslint/js)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

nrwl/nx (@​nx/eslint)

v22.5.2

Compare Source

22.5.2 (2026-02-20)

🚀 Features

• core: use static_vcruntime to avoid msvcrt dependency (#​19781, #​19779)
• misc: use caret range for swc dependencies in pnpm catalog (#​34487, #​34472)

🩹 Fixes

• core: handle Ctrl+C gracefully in configure-ai-agents (9128fcb66f)
• core: prevent staggered and duplicate lines in dynamic output (#​34462)
• core: only pull configure-ai-agents from latest if local version is not latest (#​34484)
• core: gate tui-logger init behind NX_TUI env var (#​34426)
• core: avoid blocking event loop during TUI PTY resize (#​34385)
• core: use workspace root for path resolution when baseUrl is not set (#​34453)
• core: replace buggy ignore-files trie with correct path-component gitignore matching (#​34447)
• core: skip stale recomputations and prevent lost file changes in daemon (#​34424)
• core: reduce terminal output duplication and allocations in task runner (#​34427)
• core: commands shouldn't hang when passing --help (#​34506)
• maven: write output after each task in batch mode to ensure correct files are cached (#​34400)
• misc: rewrite Framer URLs to nx.dev in HTML responses (#​34445)
• misc: prevent nxCloudId from being generated for new workspaces (#​34532)
• nextjs: reset daemon client after project graph creation in withNx (#​34518, #​32880)
• nx-dev: use shared preview url for netlify deploy (#​34467)
• nx-dev: widen search dialog (#​34504)
• nx-dev: update breadcrumb links to match sidebar (#​34500)
• release: remove unnecessary number from release return type (#​34481)
• repo: fix e2e CI failures from Node 22.12 incompatibility (#​34501)

❤️ Thank You

• Andreas Hörnicke
• Caleb Ukle
• Claude Opus 4.6
• Colum Ferry @​Coly010
• Craigory Coppola @​AgentEnder
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz
• Jay Bell
• Juri @​juristr
• Leosvel Pérez Espinosa @​leosvelperez
• MaxKless @​MaxKless
• Ondrej Kelle @​tondrej
• Steven Nance

v22.5.1

Compare Source

22.5.1 (2026-02-13)

🚀 Features

• core: update formatting of agent rules documentation (#​33356)
• core: add nxVersion to meta in shortUrl for cnw (#​34401)
• core: handle agentic sandboxing (#​34402)
• core: extract sandbox detection into reusable utility (#​34408)
• core: add negation pattern support for plugin include/exclude (#​34160)
• misc: update PLUGIN.md files to help agents verification (#​34379)
• misc: lock in CNW variant 2 with deferred connection (#​34416)
• testing: add cacheDir option to playwright executor (#​34413, #​34397)

🩹 Fixes

• core: make sure that mcp args aren't overridden when running configure-ai-agents (#​34381)
• core: use a consistent batch id between scheduler and task runner (#​34392)
• core: clean up stale socket files before listening (#​34236, #​34233)
• core: avoid dropping unrelated continuous deps in makeAcyclic (#​34389)
• core: make runtime cache key deterministic (#​34390)
• core: handle dangling symlinks during cache restore (#​34396, #​34013)
• core: hitting [1] or [2] should remove pinned panes if they match the current task (#​34433, #​34175)
• core: remove shellapi from winapi featureset to minimize AV false positives (#​34208)
• maven: use module-level variable for cache transfer between createNodes and createDependencies (#​34386)
• maven: correctly map between maven locators and nx project names (#​34366)
• nx-dev: improve plugin registry visibility (#​34395)
• nx-dev: add missing nx-cloud intro in sidebar (#​34403)
• nx-dev: clarify project linking for workspaces (#​34405)
• repo: use sudo for global npm install in publish workflow (#​34409)
• repo: replace addnab/docker-run-action with direct docker run (#​34448)
• repo: revert sudo for global npm install in publish workflow (#​34451, #​34409)

❤️ Thank You

• Benjamin Staneck @​Stanzilla
• Brett Burley
• Caleb Ukle
• Claude Opus 4.5
• Claude Opus 4.6
• Claude Sonnet 4.5
• Colum Ferry @​Coly010
• Coly010 @​Coly010
• Craigory Coppola @​AgentEnder
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz
• Josh VanAllen @​joshvanallen
• Leosvel Pérez Espinosa @​leosvelperez
• MaxKless @​MaxKless
• meeroslav @​meeroslav
• Miroslav Jonaš @​meeroslav
• Steven Nance

v22.5.0

Compare Source

22.5.0 (2026-02-09)

🚀 Features

• core: display batch tasks in the tui (#​33695)
• core: add variant 2 to CNW cloud prompts with promo message (#​34223)
• core: improve configure-ai-agents to copy nx skills/subagents/plugins (#​34176)
• core: add Nx Cloud connect URL to template README (#​34249)
• core: add decorative banners for Nx Cloud CNW completion message (#​34270)
• core: add initial impl of task io service (#​34205)
• core: improve AI agent rules for CLAUDE.md generation (#​34304)
• core: add command to download cloud client (#​34333)
• core: add AI agent detection and NDJSON output for CNW (#​34320)
• core: update cnw messaging (#​34364)
• core: eagerly shutdown plugins that don't provide later hooks (#​34253)
• gradle: add debug env var to gradle batch executor (#​34259)
• js: add NX_PREFER_NODE_STRIP_TYPES to use Node's strip types feature instead of transpilation for TypeScript files (#​34202)
• js: bump swc to latest versions (#​34215)
• js: update swc/cli to 0.8.0 (#​34365)
• maven: load Maven classes at runtime for version-agnostic batch execution (#​34180)
• maven: bump maven plugin version to 0.0.13 (#​34318)
• nx-dev: add llms-full.txt and HTTP Link headers for LLM discovery (#​34232)
• nx-dev: add server-side page view tracking for docs (#​34283)
• nx-dev: reformat sidebar into topics (#​34265)

🩹 Fixes

• core: clean up daemon workspace data directory on nx reset --onl… (#​34174)
• core: move tui to parking lot rwlock to avoid hang (#​34187)
• core: handle resizing a bit better for inline_tui (#​34006)
• core: consolidate GitHub URL messaging when gh push fails (#​34196)
• core: cloud commands are noop when not connected rather than errors (#​34193)
• core: fall back to node_modules when tmp has noexec (#​34207, #​33991)
• core: hide already-installed nx packages from suggestion list during nx import (#​34227)
• core: improve plugin worker error messages and lifecycle timeouts (#​34251)
• core: do not throw error if worker.stdout is not instanceof socket (#​34224)
• core: handle multibyte UTF-8 characters in socket message consumption (#​34151)
• core: resolve daemon client reconnect queue deadlock (#​34284)
• core: nx should show help for run-one when using project short names (#​34303)
• core: prevent command injection in getNpmPackageVersion (#​34309)
• core: fix CNW git amend and README marker handling (#​34306)
• core: tweak configure-ai-agents messaging (#​34307)
• core: handle EPIPE errors gracefully in daemon socket writes (#​34311)
• core: allow overriding daemon logging settings (#​34324)
• core: preserve task selection when unrelated tasks finish (#​34328)
• core: disable ignore filters for outputs expansion (#​34316, #​32620)
• core: track all task outputs regardless of path depth (#​34321)
• core: avoid crash when pane area is out of bounds during resize (#​34343)
• core: use picocolors instead of chalk in the nx package (#​34305)
• core: only detect flaky tasks for cacheable tasks (#​33994)
• core: reduce daemon inotify watch count by upgrading watchexec (#​34329)
• core: add missing FileType import for Windows watcher build (#​34369)
• core: use --lockfile-only for Bun updateLockFile (#​34375, #​22602, #​34344)
• devkit: allow null values in JSON schema validation (#​34167)
• gradle: use tooling api compatible flags (#​34247)
• gradle: ensure that batch output is not overriden for atomized targets (#​34268)
• gradle: enforce that only one gradle task can be passed into gradle executor (#​34269)
• gradle: use gradle project name when resolving dependent tasks (#​34331)
• maven: include pom.xml and ancestor pom files as inputs for all targets (#​34291)
• misc: improve freebsd build reliability with better error handling and disk cleanup (#​34326)
• nx-dev: update broken /launch-nx links (#​34192)
• nx-dev: update dead links across nx-dev UI libraries (#​34238)
• nx-dev: fix internal link check caching and remaining /launch-nx link (#​34255, #​34183)
• nx-dev: make headers and table options linkable (#​34267)
• nx-dev: fix double-counting and exclude assets from page tracking (#​34286)
• nx-dev: exclude large native deps from build bundle (#​34335)
• nx-dev: fix og images wrong URL for embeds (#​34346)
• nx-dev: use right URL for the given netlify context (#​34348)
• nx-dev: include nx cli examples on refs page (#​34367)
• react: remove file-loader dependency and update svgr migration (#​34218)
• repo: align pnpm version in CI workflows with package.json (#​34370)
• testing: add timeout to runCommandUntil to prevent hanging tests (#​34148)
• testing: preload vitest/node to prevent race condition on Node 24 (#​34261, #​34028, #​33091)
• vite: handle sophisticated vite plugins (#​34242)
• web: ensure vitest config file is created (#​34216)

❤️ Thank You

• AgentEnder @​AgentEnder
• barbados-clemens @​barbados-clemens
• Caleb Ukle
• Claude
• Claude Opus 4.5
• Claude Opus 4.6
• Colum Ferry @​Coly010
• Copilot @​Copilot
• Craigory Coppola @​AgentEnder
• Drew Teachout @​drewteachout
• FrozenPandaz @​FrozenPandaz
• iceThief (민찬기) @​Chanki-Min
• Jack Hsu @​jaysoo
• James Henry @​JamesHenry
• Jason Jean @​FrozenPandaz
• jaysoo @​jaysoo
• Jonathan Cammisuli @​Cammisuli
• Juri Strumpflohner @​juristr
• Kai Gritun
• Leosvel Pérez Espinosa @​leosvelperez
• Louie Weng @​lourw
• MaxKless @​MaxKless
• Miguel @​mpsanchis

withastro/astro (astro)

v5.17.3

Compare Source

Patch Changes

• #​15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

• #​15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

v5.17.2

Compare Source

Patch Changes

• c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies

pnpm/pnpm (pnpm)

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

v10.29.3

Compare Source

typescript-eslint/typescript-eslint (typescript-eslint)

v8.56.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.0

Compare Source

🚀 Features

• support ESLint v10 (#​12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 196ade0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.38%. Comparing base (aacdd1e) to head (196ade0).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #203   +/-   ##
=======================================
  Coverage   86.38%   86.38%           
=======================================
  Files          16       16           
  Lines         360      360           
  Branches       85       85           
=======================================
  Hits          311      311           
  Misses         49       49           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.