build: update all non-major dependencies (main)

[angular-robot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/preset-env (source)	8.0.1 → 8.0.2
@rollup/wasm-node (source)	4.62.0 → 4.62.2
@typescript-eslint/eslint-plugin (source)	8.61.1 → 8.62.0
@typescript-eslint/parser (source)	8.61.1 → 8.62.0
algoliasearch (source)	5.55.0 → 5.55.1
autoprefixer	10.5.0 → 10.5.1
globals	17.6.0 → 17.7.0
less (source)	4.6.6 → 4.6.7
lmdb	3.5.5 → 3.5.6
ora	9.4.0 → 9.4.1
puppeteer (source)	25.1.0 → 25.2.0
rolldown (source)	1.1.1 → 1.1.2
rollup (source)	4.62.0 → 4.62.2
semver	7.8.4 → 7.8.5
verdaccio (source)	6.7.2 → 6.7.4
vite (source)	8.0.16 → 8.1.0

---

• If you want to rebase/retry this PR, check this box

---

Release Notes

babel/babel (@​babel/preset-env)

v8.0.2

Compare Source

🐛 Bug Fix

• Other
  • #​18083 Use the @babel/core version when asserting version in @babel/standalone (@​nicolo-ribaudo)
• babel-helper-validator-identifier
  • #​18075 fix(identifier): avoid double escaping slash (@​JLHwung)

🏠 Internal

• babel-plugin-proposal-decorators, babel-plugin-transform-regenerator, babel-preset-env
  • #​18081 Update @babel/preset-modules and polyfill packages (@​nicolo-ribaudo)

rollup/rollup (@​rollup/wasm-node)

v4.62.2

Compare Source

2026-06-19

Bug Fixes

• Do not add spurious side-effect-free external imports to chunks when using minChunkSize (#​6411)

Pull Requests

• #​6411: Skip side-effect-free external imports when hoisting is disabled (@​morgan-coded, @​lukastaegert)
• #​6416: refactor(rust/parser_ast): extract property AstConverter write buffer kind logic to new method (@​fabianbernhart, @​lukastaegert)

v4.62.1

Compare Source

2026-06-19

Bug Fixes

• Preserve multipart file extensions when deconflicting output chunks (#​6408)
• Fix an issue where getLogFilter would match additional logs (#​6415)

Pull Requests

• #​6393: Use import attributes for importing JSON (@​selfisekai, @​lukastaegert)
• #​6408: fix: insert conflict numbers before first extension in multi-extension filenames (@​LeSingh1, @​lukastaegert)
• #​6415: fix: advance value past wildcard prefix before suffix check in getLogFilter (@​JSap0914, @​lukastaegert)
• #​6417: chore(deps): update msys2/setup-msys2 digest to 66cd2cc (@​renovate[bot])
• #​6418: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6419: chore(deps): update dependency eslint-plugin-unicorn to v66 (@​renovate[bot])
• #​6420: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.62.0

Compare Source

🚀 Features

• remove redundant package.json "files" (#​12444)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.62.0

Compare Source

🚀 Features

• remove redundant package.json "files" (#​12444)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

algolia/algoliasearch-client-javascript (algoliasearch)

v5.55.1

Compare Source

• a676cd9cef fix(clients): bump replaceAllObjects default maxRetries from 100 to 800 (#​6580) by @​Fluf22
• a632f9fb75 fix(specs): BREAKING CHANGE – allow null records in getObjects response (#​6582) by @​Fluf22
  • The getObjects operation now returns a list of nullable objects, as the API can send back null records. The clients previously only allowed a list of objects, so the response type has been updated to allow null values.

postcss/autoprefixer (autoprefixer)

v10.5.1

Compare Source

• Fixed grid-area span reset for overriding areas (by @​puneetdixit200).

sindresorhus/globals (globals)

v17.7.0

Compare Source

• Update globals (2026-06-22) (#​345) 33b75f9

---

less/less.js (less)

v4.6.7

Compare Source

Changes

• #​4457 Fix failing "Request Copilot review" CI job (@​app/copilot-swe-agent)
• #​4451 chore: release v4.6.6 (@​app/github-actions)

kriszyp/lmdb-js (lmdb)

v3.5.6

Compare Source

sindresorhus/ora (ora)

v9.4.1

Compare Source

• Fix type definitions (#​257) 431ebc4

---

puppeteer/puppeteer (puppeteer)

v25.2.0

Compare Source

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 25.2.0 to 25.2.1

🛠️ Fixes

• regression when using Puppeteer with untrusted sessions (#​15150) (801c212)
• roll to Firefox 152.0.2 (#​15153) (d2908b2)

rolldown/rolldown (rolldown)

v1.1.2

Compare Source

🚀 Features

• add option named for invalid return type errors for more places (#​9846) by @​shulaoda
• add option names for invalid return type errors (#​9821) by @​sapphi-red
• transform: infer decorator strictNullChecks from tsconfig (#​9590) by @​kylecannon
• expose React Compiler options for rolldown and Vite users (#​9801) by @​Boshen
• tracing: gate chrome-json trace layer behind chrome-tracing feature (#​9773) by @​hyf0
• dev: align test-dev-server with Vite dev server (#​9668) by @​h-a-n-a

🐛 Bug Fixes

• plugin_timings: point doc link to existing checks reference page (#​9837) by @​hyf0
• generator: correct contradictory panic message in cjs cross-chunk symbol lookup (#​9836) by @​hyf0
• esm: preserve with clause on export * from external (#​9796) by @​hyf0
• Make external_import_binding_merger deterministic (#​9755) by @​naruaway
• surface invalid manualCodeSplitting group test regex as an error (#​9792) by @​shulaoda
• avoid panic on output.file without a file name (#​9789) by @​shulaoda
• avoid O(N^2) rendering of high-volume diagnostics (#​9748) (#​9749) by @​IWANABETHATGUY
• avoid panic on JSON numbers outside f64 range (#​9788) by @​shulaoda
• deps: bump mimalloc-safe to 0.1.63 to fix worker_threads segfault (#​9785) by @​shulaoda
• cache ESM evaluation errors (#​9784) by @​sapphi-red
• wrap node require helper in pure IIFE (#​9783) by @​kb019
• lazy-barrel: load locally-used imports on a re-exported record (#​9757) by @​shulaoda
• avoid dangling wrapped-ESM init call across chunks (#​9502) (#​9717) by @​IWANABETHATGUY
• dev: detect same-second rewrites in CI poll watcher (#​9736) by @​h-a-n-a
• dev: force rebuild after HMR errors (#​9686) by @​h-a-n-a
• dev: print build errors on browser refresh after a failed build (#​9652) by @​h-a-n-a

🚜 Refactor

• single-source the chunk $N symbol-naming algorithm (#​9831) by @​Dunqing
• simplify common_dir helper (#​9857) by @​IWANABETHATGUY
• drop commondir crate in favor of in-house helper (#​9849) by @​Boshen
• binding: extract helpers from normalize_binding_options (#​9842) by @​Boshen
• move rolldown_filter_analyzer to tasks and scope oxc cfg feature (#​9839) by @​Boshen
• options: merge manualCodeSplitting into codeSplitting object form (#​9805) by @​IWANABETHATGUY
• options: support codeSplitting object form in CodeSplittingMode (#​9804) by @​IWANABETHATGUY
• diagnostic: reuse ByteLocator for per-source line lookup (#​9762) by @​IWANABETHATGUY
• remove redundant Arc around tracing spans (#​9778) by @​camc314
• remove unnecessary Arc around sourcemap sender (#​9777) by @​camc314
• rolldown_plugin_vite_wasm_fallback: remove the plugin (#​9775) by @​sapphi-red
• binding: remove infer-able napi(ts_type) (#​9737) by @​sapphi-red
• remove preprocessor span dedup (#​9734) by @​hyf0
• identify AST nodes by NodeId instead of Span/Address (#​9609) by @​IWANABETHATGUY

📚 Documentation

• tsconfig: align auto-discovery docs with oxc-resolver behavior (#​9845) by @​shulaoda
• relocate meta/design to internal-docs, split design from implementation (#​9826) by @​h-a-n-a
• meta: add options normalization design doc (#​9818) by @​IWANABETHATGUY
• document why the napi tracing feature is enabled (#​9766) by @​Boshen
• dev: move test-dev-server test guidance into the testing docs (#​9809) by @​h-a-n-a

⚡ Performance

• drop unused regex unicode property tables from the binding (#​9848) by @​Boshen
• drop urlencoding crate in favor of percent-encoding (#​9851) by @​Boshen
• drop owo-colors supports-colors feature in vite reporter (#​9824) by @​Boshen
• skip enum member value extraction for non-TypeScript modules (#​9840) by @​shulaoda
• rolldown: use unstable sort for itertools sorted_by at unique-key sites (#​9827) by @​Boshen
• cheaper deterministic ordering in external import binding merger (#​9810) by @​IWANABETHATGUY
• disable idna's ICU backend by pinning idna_adapter to 1.0.0 (-129 KB) (#​9811) by @​Boshen
• size: use unstable sort where stability is unneeded (#​9803) by @​Boshen
• remove num-format dependency from vite reporter (#​9795) by @​Boshen
• reduce js callback error size (#​9776) by @​Boshen
• rolldown_error: remove Debug supertrait from BuildEvent (#​9798) by @​Boshen
• reduce plugin hook order code size (#​9761) by @​Boshen
• deps: disable infer default features to reduce binary size (#​9765) by @​Boshen
• reduce pluginable monomorphization size (#​9771) by @​Boshen
• avoid rebuilding replace plugin values (#​9764) by @​Boshen
• defer link-stage-output drop to rayon workers after output is produced (#​9733) by @​Brooooooklyn
• tree-shaking: hoist already-included guard to call sites in inclusion DFS (#​9738) by @​Brooooooklyn
• renamer: dedup before allocating the owned name in add_symbol_in_root_scope (#​9740) by @​Brooooooklyn

🧪 Testing

• allocs: track allocation counts for rolldown_sourcemap (#​9835) by @​hyf0
• bench: add CodSpeed micro-benchmarks for rolldown_sourcemap (#​9834) by @​hyf0
• add cjs named export mutation test (#​9823) by @​sapphi-red
• dev: restore shared-page reliability conventions in AGENTS.md (#​9786) by @​h-a-n-a
• dev: add AGENTS.md test guidance for agents (#​9763) by @​h-a-n-a
• dev: split out initial-build-error into its own playground (#​9772) by @​h-a-n-a
• dev: align e2e suite with Vite and parallelize playgrounds (#​9759) by @​h-a-n-a
• remove unnecessary module namespace object JSON serializations in tests (#​9725) by @​sapphi-red
• use assert.deepStrictEqual instead of assert.deepEqual by using assert/strict instead of assert (#​9724) by @​sapphi-red
• hmr: add test case for #​5301 (#​5302) by @​sapphi-red
• dev: add tests for dev-engine principles (#​9720) by @​h-a-n-a
• dev: align dev-engine test harness with Vite (#​9684) by @​h-a-n-a

⚙️ Miscellaneous Tasks

• deps: update napi to 3.9.3 (#​9862) by @​shulaoda
• deps: update oxc to 0.137.0 (#​9856) by @​Boshen
• re-enable default lld linker on x86_64-unknown-linux-gnu (#​9855) by @​Boshen
• deps: bump vite-plus to 0.2.1 (#​9850) by @​Boshen
• skills: translate _config.json when encoding rolldown REPL links (#​9847) by @​IWANABETHATGUY
• deps: update oxc_resolver and oxc_resolver_napi to 11.21.3 (#​9841) by @​Boshen
• pin vite-plus (vp) CLI to 0.1.24 in setup-vp (#​9830) by @​Boshen
• add crate/package-level CODEOWNERS (#​9819) by @​IWANABETHATGUY
• drop unused derive_more display feature from rolldown_plugin (#​9820) by @​Boshen
• remove auto-assign PR workflow (#​9807) by @​IWANABETHATGUY
• deps: update rollup submodule for tests to v4.62.0 (#​9780) by @​rolldown-guard[bot]
• deps: update esbuild for tests to 0.28.1 (#​9779) by @​rolldown-guard[bot]
• deps: update test262 submodule for tests (#​9781) by @​rolldown-guard[bot]
• deps: update oxc to 0.136.0 (#​9770) by @​Boshen
• add pull request template (#​9756) by @​sapphi-red
• clarify rolldown_plugin_vite_* is compatible for the same minor (#​9774) by @​sapphi-red
• deps: update github actions (#​9745) by @​renovate[bot]
• deps: update rust crates (#​9747) by @​renovate[bot]
• deps: update napi to v3.9.2 (#​9744) by @​renovate[bot]
• deps: update npm packages (#​9746) by @​renovate[bot]
• deps: update @​napi-rs/cli and emnapi deps (#​9741) by @​Brooooooklyn
• generator: fix vp fmt on Windows (#​9727) by @​sapphi-red
• ban importing from assert and recommend assert/strict (#​9726) by @​sapphi-red

❤️ New Contributors

• @​naruaway made their first contribution in #​9755
• @​kb019 made their first contribution in #​9783

npm/node-semver (semver)

v7.8.5

Compare Source

Bug Fixes

• 9c8692a #​878 include prereleases in tilde range lower bound with includePrerelease (#​878) (@​chatman-media)

verdaccio/verdaccio (verdaccio)

v6.7.4

Compare Source

Patch Changes

• 0205c78: fix: run jwt middleware before middleware plugins

  Register the JWT middleware before middleware plugins are loaded so that
  req.remote_user (anonymous by default) is available inside a plugin's
  register_middlewares. The API router keeps its own JWT middleware behind a
  guard so it is not executed twice.

  Backport of #​5697

  Closes #​5167

v6.7.3

Compare Source

Patch Changes

• f8fdfc2: fix: enforce generated npm token metadata

  Generated npm tokens (POST /-/npm/v1/tokens) stored their readonly and
  cidr_whitelist restrictions but never enforced them, and deleting a token did
  not revoke it for the package APIs. A token marked read-only or pinned to a CIDR
  range could still publish packages and change dist-tags, and a deleted token
  remained usable.

  Generated tokens now embed a server-issued key (in the JWT claim, or in the
  encrypted legacy AES payload) and a new enforceGeneratedTokenMetadata
  middleware looks that key up on each request, rejecting the token when it is
  missing/revoked, used outside its CIDR whitelist, or used for a write while
  read-only. Enforcement applies to both AES and JWT API-token modes.

  Note: tokens issued before upgrading carry no key and are not retroactively
  constrained — regenerate them to apply the restrictions.

• be80623: fix: allow npm token create without readonly/cidr_whitelist

  npm token create in npm >= 11 (and the npm 12 prereleases) rewrote the
  request body: it no longer sends readonly and only sends cidr_whitelist
  when --cidr is passed. The POST /-/npm/v1/tokens endpoint required both,
  so modern npm clients failed with 422 the parameters are not valid.

  The endpoint now defaults readonly to false and cidr_whitelist to []
  when they are absent, while still rejecting values of the wrong type.

• 75c85d5: Update verdaccio dependencies to the latest npm dist-tag (@verdaccio/ui-theme tracks next-9):

  • @verdaccio/ui-theme: 9.0.0-next-9.19 → 9.0.0-next-9.20

• d5e5332: chore: update dependencies

  Updates runtime dependencies @verdaccio/ui-theme (9.0.0-next-9.19) and
  semver (7.8.2), along with development dependencies: Babel 7.29.7,
  @changesets/cli 2.31.0, ESLint 10.4.1, Vitest 4.1.8, Cypress 15.16.0,
  Prettier 3.8.3, @verdaccio/test-helper 4.0.4, @verdaccio/eslint-config
13.1.2, and assorted type definitions.

vitejs/vite (vite)

v8.1.0

Compare Source

Features

• extend server.fs.deny list with common files (#​22707) (61ba8fd)
• update rolldown to 1.1.2 (#​22695) (4f008a6)
• use ~ for Rolldown (#​22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#​22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#​22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#​22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#​22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#​22611) (8b9f5cd)
• resolved build options should be kept as a getter (#​22691) (3527191)
• server: handle malformed URI in memory files middleware (#​22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#​22706) (da72733)
• warn on deprecated envFile (#​22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#​22736) (57f59bc)
• remove unused removeRawQuery util (#​22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#​22692) (8e8816c)

[gemini-code-assist]

Code Review

This pull request updates various dependencies across multiple package.json files, including rollup, vite, semver, and algoliasearch. The review feedback highlights a potential issue with the algoliasearch v5.55.1 upgrade, which introduces a breaking change where getObjects returns nullable objects, potentially causing TypeScript compilation errors or runtime issues if not handled properly.

[gemini-code-assist]

The update to algoliasearch v5.55.1 introduces a breaking change where the getObjects operation now returns a list of nullable objects (allowing null records). If the CLI codebase uses getObjects, this type change may cause TypeScript compilation errors or runtime issues unless null-checks are implemented for the returned records.

[alan-agius4]

This PR was merged into the repository. The changes were merged into the following branches:

• main: 296befb