chore(deps-dev): bump the dev-dependencies group with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates:

Package	From	To
@types/react	18.3.18	19.0.8
@vitest/coverage-istanbul	3.0.4	3.0.5
maplibre-gl	5.0.1	5.1.0
semver	7.6.3	7.7.1
vite	6.0.11	6.1.0
vitest	2.1.8	3.0.5

Updates @types/react from 18.3.18 to 19.0.8

Commits

• See full diff in compare view

Updates @vitest/coverage-istanbul from 3.0.4 to 3.0.5

Release notes

Sourced from @​vitest/coverage-istanbul's releases.

v3.0.5

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

Commits

• 1154662 chore: release v3.0.5
• See full diff in compare view

Updates maplibre-gl from 5.0.1 to 5.1.0

Release notes

Sourced from maplibre-gl's releases.

v5.1.0

https://github.com/maplibre/maplibre-gl-js Changes since MapLibre GL JS v5.0.1:

✨ Features and improvements

• Add support for vertical-align in format expression (specification)(#5043).

🐞 Bug fixes

• Render frame synchronized again in requestAnimationFrame callback (#4535)

Changelog

Sourced from maplibre-gl's changelog.

5.1.0

✨ Features and improvements

• Add support for vertical-align in format expression (specification)(#5043).

🐞 Bug fixes

• Render frame synchronized again in requestAnimationFrame callback (#4535)

Commits

• bedcb86 Bump version to 5.1.0 (#5419)
• b4035a7 Vertical alignment in format expression (#5043)
• 0b73fe0 Add back synced frame method and use it for triggerRepaint. (#4535)
• 1d68ddc Bump @​typescript-eslint/parser from 8.21.0 to 8.22.0 (#5417)
• 7dda2d7 Bump @​types/node from 22.10.10 to 22.12.0 (#5416)
• 5de671b Bump stylelint from 16.14.0 to 16.14.1 (#5415)
• 3c96df8 Bump rollup from 4.32.0 to 4.32.1 (#5413)
• 9f0703a Bump @​typescript-eslint/eslint-plugin from 8.21.0 to 8.22.0 (#5414)
• 82fcc82 Bump dependabot/fetch-metadata from 2.2.0 to 2.3.0 (#5412)
• 96b6eab Bump eslint from 9.18.0 to 9.19.0 (#5411)
• Additional commits viewable in compare view

Updates semver from 7.6.3 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Commits

• 30c438b chore: release 7.7.1 (#765)
• af761c0 fix(inc): fully capture prerelease identifier (#764)
• 2cfcbb5 chore: release 7.7.0 (#750)
• d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
• 753e02b chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
• 8a34bde fix: add identifier validation to inc() (#754)
• 0864b3c feat: add "release" inc type (#753)
• 67e5478 docs(readme): added missing period for consistency (#756)
• 868d4bb docs: clarify comment about obsolete prefixes (#749)
• 145c554 chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
• Additional commits viewable in compare view

Updates vite from 6.0.11 to 6.1.0

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

v6.1.0

Please refer to CHANGELOG.md for details.

v6.1.0-beta.2

Please refer to CHANGELOG.md for details.

v6.1.0-beta.1

Please refer to CHANGELOG.md for details.

v6.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.1.0 (2025-02-05)

Features

• feat: show hosts in cert in CLI (#19317) (a5e306f), closes #19317
• feat: support for env var for defining allowed hosts (#19325) (4d88f6c), closes #19325
• feat: use native runtime to import the config (#19178) (7c2a794), closes #19178
• feat: print port in the logged error message after failed WS connection with EADDRINUSE (#19212) (14027b0), closes #19212
• perf(css): only run postcss when needed (#19061) (30194fa), closes #19061
• feat: add support for .jxl (#18855) (57b397c), closes #18855
• feat: add the builtins environment resolve (#18584) (2c2d521), closes #18584
• feat: call Logger for plugin logs in build (#13757) (bf3e410), closes #13757
• feat: export defaultAllowedOrigins for user-land config and 3rd party plugins (#19259) (dc8946b), closes #19259
• feat: expose createServerModuleRunnerTransport (#18730) (8c24ee4), closes #18730
• feat: support async for proxy.bypass (#18940) (a6b9587), closes #18940
• feat: support log related functions in dev (#18922) (3766004), closes #18922
• feat: use module runner to import the config (#18637) (b7e0e42), closes #18637
• feat(css): add friendly errors for IE hacks that are not supported by lightningcss (#19072) (caad985), closes #19072
• feat(optimizer): support bun text lockfile (#18403) (05b005f), closes #18403
• feat(reporter): add wasm to the compressible assets regex (#19085) (ce84142), closes #19085
• feat(worker): support dynamic worker option fields (#19010) (d0c3523), closes #19010

Fixes

• fix: avoid builtStart during vite optimize (#19356) (fdb36e0), closes #19356
• fix(build): fix stale build manifest on watch rebuild (#19361) (fcd5785), closes #19361
• fix: allow expanding env vars in reverse order (#19352) (3f5f2bd), closes #19352
• fix: avoid packageJson without name in resolveLibCssFilename (#19324) (f183bdf), closes #19324
• fix(html): fix css disorder when building multiple entry html (#19143) (e7b4ba3), closes #19143
• fix: don't call buildStart hooks for vite optimize (#19347) (19ffad0), closes #19347
• fix: don't call next middleware if user sent response in proxy.bypass (#19318) (7e6364d), closes #19318
• fix: respect top-level server.preTransformRequests (#19272) (12aaa58), closes #19272
• fix: use nodeLikeBuiltins for ssr.target: 'webworker' without noExternal: true (#19313) (9fc31b6), closes #19313
• fix(css): less @plugin imports of JS files treated as CSS and rebased (fix #19268) (#19269) (602b373), closes #19268 #19269
• fix(deps): update all non-major dependencies (#19296) (2bea7ce), closes #19296
• fix(resolve): preserve hash/search of file url (#19300) (d1e1b24), closes #19300
• fix(resolve): warn if node-like builtin was imported when resolve.builtin is empty (#19312) (b7aba0b), closes #19312
• fix(ssr): fix transform error due to export all id scope (#19331) (e28bce2), closes #19331
• fix(ssr): pretty print plugin error in ssrLoadModule (#19290) (353c467), closes #19290
• fix: change ResolvedConfig type to interface to allow extending it (#19210) (bc851e3), closes #19210
• fix: correctly resolve hmr dep ids and fallback to url (#18840) (b84498b), closes #18840
• fix: make --force work for all environments (#18901) (51a42c6), closes #18901
• fix: use loc.file from rollup errors if available (#19222) (ce3fe23), closes #19222
• fix(deps): update all non-major dependencies (#19190) (f2c07db), closes #19190
• fix(hmr): register inlined assets as a dependency of CSS file (#18979) (eb22a74), closes #18979
• fix(resolve): support resolving TS files by JS extension specifiers in JS files (#18889) (612332b), closes #18889
• fix(ssr): combine empty source mappings (#19226) (ba03da2), closes #19226
• fix(utils): clone RegExp values with new RegExp instead of structuredClone (fix #19245, fix #1 (56ad2be), closes #19245 #18875 #19247

... (truncated)

Commits

• 3734f80 fix(css): escape double quotes in url() when lightningcss is used (#18997)
• 2b4f115 fix(deps): update all non-major dependencies (#18996)
• 12b612d fix: fallback terser to main thread when function options are used (#18987)
• d88d000 fix(deps): update all non-major dependencies (#18967)
• 21680bd fix(css): skip non css in custom sass importer (#18970)
• 62fad6d chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (#18968)
• 8a6bb4e fix(optimizer): keep NODE_ENV as-is when keepProcessEnv is true (#18899)
• 7d6dd5d fix(ssr): recreate ssrCompatModuleRunner on restart (#18973)
• c4b532c fix(css): root relative import in sass modern API on Windows (#18945)
• 27f691b refactor: make internal invoke event to use the same interface with `handleIn...
• Additional commits viewable in compare view

Updates vitest from 2.1.8 to 3.0.5

Release notes

Sourced from vitest's releases.

v3.0.5

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

v3.0.4

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963

   🐞 Bug Fixes

• Filter projects eagerly during config resolution  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#7313 (dff44)
• Apply development|production condition on Vites 6 by @​hi-ogawa and @​sheremet-va (#7301) (ef146)
• browser: Restrict served files from /__screenshot-error  -  by @​hi-ogawa in vitest-dev/vitest#7340 (ed9ae)
• deps: Update all non-major dependencies  -  by @​sheremet-va in vitest-dev/vitest#7297 (38ea8)
• runner: Timeout long sync hook  -  by @​hi-ogawa in vitest-dev/vitest#7289 (c60ee)
• typechecking: Support typechecking parsing with Vite 6  -  by @​sheremet-va in vitest-dev/vitest#7335 (bff70)
• types: Fix public types  -  by @​mrginglymus and @​sheremet-va in vitest-dev/vitest#7328 (ce6af)

    View changes on GitHub

v3.0.3

   🐞 Bug Fixes

• browser:
  • Don't throw a validation error if v8 coverage is used with filtered instances  -  by @​sheremet-va in vitest-dev/vitest#7306 (fa463)
  • Don't fail when running --browser.headless if the browser projest is part of the workspace  -  by @​sheremet-va in vitest-dev/vitest#7311 (e43a8)

   🏎 Performance

• reporters: Update summary only when needed  -  by @​AriPerkkio in vitest-dev/vitest#7291 (7f36b)

    View changes on GitHub

v3.0.2

   🐞 Bug Fixes

... (truncated)

Commits

• 1154662 chore: release v3.0.5
• 3c8050e fix: don't toggle cli cursor on non-TTY (#7336)
• 191ef9e fix: validate websocket request (#7317)
• 9e40437 chore: release v3.0.4
• ef1464f fix: apply development|production condition on Vite 6 (#7301)
• 38ea8ea fix(deps): update all non-major dependencies (#7297)
• dff4406 fix: filter projects eagerly during config resolution (#7313)
• ce6af70 fix(types): fix public types (#7328)
• bff70be fix(typechecking): support typechecking parsing with Vite 6 (#7335)
• a8d123c chore(deps): update eslint packages (#7086)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.