fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@vitest/coverage-v8 (source)	4.1.7 → 4.1.8
es-toolkit (source)	^1.46.1 → ^1.47.0
eslint (source)	10.4.0 → 10.4.1
knip (source)	6.14.2 → 6.15.0
semver	^7.8.0 → ^7.8.1
tsx (source)	4.22.3 → 4.22.4
vitest (source)	4.1.7 → 4.1.8

---

Release Notes

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.8

Compare Source

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in #​10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in #​10474 (675b4)

    View changes on GitHub

toss/es-toolkit (es-toolkit)

v1.47.0

Compare Source

Released on May 25th, 2026.

• Added es-toolkit/server entrypoint with colors namespace for ANSI terminal color utilities. ([#​1683])
• Added exec function. ([#​1689])
• Added sortKeys to the object entrypoint. ([#​1674])
• Added cartesianProduct and combinations to the array entrypoint. ([#​1713])
• Added allKeyed to the promise entrypoint. ([#​1672])
• Added percentile to the math entrypoint. ([#​1710])
• Added an interactive playground page to docs. ([#​1720])
• Reorganized docs to introduce a flavor switcher and co-locate compat under /compat/. ([#​1699])
• Fixed uniqWith in compat to match lodash's comparator argument order. ([#​1729])
• Fixed compat/omitBy to not treat plain objects with numeric length as array-like. ([#​1709])

We sincerely thank @​Antoliny0919, @​ATOM00blue, @​dayongkr, @​guesung, @​myeong-jae-hwi, @​raon0211, @​seungrodotlee, and @​Xiaohang0316 for their contributions. We appreciate your great efforts!

eslint/eslint (eslint)

v10.4.1

Compare Source

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#​20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#​20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#​20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#​20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#​20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#​20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#​20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#​20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#​20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#​20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#​20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#​20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#​20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#​20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#​20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#​20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#​20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#​20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#​20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#​20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#​20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#​20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#​20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@​0.8.2 (#​20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#​20873) (Copilot)

webpro-nl/knip (knip)

v6.15.0: Release 6.15.0

Compare Source

• Report exported type used only in inferred-return function body (resolve #​1765) (2413408)
• Work that EXPORTS.md again (7e13451)
• Update npmx ecosystem snapshot (dfc4011)
• Link dependencies key with notes (closes #​1764) (e3e66ce)
• Resolve tsconfig paths when loading plugin configs (#​1762) (0177c74) - thanks @​jakeleventhal!
• Avoid caching failed plugin config loads (#​1768) (5e201cd) - thanks @​jakeleventhal!
• Resolve extensionless .sass imports in SCSS compiler (#​1770) (30c2283) - thanks @​sebacardello!
• fix(vite): detect inline module script entry points in index.html (#​1772) (51f4edd) - thanks @​lucas-spin!
• Harden vite inline module script import detection (b8abcfd)
• Use RecordableHistogram for timerified function stats (d575c69)
• Add orval plugin (resolves #​1751) (4c82aa8)
• Add treatTagHintsAsErrors and --no-tag-hints (resolves #​1767) (4b6a573)
• Add nano-spawn plugin (resolves #​1769) (b2cad06)
• Simplify glob cache validation and ignore-list assembly (df1a960)
• Dedupe ignore-pattern collection and dependency fixing (d49b626)
• Simplify installed-binaries collection in manifest metadata (5514394)
• Flatten control flow in ConfigurationChief (010d570)
• Inline trivial installed-binaries and types-included accessors (b5afb9f)
• Format (eb4b178)
• Replace @​wdio/types dev dep with inline types (a3747d6)
• Bump dependencies (822ab39)
• Work AGENTS.md, etcetera (361bd48)
• Remove rootDirs workaround resolved by oxc-resolver 11.20.0 (e190a9f)
• Add nuxt no-root-tsconfig fixture guarding alias resolution (e3e5bc9)
• Allow extra args for release-it (f9c5995)
• Add @​vercel as platinum sponsor (c4c06a9)
• Overhaul & improve --trace functionailty (60df0b0)
• Re-gen plugins.md (0f9d044)

npm/node-semver (semver)

v7.8.1

Compare Source

Bug Fixes

• 17aa702 #​869 strip build metadata before comparator trimming (#​869) (@​owlstronaut)
• 5f3ca13 #​867 handle prerelease bounds in subset (#​867) (@​puneetdixit200, Puneet Dixit)

privatenumber/tsx (tsx)

v4.22.4

Compare Source

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#​803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@​4.1.7 ⏵ 4.1.8
	@​vitest/​coverage-v8@​4.1.7 ⏵ 4.1.8				+1
	tsx@​4.22.3 ⏵ 4.22.4	+1		+1
	knip@​6.14.2 ⏵ 6.15.0	+1		+1
	eslint@​10.4.0 ⏵ 10.4.1	+1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report