chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@iconify/json (source)	2.2.481 → 2.2.482
@supabase/supabase-js (source)	2.106.2 → 2.107.0
@typescript-eslint/parser (source)	8.60.0 → 8.60.1
@vitest/coverage-v8 (source)	4.1.7 → 4.1.8
astro (source)	6.4.2 → 6.4.3
pnpm (source)	11.5.0 → 11.5.1
supabase (source)	2.102.0 → 2.104.0
typescript-eslint (source)	8.60.0 → 8.60.1
vitest (source)	4.1.7 → 4.1.8

---

Release Notes

iconify/icon-sets (@​iconify/json)

v2.2.482

Compare Source

supabase/supabase-js (@​supabase/supabase-js)

v2.107.0

Compare Source

🚀 Features

• auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#​2392)
• supabase: update X-Client-Info to structured metadata format (#​2359)
• realtime: allow httpSend to send binary payload (#​2400)

❤️ Thank You

• Claude Sonnet 4.6
• Eduardo Gurgel
• Guilherme Souza
• Katerina Skroumpelou @​mandarini
• Omar Al Matar @​Bewinxed

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.60.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.8

Compare Source

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in #​10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in #​10474 (675b4)

    View changes on GitHub

withastro/astro (astro)

v6.4.3

Compare Source

Patch Changes

• #​16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

• #​16016 0d85e1b Thanks @​felmonon! - Fix a false positive in the dev toolbar accessibility audit for anchors with text inside closed <details> elements.

• #​16911 79c6c46 Thanks @​astrobot-houston! - Fixes a bug where experimental.advancedRouting with astro/hono handlers threw TypeError: Cannot read properties of undefined (reading 'route') for unmatched routes instead of rendering the custom 404 page.

• #​16899 239c469 Thanks @​matthewp! - Fixes a false "does not call the middleware() handler" warning when using astro() in a custom src/app.ts and the first request is a redirect route.

• #​16887 493acdb Thanks @​astrobot-houston! - Fixes redirectToDefaultLocale not working after the Advanced Routing refactoring.

• #​16908 ef53ab9 Thanks @​florian-lefebvre! - Improves optimized fallbacks generation when using the Fonts API by using better metrics for bold variants

pnpm/pnpm (pnpm)

v11.5.1

Compare Source

Patch Changes

• Improve pnpm audit performance by pruning non-vulnerable lockfile subtrees and stopping path enumeration once vulnerable findings reach the path cap.
• Avoid crashing when the workspace state cache is partially written or malformed.
• Set npm_config_user_agent for root lifecycle scripts during headless installs.
• Preserve the integrity field of a remote (non-registry) tarball dependency when its lockfile entry is rebuilt. Re-resolving such a dependency without re-fetching it (for example via pnpm update, or when another dependency changes) produced a resolution with no integrity — URL/tarball resolvers only learn the integrity after the tarball is downloaded — so the previously recorded integrity was dropped, making later installs fail with ERR_PNPM_MISSING_TARBALL_INTEGRITY #​12067.
• Normalize a string repository field into the { type, url } object form when creating the publish manifest, matching npm's behavior. Some registries (e.g. Gitea/Codeberg) reject a string repository with a 500 Internal Server Error during pnpm publish #​12099.
• Preserve compatible optional peer versions already present in the lockfile when resolving dependencies.
• Fixed inconsistent resolution of a peer dependency that is shared through a diamond. When a package peer-depends on both another package and one of that package's own peer dependencies (for example @typescript-eslint/eslint-plugin peer-depends on both @typescript-eslint/parser and typescript, and @typescript-eslint/parser peer-depends on typescript), pnpm no longer reuses a hoisted instance of the shared peer that was resolved against a different version #​12079.

supabase/cli (supabase)

v2.104.0

Compare Source

Bug Fixes

• cli: route TS telemetry to production PostHog (#​5411) (935e578)
• cli: schema-decode telemetry config (#​5412) (88be432)
• cli: status gating (#​5335) (1d1e719)
• cli: suppress spinner on stdout for legacy -o machine formats (#​5410) (856339a), closes #​5397
• cli: telemetry json parse crash (#​5405) (50908ba)
• deps: bump the go_modules group across 1 directory with 9 updates (#​5398) (8603361)

Features

• cli: port encryption commands to native TypeScript (#​5409) (6410a03)
• cli: port postgres config (#​5404) (94882bc)

v2.103.0

Compare Source

Bug Fixes

• auth: propagate passkey config to env (#​5401) (7a12639)
• cli: decode Go keyring tokens (#​5406) (8768e0e)
• cli: drop redundant identify from identity stitch (#​5396) (34c3ce9)
• docker: bump supabase/postgres from 17.6.1.131 to 17.6.1.132 in /apps/cli-go/pkg/config/templates (#​5402) (2dfacb9)
• docker: bump supabase/realtime from v2.101.0 to v2.102.1 in /apps/cli-go/pkg/config/templates in the docker-minor group (#​5399) (dfc9d1e)
• docker: bump the docker-minor group across 1 directory with 2 updates (#​5385) (e4649dd)

Features

• cli: migrate network bans (#​5382) (0684ae6)
• cli: migrate vanity-subdomains (#​5394) (f6f2a47)
• cli: port domains commands to native TypeScript (#​5391) (2a8a087)
• cli: port projects commands to native TypeScript (#​5392) (cbf20cc)
• cli: port snippets commands to native TypeScript (#​5381) (5072003)
• cli: replace legacy hidden flags (#​5403) (d401de5)

typescript-eslint/typescript-eslint (typescript-eslint)

v8.60.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 242ee90

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (25a21d6) to head (242ee90).

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #619   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines            2         2           
=========================================
  Hits             2         2           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.