chore(deps): update npm packages

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@tailwindcss/vite (source)	4.1.17 → 4.2.0
@testing-library/react	16.3.0 → 16.3.2
@types/react (source)	19.2.7 → 19.2.14
lucide-react (source)	^0.562.0 → ^0.575.0
playwright (source)	1.57.0 → 1.58.2
pnpm (source)	10.26.0 → 10.30.0
react (source)	19.2.0 → 19.2.4
react-dom (source)	19.2.0 → 19.2.4
react-router-dom (source)	7.9.6 → 7.13.0
recharts	3.5.0 → 3.7.0
semver	7.7.3 → 7.7.4
tailwindcss (source)	4.1.17 → 4.2.0
vite-plus	0.0.0-ffb4d08a8edafe855c59736c0a38ee85a2373ebb → 0.0.1

---

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.2.0

Compare Source

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#​19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#​19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#​19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#​19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#​19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#​19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#​19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#​19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#​19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#​19613)
• Add font-features-* utility for font-feature-settings (#​19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#​19450)
• Allow whitespace around @source inline() argument (#​19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#​19447)
• Detect utilities containing capital letters followed by numbers (#​19465)
• Fix class extraction for Rails' strict locals (#​19525)
• Align @utility name validation with Oxide scanner rules (#​19524)
• Fix infinite loop when using @variant inside @custom-variant (#​19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#​19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#​19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#​19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#​19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#​19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#​19675)
• Add .jj to default ignored content directories (#​19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#​19613)

v4.1.18

Compare Source

Fixed

• Ensure validation of source(…) happens relative to the file it is in (#​19274)
• Include filename and line numbers in CSS parse errors (#​19282)
• Skip comments in Ruby files when checking for class names (#​19243)
• Skip over arbitrary property utilities with a top-level ! in the value (#​19243)
• Support environment API in @tailwindcss/vite (#​18970)
• Preserve case of theme keys from JS configs and plugins (#​19337)
• Write source maps correctly on the CLI when using --watch (#​19373)
• Handle special defaults (like ringColor.DEFAULT) in JS configs (#​19348)
• Improve backwards compatibility for content theme key from JS configs (#​19381)
• Upgrade: Handle future and experimental config keys (#​19344)
• Try to canonicalize any arbitrary utility to a bare value (#​19379)
• Validate candidates similarly to Oxide (#​19397)
• Canonicalization: combine text-* and leading-* classes (#​19396)
• Correctly handle duplicate CLI arguments (#​19416)
• Don’t emit color-mix fallback rules inside @keyframes (#​19419)
• CLI: Don't hang when output is /dev/stdout (#​19421)

testing-library/react-testing-library (@​testing-library/react)

v16.3.2

Compare Source

v16.3.1

Compare Source

lucide-icons/lucide (lucide-react)

v0.575.0: Version 0.575.0

Compare Source

What's Changed

• feat(icons): added message-square-check icon by @​karsa-mistmere in #​4076
• fix(lucide): Fix ESM Module output path in build by @​ericfennis in #​4084
• feat(icons): added metronome icon by @​edwloef in #​4063
• fix(icons): remove execution permission of SVG files by @​duckafire in #​4053
• fix(icons): changed file-pen-line icon by @​jguddas in #​3970
• feat(icons): added square-arrow-right-exit and square-arrow-right-enter icons by @​EthanHazel in #​3958
• fix(icons): renamed flip-* to square-centerline-dashed-* by @​jguddas in #​3945

New Contributors

• @​edwloef made their first contribution in #​4063
• @​duckafire made their first contribution in #​4053

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

v0.574.0: Version 0.574.0

Compare Source

What's Changed

• fix(icons): changed rocking-chair icon by @​jamiemlaw in #​3445
• fix(icons): flipped coins icon by @​jguddas in #​3158
• feat(icons): added x-line-top icon by @​jguddas in #​2838
• feat(icons): added mouse-left icon by @​marvfash in #​2788
• feat(icons): added mouse-right icon by @​marvfash in #​2787

New Contributors

• @​marvfash made their first contribution in #​2788

Full Changelog: lucide-icons/lucide@0.572.0...0.574.0

v0.573.0: Version 0.573.0

Compare Source

What's Changed

• fix(icons): changed rocking-chair icon by @​jamiemlaw in #​3445
• fix(icons): flipped coins icon by @​jguddas in #​3158
• feat(icons): added x-line-top icon by @​jguddas in #​2838
• feat(icons): added mouse-left icon by @​marvfash in #​2788
• feat(icons): added mouse-right icon by @​marvfash in #​2787

New Contributors

• @​marvfash made their first contribution in #​2788

Full Changelog: lucide-icons/lucide@0.572.0...0.573.0

v0.572.0: Version 0.572.0

Compare Source

What's Changed

• feat(icons): added message-circle-check icon by @​Shrinks99 in #​3770

New Contributors

• @​Shrinks99 made their first contribution in #​3770

Full Changelog: lucide-icons/lucide@0.571.0...0.572.0

v0.571.0: Version 0.571.0

Compare Source

What's Changed

• fix(icons): rearange circle-icons path and circle order by @​adamlindqvist in #​3746
• feat(icons): added shelving-unit icon by @​karsa-mistmere in #​3041

New Contributors

• @​adamlindqvist made their first contribution in #​3746

Full Changelog: lucide-icons/lucide@0.570.0...0.571.0

v0.570.0: Version 0.570.0

Compare Source

What's Changed

• feat(icons): added towel-rack icon by @​jguddas in #​3350

Full Changelog: lucide-icons/lucide@0.569.0...0.570.0

v0.569.0: Version 0.569.0

Compare Source

What's Changed

• fix(icons): changed clipboard-pen icon by @​Spleefies in #​4006
• feat(icons): add mirror-round and mirror-rectangular by @​Muhammad-Aqib-Bashir in #​3832

Full Changelog: lucide-icons/lucide@0.568.0...0.569.0

v0.568.0: Version 0.568.0

Compare Source

What's Changed

• fix(icons): adjusted clapperboard so slash is no longer protruding by @​torfmuer in #​3764
• feat(icons): Add git-merge-conflict icon by @​timmy471 in #​3008

New Contributors

• @​torfmuer made their first contribution in #​3764
• @​timmy471 made their first contribution in #​3008

Full Changelog: lucide-icons/lucide@0.567.0...0.568.0

v0.567.0: Version 0.567.0

Compare Source

What's Changed

• chore(tags): added tags to info by @​jamiemlaw in #​4047
• fix(icons): changed gift icon by @​jguddas in #​3977
• feat(icons): added line-dot-right-horizontal icon by @​nathan-de-pachtere in #​3742

Full Changelog: lucide-icons/lucide@0.566.0...0.567.0

v0.566.0: Version 0.566.0

Compare Source

What's Changed

• fix(icons): changed forklift icon by @​jguddas in #​4069
• fix(icons): changed rocket icon by @​jguddas in #​4067
• feat(icons): added globe-off icon by @​TimNekk in #​4051

New Contributors

• @​TimNekk made their first contribution in #​4051

Full Changelog: lucide-icons/lucide@0.565.0...0.566.0

v0.565.0: Version 0.565.0

Compare Source

What's Changed

• feat(icons): add lens-concave and lens-convex by @​Muhammad-Aqib-Bashir in #​3831

Full Changelog: lucide-icons/lucide@0.564.0...0.565.0

v0.564.0: Version 0.564.0

Compare Source

What's Changed

• chore(docs): Improve SEO icon detail pages by @​ericfennis in #​4040
• feat(icons): added database-search icon by @​Spleefies in #​4003
• fix(icons): changed user-lock icon by @​jguddas in #​3971
• fix(icons): changed bug-off icon by @​jguddas in #​3972
• fix(icons): changed bell-dot icon by @​jguddas in #​3973
• fix(icons): changed bandage icon by @​jguddas in #​3967
• fix(icons): changed hard-drive icon by @​jguddas in #​3622
• fix(icons): changed git-branch icon by @​jguddas in #​3938
• fix(icons): changed file-cog icon by @​jguddas in #​3965
• fix(icons): changed cloud-alert and cloud-check icon by @​jguddas in #​3976
• feat(icons): adds user-key and user-round-key, updates other -key icons to match by @​karsa-mistmere in #​4044

New Contributors

• @​Spleefies made their first contribution in #​4003

Full Changelog: lucide-icons/lucide@0.563.1...0.564.0

v0.563.0: Version 0.563.0

Compare Source

What's Changed

• chore(dev): Enable ligatures in font build configuration by @​dcxo in #​3876
• chore(repo): add Android to brand stopwords by @​karsa-mistmere in #​3895
• fix(site): add missing titles and a title template by @​taimar in #​3920
• fix(site): unify and improve the styling of input fields by @​taimar in #​3919
• fix(icons): changed star-off icon by @​jguddas in #​3952
• fix(icons): changed tickets-plane icon by @​jguddas in #​3928
• fix(icons): changed monitor-off icon by @​jguddas in #​3962
• fix(icons): changed lasso icon by @​jguddas in #​3961
• fix(icons): changed cloud-off icon by @​jguddas in #​3942
• docs(site): added lucide-web-components third-party package by @​midesweb in #​3948
• chore(deps-dev): bump preact from 10.27.2 to 10.27.3 by @​dependabot[bot] in #​3955
• feat(icon): add globe-x icon with metadata by @​Muhammad-Aqib-Bashir in #​3827
• fix(icons): changed waypoints icon by @​karsa-mistmere in #​3990
• fix(icons): changed bookmark icon by @​jguddas in #​2906
• fix(icons): changed message-square-dashed icon by @​jguddas in #​3959
• fix(icons): changed cloudy icon by @​jguddas in #​3966
• fix(github-actions): resolved spelling mistake in gh issue close command by @​jguddas in #​4000
• Update LICENSE by @​alxgraphy in #​4009
• feat(packages): Added aria-hidden fallback for decorative icons to all packages by @​ericfennis in #​3604
• chore(deps): bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in #​4020
• chore(deps): bump lodash-es from 4.17.21 to 4.17.23 by @​dependabot[bot] in #​4019
• Suggest anchoring to a specific lucide version when using a cdn by @​drago1520 in #​3727
• feat(docs): upgraded backers block by @​karsa-mistmere in #​4014
• fix(site): hide native search input clear "X" icon by @​epifaniofrancisco in #​3933
• feat(icons): added printer-x icon by @​lt25106 in #​3941

New Contributors

• @​dcxo made their first contribution in #​3876
• @​midesweb made their first contribution in #​3948
• @​alxgraphy made their first contribution in #​4009
• @​drago1520 made their first contribution in #​3727
• @​lt25106 made their first contribution in #​3941

Full Changelog: lucide-icons/lucide@0.562.0...0.563.0

microsoft/playwright (playwright)

v1.58.2

Compare Source

v1.58.1

Compare Source

Highlights

#​39036 fix(msedge): fix local network permissions
#​39037 chore: update cft download location
#​38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

v1.58.0

Compare Source

pnpm/pnpm (pnpm)

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

v10.28.1

Compare Source

v10.28.0

Compare Source

v10.27.0

Compare Source

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

• Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

• Fix installation of Git dependencies using annotated tags #​10335.

  Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

• Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

• Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes

• Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
• Always resolve git references to full commits and ensure HEAD p

---

Configuration

📅 Schedule: Branch creation - "before 10am on monday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.