chore(deps): update patch npm dependencies

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@ast-grep/napi (source)	^0.39.1 -> ^0.39.5
@babel/core (source)	^7.28.0 -> ^7.28.4
@babel/generator (source)	7.28.0 -> 7.28.3
@babel/parser (source)	7.28.0 -> 7.28.4
@babel/traverse (source)	7.28.0 -> 7.28.4
@babel/types (source)	7.28.2 -> 7.28.4
@biomejs/biome (source)	^2.2.2 -> ^2.2.4
@microsoft/api-extractor (source)	7.52.9 -> 7.52.13
@napi-rs/wasm-runtime (source)	^1.0.1 -> ^1.0.5
@rsbuild/plugin-node-polyfill	^1.4.1 -> ^1.4.2
@rslib/core (source)	0.13.0 -> 0.13.2
@rslint/core	0.1.11 -> 0.1.13
@rspack/dev-server (source)	~1.1.3 -> ~1.1.4
@rspack/plugin-react-refresh	^1.5.0 -> ^1.5.1
@rspress/core (source)	2.0.0-beta.31 -> 2.0.0-beta.32
@rspress/plugin-algolia (source)	2.0.0-beta.31 -> 2.0.0-beta.32
@rspress/plugin-llms (source)	2.0.0-beta.31 -> 2.0.0-beta.32
@rspress/plugin-rss (source)	2.0.0-beta.31 -> 2.0.0-beta.32
@rspress/plugin-sitemap (source)	2.0.0-beta.31 -> 2.0.0-beta.32
@shikijs/transformers (source)	^3.12.1 -> ^3.12.2
@swc/types (source)	0.1.24 -> 0.1.25
@types/node (source)	^20.19.9 -> ^20.19.15
@types/react (source)	^19.1.8 -> ^19.1.13
@types/react-dom (source)	^19.1.6 -> ^19.1.9
@types/semver (source)	^7.7.0 -> ^7.7.1
axios (source)	^1.11.0 -> ^1.12.2
browserslist-load-config	^1.0.0 -> ^1.0.1
core-js (source)	3.45.0 -> 3.45.1
enhanced-resolve	5.18.2 -> 5.18.3
fs-extra	^11.3.0 -> ^11.3.2
html-webpack-plugin	^5.6.3 -> ^5.6.4
less (source)	4.4.0 -> 4.4.1
markdown-to-jsx (source)	^7.7.12 -> ^7.7.13
path-serializer	0.5.0 -> 0.5.1
prebundle	^1.4.1 -> ^1.4.2
react (source)	^19.1.0 -> ^19.1.1
react-dom (source)	^19.1.0 -> ^19.1.1
rsbuild-plugin-google-analytics	1.0.3 -> 1.0.4
rspress-plugin-font-open-sans	1.0.0 -> 1.0.3
tapable	2.2.2 -> 2.2.3
ts-jest (source)	29.4.0 -> 29.4.2
ts-loader	^9.5.2 -> ^9.5.4
tsx (source)	^4.20.3 -> ^4.20.5
vue (source)	^3.5.18 -> ^3.5.21

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

ast-grep/ast-grep (@​ast-grep/napi)

v0.39.5

Compare Source

• Allowing LSP clients without publish diagnostics data support to support code fixes #2209
• fix: store client cap and do not send workspace folder req #2211
• fix: comment after node should be ignored in strictness=relax #2216
• fix: apply_all_code_actions function disallow multi-line #2222
• chore(deps): update dependency oxlint to v1.13.0 4be8252
• chore(deps): update dependency @​ast-grep/napi to v0.39.4 3187d39
• chore(deps): update dependency oxlint to v1.14.0 7405f99

v0.39.4

Compare Source

16 August 2025

• Improve error messages for ast-grep test failures based on failure type #2174
• Add comprehensive GitHub Copilot development instructions #2152
• Address all code review comments: move make_rule_finder to lsp.rs, simplify logic, reduce indentation, update file watchers, remove unused deps 8ef8ed6
• Decouple rule finding logic from LSP crate as requested 531aac3
• Complete LSP rule reloading implementation with tests 683f20e

v0.39.3

Compare Source

5 August 2025

• add some tests for hcl 756499e
• add tree-sitter-hcl to ast-grep-language package deps 26b638a
• fix(deps): update rust crate clap to v4.5.42 4d047eb

v0.39.2

Compare Source

27 July 2025

• fix(deps): update rust crate tokio to v1.47.0 #2124
• fix: ignore comments in relax/signature/template strictness #2122
• fix: prefer using env to determine bgcolor #2114
• fix: update rules c5fd340
• chore(deps): update dependency @​napi-rs/cli to v3.0.4 b07e5bd
• fix: temporarily remove tweaking d2fedd2

babel/babel (@​babel/core)

v7.28.4

Compare Source

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #​17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #​17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #​17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.3

Compare Source

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #​17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #​17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #​17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #​17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #​17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #​17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #​17444 Optimize do expression output (@​JLHwung)

babel/babel (@​babel/parser)

v7.28.4

Compare Source

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #​17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #​17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #​17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Committers: 5

• Babel Bot (@​babel-bot)
• Bill Collins (@​mrginglymus)
• Glenn Willen (@​gwillen)
• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.28.3

Compare Source

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #​17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #​17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #​17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #​17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #​17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #​17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #​17444 Optimize do expression output (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jam Balaya (@​JamBalaya56562)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• easrng (@​easrng)

biomejs/biome (@​biomejs/biome)

v2.2.4

Compare Source

Patch Changes

• #​7453 aa8cea3 Thanks @​arendjr! - Fixed #​7242: Aliases specified in
  package.json's imports section now support having multiple targets as part of an array.

• #​7454 ac17183 Thanks @​arendjr! - Greatly improved performance of
  noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #​7447 7139aad Thanks @​rriski! - Fixes #​7446. The GritQL
  $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #​6710 98cf9af Thanks @​arendjr! - Fixed #​4723: Type inference now recognises
  index signatures and their accesses when they are being indexed as a string.

Example

type BagOfPromises = {
  // This is an index signature definition. It declares that instances of type
  // `BagOfPromises` can be indexed using arbitrary strings.
  [property: string]: Promise<void>;
};

let bag: BagOfPromises = {};
// Because `bag.iAmAPromise` is equivalent to `bag["iAmAPromise"]`, this is
// considered an access to the string index, and a Promise is expected.
bag.iAmAPromise;

• #​7415 d042f18 Thanks @​qraqras! - Fixed #​7212, now the useOptionalChain rule recognizes optional chaining using
  typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #​7419 576baf4 Thanks @​Conaclos! - Fixed #​7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript
  private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

  class TsBioo {
    private member: number;
  
    set_with_name(name: string, value: number) {
      this[name] = value;
    }
  }

• 351bccd Thanks @​ematipico! - Added the new nursery lint rule
  noJsxLiterals, which disallows the use of string literals inside JSX.

  The rule catches these cases:

  <>
    <div>test</div> {/* test is invalid */}
    <>test</>
    <div>
      {/* this string is invalid */}
      asdjfl test foo
    </div>
  </>

• #​7406 b906112 Thanks @​mdevils! - Fixed an issue (#​6393) where the useHookAtTopLevel rule reported excessive diagnostics for nested hook calls.

  The rule now reports only the offending top-level call site, not sub-hooks of composite hooks.

  // Before: reported twice (useFoo and useBar).
  function useFoo() {
    return useBar();
  }
  function Component() {
    if (cond) useFoo();
  }
  // After: reported once at the call to useFoo().

• #​7461 ea585a9 Thanks @​arendjr! - Improved performance of
  noPrivateImports by eliminating allocations.

  In one repository, the total runtime of Biome with only noPrivateImports enabled went from ~3.2s down to ~1.4s.

• 351bccd Thanks @​ematipico! - Fixed #​7411. The Biome Language Server had a regression where opening an editor with a file already open wouldn't load the project settings correctly.

• #​7142 53ff5ae Thanks @​Netail! - Added the new nursery rule noDuplicateDependencies, which verifies that no dependencies are duplicated between the
  bundledDependencies, bundleDependencies, dependencies, devDependencies, overrides,
  optionalDependencies, and peerDependencies sections.

  For example, the following snippets will trigger the rule:

  {
    "dependencies": {
      "foo": ""
    },
    "devDependencies": {
      "foo": ""
    }
  }

  {
    "dependencies": {
      "foo": ""
    },
    "optionalDependencies": {
      "foo": ""
    }
  }

  {
    "dependencies": {
      "foo": ""
    },
    "peerDependencies": {
      "foo": ""
    }
  }

• 351bccd Thanks @​ematipico! - Fixed #​3824. Now the option CLI
  --color is correctly applied to logging too.

v2.2.3

Compare Source

Patch Changes

• #​7353 4d2b719 Thanks @​JeetuSuthar! - Fixed #​7340: The linter now allows the navigation property for view-transition in CSS.

  Previously, the linter incorrectly flagged navigation: auto as an unknown property. This fix adds navigation to the list of known CSS properties, following the CSS View Transitions spec.

• #​7275 560de1b Thanks @​arendjr! - Fixed #​7268: Files that are explicitly passed as CLI arguments are now correctly ignored if they reside in an ignored folder.

• #​7358 [963a246]

---

Configuration

📅 Schedule: Branch creation - "before 8am on wednesday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for rspack canceled.

Name	Link
🔨 Latest commit	b83cac7
🔍 Latest deploy log	https://app.netlify.com/projects/rspack/deploys/68c915227112480008fe8cd2

[github-actions]

📦 Binary Size-limit

Comparing b83cac7 to chore(refactor): inline base64 utilities into rspack_util (#11668) by hardfist

🙈 Size remains the same at 47.45MB

[codspeed-hq]

CodSpeed Performance Report

Merging #11297 will not alter performance

_{Comparing renovate/patch-npm-dependencies (b83cac7) with main (5df4d8d)¹}

Summary

✅ 17 untouched

Footnotes

1. No successful run was found on main (7b68a8b) during the generation of this report, so 5df4d8d was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.