fix(deps): update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@angular/animations (source)	^20.3.12 -> ^20.3.15
@angular/build	^20.3.10 -> ^20.3.13
@angular/cli	^20.3.10 -> ^20.3.13
@angular/common (source)	^20.3.12 -> ^20.3.15
@angular/compiler (source)	^20.3.12 -> ^20.3.15
@angular/compiler-cli (source)	^20.3.12 -> ^20.3.15
@angular/core (source)	^20.3.12 -> ^20.3.15
@angular/forms (source)	^20.3.12 -> ^20.3.15
@angular/platform-browser (source)	^20.3.12 -> ^20.3.15
@angular/platform-browser-dynamic (source)	^20.3.12 -> ^20.3.15
@angular/router (source)	^20.3.12 -> ^20.3.15
@astrojs/check (source)	^0.9.5 -> ^0.9.6
@sveltejs/kit (source)	^2.48.5 -> ^2.49.2
@types/node (source)	^24.10.1 -> ^24.10.4
@types/react (source)	^19.2.5 -> ^19.2.7
@vitejs/plugin-react (source)	^5.1.1 -> ^5.1.2
@vitejs/plugin-vue (source)	^6.0.1 -> ^6.0.3
next (source)	15.5.6 -> 15.5.9
nuxt (source)	^3.20.1 -> ^3.20.2
preact (source)	^10.27.2 -> ^10.28.1
prettier (source)	^3.6.2 -> ^3.7.4
react (source)	^19.2.0 -> ^19.2.3
react (source)	19.2.0 -> 19.2.3
react-dom (source)	^19.2.0 -> ^19.2.3
react-dom (source)	19.2.0 -> 19.2.3
svelte (source)	^5.43.7 -> ^5.46.1
svelte-check	^4.3.4 -> ^4.3.5
vite (source)	^7.2.2 -> ^7.3.0
vue (source)	^3.5.24 -> ^3.5.26
vue-router (source)	^4.6.3 -> ^4.6.4
vue-tsc (source)	^3.1.4 -> ^3.2.1
yarn (source)	4.11.0 -> 4.12.0
zone.js (source, changelog)	~0.15.1 -> ~0.16.0

---

Release Notes

angular/angular (@​angular/animations)

v20.3.15

Compare Source

compiler

Commit	Type	Description
d1ca8ae043	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

v20.3.14

Compare Source

http

Commit	Type	Description
0276479e7d	fix	prevent XSRF token leakage to protocol-relative URLs

v20.3.13

Compare Source

angular/angular-cli (@​angular/build)

v20.3.13

Compare Source

@​angular/cli

Commit	Type	Description
cfbb61602	fix	update @modelcontextprotocol/sdk to v1.24.0

v20.3.12

Compare Source

@​angular/build

Commit	Type	Description
25bb7e65c	fix	ensure correct URL joining for prerender routes

@​angular/ssr

Commit	Type	Description
cceb86296	fix	handle X-Forwarded-Prefix and APP_BASE_HREF in redirects
1abe68ad8	fix	prevent redirect loop with encoded query parameters

v20.3.11

Compare Source

@​angular/build

Commit	Type	Description
8053f2d92	fix	ensure ɵgetOrCreateAngularServerApp is always defined after errors

withastro/astro (@​astrojs/check)

v0.9.6

Patch Changes

• #​14740 abfed97 Thanks @​ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

• Updated dependencies [abfed97]:

  • @​astrojs/language-server@​2.16.1

sveltejs/kit (@​sveltejs/kit)

v2.49.2

Compare Source

Patch Changes

• fix: Stop re-loading already-loaded CSS during server-side route resolution (#​15014)

• fix: posixify the instrumentation file import on Windows (#​14993)

• fix: Correctly handle shared memory when decoding binary form data (#​15028)

v2.49.1

Compare Source

Patch Changes

• fix: suppress state_referenced_locally warnings in .svelte-kit/generated/root.svelte (#​15013)

• fix: TypeError when doing response.clone() in page load (#​15005)

v2.49.0

Compare Source

Minor Changes

• feat: stream file uploads inside form remote functions allowing form data to be accessed before large files finish uploading (#​14775)

v2.48.8

Compare Source

Patch Changes

• breaking: invalid now must be imported from @sveltejs/kit (#​14768)

• breaking: remove submitter option from experimental form validate() method, always provide default submitter (#​14762)

v2.48.7

Compare Source

Patch Changes

• fix: allow multiple server-timing headers (#​14700)

• fix: allow access to root-level issues in schema-less forms (#​14893)

• fix: allow hosting hash-based apps from non-index.html files (#​14825)

v2.48.6

Compare Source

Patch Changes

• fix: clear issues upon passing validation (#​14683)

• fix: don't use fork of unrelated route (#​14947)

• fix: prevent type errors when optional @opentelemetry/api dependency isn't installed (#​14949)

• fix: preserve this when invoking standard validator (#​14943)

• fix: treat client/universal hooks as entrypoints for illegal server import detection (#​14876)

• fix: correct query .set and .refresh behavior in commands (#​14877)

• fix: improved the accuracy of the types of the output of field.as('...') (#​14908)

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v5.1.2

Compare Source

vitejs/vite-plugin-vue (@​vitejs/plugin-vue)

v6.0.3

Features

• add Vite 8 support (2080d41)

Bug Fixes

• deps: update all non-major dependencies (#​707) (799f419)
• hmr: reload when components switch between vapor and vdom (#​714) (6c45fe5)

Performance Improvements

• replace debug with obug (#​705) (684ac30)

Miscellaneous Chores

• deps: update upstream (#​706) (d910114)
• upgrade deps, setup tsgo (037e540)

v6.0.2

Bug Fixes

• deps: update all non-major dependencies (#​643) (b702c1f)
• deps: update all non-major dependencies (#​653) (c6bd324)
• deps: update all non-major dependencies (#​663) (dbcd1d0)
• deps: update all non-major dependencies (#​665) (428dde0)
• deps: update all non-major dependencies (#​671) (59e0a51)
• deps: update all non-major dependencies (#​679) (f226dab)
• deps: update all non-major dependencies (#​685) (d990206)
• deps: update all non-major dependencies (#​688) (46edd7e)
• deps: update all non-major dependencies (#​692) (13accf3)
• deps: update all non-major dependencies (#​694) (9c77f01)
• deps: update all non-major dependencies (#​704) (ecb581a)
• fix hmr of dynamically loaded vue sfc modules in apps with tailwind (#​702) (0a883f7)

Miscellaneous Chores

• deps: update dependency rollup to ^4.52.3 (#​674) (dd91393)
• deps: update dependency rollup to ^4.52.5 (#​684) (a291b66)
• deps: update dependency rollup to ^4.53.1 (#​695) (0b238ea)
• deps: update dependency rollup to ^4.53.2 (#​703) (847808f)
• deps: update upstream (#​638) (f7cef18)
• deps: update upstream (#​642) (be57955)
• deps: update upstream (#​652) (3030263)
• deps: update upstream (#​666) (e6ece54)
• deps: update upstream (#​670) (5d3313f)
• deps: update upstream (#​678) (3f0593f)

vercel/next.js (next)

v15.5.9

Compare Source

v15.5.8

Compare Source

v15.5.7

Compare Source

nuxt/nuxt (nuxt)

v3.20.2

Compare Source

3.20.2 is the next patch release.

✅ Upgrading

Our recommendation for upgrading is to run:

npx nuxt upgrade --dedupe --channel=v3

This will deduplicate your lockfile as well, and help ensure that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

[!NOTE]
This will only work if you already have a version of @nuxt/cli which has the --channel flag. If this does not work, you can instead run npx nuxi@latest for the initial upgrade.

👉 Changelog

compare changes

🩹 Fixes

• nitro: Do not show pretty error handler when testing (cc75ce409)
• nuxt: Generate valid references for component declaration items (#​33388)
• nuxt: Sync internal route before calling page:finish hook (#​33707)
• nitro: Ensure html is a string before injecting error handler (6f51a25e9)
• nitro: Include layer server directories in tsconfig.server.json (#​33510)
• nuxt: Ensure deduped async data executions return latest promise (#​33740)
• kit,nuxt: Type + respect moduleDependencies by meta name (#​33774)
• nuxt,schema: Ignore .d.vue.ts declarations (9a6a770ab)
• kit,nuxt: Protect against resolved nuxt module subpath (#​33767)
• nuxt: Re-execute callOnce during HMR (#​33810)
• nuxt: Resolve watch callback after reactive key change in useAsyncData (#​33802)
• nuxt: Escape HTML in development error page stack trace (#​33820)
• kit: Do not add resolved rootDir to cached layer config (#​33779)
• kit,schema: Add moduleDependencies -> installModule (#​33689)

💅 Refactors

• nuxt: Improve type safety within callOnce function (#​33825)

📖 Documentation

• Split directory structure and re-order guides (v3) (#​33690)
• Fix link (016ef66e3)
• Add hints release (#​33701)
• Fix link to vitest globals config (#​33702)
• Fix 404 link (5543b7cf7)
• Text consistency (#​33709)
• Type error as non-optional prop (#​33763)

🏡 Chore

• Update pnpm to 10.21 and enable trust policy (1cb55efc0)
• Revert pnpm trust policy and restore provenance action (103ae1351)
• Update markdownlint config to ignore mdc issues (d4933e26e)
• Pin to single version of unstorage (619956e7f)

✅ Tests

• Add patchProp and nodeOps to excluded Vue helpers (#​33754)
• Use fake timers for watch params test (58607fbea)
• Update test for v3 defaults (daa002638)

🤖 CI

• Add --pnpm flag to correctly publish prerelease (#​33688)
• Update action lint config (#​33710)

❤️ Contributors

• Daniel Roe (@​danielroe)
• Alexander Lichter (@​TheAlexLichter)
• Florian Heuberger (@​Flo0806)
• Konstantin Telyakov (@​kTelyakov)
• abeer0 (@​iiio2)
• Julien Huang (@​huang-julien)
• Robin (@​OrbisK)
• Dheeraj Joshi (@​dheeraj3587)
• Edwin Samodra (@​edwinsamodra)
• edison (@​edison1105)
• 山吹色御守 (@​KazariEX)
• Sébastien Chopin (@​atinux)
• pierreoa (@​pierreoa)
• Maxime Pauvert (@​maximepvrt)

preactjs/preact (preact)

v10.28.1

Compare Source

Fixes

• Fix erroneous diffing w/ growing list (#​4975, thanks @​JoviDeCroock)

v10.28.0

Compare Source

Types

• Updates dangerouslySetInnerHTML type so future TS will accept Trusted… (#​4931, thanks @​lukewarlow)
• Adds snap events (#​4947, thanks @​argyleink)
• Remove missed jsx duplicates (#​4950, thanks @​rschristian)
• Fix scroll events (#​4949, thanks @​rschristian)

Fixes

• Fix cascading renders with signals (#​4966, thanks @​JoviDeCroock)
• add commpat/server.browser entry (#​4941 & #​4940, thanks @​marvinhagemeister)
• Avoid lazy components without result going in throw loop (#​4937, thanks @​JoviDeCroock)

Performance

• Backport some v11 optimizations (#​4967, thanks @​JoviDeCroock)

prettier/prettier (prettier)

v3.7.4

Compare Source

diff

LWC: Avoid quote around interpolations (#​18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>

<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>

<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#​18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;

// Prettier 3.7.3
type Foo = /** comment */ (/** comment */ a | b) | c;

// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#​18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);

// Prettier 3.7.3 (first format)
type X = (A | B) &
  (// comment
  A | B);

// Prettier 3.7.3 (second format)
type X = (
  | A
  | B // comment
) &
  (A | B);

// Prettier 3.7.4
type X = (A | B) &
  // comment
  (A | B);

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

facebook/react (react)

v19.2.3: 19.2.3 (December 11th, 2025)

Compare Source

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #​35351)

v19.2.2: 19.2.2 (December 11th, 2025)

Compare Source

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon #​35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #​35289)

v19.2.1: 19.2.1 (December 3rd, 2025)

Compare Source

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #​35277)

sveltejs/svelte (svelte)

v5.46.1

Compare Source

Patch Changes

• fix: type currentTarget in on function (#​17370)

• fix: skip static optimisation for stateless deriveds after await (#​17389)

• fix: prevent infinite loop when HMRing a component with an await (#​17380)

v5.46.0

Compare Source

Minor Changes

• feat: Add csp option to render(...), and emit hashes when using hydratable (#​17338)

v5.45.10

Compare Source

Patch Changes

• fix: race condition when importing AsyncLocalStorage (#​17350)

v5.45.9

Compare Source

Patch Changes

• fix: correctly reschedule deferred effects when reviving a batch after async work (#​17332)

• fix: correctly print !doctype during print (#​17341)

v5.45.8

Compare Source

Patch Changes

• fix: set AST root.start to 0 and root.end to template.length (#​17125)

• fix: prevent erroneous state_referenced_locally warnings on prop fallbacks (#​17329)

v5.45.7

Compare Source

Patch Changes

• fix: Add <textarea wrap="off"> as a valid attribute value (#​17326)

• fix: add more css selectors to print() (#​17330)

• fix: don't crash on hydratable serialization failure (#​17315)

v5.45.6

Compare Source

Patch Changes

• fix: don't issue a11y warning for <video> without captions if it has no src (#​17311)

• fix: add srcObject to permitted <audio>/<video> attributes (#​17310)

v5.45.5

Compare Source

Patch Changes

• fix: correctly reconcile each blocks after outroing branches are resumed (#​17258)

• fix: destroy each items after siblings are resumed (#​17258)

v5.45.4

Compare Source

Patch Changes

• chore: move DOM-related effect properties to effect.nodes (#​17293)

• fix: allow $props.id() to occur after an await (#​17285)

• fix: keep reactions up to date even when read outside of effect (#​17295)

v5.45.3

Compare Source

Patch Changes

• add props to state_referenced_locally (#​17266)

• fix: preserve node locations for better sourcemaps (#​17269)

• fix: handle cross-realm Promises in hydratable (#​17284)

v5.45.2

Compare Source

Patch Changes

• fix: array destructuring after await (#​17254)

• fix: throw on invalid {@​tag}s (#​17256)

v5.45.1

Compare Source

Patch Changes

• fix: link offscreen items and last effect in each block correctly (#​17240)

v5.45.0

Compare Source

Minor Changes

• feat: add print(...) function (#​16188)

v5.44.1

Compare Source

Patch Changes

• fix: await blockers before initialising const (#​17226)

• fix: link offscreen items and last effect in each block correctly (#​17244)

• fix: generate correct code for simple destructurings (#​17237)

• fix: ensure each block animations don't mess with transitions (#​17238)

v5.44.0

Compare Source

Minor Changes

• feat: hydratable API (#​17154)

v5.43.15

Compare Source

Patch Changes

• fix: don't execute attachments and attribute effects eagerly (#​17208)

• chore: lift "flushSync cannot be called in effects" restriction (#​17139)

• fix: store forked derived values (#​17212)

v5.43.14

Compare Source

Patch Changes

• fix: correctly migrate named self closing slots (#​17199)

• fix: error at compile time instead of at runtime on await expressions inside bindings/transitions/animations/attachments (#​17198)

• fix: take async blockers into account for bindings/transitions/animations/attachments (#​17198)

v5.43.13

Compare Source

Patch Changes

• fix: don't set derived values during time traveling (#​17200)

v5.43.12

Compare Source

Patch Changes

• fix: maintain correct linked list of effects when updating each blocks (#​17191)

v5.43.11

Compare Source

Patch Changes

• perf: don't use tracing overeager during dev (#​17183)

• fix: don't cancel transition of already outroing elements (#​17186)

v5.43.10

Compare Source

Patch Changes

• fix: avoid other batches running with queued root effects of main ba

---

Configuration

📅 Schedule: Branch creation - "before 12pm on Sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.