build(deps): bump the minor-and-patch group with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates:

Package	From	To
oxlint	1.65.0	1.66.0
@funstack/router	1.1.0	1.1.1
@shikijs/rehype	4.0.2	4.1.0
shiki	4.0.2	4.1.0
@types/react	19.2.14	19.2.15
wrangler	4.92.0	4.94.0
srvx	0.11.15	0.11.16
vitest	4.1.6	4.1.7
@types/node	25.8.0	25.9.1
vite	8.0.13	8.0.14

Updates oxlint from 1.65.0 to 1.66.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.66.0] - 2026-05-18

🚀 Features

• 0440b0f linter/eslint: Implement id-match rule (#22379) (Vladislav Sayapin)
• 65bf119 linter: Implement react no-object-type-as-default-prop (#22481) (uhyo)
• 2a6ddce linter/eslint: Implement no-implied-eval rule (#22391) (Vladislav Sayapin)
• 625758a linter/vitest: Implement padding-around-after-all-blocks rule (#21788) (kapobajza)
• 37680b0 linter: Implement react no-unstable-nested-components (#22248) (Jovi De Croock)
• d8d9c74 linter: Implement import/newline-after-import rule (#19142) (Ryuya Yanagi)

Commits

• 5570206 release(apps): oxlint v1.66.0 && oxfmt v0.51.0 (#22528)
• 0440b0f feat(linter/eslint): implement id-match rule (#22379)
• 65bf119 feat(linter): implement react no-object-type-as-default-prop (#22481)
• 2a6ddce feat(linter/eslint): implement no-implied-eval rule (#22391)
• 625758a feat(linter/vitest): Implement padding-around-after-all-blocks rule (#21788)
• 37680b0 feat(linter): implement react no-unstable-nested-components (#22248)
• d8d9c74 feat(linter): implement import/newline-after-import rule (#19142)
• See full diff in compare view

Updates @funstack/router from 1.1.0 to 1.1.1

Release notes

Sourced from @​funstack/router's releases.

1.1.1

What's Changed

Fixes

• Handle stale Navigation API entries in Safari Private Browsing (#185)

Full Changelog: uhyo/funstack-router@1.1.0...1.1.1

Commits

• e264303 chore: bump version to 1.1.1
• d7fb519 fix: handle stale Navigation API entries in Safari Private Browsing (#185)
• 455ac8f chore(deps-dev): bump the dev-dependencies group with 6 updates (#183)
• f1c669b chore(deps-dev): bump the dev-dependencies group across 1 directory with 3 up...
• e0f3128 chore(deps): bump the production-dependencies group with 2 updates (#181)
• d4c69d5 chore(deps-dev): bump the dev-dependencies group with 4 updates (#176)
• 5825eba Revert "feat: add experimentalPostpone prop to Router for pathless SSR (#162)...
• 76d5206 chore(deps-dev): bump the dev-dependencies group with 4 updates (#174)
• bdb3915 chore(deps-dev): bump the dev-dependencies group with 6 updates (#173)
• 1a4d270 chore(deps-dev): bump the dev-dependencies group with 8 updates (#170)
• Additional commits viewable in compare view

Updates @shikijs/rehype from 4.0.2 to 4.1.0

Release notes

Sourced from @​shikijs/rehype's releases.

v4.1.0

   🐞 Bug Fixes

• twoslash: Forward tsModule to createTwoslasher  -  by @​arthurfiorette in shikijs/shiki#1271 (be89a)

    View changes on GitHub

Commits

• c809af9 chore: release v4.1.0
• 95371cb chore: lint
• See full diff in compare view

Updates shiki from 4.0.2 to 4.1.0

Release notes

Sourced from shiki's releases.

v4.1.0

   🐞 Bug Fixes

• twoslash: Forward tsModule to createTwoslasher  -  by @​arthurfiorette in shikijs/shiki#1271 (be89a)

    View changes on GitHub

Commits

• c809af9 chore: release v4.1.0
• 95371cb chore: lint
• See full diff in compare view

Updates @types/react from 19.2.14 to 19.2.15

Commits

• See full diff in compare view

Updates wrangler from 4.92.0 to 4.94.0

Release notes

Sourced from wrangler's releases.

wrangler@4.94.0

Minor Changes

• #13897 52e9082 Thanks @​dario-piotrowicz! - Add automatic Cloudflare skills installation for AI coding agents

  Wrangler now detects AI coding agents and offers to install Cloudflare skill files from the cloudflare/skills GitHub repository. Users are prompted once interactively; subsequent runs skip the prompt. Use --install-skills to install without prompting.

• #13989 f598eac Thanks @​MattieTK! - Print a QR code alongside the tunnel URL when sharing via Cloudflare Tunnel

  When a tunnel is started (via wrangler dev --tunnel or the Vite plugin with tunnel: true), a scannable QR code is now printed to the terminal beneath the tunnel URL. This makes it easy to open the tunnel on a mobile device without manually copying the URL.

  The QR code uses Unicode block characters for a compact representation and is generated best-effort -- if generation fails for any reason, the tunnel URL is still displayed as before.

• #13467 3a1fbed Thanks @​deloreyj! - Add schedule property to Workflow bindings for cron-based triggering

  Note: This is a configuration-only change. Scheduled triggering of Workflow instances is not yet available — adding schedule to a Workflow binding will not result in scheduled invocations at this time. This change lays the groundwork for an upcoming feature.

  Workflow bindings in wrangler.json now accept an optional schedule field that configures one or more cron expressions to automatically trigger new workflow instances on a schedule.

  // wrangler.json
  {
    "workflows": [
      {
        "binding": "MY_WORKFLOW",
        "name": "my-workflow",
        "class_name": "MyWorkflow",
        "schedule": "0 9 * * 1"
      }
    ]
  }

  Multiple schedules can be provided as an array:

  {
    "workflows": [
      {
        "binding": "MY_WORKFLOW",
        "name": "my-workflow",
        "class_name": "MyWorkflow",
        "schedule": ["0 9 * * 1", "0 17 * * 5"]
      }
    ]
  }

  The schedule is sent to the Workflows control plane on wrangler deploy. Configuring schedule on a workflow binding that references an external script_name is an error — the schedule must be configured on the worker that defines the workflow.

... (truncated)

Commits

• b92f87c Version Packages (#13995)
• fc1f7b9 [wrangler] Fix Access Service Token authentication for service-auth-only apps...
• f598eac [wrangler][vite-plugin] Print QR code for tunnel URLs (#13989)
• 52e9082 Add automatic Cloudflare skills installation for AI coding agents (#13897)
• 0733688 build(deps): bump the workerd-and-workers-types group with 2 updates (#13993)
• 8c569c6 [wrangler] Include column names in D1 SQL export (#12277)
• 3a1fbed [wrangler] Add schedule property to Workflow bindings for cron-based triggeri...
• 90092c0 [vitest-pool-workers] Stop externalizing devDependencies from the published b...
• 5ee65d5 Version Packages (#13969)
• e04e180 [wrangler] Improve asset upload retry log message (#13990)
• Additional commits viewable in compare view

Updates srvx from 0.11.15 to 0.11.16

Release notes

Sourced from srvx's releases.

v0.11.16

compare changes

🩹 Fixes

• node: Flatten writeHead headers on Deno (#203)
• aws-lambda-streaming: Handle empty body (#205)
• node: Do not crash on asterisk-form request targets (#206)

💅 Refactors

• node/web: Add new TypeOfService utils to socker impl (945fc17)

❤️ Contributors

• Taylor Steele (@​taylorfsteele)
• Pooya Parsa (@​pi0)
• KT (@​ktKongTong)

Changelog

Sourced from srvx's changelog.

v0.11.16

compare changes

🩹 Fixes

• node: Flatten writeHead headers on Deno (#203)
• aws-lambda-streaming: Handle empty body (#205)
• node: Do not crash on asterisk-form request targets (#206)

💅 Refactors

• node/web: Add new TypeOfService utils to socker impl (945fc17)

🏡 Chore

• Update deps (4a6fcd3)
• Update deps (c0acb0f)
• Bump deps (c853aa9)
• Update deps (961d756)

✅ Tests

• Node 20 compat (7771820)

🤖 CI

• Downgrade undici for node 20 only (05efca4)
• Downgrade undici for deno node-compat test (e501480)
• Force latest deno version (6f17e2e)
• Directly install latest deno (59ba353)
• Fix deno install (f6efb77)
• Pin deno (7249b63)
• Test node 22, 24, 26 (a745b47)

❤️ Contributors

• Pi0x x@pi0.io
• Taylor Steele (@​taylorfsteele)
• Pooya Parsa (@​pi0)
• KT (@​ktKongTong)

Commits

• 19efb13 fix(node): do not crash on asterisk-form request targets (#206)
• e429c6f fix(aws-lambda-streaming): handle empty body (#205)
• a745b47 ci: test node 22, 24, 26
• 961d756 chore: update deps
• c853aa9 chore: bump deps
• 7249b63 ci: pin deno
• f6efb77 ci: fix deno install
• 59ba353 ci: directly install latest deno
• 6f17e2e ci: force latest deno version
• 7a05a72 fix(node): flatten writeHead headers on Deno (#203)
• Additional commits viewable in compare view

Updates vitest from 4.1.6 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Updates @types/node from 25.8.0 to 25.9.1

Commits

• See full diff in compare view

Updates vite from 8.0.13 to 8.0.14

Release notes

Sourced from vite's releases.

v8.0.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.14 (2026-05-21)

Features

• update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

• deps: update all non-major dependencies (#22471) (98b8163)
• dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
• html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
• optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22470) (7cb728e)
• remove irrelevant commits from changelog (2c69495)

Code Refactoring

• glob: do not rewrite import path for absolute base (#22310) (0ae2844)

Tests

• css: sass does not use main field (#22449) (ebf39a0)

Commits

• c917f1e release: v8.0.14
• 5d94d1b fix(html): handle trailing slash paths in transformIndexHtml (#22480)
• 98b8163 fix(deps): update all non-major dependencies (#22471)
• 96efc88 feat: update rolldown to 1.0.2 (#22484)
• ebf39a0 test(css): sass does not use main field (#22449)
• 0ae2844 refactor(glob): do not rewrite import path for absolute base (#22310)
• 7cb728e chore(deps): update rolldown-related dependencies (#22470)
• b3132da fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...
• e8e9a34 fix(dev): handle errors when sending messages to vite server (#22450)
• 2c69495 chore: remove irrelevant commits from changelog
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions