Skip to content

Update Javascript#552

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/js
Open

Update Javascript#552
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/js

Conversation

@renovate

@renovate renovate Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@tailwindcss/postcss (source) 4.3.24.3.3 age confidence
autoprefixer 10.5.210.5.4 age confidence
eslint (source) 10.6.010.7.0 age confidence
lovable-tagger (source) 1.3.11.3.3 age confidence
lucide-react (source) 1.23.01.25.0 age confidence
postcss (source) 8.5.168.5.19 age confidence
react-hook-form (source) 7.81.07.82.0 age confidence
react-resizable-panels (source) 4.12.14.12.2 age confidence
tailwindcss (source) 4.3.24.3.3 age confidence
typescript-eslint (source) 8.63.08.64.0 age confidence
vite (source) 8.1.38.1.5 age confidence

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.3.3

Compare Source

Fixed
  • Support --watch --poll[=ms] in @tailwindcss/cli when filesystem events are unreliable or unavailable (#​20297)
  • Canonicalization: match arbitrary hex colors against theme colors case-insensitively (e.g. bg-[#fff] and bg-[#FFF]bg-white) (#​20298)
  • Prevent Preflight from overriding Firefox's native iframe:focus-visible outline styles (#​20292)
  • Ensure theme('colors.foo') in JS plugins resolves correctly when both --color-foo and --color-foo-bar exist (#​20299)
  • Ensure fractional opacity modifiers work with named shadow sizes like shadow-sm/12.5, text-shadow-sm/12.5, drop-shadow-sm/12.5, and inset-shadow-sm/12.5 (#​20302)
  • Parse selectors like [data-foo]div as two selectors instead of one (#​20303)
  • Ensure @tailwindcss/postcss rebuilds when a preprocessor like Sass changes the input CSS without changing the input file on disk (#​20310)
  • Ensure CSS nesting is handled even when Lightning CSS isn't run, such as in @tailwindcss/browser and Tailwind Play (#​20124)
  • Prevent achromatic theme colors from shifting hue when mixed in polar color spaces like oklch (#​20314)
  • Ensure --spacing(0) is optimized to 0px instead of 0 so it remains a <length> when used in calc(…) (#​20319)
  • Load @parcel/watcher only when needed in @tailwindcss/cli --watch mode, so one-off builds and --watch --poll work when @parcel/watcher can't be loaded (#​20325)
  • Use explicit platform fonts instead of system-ui and ui-sans-serif so CJK text respects the page's lang attribute on Windows (#​20318)
  • Prevent @tailwindcss/upgrade from rewriting ignored files when run from a subdirectory (#​20329)
  • Ensure earlier @source rules pointing to nested files are scanned when later @source rules point to files in parent folders (#​20335)
  • Prevent @tailwindcss/vite from triggering full page reloads when scanned files are processed by Vite but haven't been loaded as modules yet (#​20336)
postcss/autoprefixer (autoprefixer)

v10.5.4

Compare Source

v10.5.3

Compare Source

eslint/eslint (eslint)

v10.7.0

Compare Source

Features

  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#​21032) (sethamus)
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#​21063) (fnx)
  • 557fde8 feat: support computed Number.parseInt member access in radix rule (#​21041) (Pixel)
  • 0b4a73b feat: add suggestions to no-compare-neg-zero (#​21034) (den$)
  • 96cdd42 feat: report invalid signed numeric radix values in radix rule (#​21030) (Pixel)

Bug Fixes

  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#​21069) (Pixel)
  • 0d7d70c fix: insert cause outside wrapping parens in preserve-caught-error (#​21062) (Mahin Anowar)
  • 75ec753 fix: handle static template literals in eqeqeq rule (#​21058) (Pixel)
  • b717a22 fix: prevent eqeqeq null option from reporting non-equality operators (#​21057) (Pixel)
  • e35b05f fix: avoid no-invalid-regexp false positive for shadowed RegExp (#​21051) (Pixel)
  • a3172b6 fix: avoid no-control-regex false positive for shadowed RegExp (#​21050) (Pixel)
  • d1f637e fix: parenthesize sequence expression operands in no-implicit-coercion (#​21045) (spokodev)
  • 8859baf fix: avoid prefer-numeric-literals false positive for shadowed globals (#​21047) (한국)
  • a9e5961 fix: use-isnan false positive on shadowed NaN/Number (#​20958) (sethamus)
  • 8a240a7 fix: avoid false positives in radix rule for spread arguments (#​21044) (Pixel)

Documentation

  • c30d808 docs: Update README (GitHub Actions Bot)
  • 5139800 docs: document ESLint migration codemods in v9 and v10 guides (#​20980) (Alex Bit)
  • 04174cb docs: Update README (GitHub Actions Bot)
  • 026e130 docs: update semver policy for bug fixes (#​21048) (Milos Djermanovic)
  • 9d42fef docs: Update README (GitHub Actions Bot)
  • b230159 docs: Update README (GitHub Actions Bot)
  • 0129972 docs: correct **/.js glob to **/*.js in config files guide (#​21036) (EduardF1)

Chores

lucide-icons/lucide (lucide-react)

v1.25.0

Compare Source

v1.24.0: Version 1.24.0

Compare Source

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.23.0...1.24.0

postcss/postcss (postcss)

v8.5.19

Compare Source

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).

v8.5.18

Compare Source

  • Restricted loading previous source maps file to the opts.from folder for security reasons (use unsafeMap: true to disable the check).

v8.5.17

Compare Source

  • Fixed Maximum call stack size exceeded error.
  • Fixed Prototype hijacking for postcss.fromJSON().
  • Fixed Input#origin() for unmapped end position (by @​chatman-media).
react-hook-form/react-hook-form (react-hook-form)

v7.82.0

Compare Source

Added
  • Opt-in delayError option for setValue to delay validation error updates
Fixed
  • Expose resetDefaultValues through form context
  • setValue with shouldDirty not updating dirty state correctly when the form is disabled
  • Preserve dirtyFields boolean values for registered array fields
  • Restore FieldArray component export
Performance
  • Improve getDirtyFields performance, especially for larger forms and deeply nested values
bvaughn/react-resizable-panels (react-resizable-panels)

v4.12.2

Compare Source

  • 726: Updated inline documentation to clarify size units.
tailwindlabs/tailwindcss (tailwindcss)

v4.3.3

Compare Source

Fixed
  • Support --watch --poll[=ms] in @tailwindcss/cli when filesystem events are unreliable or unavailable (#​20297)
  • Canonicalization: match arbitrary hex colors against theme colors case-insensitively (e.g. bg-[#fff] and bg-[#FFF]bg-white) (#​20298)
  • Prevent Preflight from overriding Firefox's native iframe:focus-visible outline styles (#​20292)
  • Ensure theme('colors.foo') in JS plugins resolves correctly when both --color-foo and --color-foo-bar exist (#​20299)
  • Ensure fractional opacity modifiers work with named shadow sizes like shadow-sm/12.5, text-shadow-sm/12.5, drop-shadow-sm/12.5, and inset-shadow-sm/12.5 (#​20302)
  • Parse selectors like [data-foo]div as two selectors instead of one (#​20303)
  • Ensure @tailwindcss/postcss rebuilds when a preprocessor like Sass changes the input CSS without changing the input file on disk (#​20310)
  • Ensure CSS nesting is handled even when Lightning CSS isn't run, such as in @tailwindcss/browser and Tailwind Play (#​20124)
  • Prevent achromatic theme colors from shifting hue when mixed in polar color spaces like oklch (#​20314)
  • Ensure --spacing(0) is optimized to 0px instead of 0 so it remains a <length> when used in calc(…) (#​20319)
  • Load @parcel/watcher only when needed in @tailwindcss/cli --watch mode, so one-off builds and --watch --poll work when @parcel/watcher can't be loaded (#​20325)
  • Use explicit platform fonts instead of system-ui and ui-sans-serif so CJK text respects the page's lang attribute on Windows (#​20318)
  • Prevent @tailwindcss/upgrade from rewriting ignored files when run from a subdirectory (#​20329)
  • Ensure earlier @source rules pointing to nested files are scanned when later @source rules point to files in parent folders (#​20335)
  • Prevent @tailwindcss/vite from triggering full page reloads when scanned files are processed by Vite but haven't been loaded as modules yet (#​20336)
typescript-eslint/typescript-eslint (typescript-eslint)

v8.64.0

Compare Source

8.64.0 (2026-07-13)

🚀 Features
  • support parsing import defer (#​12513)
  • eslint-plugin: [no-loop-func] support using / await using declarations and deprecate the rule (#​12500)
  • typescript-estree: throw for invalid definite assignment in class properties (#​12543)
🩹 Fixes
  • eslint-plugin: [require-array-sort-compare] handle constrained arrays (#​12512)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v8.1.5

Compare Source

Please refer to CHANGELOG.md for details.

v8.1.4

Compare Source

Features
Bug Fixes
Documentation
Miscellaneous Chores
Code Refactoring
Tests
Build System

Configuration

📅 Schedule: (in timezone Europe/London)

  • Branch creation
    • "before 10am on friday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Renovatebot and dependabot updates frontend javascript Pull requests that update javascript code labels Jul 10, 2026
@renovate
renovate Bot enabled auto-merge (squash) July 10, 2026 02:02
@renovate renovate Bot added the frontend label Jul 10, 2026
@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown

Caution

[High Risk] Single-target ALB and NLB backends will lose service during instance replacement

This change replaces both backend instances that sit behind the production load balancers, and each target group currently has only one healthy registered target. The ALB path api-207c90ee-alb forwards only to api-207c90ee-tg, which currently contains just instance i-0bf4039822e01f430 on port 80. The internal NLB path fraud-ingest-terraform-example forwards only to txn-feed-terraform-example, which currently contains just IP target 10.0.101.34:9090 from instance i-0cff13d553da3fe3a.

When Terraform replaces those instances, their target group attachments must also be replaced, so the old targets will be deregistered and the new instances will need time to boot, attach networking, register, and pass health checks before traffic can flow again. AWS target health does not become healthy until registration and initial health checking complete, and the ALB health check configuration requires successful checks on /health before the target is considered in service. With only one target in each group, that creates a real gap where the stable ALB/NLB endpoints remain live but have no healthy backend, causing dropped or failed requests and likely alarm noise on the API health checks during the cutover.
View reasoning tree here.

Caution

[High Risk] Instance replacements will break IP-pinned service connectivity during cutover and can change internal service identities

This change replaces multiple live VMs rather than updating them in place, and several of those workloads are currently depended on by fixed network identities. In AWS, 540044833068.eu-west-2.ec2-instance.i-0cff13d553da3fe3a is the current healthy backend for NLB target group 540044833068.eu-west-2.elbv2-target-group.txn-feed-terraform-example, registered by the literal IP 10.0.101.34:9090. Its replacement diff shows the primary network interface, private IP, and private DNS being regenerated, so the instance will not keep that target identity through recreation. The fraud processor 540044833068.eu-west-2.ec2-instance.i-07f8673d7f075bf4b is also being replaced in the same apply while depending on traffic allowed to port 9090 through 540044833068.eu-west-2.ec2-security-group.sg-0924ccdc6ab89c5ab.

When Terraform destroys and recreates these instances, the old IP target becomes invalid before the new one is healthy and reattached. That will interrupt the transaction feed on port 9090, and any clients pinned to the old private IP or its internal DNS name will fail after the replacement because those identities are not preserved. The same pattern exists on GCP for overmind-terraform-example.europe-west2-b.gcp-compute-instance.inventory-api and overmind-terraform-example.europe-west2-b.gcp-compute-instance.payments-api: the instances are recreated from new boot images, their boot disks are reprovisioned, and their network_ip values become unknown after apply, so current internal addresses such as 10.10.0.2 are not guaranteed to survive.
View reasoning tree here.

Caution

[High Risk] Replacing both GCP production VMs will change their private IPs and break callers that still use 10.10.0.2 and 10.10.0.3

The change replaces both production GCP VMs, inventory-api and payments-api, at the same time, but the replacement configuration no longer pins their current internal addresses. Today those instances are on 10.10.0.2 and 10.10.0.3; in the proposed google_compute_instance diffs the network_ip field is no longer explicitly set, so Google Compute Engine will automatically assign new internal IPs to the replacement VMs instead of preserving the old ones.

Any service-to-service calls, scripts, or health integrations that still depend on 10.10.0.2 or 10.10.0.3 will fail as soon as the old VMs are destroyed. Because both production services are replaced together, this is not an isolated host restart: it creates a coordinated outage risk across inventory and payments traffic at the same time, while the alert policies are also being retargeted to the new instance identities.
View reasoning tree here.

Signals

Routine → Multiple compute, monitoring, and messaging resources are showing unusual infrequent update patterns at 1 event/week for the last 2-5 months, with additional API server resources at 2-3 events/week for the last 5 months.

Additional Change Details: Items 117 Edges 191 model|risks_v6 ✨Encryption Key State Risk ✨KMS Key Creation

View in Overmind

@renovate
renovate Bot force-pushed the renovate/js branch 9 times, most recently from acf56aa to 42aa3ff Compare July 17, 2026 10:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Renovatebot and dependabot updates frontend javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants