👷 Update all non-major dependencies

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@mantine/core (source)	8.3.1 -> 8.3.2					dependencies	patch	8.3.3
@mantine/hooks (source)	8.3.1 -> 8.3.2					dependencies	patch	8.3.3
@types/react (source)	19.1.13 -> 19.1.15					devDependencies	patch	19.2.0 (+2)
eslint-plugin-jsdoc	60.1.1 -> 60.5.0					devDependencies	minor	60.8.2 (+5)
github/codeql-action	v3.30.3 -> v3.30.5					action	patch	v3.30.6
node (source)	24.8.0 -> 24.9.0					volta	minor
puppeteer (source)	24.22.0 -> 24.22.3					dependencies	patch	24.23.0
puppeteer (source)	24.22.0 -> 24.22.3					devDependencies	patch	24.23.0
react-router (source)	7.9.1 -> 7.9.3					devDependencies	patch
react-router-dom (source)	7.9.1 -> 7.9.3					devDependencies	patch
webpack-dev-middleware	7.4.3 -> 7.4.5					devDependencies	patch
yarn (source)	4.10.2 -> 4.10.3					packageManager	patch
yarn (source)	4.10.2 -> 4.10.3					volta	patch

---

Release Notes

mantinedev/mantine (@​mantine/core)

v8.3.2

Compare Source

What's Changed

• [@mantine/dates] Fix getDayProps not including types for data-* attributes (#​8275)
• [@mantine/date] DateInput: Fix allowDeselect not allowing to clear the input value with Backspace key (#​8229)
• [@mantine/date] DateInput: Fix allowDeselect not allowing to clear the input value with Backspace key
• [@mantine/charts] Heatmap: Fix months displaying as splitted even if splitMonths is not set
• [@mantine/hooks] use-click-outside: Pass event object as an argument to the callback function (#​8282)
• [@mantine/core] NavLink: Fix passed onClick/onKeyDown preventing expand/collapse of child nodes (#​8294)
• [@mantine/hooks] use-window-scroll: Limit number of state updates with requestAnimationFrame (#​8287)
• [@mantine/dates] TimePicker: Fix page scrolling to the top on keyboard navigation (#​8237)
• [@mantine/core] Menu: Add missing onChange type to Menu.Sub (#​8292)
• [@mantine/core] List: Fix nested list items overflowing parent list container (#​8269)
• [@mantine/core] Input: Fix alignment of right section with clear button (#​8254)
• [@mantine/form] Fix nodenext resolutions (#​8260)
• [@mantine/spotlight] Improve group label encoding logic (#​8264)

New Contributors

• @​ahmedsemih made their first contribution in #​8266
• @​terrydkim made their first contribution in #​8269
• @​samuelkarani made their first contribution in #​8176
• @​narminmolina made their first contribution in #​8291
• @​wo-o29 made their first contribution in #​8287
• @​Redbird10 made their first contribution in #​8294
• @​ThoDon made their first contribution in #​8282

Full Changelog: mantinedev/mantine@8.3.1...8.3.2

gajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)

v60.5.0

Compare Source

Bug Fixes

• no-undefined-types: avoid param and property tags from being treated as type-defining (f72ac1a)

Features

• check-tag-names: add inlineTags option with default inline tag checking (f0515be)
• require-template-description: add rule; fixes #​1540 (90af18a)

v60.4.1

Compare Source

Bug Fixes

• requireParam: update return type to include foundIndex and tagLineCount (#​1531) (91e261d), closes #​1530 #​1530

v60.4.0

Compare Source

Bug Fixes

• ensure permissive settings are converted for jsdoc-type-pratt-parser (065f11a)

Features

• add flat/recommended-mixed config; fixes #​1101 (68fad5b)

v60.3.1

Compare Source

Bug Fixes

• getJsdocProcessPlugin: auto-escape *\/ and entities (#​1537) (74186a3), closes #​710

v60.3.0

Compare Source

Features

• no-undefined-types: checkUsedTypedefs option; fixes #​1165 (#​1544) (001c4a9)

v60.2.0

Compare Source

Features

• prefer-import-tags: add new rule; fixes #​1314 (#​1536) (376d583)

github/codeql-action (github/codeql-action)

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
• Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

nodejs/node (node)

v24.9.0: 2025-09-25, Version 24.9.0 (Current), @​targos

Compare Source

Notable Changes

• [9b043a9096] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [a6456ab90a] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #​58378
• [5563361d22] - (SEMVER-MINOR) sqlite: add tagged template (0hm☘️) #​58748
• [04013ee933] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #​59846

Commits

• [cbec4fd6de] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #​59696
• [9a4bbdc3c5] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #​59836
• [0b284d86e8] - build: add the missing macro definitions for OpenHarmony (hqzing) #​59804
• [43e6e54d66] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #​59809
• [039ac19154] - crypto: expose signatureAlgorithm on X509Certificate (Patrick Costa) #​59235
• [647c332704] - crypto: use return await when returning Promises from async functions (Renegade334) #​59841
• [8ed4587cf0] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #​59841
• [bb051c56ef] - crypto: avoid calls to promise.catch() (Renegade334) #​59841
• [05e560dd25] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [fa40d3a785] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [8c85570d18] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [b71125664e] - deps: update undici to 7.16.0 (Node.js GitHub Bot) #​59830
• [dea5dd7077] - dgram: restore buffer optimization in fixBufferList (Yoo) #​59934
• [b0c1e67532] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #​59910
• [0b37b594c3] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #​59954
• [1e723f9c6b] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [a28962a85c] - doc: update V8 fast API guidance (René) #​58999
• [bd767c5d1b] - doc: add security escalation policy (Ulises Gascón) #​59806
• [9df91e59e1] - doc: type improvement of file http.md (yusheng chen) #​58189
• [e4f571680b] - doc: deprecate closing fs.Dir on garbage collection (Livia Medeiros) #​59839
• [e9cb986fa5] - doc: rephrase dynamic import() description (Nam Yooseong) #​59224
• [026d4e33f7] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #​59851
• [2b2591db52] - esm: make hasAsyncGraph non-enumerable (Joyee Cheung) #​59905
• [993f05d323] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #​59847
• [7aec53b607] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [83ae6102e7] - http: optimize checkIsHttpToken for short strings (방진혁) #​59832
• [6695067636] - http,https: handle IPv6 with proxies (Joyee Cheung) #​59894
• [c5d910a0a9] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #​59924
• [acada1fb82] - inspector: ensure adequate memory allocation for Binary::toBase64 (René) #​59870
• [396cc8ec65] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #​59687
• [fed1dac8de] - lib: update isDeepStrictEqual to support options (Miguel Marcondes Filho) #​59762
• [d785929fd7] - lib: add source map support for assert messages (Chengzhong Wu) #​59751
• [ff13d1d61e] - lib,src: cache ModuleWrap.hasAsyncGraph (Chengzhong Wu) #​59703
• [b200cd8470] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #​59751
• [e94c57301b] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #​59914
• [728472a57b] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #​59874
• [be48760b93] - node-api: added SharedArrayBuffer api (Mert Can Altin) #​59071
• [f006a14522] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #​59684
• [0f46c1c3b0] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #​59857
• [3eeb7b47ea] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #​59848
• [0fe53375ec] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #​58378
• [9a3e58a007] - (SEMVER-MINOR) sqlite: add tagged template (0hm☘️) #​58748
• [f14ed5ab7b] - src: simplify watchdog instantiations via std::optional (Anna Henningsen) #​59960
• [e330f03f84] - src: update crypto objects to use DictionaryTemplate (James M Snell) #​59942
• [69b5607cf4] - src: simplify is_callable by making it a concept (Tobias Nießen) #​58169
• [86150f3401] - src: rename private fields to follow naming convention (Moonki Choi) #​59923
• [d17f299539] - src: use DictionaryTemplate more in URLPattern (James M Snell) #​59892
• [ac784912ac] - src: reduce the nearest parent package JSON cache size (Michael Smith) #​59888
• [abecdcb536] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #​59891
• [2bb152500b] - src: create strings in FIXED_ONE_BYTE_STRING as internalized (Anna Henningsen) #​59826
• [03116a7cd8] - src: remove std::array overload of FIXED_ONE_BYTE_STRING (Anna Henningsen) #​59826
• [8a5325d6e3] - src: ensure v8::Eternal is empty before setting it (Anna Henningsen) #​59825
• [f0c20ccd81] - src: remove unnecessary Environment::GetCurrent() calls (Moonki Choi) #​59814
• [213188e491] - stream: use new AsyncResource instead of bind (Matteo Collina) #​59867
• [ce8435b003] - test: testcase demonstrating issue 59541 (Eric Rannaud) #​59801
• [8f32746142] - test: guard write to proxy client if proxy connection is ended (Joyee Cheung) #​59742
• [6790093fcb] - tls: load bundled and extra certificates off-thread (Joyee Cheung) #​59856
• [f5d3f919d8] - tls: only do off-thread certificate loading on loading tls (Joyee Cheung) #​59856
• [87bbaa23a0] - tools: fix tools/make-v8.sh for clang (Richard Lau) #​59893
• [0d23fd525b] - tools: skip test-internet workflow for draft PRs (Michaël Zasso) #​59817
• [e17c73731a] - tools: copyedit build-tarball.yml (Antoine du Hamel) #​59808
• [97c4e1bac9] - typings: remove unused imports (Nam Yooseong) #​59880
• [8b29bbca76] - url: replaced slice with at (Mikhail) #​59181
• [6458867a6b] - url: add type checking to urlToHttpOptions() (simon-id) #​59753
• [3c62b3886f] - util: inspect objects with throwing Symbol.toStringTag (Ruben Bridgewater) #​59860
• [6133a82875] - util: fix debuglog.enabled not being present with callback logger (Ruben Bridgewater) #​59858
• [9347ddddf4] - vm: explain how to share promises between contexts w/ afterEvaluate (Eric Rannaud) #​59801
• [44ce971619] - vm: "afterEvaluate", evaluate() return a promise from the outer context (Eric Rannaud) #​59801
• [6e586a1409] - vm: expose hasTopLevelAwait on SourceTextModule (Chengzhong Wu) #​59865
• [49747a58a3] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #​59846
• [b970c0bbc2] - zlib: reduce code duplication (jhofstee) #​57810
• [9782ca2b1b] - zlib: implement fast path for crc32 (Gürgün Dayıoğlu) #​59813

puppeteer/puppeteer (puppeteer)

v24.22.3

Compare Source

Features

• roll to Chrome 141.0.7390.54 (#​14273) (b9ca458)
• webdriver: support createUserContext(downloadBehavior) (#​14249) (cd9dc0c)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.22.3 to 24.23.0

Bug Fixes

• roll to Firefox 143.0.3 (#​14274) (4890265)
• webdriver: don't intercept non blocked requests (#​14262) (f39f48d)
• webdriver: properly pipe network interception flag (#​14269) (fd4a371)
• webdriver: respect isBlocked in request interception (#​14264) (b5c1bb5)

v24.22.2

Compare Source

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.22.2 to 24.22.3

Bug Fixes

• regression in function stringification (#​14246) (773a375)
• roll to Chrome 140.0.7339.207 (#​14240) (db1a654)

v24.22.1

Compare Source

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.22.1 to 24.22.2

Bug Fixes

• pipes: concat buffers instead of string concatenation (#​14236) (21e54b6)

remix-run/react-router (react-router)

v7.9.3

Compare Source

Patch Changes

• Do not try to use turbo-stream to decode CDN errors that never reached the server (#​14385)

  • We used to do this but lost this check with the adoption of single fetch

• Fix Data Mode regression causing a 404 during initial load in when middleware exists without any loader functions (#​14393)

v7.9.2

Compare Source

Patch Changes

• • Update client-side router to run client middleware on initial load even if no loaders exist (#​14348)
  • Update createRoutesStub to run route middleware
    • You will need to set the <RoutesStub future={{ v8_middleware: true }} /> flag to enable the proper context type

• Update Lazy Route Discovery manifest requests to use a singular comma-separated paths query param instead of repeated p query params (#​14321)

  • This is because Cloudflare has a hard limit of 100 URL search param key/value pairs when used as a key for caching purposes
  • If more that 100 paths were included, the cache key would be incomplete and could produce false-positive cache hits

• [UNSTABLE] Add fetcher.unstable_reset() API (#​14206)

• Made useOutlet element reference have stable identity in-between route chages (#​13382)

• feat: enable full transition support for the rsc router (#​14362)

• In RSC Data Mode, handle SSR'd client errors and re-try in the browser (#​14342)

• Support middleware prop on <Route> for usage with a data router via createRoutesFromElements (#​14357)

• Handle encoded question mark and hash characters in ancestor splat routes (#​14249)

• Fail gracefully on manifest version mismatch logic if sessionStorage access is blocked (#​14335)

remix-run/react-router (react-router-dom)

v7.9.3

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.9.3

v7.9.2

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.9.2

webpack/webpack-dev-middleware (webpack-dev-middleware)

v7.4.5

Compare Source

v7.4.4

Compare Source

yarnpkg/berry (yarn)

v4.10.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cit-pr-commenter]

Bundles Sizes Evolution

📦 Bundle Name	Base Size	Local Size	𝚫	𝚫%	Status
Rum	162.08 KiB	162.08 KiB	0 B	0.00%	✅
Rum Recorder	19.78 KiB	19.78 KiB	0 B	0.00%	✅
Rum Profiler	4.89 KiB	4.89 KiB	0 B	0.00%	✅
Logs	55.77 KiB	55.77 KiB	0 B	0.00%	✅
Flagging	944 B	944 B	0 B	0.00%	✅
Rum Slim	119.06 KiB	119.06 KiB	0 B	0.00%	✅
Worker	23.60 KiB	23.60 KiB	0 B	0.00%	✅

🚀 CPU Performance

Action Name	Base CPU Time (ms)	Local CPU Time (ms)	𝚫%
addglobalcontext	N/A	0.0038	N/A
addaction	N/A	0.0114	N/A
adderror	N/A	0.0109	N/A
addtiming	N/A	0.0025	N/A
startview	N/A	0.0029	N/A
startstopsessionreplayrecording	N/A	0.0006	N/A
logmessage	N/A	0.0127	N/A

🧠 Memory Performance

Action Name	Base Memory Consumption	Local Memory Consumption	𝚫
RUM - add global context	24.88 KiB	25.70 KiB	+839 B
RUM - add action	44.60 KiB	46.24 KiB	+1.64 KiB
RUM - add timing	24.52 KiB	24.70 KiB	+185 B
RUM - add error	49.35 KiB	50.60 KiB	+1.25 KiB
RUM - start/stop session replay recording	24.99 KiB	24.46 KiB	-537 B
RUM - start view	421.41 KiB	430.53 KiB	+9.12 KiB
Logs - log message	41.99 KiB	41.45 KiB	-548 B

🔗 RealWorld

[datadog-datadog-prod-us1]

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage
• Patch Coverage: 100.00%
• Total Coverage: 92.67% (+0.00%)

View detailed report

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: cc29287 | Docs | Was this helpful? Give us feedback!}

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.