chore(deps): update weekly dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@conform-to/zod (source)	1.2.2 -> 1.3.0					dependencies	minor
@eslint/compat	1.2.7 -> 1.2.8					devDependencies	patch
@eslint/js (source)	9.22.0 -> 9.23.0					devDependencies	minor	9.24.0
@evilmartians/lefthook	1.11.3 -> 1.11.6					devDependencies	patch
@infisical/sdk	3.0.6 -> 3.0.7					dependencies	patch
@octokit/plugin-rest-endpoint-methods	13.3.1 -> 13.5.0					devDependencies	minor
@octokit/types	13.8.0 -> 13.10.0					devDependencies	minor
@playwright/test (source)	1.51.0 -> 1.51.1					devDependencies	patch
@tailwindcss/postcss (source)	~4.0.17 -> ~4.1.0					devDependencies	minor	4.1.3
@types/node (source)	22.13.2 -> 22.14.0					devDependencies	minor
@types/supertest (source)	6.0.2 -> 6.0.3					devDependencies	patch
axios (source)	1.8.3 -> 1.8.4					dependencies	patch
class-variance-authority	0.7.0 -> 0.7.1					dependencies	patch
eslint-plugin-react	7.37.4 -> 7.37.5					devDependencies	patch
eslint-plugin-react-hooks (source)	5.0.0 -> 5.2.0					devDependencies	minor
hono (source)	4.7.4 -> 4.7.5					dependencies	patch
lucide-react (source)	^0.484.0 -> ^0.487.0					dependencies	minor
lucide-react (source)	^0.483.0 -> ^0.487.0					dependencies	minor
node	22.11.0-slim -> 22.14.0-slim					final	minor
pnpm (source)	9.15.5 -> 9.15.9					packageManager	patch
postcss (source)	8.5.2 -> 8.5.3					devDependencies	patch
sonner (source)	2.0.1 -> 2.0.3					dependencies	patch
supertest	7.0.0 -> 7.1.0					devDependencies	minor
tailwind-merge	3.0.2 -> 3.1.0					dependencies	minor	3.2.0
tailwindcss (source)	~4.0.17 -> ~4.1.0					devDependencies	minor	4.1.3
ts-jest (source)	29.2.6 -> 29.3.1					devDependencies	minor
type-fest	4.37.0 -> 4.39.1					devDependencies	minor

---

Release Notes

edmundhung/conform (@​conform-to/zod)

v1.3.0

Compare Source

Hello world! We're finally back after a bit of a break. This release is a bit small, but we hope it's the start of a more regular update schedule moving forward. I'm excited to share that @​chimame has joined the team and is prepping our first valibot integration release in #​876. We'll be sharing more details about the other changes as well. Thanks for your patience and stay tuned!

Custom coercion

v1.3.0 adds the ability to disable the default auto coercion behavior by setting the disableAutoCoercion option to true in parseWithZod in #​871.

function Example() {
  const [form, fields] = useForm({
    onValidate({ formData }) {
      return parseWithZod(formData, {
        schema,
        disableAutoCoercion: true,
      });
    },
  });

  // ...
}

You can then manage how the form value is parsed yourself, or use the new unstable_coerceFormValue helper to coerce form value:

import { parseWithZod, unstable_coerceFormValue as coerceFormValue } from '@​conform-to/zod';
import { z } from 'zod';

// Coerce the form value with default behaviour
const schema = coerceFormValue(
  z.object({
    // ...
  })
);

// Coerce the form value with default coercion overrided
const schema = coerceFormValue(
  z.object({
    ref: z.number()
    date: z.date(),
    amount: z.number(),
    confirm: z.boolean(),
  }),
  {
    // Trim the value for all string-based fields
    // e.g. `z.string()`, `z.number()` or `z.boolean()`
    string: (value) => {
      if (typeof value !== 'string') {
         return value;
      }

      const result = value.trim();

      // Treat it as `undefined` if the value is empty
      if (result === '') {
         return undefined;
      }

      return result;
    },

    // Override the default coercion with `z.number()`
    number: (value) => {
      // Pass the value as is if it's not a string
      if (typeof value !== 'string') {
        return value;
      }

      // Trim and remove commas before casting it to number
      return Number(value.trim().replace(/,/g, ''));
    },

    // Disable coercion for `z.boolean()`
    boolean: false,
  },
);

You can also customize coercion for a specific schema by setting the customize option.

import {
  parseWithZod,
  unstable_coerceFormValue as coerceFormValue,
} from '@​conform-to/zod';
import { useForm } from '@​conform-to/react';
import { z } from 'zod';
import { json } from './schema';

const metadata = z.object({
  number: z.number(),
  confirmed: z.boolean(),
});

const schema = coerceFormValue(
  z.object({
    ref: z.string(),
    metadata,
  }),
  {
    customize(type) {
      // Customize how the `metadata` field value is coerced
      if (type === metadata) {
        return (value) => {
          if (typeof value !== 'string') {
            return value;
          }

          // Parse the value as JSON
          return JSON.parse(value);
        };
      }

      // Return `null` to keep the default behavior
      return null;
    },
  },
);

This helper is currently released with the unstable_ prefix to collect more feedbacks. Lock your version to the patch version range (e.g. ~1.3.0) if you want to use this feature without unexpected changes.

Other Improvements

• Added coercion support with branded types (e.g. z.string().brand()) in #​864. Thanks @​krsilas!
• Fixed CI issue with corepack in #​860. Thanks @​yukiomoto!
• Updated docs in #​761, #​785, #​806, #​859, #​877, #​880. Thanks @​KirillSBarsukov, @​suzukisan22, @​AlexWebLab!

New Contributors

• @​KirillSBarsukov made their first contribution in https://github.com/edmundhung/conform/pull/761
• @​suzukisan22 made their first contribution in https://github.com/edmundhung/conform/pull/806
• @​yukiomoto made their first contribution in https://github.com/edmundhung/conform/pull/860
• @​krsilas made their first contribution in https://github.com/edmundhung/conform/pull/864
• @​AlexWebLab made their first contribution in https://github.com/edmundhung/conform/pull/877

Full Changelog: edmundhung/conform@v1.2.2...v1.3.0

eslint/rewrite (@​eslint/compat)

v1.2.8

Compare Source

eslint/eslint (@​eslint/js)

v9.23.0

Compare Source

evilmartians/lefthook (@​evilmartians/lefthook)

v1.11.6

Compare Source

• fix: print git errors (#​984) by @​mrexox
• packaging: maintain lefthook-bin AUR package (#​982) by @​mrexox
• chore: fancier logging (#​983) by @​mrexox
• docs: remove a note about the difference for unix-like and windows by @​mrexox

v1.11.5

Compare Source

• fix: windows scripts issues (#​979) by @​mrexox

v1.11.4

Compare Source

• feat: support lefthook as go tool (#​976) by @​nmoniz
• fix: use dedicated build path for swift plugin (#​978) by @​csjones
• deps: March 2025 (#​977) by @​mrexox
• docs: update pnpm install command in the installation guide (#​974) by @​hoosierhuy

infisical/infisical-node-sdk (@​infisical/sdk)

v3.0.7

Compare Source

What's Changed

• feat: add view secret value parameter to get/list secrets by @​DanielHougaard in https://github.com/Infisical/node-sdk-v2/pull/13

Full Changelog: Infisical/node-sdk-v2@3.0.6...3.0.7

octokit/plugin-rest-endpoint-methods.js (@​octokit/plugin-rest-endpoint-methods)

v13.5.0

Compare Source

Features

• new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#​792) (58d342e)

v13.4.0

Compare Source

Features

• new /enterprises/{enterprise}/actions/hosted-runners, /orgs/{org}/actions/hosted-runners, /orgs/{org}/settings/network-configurations, /orgs/{org}/rulesets/{ruleset_id}/history,/repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#​791) (b3fe977)

octokit/types.ts (@​octokit/types)

v13.10.0

Compare Source

Features

• new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints, add issue type to responses, description updates (#​669) (302087f)

v13.9.0

Compare Source

Features

• new /enterprises/{enterprise}/actions/hosted-runners, /orgs/{org}/actions/hosted-runners, /orgs/{org}/settings/network-configurations, /orgs/{org}/rulesets/{ruleset_id}/history,/repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#​668) (3ee44b3)

v13.8.1

Compare Source

Bug Fixes

• deps: update dependency @​octokit/openapi-types to v24 (#​664) (94a68f9)

microsoft/playwright (@​playwright/test)

v1.51.1

Compare Source

Highlights

https://github.com/microsoft/playwright/issues/35093 - [Regression]: TimeoutOverflowWarning: 2149630.634 does not fit into a 32-bit signed integer
https://github.com/microsoft/playwright/issues/35138 - [Regression]: TypeError: Cannot read properties of undefined (reading 'expectInfo')

Browser Versions

• Chromium 134.0.6998.35
• Mozilla Firefox 135.0
• WebKit 18.4

This version was also tested against the following stable channels:

• Google Chrome 133
• Microsoft Edge 133

tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.1.2

Compare Source

Fixed

• Don't rely on the presence of @layer base to polyfill @property (#​17506)
• Support setting multiple inset shadows as arbitrary values (#​17523)
• Fix drop-shadow-* utilities that are defined with multiple shadows (#​17515)
• PostCSS: Fix race condition when two changes are queued concurrently (#​17514)
• PostCSS: Ensure files containing @tailwind utilities are processed (#​17514)
• Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#​17513)
• Fix slow incremental builds with @tailwindcss/vite and @tailwindcss/postscss (especially on Windows) (#​17511)
• Vite: Fix missing CSS file in Qwik setups (#​17533)

v4.1.1

Compare Source

Fixed

• Disable padding in @source inline(…) brace expansion (#​17491)
• Inject polyfills after @import and body-less @layer (#​17493)
• Ensure @tailwindcss/cli does not contain an import for jiti (#​17502)

v4.1.0

Compare Source

Added

• Add details-content variant (#​15319)
• Add inverted-colors variant (#​11693)
• Add noscript variant (#​11929, #​17431)
• Add items-baseline-last and self-baseline-last utilities (#​13888, #​17476)
• Add pointer-none, pointer-coarse, and pointer-fine variants (#​16946)
• Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#​16941)
• Add safe alignment utilities (#​14607)
• Add user-valid and user-invalid variants (#​12370)
• Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#​12128)
• Add @source inline(…) and @source not inline(…) (#​17147)
• Add @source not "…" (#​17255)
• Add text-shadow-* utilities (#​17389)
• Add mask-* utilities (#​17134)
• Add bg-{position,size}-* utilities for arbitrary values (#​17432)
• Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#​17398, #​17434)
• Add drop-shadow-<color> utilities (#​17434)
• Improve compatibility with older versions of Safari and Firefox (#​17435)

Fixed

• Follow symlinks when resolving @source directives (#​17391)
• Don't scan ignored files for classes when changing an ignored file triggers a rebuild using @tailwindcss/cli (#​17255)
• Support negated content rules in legacy JavaScript configuration (#​17255)
• Interpret syntax like @("@​")md:… as @md:… in Razor files (#​17427)
• Disallow top-level braces, top-level semicolons, and unbalanced parentheses and brackets in arbitrary values (#​17361)
• Ensure the --theme(…) function still resolves to the CSS variables when using legacy JS plugins (#​17458)
• Detect used theme variables in CSS module files (#​17433, #​17467)

Changed

• Ignore node_modules by default (can be overridden by @source … rules) (#​17255)
• @source rules that include file extensions or point inside node_modules/ folders no longer consider your .gitignore rules (#​17255)
• Deprecate bg-{left,right}-{top,bottom} in favor of bg-{top,bottom}-{left,right} utilities (#​17378)
• Deprecate object-{left,right}-{top,bottom} in favor of object-{top,bottom}-{left,right} utilities (#​17437)

axios/axios (axios)

v1.8.4

Compare Source

Bug Fixes

• buildFullPath: handle allowAbsoluteUrls: false without baseURL (#​6833) (f10c2e0)

Contributors to this release

• Marc Hassan

joe-bell/cva (class-variance-authority)

v0.7.1

Compare Source

What's Changed

• Add LICENSE Comments by @​joe-bell in https://github.com/joe-bell/cva/pull/283
• chore: move clsx dependency to caret/semver range by @​philwolstenholme in https://github.com/joe-bell/cva/pull/316

New Contributors

• @​philwolstenholme made their first contribution in https://github.com/joe-bell/cva/pull/316

Full Changelog: joe-bell/cva@v0.7.0...v0.7.1

jsx-eslint/eslint-plugin-react (eslint-plugin-react)

v7.37.5

Compare Source

Fixed

• [no-unknown-property]: allow shadow root attrs on <template> (#​3912 @​ljharb)
• [prop-types]: support ComponentPropsWithRef from a namespace import (#​3651 @​corydeppen)
• [jsx-no-constructed-context-values]: detect constructed context values in React 19 <Context> usage (#​3910 @​TildaDares)
• [no-unknown-property]: allow transform-origin on rect (#​3914 @​ljharb)

Changed

• [Docs] [button-has-type]: clean up phrasing (#​3909 @​hamirmahal)

facebook/react (eslint-plugin-react-hooks)

v5.2.0

Compare Source

v5.1.0

Compare Source

honojs/hono (hono)

v4.7.5

Compare Source

What's Changed

• docs(MIGRATION): Fix typo by @​movahhedi in https://github.com/honojs/hono/pull/3999
• fix(bun): export BunWebSocketData and BunWebSocketHandler by @​yusukebe in https://github.com/honojs/hono/pull/4002
• types(compose): follow up #​3932 by @​EdamAme-x in https://github.com/honojs/hono/pull/3934
• fix(adapter/aws-lambda): APIGWProxyResult should contain either of headers or multiValueHeaders, not both by @​exoego in https://github.com/honojs/hono/pull/3883

New Contributors

• @​movahhedi made their first contribution in https://github.com/honojs/hono/pull/3999

Full Changelog: honojs/hono@v4.7.4...v4.7.5

lucide-icons/lucide (lucide-react)

v0.487.0: Version 0.487.0

Compare Source

What's Changed

• feat(icons): added spline-pointer icon by @​Kaleidosium in https://github.com/lucide-icons/lucide/pull/2932

New Contributors

• @​Kaleidosium made their first contribution in https://github.com/lucide-icons/lucide/pull/2932

Full Changelog: lucide-icons/lucide@0.486.0...0.487.0

v0.486.0: Version 0.486.0

Compare Source

What's Changed

• feat(@​lucide/astro): add lucide package for Astro by @​MoustaphaDev in https://github.com/lucide-icons/lucide/pull/2665

New Contributors

• @​MoustaphaDev made their first contribution in https://github.com/lucide-icons/lucide/pull/2665

Full Changelog: lucide-icons/lucide@0.485.0...0.486.0

v0.485.0

Compare Source

nodejs/node (node)

v22.14.0: 2025-02-11, Version 22.14.0 'Jod' (LTS), @​aduh95

Compare Source

Notable Changes

• [82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [b7fe54fc88] - (SEMVER-MINOR) fs: allow exclude option in globs to accept glob patterns (Daeyeon Jeong) #​56489
• [3ac92ef607] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
• [1614e8e7bc] - (SEMVER-MINOR) module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX (Marco Ippolito) #​56610
• [6d6cffa9cc] - (SEMVER-MINOR) module: add findPackageJSON util (Jacob Smith) #​55412
• [d35333ae18] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
• [07ff3ddcb5] - (SEMVER-MINOR) sqlite: support TypedArray and DataView in StatementSync (Alex Yang) #​56385
• [94d3fe1b62] - (SEMVER-MINOR) src: add --disable-sigusr1 to prevent signal i/o thread (Rafael Gonzaga) #​56441
• [5afffb4415] - (SEMVER-MINOR) src,worker: add isInternalWorker (Carlos Espa) #​56469
• [697a851fb3] - (SEMVER-MINOR) test_runner: add TestContext.prototype.waitFor() (Colin Ihrig) #​56595
• [047537b48c] - (SEMVER-MINOR) test_runner: add t.assert.fileSnapshot() (Colin Ihrig) #​56459
• [926cf84e95] - (SEMVER-MINOR) test_runner: add assert.register() API (Colin Ihrig) #​56434
• [c658a8afdf] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394

Commits

• [bad1ad8650] - assert: make myers_diff function more performant (Giovanni Bucci) #​56303
• [e222e36f3b] - assert: make partialDeepStrictEqual work with urls and File prototypes (Giovanni Bucci) #​56231
• [e232789fe2] - assert: show diff when doing partial comparisons (Giovanni Bucci) #​56211
• [c99de1fdcf] - assert: make partialDeepStrictEqual throw when comparing [0] with [-0] (Giovanni) #​56237
• [2386fd5840] - benchmark: add validateStream to styleText bench (Rafael Gonzaga) #​56556
• [b197dfa7ec] - build: fix GN build for ngtcp2 (Cheng) #​56300
• [2a3cdd34ff] - build: test macos-13 on GitHub actions (Michaël Zasso) #​56307
• [12f716be0a] - build: build v8 with -fvisibility=hidden on macOS (Joyee Cheung) #​56275
• [c5ca15bd34] - child_process: fix parsing messages with splitted length field (Maksim Gorkov) #​56106
• [8346b8fc2c] - crypto: add missing return value check (Michael Dawson) #​56615
• [82a9000e9e] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #​56566
• [890eef20a1] - crypto: fix checkPrime crash with large buffers (Santiago Gimeno) #​56559
• [5edb7b5e87] - crypto: fix warning of ignoring return value (Cheng) #​56527
• [b89f123a0b] - crypto: make generatePrime/checkPrime interruptible (James M Snell) #​56460
• [63c1859e01] - deps: update corepack to 0.31.0 (Node.js GitHub Bot) #​56795
• [a48430d4d3] - deps: move inspector_protocol to deps (Chengzhong Wu) #​56649
• [74cccc824f] - deps: macro ENODATA is deprecated in libc++ (Cheng) #​56698
• [fa869ea0f2] - deps: fixup some minor coverity warnings (James M Snell) #​56612
• [1a4fa2b015] - deps: update amaro to 0.3.0 (Node.js GitHub Bot) #​56568
• [b47076fd82] - deps: update amaro to 0.2.2 (Node.js GitHub Bot) #​56568
• [46bd4b8731] - deps: update simdutf to 6.0.3 (Node.js GitHub Bot) #​56567
• [8ead9c693b] - deps: update simdutf to 5.7.2 (Node.js GitHub Bot) #​56388
• [18d4b502af] - deps: update amaro to 0.2.1 (Node.js GitHub Bot) #​56390
• [[d938d7cc86](https://redirect.github.com/nodejs/node/commit/d938d

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" in timezone Europe/Stockholm, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit f30aa8c.

Command	Status	Duration	Result
nx-cloud record -- nx format:check	✅ Succeeded	10s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-04-07 01:57:17 UTC

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.09%. Comparing base (d1b45e8) to head (f30aa8c).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #298   +/-   ##
=======================================
  Coverage   81.09%   81.09%           
=======================================
  Files          63       63           
  Lines        1074     1074           
  Branches      216      216           
=======================================
  Hits          871      871           
  Misses        203      203           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.