deps(deps): bump the all-dependencies group across 1 directory with 36 updates

[dependabot]

Bumps the all-dependencies group with 35 updates in the / directory:

Package	From	To
@eslint/js	9.39.2	10.0.1
@typescript-eslint/eslint-plugin	8.56.0	8.56.1
@typescript-eslint/parser	8.56.0	8.56.1
eslint	9.39.2	10.0.2
globals	17.3.0	17.4.0
graphql	16.12.0	16.13.0
happy-dom	20.6.2	20.7.0
lint-staged	16.2.7	16.3.1
typescript-eslint	8.56.0	8.56.1
wrangler	4.66.0	4.69.0
@ai-sdk/openai	3.0.29	3.0.37
@better-auth/passkey	1.4.18	1.5.0
@better-auth/stripe	1.4.18	1.5.0
@trpc/server	11.10.0	11.11.0
ai	6.0.91	6.0.105
better-auth	1.4.18	1.5.0
resend	6.9.2	6.9.3
stripe	20.3.1	20.4.0
@cloudflare/workers-types	4.20260218.0	4.20260301.1
hono	4.11.10	4.12.3
@tanstack/react-router	1.161.1	1.163.3
@trpc/client	11.10.0	11.11.0
@trpc/tanstack-react-query	11.10.0	11.11.0
jotai	2.17.1	2.18.0
lucide-react	0.574.0	0.575.0
tailwind-merge	3.4.1	3.5.0
@tailwindcss/postcss	4.2.0	4.2.1
@tanstack/react-router-devtools	1.161.1	1.163.3
@tanstack/router-plugin	1.161.1	1.164.0
@types/node	25.2.3	25.3.3
autoprefixer	10.4.24	10.4.27
@react-email/preview-server	5.2.8	5.2.9
react-email	5.2.8	5.2.9
astro	5.17.2	5.18.0
@modelcontextprotocol/sdk	1.26.0	1.27.1

Updates @eslint/js from 9.39.2 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits

• 84fb885 chore: package.json update for @​eslint/js release
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467)
• f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
• b4b3127 chore: package.json update for @​eslint/js release
• 0b14059 chore: package.json update for @​eslint/js release
• fa31a60 feat!: add name to configs (#20015)
• 1e2cad5 chore: package.json update for @​eslint/js release
• 454a292 feat!: update eslint:recommended configuration (#20210)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160)
• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.56.0 to 8.56.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.56.1 (2026-02-23)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• 958f390 chore(eslint-plugin): add default excludes to vitest (#12067)
• ffb46ea docs(eslint-plugin): [method-signature-style] clarify autofix impact on type ...
• See full diff in compare view

Updates @typescript-eslint/parser from 8.56.0 to 8.56.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• See full diff in compare view

Updates eslint from 9.39.2 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Updates globals from 17.3.0 to 17.4.0

Release notes

Sourced from globals's releases.

v17.4.0

• Update globals (2026-03-01) (#338) d43a051

---

sindresorhus/globals@v17.3.0...v17.4.0

Commits

• a9cfd74 17.4.0
• d43a051 Update globals (2026-03-01) (#338)
• See full diff in compare view

Updates graphql from 16.12.0 to 16.13.0

Release notes

Sourced from graphql's releases.

16.13.0

v16.13.0 (2026-02-24)

New Feature 🚀

• #4458 Sibling errors should not be added after propagation (@​yaacovCR)

Bug Fix 🐞

• #4336 add deprecated note to assertValidExecutionArguments (@​yaacovCR)
• #4517 fix(validation): incorrect validation errors when variable descriptions are used (@​phryneas)

Internal 🏠

• #4506 Version packages (@​JoviDeCroock)
• #4514 chore: always ignore scripts (@​benjie)
• #4524 update contributing (@​yaacovCR)

Committers: 4

• Benjie(@​benjie)
• Jovi De Croock(@​JoviDeCroock)
• Lenz Weber-Tronic(@​phryneas)
• Yaacov Rydzinski (@​yaacovCR)

Commits

• 7569989 16.13.0
• 49450d8 Revert "deprecate (internal) buildResolveInfo in favor of (internal) ResolveI...
• 4149722 deprecate (internal) buildResolveInfo in favor of (internal) ResolveInfo clas...
• 4c057eb add deprecated note to assertValidExecutionArguments (#4336)
• 3f8f27a fix(validation): incorrect validation errors when variable descriptions are u...
• b34a4cd update contributing (#4524)
• abddd09 Sibling errors should not be added after propagation (#4458)
• d26810b Alter contributing
• 5f4602d 16.12.0
• d239841 chore: always ignore scripts (#4514)
• See full diff in compare view

Updates happy-dom from 20.6.2 to 20.7.0

Release notes

Sourced from happy-dom's releases.

v20.7.0

🎨 Features

• Adds support for Window.getScreenDetails() - By @​TrevorBurnham in task #1923
• Extends Screen from EventTarget - By @​TrevorBurnham in task #1923

v20.6.5

👷‍♂️ Patch fixes

• Add clearImmediate to Jest environment global scope - By @​TrevorBurnham in task #1927

v20.6.4

👷‍♂️ Patch fixes

• Normalize invalid input type attribute to "text" per HTML spec - By @​atzzCokeK in task #2053

v20.6.3

👷‍♂️ Patch fixes

• Refactors query selector parser to be able to handle complex rules - By @​capricorn86 in task #1910
• Fixes issue related to using query selector for attribute in XML document - By @​capricorn86 in task #1912
• Fixes issue with using quotes within quotes for attribute query selector (e.g. [data-value="it's a test"]) - By @​capricorn86 in task #2034

Commits

• 4e0d1e3 feat: #1923 Adds support for getScreenDetails() (#2041)
• 78a2ff4 chore: #1867 Add regression test for TreeWalker sibling traversal (#2026)
• 46bab67 fix: #1927 Add clearImmediate to Jest environment global scope (#2029)
• ee81583 fix: #2053 Normalize invalid input type attribute to "text" per HTML spec (...
• e6a64da fix: #1910 Fixes issue when parsing complex query selector with has express...
• See full diff in compare view

Updates lint-staged from 16.2.7 to 16.3.1

Release notes

Sourced from lint-staged's releases.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• 2a74cd2 chore(changeset): release
• cd5d762 refactor: remove nano-spawn dependency completely
• e342cab build(deps): move nano-spawn to dev
• 9aa2cd7 chore(changeset): release
• 0c387bc test: make long-running task longer because of GitHub Actions slowness
• 87467aa refactor: detect incorrect brace expansion exhaustively
• dceabc6 ci: run npm audit in GitHub Actions
• d0e4c2a build(deps): update dependencies
• 93cf144 docs: add tip about lint-staged.sh
• 9809fee test: adjust integration test logging setup for concurrency
• Additional commits viewable in compare view

Updates typescript-eslint from 8.56.0 to 8.56.1

Release notes

Sourced from typescript-eslint's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.56.1 (2026-02-23)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• See full diff in compare view

Updates wrangler from 4.66.0 to 4.69.0

Release notes

Sourced from wrangler's releases.

wrangler@4.69.0

Minor Changes

• #12625 c0e9e08 Thanks @​WillTaylorDev! - Add cache configuration option for enabling worker cache (experimental)

  You can now enable cache before worker execution using the new cache configuration:

  {
  	"cache": {
  		"enabled": true,
  	},
  }

  This setting is environment-inheritable and opt-in. When enabled, cache behavior is applied before your worker runs.

  Note: This feature is experimental. The runtime API is not yet generally available.

Patch Changes

• #12661 99037e3 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260302.0	1.20260303.0

• #12680 295297a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260303.0	1.20260305.0

• #12671 f765244 Thanks @​MattieTK! - fix: Only redact account names in CI environments, not all non-interactive contexts

  The multi-account selection error in getAccountId now only redacts account names when running in a CI environment (detected via ci-info). Non-interactive terminals such as coding agents and piped commands can now see account names, which they need to identify which account to configure. CI logs remain protected.

• Updated dependencies [99037e3, 295297a]:

  • miniflare@4.20260305.0

wrangler@4.68.1

Patch Changes

... (truncated)

Commits

• 414799d Version Packages (#12670)
• 295297a chore(deps): bump the workerd-and-workers-types group with 2 updates (#12680)
• 99037e3 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12661)
• f765244 fix: restrict account name redaction to CI environments only (#12671)
• c0e9e08 [wrangler] Add worker cache configuration support (#12625)
• 07531a2 Version Packages (#12663)
• 294297e Update Waku autoconfig logic (#12657)
• 603fe18 fix: add maxRetries to recursive directory removal for Windows EBUSY (#12629)
• 19df099 [wrangler] Split deploy.test.ts into 15 focused test files (#12642)
• 3d6e421 [C3/wrangler] Fix Angular localhost SSR blocking in development mode (#12648)
• Additional commits viewable in compare view

Updates @ai-sdk/openai from 3.0.29 to 3.0.37

Release notes

Sourced from @​ai-sdk/openai's releases.

@​ai-sdk/openai@​3.0.37

Patch Changes

• 58bc42d: feat(provider/openai): support custom tools with alias mapping
• Updated dependencies [58bc42d]
  • @​ai-sdk/provider-utils@​4.0.16

@​ai-sdk/openai@​3.0.36

Patch Changes

• 53bdfa5: fix(openai): allow null/undefined type in streaming tool call deltas

  Azure AI Foundry and Mistral deployed on Azure omit the type field in streaming tool_calls deltas. The chat stream parser now accepts a missing type field (treating it as "function") instead of throwing InvalidResponseDataError: Expected 'function' type.

  Fixes #12770

@​ai-sdk/openai@​3.0.35

Patch Changes

• 5e18272: fix(openai): include reasoning parts without itemId when encrypted_content is present

  When providerOptions.openai.itemId is absent on a reasoning content part, the converter now uses encrypted_content as a fallback instead of silently skipping the part with a warning. The OpenAI Responses API accepts reasoning items without an id when encrypted_content is supplied, enabling multi-turn reasoning even when item IDs are stripped from provider options.

  Also makes the id field optional on the OpenAIResponsesReasoning type to reflect that the API does not require it.

  Fixes #12853

@​ai-sdk/openai@​3.0.34

Patch Changes

• 66a374c: Support phase parameter on Responses API message items. The phase field ('commentary' or 'final_answer') is returned by models like gpt-5.3-codex on assistant message output items and must be preserved when sending follow-up requests. The phase value is available in providerMetadata.openai.phase on text parts and is automatically included on assistant messages sent back to the API.

Commits

• ed17fe8 Version Packages (#12953)
• 58bc42d feat (provider/openai): support custom tools (#12948)
• 946ca0e docs: fix stale content links and docs typos (#12921)
• 5ae109c Version Packages (#12919)
• 1330f2f chore(provider/gateway): update gateway model settings files (#12918)
• acfa8b9 Version Packages (#12917)
• d98d9ba fix(anthropic, amazon-bedrock): migrate output_format to output_config.format...
• 97c7b9f Version Packages (#12910)
• 2164cdf feat(anthropic): add the new code_execution tool (#12900)
• 8acb431 Version Packages (#12906)
• Additional commits viewable in compare view

Updates @better-auth/passkey from 1.4.18 to 1.5.0

Release notes

Sourced from @​better-auth/passkey's releases.

v1.5.0

Better Auth 1.5 Release

We’re excited to announce the release of Better Auth 1.5! 🎉

This is our biggest release yet, with over 600 commits, 70 new features, 200 bug fixes, and 7 entirely new packages. From MCP authentication to Electron desktop support, this release brings Better Auth to new platforms and use cases.

We’re also announcing our new Infrastructure product. It lets you use a full user management and analytics dashboard, security and protection tooling, audit logs, a self-service SSO UI, and more, all with your own Better Auth instance.

Starting with this release, the self-service SSO dashboard — which lets your en...

Description has been truncated