fix(deps): update all non-major dependencies

[renovate]

Note

tailwind is reverted. the issue is tracked in #1118

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/vite-plugin (source)	^1.25.0 → ^1.25.2
@eslint/js (source)	^9.39.2 → ^9.39.3
@rolldown/pluginutils (source)	1.0.0-rc.4 → 1.0.0-rc.5
@tailwindcss/vite (source)	^4.1.18 → ^4.2.0
eslint (source)	^9.39.2 → ^9.39.3
oxfmt (source)	^0.32.0 → ^0.34.0
pnpm (source)	10.29.3 → 10.30.1
rolldown (source)	1.0.0-rc.4 → 1.0.0-rc.5
srvx (source)	^0.11.4 → ^0.11.7
styled-components (source)	^6.3.9 → ^6.3.11
tailwindcss (source)	^4.1.18 → ^4.2.0
typescript-eslint (source)	^8.55.0 → ^8.56.0
wrangler (source)	^4.65.0 → ^4.67.0

---

Release Notes

cloudflare/workers-sdk (@​cloudflare/vite-plugin)

v1.25.2

Compare Source

Patch Changes

• Updated dependencies [f239077, aaa7200, 2f19a40, 8723684, e2a6600, 5f9f0b4, 452cdc8, 527e4f5, aa82c2b, 0b17117, ca58062]:
  • miniflare@​4.20260219.0
  • wrangler@​4.67.0
  • @​cloudflare/unenv-preset@​2.14.0

v1.25.1

Compare Source

Patch Changes

• Updated dependencies [5a868a0, caf9b11, c58e81b, 33a9a8f, 8077c14, caf9b11, 7d2355e, 936187d, 7ea69af, 5cc7158, caf9b11, 9a565d5, 7f18183, 39491f9, 43c462a, c4c86f8, 7d2355e, c9d0f9d, 5cc7158, 5cc7158, c9d0f9d]:
  • miniflare@​4.20260217.0
  • wrangler@​4.66.0
  • @​cloudflare/unenv-preset@​2.13.0

eslint/eslint (@​eslint/js)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

rolldown/rolldown (@​rolldown/pluginutils)

v1.0.0-rc.5

Compare Source

🚀 Features

• add Visitor to rolldown/utils (#​8373) by @​sapphi-red
• module-info: add inputFormat property to ModuleInfo (#​8329) by @​shulaoda
• default treeshake.invalid_import_side_effects to false (#​8357) by @​sapphi-red
• rolldown_utils: add IndexBitSet (#​8343) by @​sapphi-red
• rolldown_utils: add more methods and trait impls to BitSet (#​8342) by @​sapphi-red
• rolldown_plugin_vite_build_import_analysis: add support for await import().then((m) => m.prop) (#​8328) by @​sapphi-red
• rolldown_plugin_vite_reporter: support custom logger for build infos (#​7652) by @​shulaoda
• rust/mcs: support entriesAwareMergeThreshold (#​8312) by @​hyf0
• mcs: maxSize will split the oversized chunk with taking file relevance into account (#​8277) by @​hyf0
• rolldown_plugin_vite_import_glob: support template literal in glob import patterns (#​8298) by @​shulaoda
• rolldown_plugin_chunk_import_map: output importmap without spaces (#​8297) by @​sapphi-red
• add INEFFECTIVE_DYNAMIC_IMPORT warning in core (#​8284) by @​shulaoda
• mcs: generate more readable name for entriesAware chunks (#​8275) by @​hyf0
• mcs: support entriesAware (#​8274) by @​hyf0

🐛 Bug Fixes

• improve circular dependency detection in chunk optimizer (#​8371) by @​IWANABETHATGUY
• align minify.compress: true and minify.mangle: true with minify: true (#​8367) by @​sapphi-red
• rolldown_plugin_esm_external_require: apply conversion to UMD and IIFE outputs (#​8359) by @​sapphi-red
• cjs: bailout treeshaking on cjs modules that have multiple re-exports (#​8348) by @​hyf0
• handle member expression and this expression in JSX element name rewriting (#​8323) by @​IWANABETHATGUY
• pad encode_hash_with_base output to fixed length to prevent slice panics (#​8320) by @​shulaoda
• xxhash_with_base skips hashing when input is exactly 16 bytes (#​8319) by @​shulaoda
• complete ImportKind::try_from with missing variants and correct url-import to url-token (#​8310) by @​shulaoda
• mark Node.js builtin modules as side-effect-free when resolved via external config (#​8304) by @​IWANABETHATGUY
• mcs: maxSize should split chunks correctly based on sizes (#​8289) by @​hyf0

🚜 Refactor

• introduce RawMangleOptions and RawCompressOptions (#​8366) by @​sapphi-red
• mcs: refactor apply_manual_code_splitting into ManualSplitter (#​8346) by @​hyf0
• rolldown_plugin_vite_reporter: simplify hook registration and remove redundant state (#​8322) by @​shulaoda
• use set to store user defined entry modules (#​8315) by @​IWANABETHATGUY
• rust/mcs: collect groups into map at first for having clean and performant operations (#​8313) by @​hyf0
• mcs: introduce newtype ModuleGroupOrigin and ModuleGroupId (#​8311) by @​hyf0
• remove unnecessary FinalizerMutableState struct (#​8303) by @​shulaoda
• move module finalization into finalize_modules (#​8302) by @​shulaoda
• extract apply_transfer_parts_mutation into its own module (#​8301) by @​shulaoda
• move ESM format check into determine_export_mode (#​8294) by @​shulaoda
• remove warnings field from GenerateContext (#​8293) by @​shulaoda
• extract util function remove clippy supression (#​8290) by @​IWANABETHATGUY
• move is_in_node_modules to PathExt trait in rolldown_std_utils (#​8286) by @​shulaoda
• rolldown_plugin_vite_reporter: remove unnecessary ineffective dynamic import detection logic (#​8285) by @​shulaoda
• dev: inject hmr runtime to \0rolldown/runtime.js (#​8234) by @​hyf0
• improve naming in chunk_optimizer (#​8287) by @​IWANABETHATGUY
• simplify PostChunkOptimizationOperation from bitflags to enum (#​8283) by @​IWANABETHATGUY
• optimize BitSet.index_of_one to return iterator instead of Vec (#​8282) by @​IWANABETHATGUY

📚 Documentation

• change default value in format JSDoc from 'esm' to 'es' (#​8372) by @​shulaoda
• in-depth: remove invalidImportSideEffects option mention from lazy barrel optimization doc (#​8355) by @​sapphi-red
• mcs: clarify minSize constraints (#​8279) by @​ShroXd

⚡ Performance

• use IndexVec for chunk TLA detection (#​8341) by @​sapphi-red
• only invoke single resolve call for the same specifier and import kind (#​8332) by @​sapphi-red
• rolldown_plugin_vite_reporter: skip gzip computation when report_compressed_size is disabled (#​8321) by @​shulaoda

🧪 Testing

• use vi.waitFor and expect.poll instead of custom waitUtil function (#​8369) by @​sapphi-red
• rolldown_plugin_esm_external_require_plugin: add tests (#​8358) by @​sapphi-red
• add watch file tests (#​8330) by @​sapphi-red
• rolldown_plugin_vite_build_import_analysis: add test for dynamic import treeshaking (#​8327) by @​sapphi-red

⚙️ Miscellaneous Tasks

• prepare-release: skip workflow on forked repositories (#​8368) by @​shulaoda
• format more files (#​8360) by @​sapphi-red
• deps: update oxc to v0.114.0 (#​8347) by @​camc314
• deps: update test262 submodule for tests (#​8354) by @​sapphi-red
• deps: update crate-ci/typos action to v1.43.5 (#​8350) by @​renovate[bot]
• deps: update oxc apps (#​8351) by @​renovate[bot]
• rolldown_plugin_vite_reporter: remove unnecessary README.md (#​8334) by @​shulaoda
• deps: update npm packages (#​8338) by @​renovate[bot]
• deps: update rust crates (#​8339) by @​renovate[bot]
• deps: update dependency oxlint-tsgolint to v0.13.0 (#​8337) by @​renovate[bot]
• deps: update github-actions (#​8336) by @​renovate[bot]
• deps: update napi to v3.8.3 (#​8331) by @​renovate[bot]
• deps: update dependency oxlint-tsgolint to v0.12.2 (#​8325) by @​renovate[bot]
• remove unnecessary transform.decorator (#​8314) by @​IWANABETHATGUY
• deps: update dependency rust to v1.93.1 (#​8305) by @​renovate[bot]
• deps: update dependency oxlint-tsgolint to v0.12.1 (#​8300) by @​renovate[bot]
• deps: update oxc apps (#​8296) by @​renovate[bot]
• docs: don't skip for build runs without cache (#​8281) by @​sapphi-red

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.2.0

Compare Source

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#​19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#​19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#​19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#​19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#​19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#​19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#​19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#​19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#​19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#​19613)
• Add font-features-* utility for font-feature-settings (#​19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#​19450)
• Allow whitespace around @source inline() argument (#​19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#​19447)
• Detect utilities containing capital letters followed by numbers (#​19465)
• Fix class extraction for Rails' strict locals (#​19525)
• Align @utility name validation with Oxide scanner rules (#​19524)
• Fix infinite loop when using @variant inside @custom-variant (#​19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#​19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#​19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#​19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#​19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#​19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#​19675)
• Add .jj to default ignored content directories (#​19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#​19613)

oxc-project/oxc (oxfmt)

v0.34.0

Compare Source

🐛 Bug Fixes

• 6c61b70 oxfmt: Fix outdated sortImports.groups doc comments (#​19513) (leaysgur)

v0.33.0

Compare Source

💥 BREAKING CHANGES

• 9c34f72 formatter/sort_imports: [BREAKING] Report invalid group name with renaming side-effect > side_effect (#​19416) (leaysgur)

🚀 Features

• 4baebef formatter/sort_imports: Support { newlinesBetween: bool } inside groups (#​19358) (leaysgur)
• d1c2fb6 formatter/sort_imports: Support customGroups attributes(selector and modifiers) (#​19356) (leaysgur)

pnpm/pnpm (pnpm)

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

h3js/srvx (srvx)

v0.11.7

Compare Source

compare changes

🚀 Enhancements

• loader: Access to the whole intercepted srvx instance (bbf4d9d)
• loader: Allow passing custom node server to inspector (4a817ec)

💅 Refactors

• cli, loader: Pass underlying server without depending on globals (c0d9520)

❤️ Contributors

• Pooya Parsa (@​pi0)

v0.11.6

Compare Source

compare changes

🚀 Enhancements

• bunny: Add support for native waitUntil (#​186)

❤️ Contributors

• Sandro Circi (@​sandros94)

v0.11.5

Compare Source

compare changes

🚀 Enhancements

• Expose server.waitUntil (#​183)
• Add bunny adapter (#​182)

🏡 Chore

• Update deps (e37da5e)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Sandro Circi (@​sandros94)
• Rihan Arfan (@​RihanArfan)

styled-components/styled-components (styled-components)

v6.3.11

Compare Source

Patch Changes

• 752f5ec: fix: resolve "React is not defined" ReferenceError introduced in 6.3.10 when loading the CJS build in Node.js

v6.3.10

Compare Source

Patch Changes

• f674224: fix: RSC style tags for extended components have correct href and include base CSS (#​5663)

  • Fix spaces in <style href> attribute that caused React 19 hydration failures when using styled() inheritance
  • Fix missing base component CSS in RSC output when only the extended component renders
  • Emit a separate <style> tag per inheritance level with content-aware hrefs, enabling React 19 deduplication of shared base styles
  • Preserve correct CSS ordering (base before extended) for proper specificity override behavior

• f674224: Reduce standalone/browser bundle size by making IS_RSC a build-time constant, enabling dead code elimination of RSC-specific branches

typescript-eslint/typescript-eslint (typescript-eslint)

v8.56.0

Compare Source

🚀 Features

• support ESLint v10 (#​12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

cloudflare/workers-sdk (wrangler)

v4.67.0

Compare Source

Minor Changes

• #​12401 8723684 Thanks @​jonesphillip! - Add validation retry loops to pipelines setup command

  The wrangler pipelines setup command now prompts users to retry when validation errors occur, instead of failing the entire setup process. This includes:

  • Validation retry prompts for pipeline names, bucket names, and field names
  • A "simple" mode for sink configuration that uses sensible defaults
  • Automatic bucket creation when buckets don't exist
  • Automatic Data Catalog enablement when not already active

  This improves the setup experience by allowing users to correct mistakes without restarting the entire configuration flow.

• #​12395 aa82c2b Thanks @​cmackenzie1! - Generate typed pipeline bindings from stream schemas

  When running wrangler types, pipeline bindings now generate TypeScript types based on the stream's schema definition. This gives you full autocomplete and type checking when sending data to your pipelines.

  // wrangler.json
  {
  	"pipelines": [
  		{ "binding": "ANALYTICS", "pipeline": "analytics-stream-id" },
  	],
  }

  If your stream has a schema with fields like user_id (string) and event_count (int32), the generated types will be:

  declare namespace Cloudflare {
  	type AnalyticsStreamRecord = { user_id: string; event_count: number };
  	interface Env {
  		ANALYTICS: Pipeline<Cloudflare.AnalyticsStreamRecord>;
  	}
  }

  For unstructured streams or when not authenticated, bindings fall back to the generic Pipeline<PipelineRecord> type.

Patch Changes

• #​12592 aaa7200 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260217.0	1.20260218.0

• #​12606 2f19a40 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260218.0	1.20260219.0

• #​12604 e2a6600 Thanks @​petebacondarwin! - fix: pass --env flag to auxiliary workers in multi-worker mode

  When running wrangler dev with multiple config files (e.g. -c ./apps/api/wrangler.jsonc -c ./apps/queues/wrangler.jsonc -e=dev), the --env flag was not being passed to auxiliary (non-primary) workers. This meant that environment-specific configuration (such as queue bindings) was not applied to auxiliary workers, causing features like queue consumers to not be triggered in local development.

• #​12597 0b17117 Thanks @​sdnts! - The maximum allowed delivery and retry delays for Queues is now 24 hours

• #​12598 ca58062 Thanks @​mattzcarey! - Stop redacting wrangler whoami output in non-interactive mode

  wrangler whoami is explicitly invoked to retrieve account info, so email and account names should always be visible. Redacting them in non-interactive/CI environments makes it difficult for coding agents and automated tools to identify which account to use. Other error messages that may appear unexpectedly in CI logs (e.g. multi-account selection errors) remain redacted.

• Updated dependencies [f239077, aaa7200, 2f19a40, 5f9f0b4, 452cdc8, 527e4f5, 0b17117]:

  • miniflare@​4.20260219.0
  • @​cloudflare/unenv-preset@​2.14.0

v4.66.0

Compare Source

Minor Changes

• #​12466 caf9b11 Thanks @​petebacondarwin! - Add WRANGLER_CACHE_DIR environment variable and smart cache directory detection

  Wrangler now intelligently detects where to store cache files:

  1. Use WRANGLER_CACHE_DIR env var if set
  2. Use existing cache directory if found (node_modules/.cache/wrangler or .wrangler/cache)
  3. Create cache in node_modules/.cache/wrangler if node_modules exists
  4. Otherwise use .wrangler/cache

  This improves compatibility with Yarn PnP, pnpm, and other package managers that don't use traditional node_modules directories, without requiring any configuration.

• #​12572 936187d Thanks @​dario-piotrowicz! - Ensure the nodejs_compat flag is always applied in autoconfig

  Previously, the autoconfig feature relied on individual framework configurations to specify Node.js compatibility flags, some could set nodejs_compat while others nodejs_als.

  Now instead nodejs_compat is always included as a compatibility flag, this is generally beneficial and the user can always remove the flag afterwards if they want to.

• #​12560 c4c86f8 Thanks @​taylorlee! - Support --tag and --message flags on wrangler deploy

  They have the same behavior that they do as during wrangler versions upload, as both
  are set on the version.

  The message is also reused for the deployment as well, with the same behavior as used
  during wrangler versions deploy.

Patch Changes

• #​12543 5a868a0 Thanks @​G4brym! - Fix AI Search binding failing in local dev

  Using AI Search bindings with wrangler dev would fail with "RPC stub points at a non-serializable type". AI Search bindings now work correctly in local development.

• #​12552 c58e81b Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260212.0	1.20260213.0

• #​12568 33a9a8f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.2

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[hi-ogawa]

(Comment generated by OpenCode)

I dug into the failing ci-rsc jobs and compared runs before/after dependency rollbacks.

What was verified

• Reproduced failure signature across all failing matrix jobs (chromium/webkit/firefox, multiple OSes):
  • expect(locator).toBeAttached() failed for meta[name="x-reload-check"]
  • missing expected [vite-rsc:update] logs in related tests
• Rolled back srvx to 0.11.4 on this PR branch and reran CI: still failing with the same pattern.
• Rolled back @rolldown/pluginutils / rolldown rc.5 -> rc.4 set and reran CI: still failing with the same pattern.

Most likely culprit now

@tailwindcss/vite 4.2.0 (and aligned tailwindcss 4.2.0) introduced new Vite hotUpdate behavior that can explicitly emit full-reload.

Upstream references:

• Tailwind v4.2.0 release note includes:
  • “Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite.”
• PR: fix: restore full page reload for watched external files on Vite 7.1+ tailwindlabs/tailwindcss#19670
  • adds a hotUpdate hook in @tailwindcss/vite that calls environment.hot.send / server.hot.send({ type: "full-reload" }) under certain conditions.

This aligns with our RSC failures, which are specifically asserting no page reload during server-HMR flows.