👷 Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@angular/common (source)	21.2.12 → 21.2.14					devDependencies	patch	21.2.15
@angular/compiler (source)	21.2.12 → 21.2.14					devDependencies	patch	21.2.15
@angular/core (source)	21.2.12 → 21.2.14					devDependencies	patch	21.2.15
@angular/platform-browser (source)	21.2.12 → 21.2.14					devDependencies	patch	21.2.15
@angular/router (source)	21.2.12 → 21.2.14					devDependencies	patch	21.2.15
@datadog/webpack-plugin (source)	3.1.4 → 3.1.8					devDependencies	patch
@mantine/core (source)	9.2.0 → 9.2.1					dependencies	patch	9.2.2
@mantine/hooks (source)	9.2.0 → 9.2.1					dependencies	patch	9.2.2
@module-federation/enhanced (source)	2.4.0 → 2.5.0					devDependencies	minor
@swc/core (source)	1.15.33 → 1.15.40					devDependencies	patch
@tanstack/react-router (source)	1.169.2 → 1.170.8					dependencies	minor	1.170.10 (+1)
@tanstack/react-router (source)	1.169.2 → 1.170.8					devDependencies	minor	1.170.10 (+1)
@types/node (source)	25.7.0 → 25.9.1					devDependencies	minor
@types/react (source)	19.2.14 → 19.2.15					devDependencies	patch
actions/stale	v10.2.0 → v10.3.0					action	minor
github/codeql-action	v4.35.4 → v4.36.0					action	minor
react-router (source)	7.15.0 → 7.15.1					devDependencies	patch	7.16.0
react-router-dom (source)	7.15.0 → 7.15.1					dependencies	patch	7.16.0
react-router-dom (source)	7.15.0 → 7.15.1					devDependencies	patch	7.16.0
typescript-eslint (source)	8.59.3 → 8.59.4					devDependencies	patch	8.60.0
undici (source)	8.2.0 → 8.3.0					devDependencies	minor
webpack	5.106.2 → 5.107.1					devDependencies	minor	5.107.2
ws	8.20.1 → 8.21.0					devDependencies	minor
yarn (source)	4.14.1 → 4.15.0					packageManager	minor
yarn (source)	4.14.1 → 4.15.0					volta	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

angular/angular (@​angular/common)

v21.2.14

Compare Source

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

v21.2.13

Compare Source

core

Commit	Type	Description
1c6553e97d	fix	disallow event attribute bindings in host bindings unconditionally

platform-server

Commit	Type	Description
629905d537	fix	add allowedHosts option to renderModule and renderApplication
0b7192f441	fix	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

DataDog/build-plugins (@​datadog/webpack-plugin)

v3.1.8

Compare Source

What's Changed

• Fix corrupted ESM bundles in published packages by @​oliverli in #​381

Full Changelog: DataDog/build-plugins@v3.1.7...v3.1.8

mantinedev/mantine (@​mantine/core)

v9.2.1

Compare Source

What's Changed

• [@mantine/tiptap] Fix controls having stale state when built with react compiler (#​8725)
• [@mantine/charts] Fix highlighted are being stuck at the previously hovered chart legend section if mouse is moved quickly (#​8768)
• [@mantine/modals] Fix incorrect duplicate modals ids handling (#​8736)
• [@mantine/core] Table: Fix th borders being rendered transparent if sticky prop set (#​8778)
• [@mantine/core] Fix error id not being passed to aria-describedby in Checkbox, Radio and Switch components (#​8820)
• [@mantine/core] Add aria-valuetext support to Slider and RangeSlider (#​8871)
• [@mantine/schedule] MonthView: Improve multi-day events overlap rendering for maxed-out days (#​8874)
• [@mantine/core] Fix mergeMantineTheme mutated DEFAULT_THEME.headings (#​8875)
• [@mantine/hooks] use-debounced-value: Fix leading callback not being reset on timeout (#​8833)
• [@mantine/core] Highlight: Add accent insensitive option support (#​8890)
• [@mantine/form] Fix some handlers not being stable reference (#​8891)
• [@mantine/dropzone] Change useFsAccessApi to false by default to make Dropzone compatible with all current browsers (#​8876)
• [@mantine/schedule] Fix incorrect events positioning with intervalMinutes={60} (#​8887)
• [@mantine/core] PinInput: Fix keyboard shorcuts being blocked on numeric input type (#​8889)
• [@mantine/form] Fix default validators making form.validate return value async (#​8880)
• [@mantine/core] Menu: Add safe polygon support for sub menus (#​8888)
• [@mantine/core] ScrollArea: Fix Maximum update depth exceeded error
• [@mantine/core] TreeSelect: Fix focus to moving to input after clear button click

New Contributors

• @​oab24413gmai made their first contribution in #​8892
• @​sarioglu made their first contribution in #​8890
• @​noahsilas made their first contribution in #​8833
• @​chaitanya-bhagavan made their first contribution in #​8875
• @​liamdon made their first contribution in #​8874
• @​oozan made their first contribution in #​8820
• @​Pirulax made their first contribution in #​8736

Full Changelog: mantinedev/mantine@9.2.0...9.2.1

module-federation/core (@​module-federation/enhanced)

v2.5.0

Compare Source

Patch Changes

• Updated dependencies [5d4095d]
• Updated dependencies [0716c11]
• Updated dependencies [13dce52]
• Updated dependencies [41281f4]
  • @​module-federation/sdk@​2.5.0
  • @​module-federation/dts-plugin@​2.5.0
  • @​module-federation/error-codes@​2.5.0
  • @​module-federation/bridge-react-webpack-plugin@​2.5.0
  • @​module-federation/cli@​2.5.0
  • @​module-federation/managers@​2.5.0
  • @​module-federation/manifest@​2.5.0
  • @​module-federation/rspack@​2.5.0
  • @​module-federation/webpack-bundler-runtime@​2.5.0
  • @​module-federation/runtime-tools@​2.5.0
  • @​module-federation/inject-external-runtime-core-plugin@​2.5.0

swc-project/swc (@​swc/core)

v1.15.40

Compare Source

Bug Fixes

• (es/minifier) Preserve args for destructured callbacks (#​11830) (21873b0)

• (es/minifier) Avoid generating mangled property names that collide with existing properties (#​11839) (9b4fab5)

• (es/minifier) Respect ecma for iife temp vars (#​11873) (e481934)

• (es/minifier) Preserve default parameter object props (#​11884) (71ff84f)

• (es/parser) Reject object-rest assignment to array/object literal (#​11875) (7b57d1f)

• (es/parser) Reject object rest assignment to literals (#​11881) (4ec2eaf)

• (es/react) Exclude self-recursive hooks from refresh dependency array (#​11838) (9101c71)

• (ts/fast-dts) Strip definite assertions in dts (#​11858) (2ab1b8a)

• (ts/fast-strip) Reject unsafe assertion erasure in binary expressions (#​11828) (aa5b539)

• (typescript) Strip parameter binding defaults in dts (#​11857) (800bc17)

Documentation

• Update agent guidance (#​11842) (bf2d015)

• Add security policy (#​11876) (6c43c2d)

• Clarify security scope for npm packages (#​11877) (4662db8)

• Clarify untrusted input security model (#​11882) (5463777)

Features

• (es/minifier) Fine grained effect analysis of class (#​11814) (c9058ad)

• (swc_cli) Implement all features for swc_cli (#​11797) (9300ede)

Miscellaneous Tasks

• (es/minifier) Fix typo in debug log (#​11866) (3de0254)

• (html) Add webcontainer fallback for @swc/html (#​11860) (7692eed)

Performance

• (ecma) Reduce transformer compat overhead (#​11856) (d03cb71)

• (es/codegen) Speed up JsWriter position and srcmap tracking (#​11867) (dbceade)

• (es/codegen) Remove JsWriter last_srcmap cache (#​11869) (3bc1c2b)

• (es/minifier) Reduce minifier profiling hotspots (#​11853) (28c1091)

• Optimize es parser comment finalization (#​11852) (2959ddf)

Testing

• (es/minifier) Move issue_11835 fixture out of terser folder (#​11840) (3dd3431)

Ci

• Update corepack in publish docker jobs (#​11885) (9a7d954)

• Pass publish docker env explicitly (#​11888) (c5f7547)

• Lock issues closed by merged prs (#​11887) (6bd74e5)

• Provide aarch64 musl linker in publish job (#​11889) (20234fd)

• Fix publish musl linker and windows tests (#​11890) (a798a23)

• Make minifier test path explicit (#​11891) (e7cba97)

Security

• Save CI caches only on main (#​11848) (7582529)

• Update rkyv and Rust dependencies (#​11851) (20d92eb)

• Harden PR workflow permissions (#​11849) (e199564)

TanStack/router (@​tanstack/react-router)

v1.170.8

Compare Source

Patch Changes

• Add support for Rsbuild client output formats, including module output by default and IIFE output for classic script environments. (#​7477)

  Client entry scripts and preloads are now represented as root route manifest assets, script preloads follow the manifest script format, and script asset cross-origin configuration uses the script key. The transformAssets script callback context now exposes only kind: 'script' and url, keeping script format handling internal to manifest rendering.

• Updated dependencies [51a97a1]:

  • @​tanstack/router-core@​1.171.6

v1.170.7

Compare Source

Patch Changes

• Updated dependencies [5268ba4]:
  • @​tanstack/router-core@​1.171.5

v1.170.6

Compare Source

Patch Changes

• Fix hash navigation being overridden by stale scroll restoration entries. (#​7447)

• Updated dependencies [0300f87, 0300f87]:

  • @​tanstack/router-core@​1.171.4

v1.170.5

Compare Source

Patch Changes

• Updated dependencies [5fa9e55]:
  • @​tanstack/router-core@​1.171.3

v1.170.4

Compare Source

Patch Changes

• Updated dependencies [b60eb36]:
  • @​tanstack/router-core@​1.171.2

v1.170.3

Compare Source

Patch Changes

• Updated dependencies [d9cf933]:
  • @​tanstack/router-core@​1.171.1

v1.170.2

Compare Source

Patch Changes

• Updated dependencies [d533f87]:
  • @​tanstack/router-core@​1.171.0

v1.170.1

Compare Source

Patch Changes

• Updated dependencies [2387a2e]:
  • @​tanstack/router-core@​1.170.1

v1.170.0

Compare Source

Minor Changes

• Clean minor bump, fresh start (#​7395)

Patch Changes

• Updated dependencies [b1c061a, 201e150]:
  • @​tanstack/router-core@​1.170.0
  • @​tanstack/history@​1.162.0

actions/stale (actions/stale)

v10.3.0

Compare Source

What's Changed

Bug Fix

• Enhancement: ignore stale labeling events by @​shamoon in #​1311

Dependency Updates

• Upgrade dependencies (@​actions/core, @​octokit/plugin-retry, @​typescript-eslint) by @​Copilot in #​1335

New Contributors

• @​shamoon made their first contribution in #​1311

Full Changelog: actions/stale@v10...v10.3.0

github/codeql-action (github/codeql-action)

v4.36.0

Compare Source

• Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #​3894
• Add support for SHA-256 Git object IDs. #​3893
• Update default CodeQL bundle version to 2.25.5. #​3926

v4.35.5

Compare Source

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

remix-run/react-router (react-router)

v7.15.1

Compare Source

Patch Changes

• Update router to operate on fetcher Maps in an immutable manner to avoid delayed React renders from potentially reading an updated but not yet committed Map. This could result in brief flickers in some fetcher-driven optimistic UI scenarios. (#​15028)
• Fix serverLoader() returning stale SSR data when a client navigation aborts pending hydration before the hydration clientLoader resolves (#​15022)
• Fix RouterProvider onError callback not being called for synchronous initial loader errors in SPA mode (#​15039) (#​14942)
• Memoize useFetchers to return a stable identity and only change if fetchers changed (#​15028)
• Internal refactor to consolidate mutation request detection through shared utility (#​15033)

Unstable Changes

⚠️ Unstable features are not recommended for production use

• Add a new unstable_useRouterState() hook that consolidates access to active and pending router states (RFC: #​12358) (#​15017)

  • Data/Framework/RSC only — throws when used without a data router

  • This should allow you to consolidate usages of the following hooks which will likely be deprecated and removed in a future major version

    • useLocation
    • useSearchParams
    • useParams
    • useMatches
    • useNavigationType
    • useNavigation

    let { active, pending } = unstable_useRouterState();
    
    // Active is always populated with the current location
    active.location; // replaces `useLocation()`
    active.searchParams; // replaces `useSearchParams()[0]`
    active.params; // replaces `useParams()`
    active.matches; // replaces `useMatches()`
    active.type; // replaces `useNavigationType()`
    
    // Pending is only populated during a navigation
    pending.location; // replaces `useNavigation().location`
    pending.searchParams; // equivalent to `new URLSearchParams(useNavigation().search)`
    pending.params; // Not directly accessible today
    pending.matches; // Not directly accessible today
    pending.type; // Not directly accessible today
    pending.state; // replaces `useNavigation().state`
    pending.formMethod; // replaces useNavigation().formMethod
    pending.formAction; // replaces useNavigation().formAction
    pending.formEncType; // replaces useNavigation().formEncType
    pending.formData; // replaces useNavigation().formData
    pending.json; // replaces useNavigation().json
    pending.text; // replaces useNavigation().text

remix-run/react-router (react-router-dom)

v7.15.1

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.15.1

typescript-eslint/typescript-eslint (typescript-eslint)

v8.59.4

Compare Source

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#​12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

nodejs/undici (undici)

v8.3.0

Compare Source

What's Changed

• fix: preserve pool capacity after removing stale client by @​trivikr in #​5151
• build(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @​dependabot[bot] in #​5157
• build(deps): bump actions/upload-artifact from 5.0.0 to 7.0.1 by @​dependabot[bot] in #​5162
• build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @​dependabot[bot] in #​5156
• chore(http2): collapse duplicate request stream setup by @​trivikr in #​5140
• perf(client): cache HTTP/2 authority by @​trivikr in #​5141
• build(deps-dev): bump borp from 0.20.2 to 1.0.0 by @​dependabot[bot] in #​4819
• types: add TOpaque to client connect options by @​samuel871211 in #​4928
• build(deps): bump tinybench from 5.1.0 to 6.0.1 in /benchmarks by @​dependabot[bot] in #​4688
• build(deps): bump codecov/codecov-action from 5.5.1 to 6.0.0 by @​dependabot[bot] in #​4950
• build(deps): bump actions/dependency-review-action from 4.8.1 to 4.9.0 by @​dependabot[bot] in #​4951
• test(fetch): add userinfo coverage for issue-4897 URLs by @​mcollina in #​4901
• perf: avoid duplicate pool dispatcher selection on backpressure by @​trivikr in #​5149
• build(deps): bump actions/setup-node from 6.2.0 to 6.4.0 by @​dependabot[bot] in #​5163
• build(deps): bump step-security/harden-runner from 2.14.1 to 2.19.1 by @​dependabot[bot] in #​5160
• build(deps): bump cronometro from 5.3.0 to 6.0.3 in /benchmarks by @​dependabot[bot] in #​4687
• build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @​dependabot[bot] in #​5161
• build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @​dependabot[bot] in #​4853
• build(deps): bump hendrikmuhs/ccache-action from 1.2.22 to 1.2.23 by @​dependabot[bot] in #​5158
• build(deps): bump fastify/github-action-merge-dependabot from 3.11.2 to 3.12.0 by @​dependabot[bot] in #​5159
• build(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @​dependabot[bot] in #​4854
• build(deps): bump uWebSockets.js from v20.64.0 to v20.66.0 in /benchmarks by @​dependabot[bot] in #​5130
• docs: mention install() also installs WebSocket globals by @​mcollina in #​5174
• types: stop interfering with @​types/node by @​Renegade334 in #​5173
• fix: align h2 empty body content-length methods with h1 by @​trivikr in #​5172
• build(deps-dev): bump fast-check from 4.6.0 to 4.7.0 by @​dependabot[bot] in #​5192
• build(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @​dependabot[bot] in #​5191
• test: move cleanup from finally to after hooks by @​trivikr in [#​5194](https://redirect.github.com/nodejs/un

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[datadog-prod-us1-3]

 

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 6 Pipeline jobs failed

DataDog/browser-sdk | e2e: [chromium-pinned]     

🛟 This job is unlikely to succeed on retry. Please review your pipeline configuration.

Internal Error: vue-router-app package not in lockfile. Run 'yarn install' to update.

DataDog/browser-sdk | e2e: [chromium]     

🛟 This job is unlikely to succeed on retry. Please review your pipeline configuration.

This package doesn't seem to be present in your lockfile; run "yarn install" to update the lockfile.

DataDog/browser-sdk | e2e: [firefox-pinned]     

🛟 This job is unlikely to succeed on retry. Please review your pipeline configuration.

Internal Error: vue-router-app@workspace: This package doesn't seem to be present in your lockfile; run "yarn install" to update the lockfile.

View all 6 failed jobs.

ℹ️ Info

No other issues found (see more)

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 76.60% (+0.00%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 4bab37a | Docs | Datadog PR Page | Give us feedback!}

[cit-pr-commenter-54b7da]

Bundles Sizes Evolution

📦 Bundle Name	Base Size	Local Size	𝚫	𝚫%	Status
Rum	173.78 KiB	173.78 KiB	0 B	0.00%	✅
Rum Profiler	7.88 KiB	7.88 KiB	0 B	0.00%	✅
Rum Recorder	21.21 KiB	21.21 KiB	0 B	0.00%	✅
Logs	55.59 KiB	55.59 KiB	0 B	0.00%	✅
Rum Slim	131.60 KiB	131.60 KiB	0 B	0.00%	✅
Worker	22.99 KiB	22.99 KiB	0 B	0.00%	✅

🔗 RealWorld