chore(deps): update all non-major dependencies (main)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@azure/functions	4.12.0 → 4.16.0			dependencies	minor
@figma/plugin-typings	1.124.0 → 1.127.0			devDependencies	minor	1.128.0
@figma/rest-api-spec	~0.36.0 → ~0.40.0			devDependencies	minor
@inquirer/confirm (source)	6.0.10 → 6.1.1			dependencies	minor
@jsverse/transloco (source)	~8.2.1 → ~8.3.0			devDependencies	minor
@jsverse/transloco (source)	~8.2.1 → ~8.3.0			dependencies	minor
@jsverse/transloco-messageformat (source)	~8.2.1 → ~8.3.0			devDependencies	minor
@jsverse/transloco-messageformat (source)	~8.2.1 → ~8.3.0			dependencies	minor
@modelcontextprotocol/sdk (source)	~1.28.0 → ~1.29.0			devDependencies	minor
@modelcontextprotocol/sdk (source)	~1.28.0 → ~1.29.0			dependencies	minor
@openapitools/openapi-generator-cli	~2.31.1 → ~2.34.0			devDependencies	minor
@openapitools/openapi-generator-cli	~2.31.1 → ~2.34.0			dependencies	minor
@redocly/openapi-core	~2.25.0 → ~2.31.0			devDependencies	minor	2.31.6
@sinonjs/fake-timers	~15.1.0 → ~15.4.0			resolutions	minor
@types/vscode (source)	~1.110.0 → ~1.120.0			devDependencies	minor
@vscode/vsce (source)	3.7.1 → 3.9.1			devDependencies	minor	3.9.2
actions/setup-node	v6.3.0 → v6.4.0			action	minor
actions/stale	v10.2.0 → v10.3.0			action	minor
ajv (source)	~8.18.0 → ~8.20.0			dependencies	minor
dotenv	~17.3.0 → ~17.4.0			dependencies	minor
esbuild	~0.27.0 → ~0.28.0			dependencies	minor
esbuild	~0.27.0 → ~0.28.0			devDependencies	minor
github/codeql-action	v4.35.2 → v4.36.1			action	minor	v4.36.2
globby	~16.1.0 → ~16.2.0			dependencies	minor
ioredis	5.10.1 → 5.11.0			devDependencies	minor	5.11.1
jiti	2.6.1 → 2.7.0			devDependencies	minor
js-yaml	4.1.1 → 4.2.0			dependencies	minor
koa (source)	~3.1.0 → ~3.2.0			resolutions	minor
lighthouse	~13.0.0 → ~13.3.0			dependencies	minor
lighthouse	~13.0.0 → ~13.3.0			devDependencies	minor
ngx-markdown	~21.1.0 → ~21.3.0			dependencies	minor
node (source)	24.14 → 24.16				minor
node	24.14 → 24.16			uses-with	minor
pixelmatch	7.1.0 → 7.2.0			devDependencies	minor
pixelmatch	7.1.0 → 7.2.0			dependencies	minor
sass	~1.98.0 → ~1.100.0			devDependencies	minor
sass	~1.98.0 → ~1.100.0			dependencies	minor
sass-embedded	~1.98.0 → ~1.100.0			devDependencies	minor
type-fest	5.5.0 → 5.7.0			devDependencies	minor
type-fest	5.5.0 → 5.7.0			dependencies	minor
undici (source)	6.24.1 → 6.26.0			resolutions	minor
verdaccio (source)	~6.3.0 → ~6.7.0			dependencies	minor
webpack	~5.105.0 → ~5.107.0			devDependencies	minor
webpack	~5.105.0 → ~5.107.0			dependencies	minor
zod (source)	~4.3.0 → ~4.4.0			devDependencies	minor
zod (source)	~4.3.0 → ~4.4.0			dependencies	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

Azure/azure-functions-nodejs-library (@​azure/functions)

v4.16.0

Updating CI for Node 24, 26 and removing for Node 18 - #​442
Support Version for Node 24 Update on Readme - #​439
Bump @​azure/function-extensions-base from 0.2.0 to 0.3.0 - #​435

Full Changelog: Azure/azure-functions-nodejs-library@v4.15.0...v4.16.0

v4.15.0: 4.15.0

Fix Web PubSub bindings - #​431
Add es-metadata.yml (schema 1.0.0) - #​432
Adding the generic connector Trigger - #​434

Full Changelog: Azure/azure-functions-nodejs-library@v4.14.0...v4.15.0

v4.14.0

Add MCP Prompts Support (#​430)

• Adds structured content support for MCP Tool triggers.

Full Changelog: Azure/azure-functions-nodejs-library@v4.13.0...v4.14.0

v4.13.0

Add MCP Structured Content Changes Support (#​425)

• Adds structured content support for MCP Tool triggers.

Full Changelog: Azure/azure-functions-nodejs-library@v4.12.0...v4.13.0

figma/plugin-typings (@​figma/plugin-typings)

v1.127.0

Compare Source

v1.126.0

Compare Source

v1.125.0

Compare Source

figma/rest-api-spec (@​figma/rest-api-spec)

v0.40.0

Compare Source

v0.39.0

Compare Source

v0.38.0

Compare Source

v0.37.0

Compare Source

SBoudrias/Inquirer.js (@​inquirer/confirm)

v6.1.1

Compare Source

v6.1.0

Compare Source

v6.0.13

Compare Source

v6.0.12

Compare Source

v6.0.11

Compare Source

jsverse/transloco (@​jsverse/transloco)

v8.3.0

Compare Source

🚀 Features

• transloco: add TranslationLoadError class for translation load failures
• transloco: expose activeLang signal on TranslocoService

🩹 Fixes

• transloco: 🐛 grammar fix misspelled scope hint error message
• transloco: correct TRANSLOCO_MISSING_HANDLER token generic type
• transloco: prevent loading translations when injector is destroyed
• transloco: take the last provided scope selecting a translation
• transloco-locale: complete subject when root injector is destroyed
• transloco-locale: fix isLocaleFormat to correctly validate BCP 47 tags

❤️ Thank You

• Artur
• Mateo Tibaquirá
• Michael Benz
• Shahar Kazaz

modelcontextprotocol/typescript-sdk (@​modelcontextprotocol/sdk)

v1.29.0

Compare Source

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #​1577) by @​felixweinberger in #​1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in #​1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in #​1575
• Add typings exports by @​tdraier in #​1623
• v1.x npm audit fix by @​KKonstantinov in #​1780
• v1.x #​1623 follow up -add missing types to package.json by @​KKonstantinov in #​1773
• [v1.x backport] Allow servers / clients to advertise extensions in the capability object by @​localden in #​1811
• fix(stdio): always set windowsHide on Windows, not just in Electron by @​jnMetaCode in #​1640
• chore: bump version to 1.29.0 by @​felixweinberger in #​1820

New Contributors

• @​tdraier made their first contribution in #​1623
• @​jnMetaCode made their first contribution in #​1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

OpenAPITools/openapi-generator-cli (@​openapitools/openapi-generator-cli)

v2.34.0

Compare Source

Features

• release: trigger a release (c7caa7e)

v2.33.1

Compare Source

Bug Fixes

• deps: update dependency fs-extra to v11.3.5 (#​1200) (655b4eb)

v2.33.0

Compare Source

Features

• release: trigger a release (54abbc6)

v2.32.0

Compare Source

Features

• release: v7.22.0 release (#​1194) (c5a4d66)

Redocly/redocly-cli (@​redocly/openapi-core)

v2.31.5

Compare Source

Patch Changes

• Updated the no-unused-components rule to validate unused security schemes.

• Pinned the official Docker image base to node:24-alpine.

• Fixed the remove-unused-components decorator to remove unused security schemes.

  Warning: The bundler may now remove more unused components than before.

• Updated @​redocly/openapi-core to v2.31.5.

v2.31.4

Compare Source

Patch Changes

• Updated @​redocly/openapi-core to v2.31.4.

v2.31.3

Compare Source

Patch Changes

• Fixed an issue where the Respect command did not honor the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables when loading remote source descriptions or resolving external $refs.
  Proxy settings are consistently applied during reference resolution as well.
• Updated @​redocly/openapi-core to v2.31.3.

v2.31.2

Compare Source

Patch Changes

• Fixed the remove-unused-components decorator to remove unused components containing allOf keyword.

  Warning: The bundler may now remove more unused components than before.

• Fixed the no-unused-components rule to highlight unused schemas containing allOf keyword.

• Updated @​redocly/openapi-core to v2.31.2.

v2.31.1

Compare Source

Patch Changes

• Updated @​redocly/openapi-core to v2.31.1.

v2.31.0

Compare Source

Patch Changes

• Updated @​redocly/openapi-core to v2.31.0.

v2.30.6

Compare Source

Patch Changes

• Fixed hard crash that happened when no API was provided either via the command argument or in the config.
• Updated @​redocly/openapi-core to v2.30.6.

v2.30.5

Compare Source

Patch Changes

• Fixed a status code mismatch that occurred when using the --har-output option in the respect command.
• Updated @​redocly/openapi-core to v2.30.5.

v2.30.4

Compare Source

Patch Changes

• Updated styled-components dependency to 6.4.1.
• Updated @​redocly/openapi-core to v2.30.4.

v2.30.3

Compare Source

Patch Changes

• Updated @redocly/ajv to v8.18.1
• Updated @​redocly/respect-core to v2.30.3.

v2.30.2

Compare Source

Patch Changes

• Improved Redocly config validation: now the config checks for typos in built-in decorator names.
• Updated @​redocly/openapi-core to v2.30.2.

v2.30.1

Compare Source

Patch Changes

• Increased the default fetch timeout used by the push command to better support slower uploads.
• Updated @​redocly/openapi-core to v2.30.1.

v2.30.0

Compare Source

Patch Changes

• Updated @​redocly/openapi-core to v2.30.0.

v2.29.2

Compare Source

Patch Changes

• Resolved GHSA-xq3m-2v4x-88gg vulnerabilitiy by updating dependency versions.
• Updated @​redocly/openapi-core to v2.29.2.

v2.29.1

Compare Source

Patch Changes

• Fixed an issue where discriminator's mapping values written as bare local file names were not resolved during build.
• Updated @​redocly/openapi-core to v2.29.1.

v2.29.0

Compare Source

Minor Changes

• Added new score command that analyzes OpenAPI 3.x descriptions and produces an AI Agent Readiness score (0-100).
  Reports normalized subscores, raw per-operation metrics, and top hotspot operations with human-readable explanations. Supports --format=stylish (default) and --format=json output.

Patch Changes

• Improved the stability of the push command.
• Updated @​redocly/openapi-core to v2.29.0.

v2.28.1

Compare Source

Patch Changes

• Ordered top-level keys in AsyncAPI documents during bundling for improved consistency and readability.
• Updated @​redocly/openapi-core to v2.28.1.

v2.28.0

Compare Source

Minor Changes

• Moved the remove-unused-components decorator to the post-bundle phase so that components that become unused only after $ref resolution are correctly removed.

Patch Changes

• Fixed an issue where the discriminator's defaultMapping property was not resolved when bundling.
• Updated @​redocly/openapi-core to v2.28.0.

v2.27.1

Compare Source

Patch Changes

• Fixed an issue where --component-renaming-conflicts-severity ignored conflicts when different files had components with the same name but different content.

  Warning: Autogenrated component names and $ref paths in bundled documents may differ from older releases.

• Updated @​redocly/openapi-core to v2.27.1.

v2.27.0

Compare Source

Minor Changes

• Added support for junit output in the scorecard-classic command.
• Changed lint behavior with the --generate-ignore-file option.
  Now lint updates only the entries related to the file being linted.
  Other files' entries are unchanged.

Patch Changes

• Updated @​redocly/openapi-core to v2.27.0.

v2.26.0

Compare Source

Minor Changes

• Added support for AsyncAPI v2 and v3 in the split command.
• Added excludedPaths option to the no-http-verbs-in-paths rule, allowing specific paths to be excluded from evaluation.

Patch Changes

• Fixed the no-required-schema-properties-undefined rule to report when a required property is not defined in every oneOf/anyOf branch.
• Updated @​redocly/openapi-core to v2.26.0.

v2.25.4

Compare Source

Patch Changes

• Updated handlebars to v4.7.9.
• Updated @​redocly/openapi-core to v2.25.4.

v2.25.3

Compare Source

Patch Changes

• Fixed multiple issues in the spec-discriminator-defaultMapping rule that could cause crashes or incorrect validation results.
  The rule now correctly resolves existing schema names, traverses composite schemas (allOf, anyOf, oneOf) to find required properties, treats defaultMapping values as $refs to schemas, resolves $refs correctly across files, and handles cyclic schema dependencies.
• Updated @​redocly/respect-core to v2.25.3.

sinonjs/fake-timers (@​sinonjs/fake-timers)

v15.4.0

Compare Source

==================

• fix: stop nextAsync advanceUntilModeChanges from leaking past uninstall (#​571)
• ci: add types job to workflow (#​573)
• upgrade most packages (#​572)
• feat: add support for Temporal API (#​569)
• Fix no-DOM Performance type (#​570)
• chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 (#​563)
• chore(deps-dev): bump fast-xml-parser from 5.5.7 to 5.7.1 (#​568)

v15.3.2

Compare Source

==================
This actually changes some typings, so worth pushing

• upgrade eslint-config (#​565)

v15.3.1

Compare Source

==================

• fix: type generation and ensure types are always built
• chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 (#​560)
• Add missing regression test for #​561
• fix: restore cross-realm Date support in setSystemTime (#​561)
• fix: correct generated typescript types (#​559)
• fix: include missing type

v15.3.0

Compare Source

==================

• Fix interval loop-limit stack traces and clock-local isolation (#​555)

v15.2.2

Compare Source

==================

• fix(#​489): ignore Node 'timers' modules for browser bundlers

v15.2.1

Compare Source

==================

• fix(#​550): restore timer heap initialization after clearTimeout
• document why two data structures (map and heap) are needed

v15.2.0

Compare Source

==================

The 2000x perf increase release.

• fix(#​522): setInterval(0,fn) starved setTimeout(0,fn)
• fix: reject non-function callbacks
• fix(#​534): remove memory leak and potential security issue
• fix: memory leak and performance issues from #​532

v15.1.2

Compare Source

==================

• Access to the global object via globalThis in test files (#​544)
• Bump flatted from 3.2.9 to 3.4.2 (#​547)
• Bump fast-xml-parser from 5.4.1 to 5.5.7 (#​546)
• new feature: toNotFake:[] - ref #​540
• Ensure cancelIdleCallback is reset when uninstalling (#​539)
• Fix "TypeError: Cannot convert undefined or null to object" error (#​541)
• Bump undici (#​543)
• make requestIdleCallback spec compliant (#​531)
• Bump minimatch from 3.1.2 to 3.1.5 (#​538)
• Bump basic-ftp from 5.0.5 to 5.2.0 (#​535)

Microsoft/vsce (@​vscode/vsce)

v3.9.1

Compare Source

Changes:

• #​1266: fix: module type mismatch

This list of changes was auto generated.

v3.9.0

Compare Source

Changes:

• #​1263: fix: build regressions in 3.8.1
• #​1261: Add override for serialize-javascript

This list of changes was auto generated.

v3.8.1

Compare Source

Changes:

• #​1259: chore: update @​azure/identity to 4.13.1 and modernize TypeScript/Node.js configuration

This list of changes was auto generated.

v3.8.0

Compare Source

Changes:

• #​1258: fix: run npm audit fix
• #​1255: Bump brace-expansion
• #​1253: Bump picomatch from 2.3.1 to 2.3.2
• #​1252: Bump yauzl from 2.10.0 to 3.2.1
• #​1250: Bump underscore from 1.13.1 to 1.13.8
• #​1249: Bump minimatch
• #​1243: Bump markdown-it from 14.1.0 to 14.1.1
• #​1244: Bump qs from 6.14.1 to 6.14.2
• #​1239: Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1
• #​1238: Bump lodash from 4.17.21 to 4.17.23

See More

• #​1234: Bump qs from 6.11.0 to 6.14.1
• #​1233: Return non-zero exit code when signature verification fails
• #​1232: Audit npm package
• #​1228: Bump jws

This list of changes was auto generated.

actions/setup-node (actions/setup-node)

v6.4.0

Compare Source

actions/stale (actions/stale)

v10.3.0

Compare Source

What's Changed

Bug Fix

• Enhancement: ignore stale labeling events by @​shamoon in #​1311

Dependency Updates

• Upgrade dependencies (@​actions/core, @​octokit/plugin-retry, @​typescript-eslint) by @​Copilot in #​1335

New Contributors

• @​shamoon made their first contribution in #​1311

Full Changelog: actions/stale@v10...v10.3.0

ajv-validator/ajv (ajv)

v8.20.0

Compare Source

What's Changed

• fix: add support for node 22/24, drop node 16/21 by @​jasoniangreen in #​2580
• fix: add ES2022.RegExp for RegExpIndicesArray by @​SignpostMarv in #​2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

motdotla/dotenv (dotenv)

v17.4.2

Compare Source

v17.4.1

Compare Source

v17.4.0

Compare Source

evanw/esbuild (esbuild)

v0.28.0

Compare Source

v0.27.7

Compare Source

v0.27.5

Compare Source

github/codeql-action (github/codeql-action)

v4.36.1

Compare Source

v4.36.0

Compare Source

• Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #​3894
• Add support for SHA-256 Git object IDs. #​3893
• Update default CodeQL bundle version to 2.25.5. #​3926

v4.35.5

Compare Source

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

v4.35.4

Compare Source

• Update default CodeQL bundle version to 2.25.4. #​3881

v4.35.3

Compare Source

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. Th

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Paris)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit c329d87

Command	Status	Duration	Result
nx affected --target=lint --configuration ci	❌ Failed	14m 27s	View ↗
nx run-many --target=test-e2e	✅ Succeeded	2m 13s	View ↗
nx run-many --tui=false --target=build --projec...	✅ Succeeded	<1s	View ↗
nx run-many --target=build,build-swagger	✅ Succeeded	11m 29s	View ↗
nx affected --target=test --coverage --configur...	✅ Succeeded	4m 30s	View ↗
nx run ama-sdk-schematics:build-swagger	✅ Succeeded	2m 5s	View ↗
nx run-many --target=documentation	✅ Succeeded	1m 24s	View ↗
nx affected --target=package-github-action	✅ Succeeded	1m 53s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-05-05 00:14:16 UTC

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.92%. Comparing base (baa8323) to head (85eaa2f).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.