chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@antfu/eslint-config	^8.1.1 → ^8.2.0			pnpm.catalog.dev	minor
@iconify-json/simple-icons	^1.2.77 → ^1.2.79			pnpm.catalog.dev	patch
@vitest/browser (source)	^4.1.4 → ^4.1.5			pnpm.catalog.test	patch
@vitest/coverage-v8 (source)	^4.1.4 → ^4.1.5			pnpm.catalog.test	patch
dotenv	^17.4.1 → ^17.4.2			pnpm.catalog.dev	patch
eslint (source)	^10.2.0 → ^10.2.1			pnpm.catalog.dev	patch
node (source)	>=24.14.0 → >=24.15.0			engines	minor
node	24-slim → 24.15.0-slim			final	minor
node	24-slim → 24.15.0-slim			stage	minor
pixi.js (source)	^8.17.1 → ^8.18.1			pnpm.catalog.integrations	minor
tailwindcss (source)	^4.2.2 → ^4.2.4			pnpm.catalog.dev	patch
typescript (source)	^6.0.2 → ^6.0.3			pnpm.catalog.dev	patch
vitest (source)	^4.1.4 → ^4.1.5			pnpm.catalog.test	patch
vue-tsc (source)	^3.2.6 → ^3.2.7			pnpm.catalog.dev	patch

---

Release Notes

antfu/eslint-config (@​antfu/eslint-config)

v8.2.0

Compare Source

   🐞 Bug Fixes

• Disbale e18e/prefer-static-regex in non-lib mode  -  by @​antfu (52069)

    View changes on GitHub

vitest-dev/vitest (@​vitest/browser)

v4.1.5

Compare Source

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in #​10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in #​10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in #​10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in #​10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in #​10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in #​8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in #​8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in #​10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in #​10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in #​10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in #​10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in #​9927 and #​10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in #​10154 (6abd5)

    View changes on GitHub

motdotla/dotenv (dotenv)

v17.4.2

Compare Source

eslint/eslint (eslint)

v10.2.1

Compare Source

nodejs/node (node)

v24.15.0

Compare Source

v24.14.1

Compare Source

pixijs/pixijs (pixi.js)

v8.18.1

Compare Source

💾 Download

Installation:

npm install pixi.js@8.18.1

Development Build:

• https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js
• https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs

Production Build:

• https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js
• https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs

Documentation:

• https://pixijs.download/v8.18.1/docs/index.html

Changed

🐛 Fixed

• fix: prevent error when using Application.domContainerRoot in Node.js by @​UlyssesZh in #​12017

v8.18.0

Compare Source

💾 Download

Installation:

npm install pixi.js@8.18.0

Development Build:

• https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js
• https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs

Production Build:

• https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js
• https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs

Documentation:

• https://pixijs.download/v8.18.0/docs/index.html

Changed

🚨 Behavior Change

• fix: text.width and word wrap returning incorrect values by @​Zyie in #​12007
  • Text/HTMLText/BitmapText with wordWrap: true and non-left align (center/right/justify) now return the true rendered width from text.width instead of reporting wordWrapWidth. If you relied on text.width === wordWrapWidth for layout, use wordWrapWidth directly or wrap the text in a sized container.

  const text = new Text({
      text: 'hello',
      style: { wordWrap: true, wordWrapWidth: 800, align: 'center' },
  });
  // before: text.width === 800
  // after:  text.width reflects the rendered string width

🎁 Added

• feat: add graphicsContextToSvg() for Graphics → SVG export by @​GoodBoyDigital in #​11989
  • Adds graphicsContextToSvg(source, precision?), a pure function that serializes a Graphics or GraphicsContext to a self-contained SVG string. Supports rects, circles, ellipses, rounded rects, polygons, bezier/quadratic/arc paths, strokes, holes (via fill-rule="evenodd"), and linear/radial gradients.

  import { Graphics, graphicsContextToSvg } from 'pixi.js';
  
  const g = new Graphics()
      .rect(0, 0, 100, 50)
      .fill({ color: 0xff0000 })
      .circle(150, 25, 25)
      .stroke({ color: 0x0000ff, width: 4 });
  
  const svgString = graphicsContextToSvg(g, 2);
  await navigator.clipboard.writeText(svgString);

• feat: add mask channel selection for sprite masks by @​Zyie in #​11987
  • setMask() gains a channel option ('red' | 'alpha') to pick which texture channel drives visibility, matching how design tools like Figma apply PNG masks. Default remains 'red'.

  import { Assets, Sprite } from 'pixi.js';
  
  const photo = new Sprite(await Assets.load('photo.png'));
  const maskSprite = new Sprite(await Assets.load('mask-alpha.png'));
  
  photo.setMask({
      mask: maskSprite,
      channel: 'alpha',
  });

• feat: allow preference to accept an array of renderer types by @​Zyie in #​11963
  • autoDetectRenderer and Application.init now accept an array of renderer names for preference, letting you restrict the fallback chain (e.g. disable WebGPU entirely) rather than only reorder it. A new RendererPreference type is exported.

  import { Application, autoDetectRenderer } from 'pixi.js';
  
  const renderer = await autoDetectRenderer({
      preference: ['webgl', 'canvas'],
  });
  
  const app = new Application();
  await app.init({ preference: ['webgl', 'canvas'] });

• feat: provide a getter to the domElement via app.domContainerRoot by @​carlos22 in #​11974
  • Application exposes a read-only domContainerRoot getter returning the HTMLDivElement that wraps all DOMContainer elements, so apps can add CSS classes, inline styles, or customize the DOM overlay root.

  import { Application } from 'pixi.js';
  
  const app = new Application();
  await app.init({ resizeTo: window });
  
  app.domContainerRoot.classList.add('pixi-dom-layer');
  app.domContainerRoot.style.pointerEvents = 'auto';

• feat: add width option to MeshRope by @​mehmetcanakbay in #​11990
  • MeshRope now accepts an explicit width for rope thickness, decoupling it from the texture's height. Omitting width preserves the previous texture.height default.

  import { MeshRope, Point, Texture } from 'pixi.js';
  
  const points = [new Point(0, 0), new Point(100, 50), new Point(200, 0)];
  
  const rope = new MeshRope({
      texture: Texture.from('snake.png'),
      points,
      width: 40,
  });

• feat: add a default anchor to texture generation by @​ksv90 in #​12011
  • renderer.generateTexture() accepts a defaultAnchor option that's forwarded onto the produced Texture. RenderTexture.create() also gains a textureOptions parameter to pass through fields like defaultAnchor to the underlying Texture.

  import { Graphics, Sprite } from 'pixi.js';
  
  const shape = new Graphics().circle(0, 0, 50).fill(0xff3366);
  
  const texture = app.renderer.generateTexture({
      target: shape,
      defaultAnchor: { x: 0.5, y: 0.5 },
  });
  
  const sprite = new Sprite(texture);
  sprite.position.set(200, 200); // centered by default

🐛 Fixed

• fix: stroke-only Graphics masks now render correctly on Canvas renderer by @​DmitriyGolub in #​11979
• fix: skip _applyMipRange for single-mip textures (iOS 18.0–18.1) by @​GoodBoyDigital in #​11985
• fix: stale TextureMatrix when pooled textures reuse the same reference by @​GoodBoyDigital in #​11997
• fix: unhandled actions in GraphicsPath.transform() switch statement by @​Zyie in #​11996
• fix(VideoSource): avoid play/mediaReady recursion before video dimensions (#​11133) by @​satoren in #​12009
• fix: text.width and word wrap returning incorrect values by @​Zyie in #​12007
• fix: handle literal < characters in parseTaggedText by @​glennflanagan in #​11972
• fix: move CanvasFilterSystem to the filters module by @​Zyie in #​12014
• fix: SplitText baseline mismatch when tagStyles used with lineHeight by @​Zyie in #​12008
• fix: TilingSprite.tilePosition divided by resolution when using Canvas renderer by @​Zyie in #​11957
• fix: move CanvasFilterSystem to filters module by @​Zyie in #​12014
• fix(VideoSource): avoid play/mediaReady recursion before video dimensions by @​satoren in #​12009

🧹 Chores

• chore: bump @xmldom/xmldom to 0.8.12 by @​Zyie in #​12016

New Contributors

• @​mehmetcanakbay made their first contribution in #​11990
• @​DmitriyGolub made their first contribution in #​11979
• @​carlos22 made their first contribution in #​11974
• @​satoren made their first contribution in #​12009
• @​ksv90 made their first contribution in #​12011
• @​glennflanagan made their first contribution in #​11972

tailwindlabs/tailwindcss (tailwindcss)

v4.2.4

Compare Source

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#​19947)

v4.2.3

Compare Source

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#​19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#​19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#​19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#​19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#​19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#​19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#​19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#​19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#​19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#​19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#​19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#​19846)
• Upgrade: never migrate files that are ignored by git (#​19846)
• Add .env and .env.* to default ignored content files (#​19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#​19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#​19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#​19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#​19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#​19858)
• Improve performance when scanning JSONL / NDJSON files (#​19862)
• Support NODE_PATH environment variable in standalone CLI (#​19617)

microsoft/TypeScript (typescript)

v6.0.3

Compare Source

vuejs/language-tools (vue-tsc)

v3.2.7

Compare Source

component-meta

• fix: preserve non-ASCII characters in prop default values (#​6012) - Thanks to @​ef81sp!

workspace

• chore: bump typescript to 6.0.3 (#​6017) - Thanks to @​KazariEX!

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "after 2am and before 3am"
• Automerge
  • "after 1am and before 2am"

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 6 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 28, reused 0, downloaded 0, added 0
Progress: resolved 32, reused 0, downloaded 0, added 0
Progress: resolved 33, reused 0, downloaded 0, added 0
Progress: resolved 129, reused 0, downloaded 0, added 0
Progress: resolved 295, reused 0, downloaded 0, added 0
Progress: resolved 416, reused 0, downloaded 0, added 0
Progress: resolved 594, reused 0, downloaded 0, added 0
Progress: resolved 715, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/hmbanan666/chatgame/apps/web-app:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "chokidar@4.0.3" (possible package takeover)

This error happened while installing the dependencies of nuxt@4.4.2
 at @nuxt/vite-builder@4.4.2
 at vite-plugin-checker@0.12.0

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.