chore(deps-dev): bump the development-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the development-dependencies group with 6 updates in the / directory:

Package	From	To
@changesets/cli	2.30.0	2.31.0
@types/node	25.5.2	25.6.0
pkg-ok	3.0.0	4.0.0
stylelint	17.6.0	17.9.0
undici	8.0.2	8.1.0
vite	8.0.7	8.0.10

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

• #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

• #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

• d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

• #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

• #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

• #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

• Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

  • @​changesets/assemble-release-plan@​6.0.10
  • @​changesets/get-dependents-graph@​2.1.4
  • @​changesets/apply-release-plan@​7.1.1
  • @​changesets/get-release-plan@​4.0.16
  • @​changesets/config@​3.1.4

Commits

• 9cce6db Version Packages (#1897)
• d2121dc Fix npm auth for path-based registries during publish by preserving configure...
• 036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
• 5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
• 96ca062 Error on unsupported flags for individual CLI commands (#1889)
• 42943b7 fix(cli): respond to --help on all subcommands (#1873)
• f61e716 Improved detection for published state of prerelease-only packages without ...
• See full diff in compare view

Updates @types/node from 25.5.2 to 25.6.0

Commits

• See full diff in compare view

Updates pkg-ok from 3.0.0 to 4.0.0

Changelog

Sourced from pkg-ok's changelog.

4.0.0

• Require Node 20, 22, or 24

Commits

• c4bf4e9 Merge pull request #173 from abraham/copilot/remove-husky-package
• b5b9ad6 chore: remove husky and pre-commit hook
• 8ed0ae6 Merge pull request #171 from abraham/abraham-patch-1
• 65a7813 Initial plan
• 4ad7c3e npm run format
• 0ecc782 Add GitHub Actions workflow to publish package
• 41718cd Merge pull request #170 from abraham/abraham-patch-1
• cae00cb Bump version from 3.0.0 to 4.0.0
• b24240c Revise Node.js support in CHANGELOG
• e420bf1 Merge pull request #168 from abraham/copilot/update-meow-to-v14
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for pkg-ok since your current version.

Updates stylelint from 17.6.0 to 17.9.0

Release notes

Sourced from stylelint's releases.

17.9.0

It adds 3 new features. Adding the referenceFiles property to your configuration object makes the no-unknown-animations, no-unknown-custom-media and no-unknown-custom-properties rules more useful.

• Added: experimental referenceFiles to configuration object (#9179) (@​jeddy3).
• Added: experimental abortSignal option to Node.js API for cancellation support (#9213) (@​adalinesimonian).
• Added: maxWarnings to configuration object (#9181) (@​mrginglymus).

17.8.0

It adds 3 new rules and 1 configuration property.

• Added: languageOptions.directionality configuration property (#8687) (@​sw1tch3roo).
• Added: property-layout-mappings rule (#8687) (@​sw1tch3roo).
• Added: relative-selector-nesting-notation rule (#8730) (@​sw1tch3roo).
• Added: selector-no-deprecated rule (#8694) (@​immitsu).

17.7.0

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

• Fixed: clarity of problem messages (#9199) (@​jeddy3).
• Fixed: --print-config CLI flag to hide internal properties (#9194) (@​ybiquitous).
• Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@​immitsu).
• Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@​romainmenke).

Changelog

Sourced from stylelint's changelog.

17.9.0 - 2026-04-23

It adds 3 new features. Adding the referenceFiles property to your configuration object makes the no-unknown-animations, no-unknown-custom-media and no-unknown-custom-properties rules more useful.

• Added: experimental referenceFiles to configuration object (#9179) (@​jeddy3).
• Added: experimental abortSignal option to Node.js API for cancellation support (#9213) (@​adalinesimonian).
• Added: maxWarnings to configuration object (#9181) (@​mrginglymus).

17.8.0 - 2026-04-15

It adds 3 new rules and 1 configuration property.

• Added: languageOptions.directionality configuration property (#8687) (@​sw1tch3roo).
• Added: property-layout-mappings rule (#8687) (@​sw1tch3roo).
• Added: relative-selector-nesting-notation rule (#8730) (@​sw1tch3roo).
• Added: selector-no-deprecated rule (#8694) (@​immitsu).

17.7.0 - 2026-04-12

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

• Fixed: clarity of problem messages (#9199) (@​jeddy3).
• Fixed: --print-config CLI flag to hide internal properties (#9194) (@​ybiquitous).
• Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@​immitsu).
• Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@​romainmenke).

Commits

• cee404b Release 17.9.0 (#9242)
• b0af5ae Bump prettier from 3.8.1 to 3.8.3 (#9240)
• e2c2c43 Bump eslint-plugin-jest from 29.15.1 to 29.15.2 in the eslint group (#9239)
• 68d008e Bump @​csstools/css-syntax-patches-for-csstree from 1.1.2 to 1.1.3 in the csst...
• 5ad7ffb Bump @​csstools/css-calc from 3.1.1 to 3.2.0 in the csstools-parser group (#9237)
• f16ef5e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#9235)
• a0b3c5a Bump actions/github-script from 8.0.0 to 9.0.0 (#9236)
• fb2efec Add abortSignal option to Node.js API for cancellation support (#9213)
• 84f2c6b Document Netlify hosting badge (#9218)
• 5b45245 Add maxWarnings to configuration object (#9181)
• Additional commits viewable in compare view

Updates undici from 8.0.2 to 8.1.0

Release notes

Sourced from undici's releases.

v8.1.0

What's Changed

• feat: add configurable maxPayloadSize for WebSocket by @​mcollina in nodejs/undici#4955

Full Changelog: nodejs/undici@v8.0.3...v8.1.0

v8.0.3

What's Changed

• docs: add an Undici 7 to 8 migration guide by @​mcollina in nodejs/undici#4963
• chore: switch deferred promise with Promise.withResolvers() by @​trivikr in nodejs/undici#4972
• chore: remove zstd and markAsUncloneable feature probes by @​trivikr in nodejs/undici#4968
• test: remove obsolete nodeMajor/nodeMinor util exports by @​trivikr in nodejs/undici#4976
• chore: use Promise.withResolvers in SOCKS5 proxy agent by @​trivikr in nodejs/undici#4978
• build(deps-dev): bump esbuild from 0.27.7 to 0.28.0 by @​dependabot[bot] in nodejs/undici#4985
• build(deps-dev): bump proxy from 2.2.0 to 4.0.0 by @​dependabot[bot] in nodejs/undici#4987
• build(deps): bump got from 14.6.6 to 15.0.0 in /benchmarks by @​dependabot[bot] in nodejs/undici#4988
• chore: use Object.hasOwn for iterator checks by @​trivikr in nodejs/undici#4979
• doc: Update dump({ limit: Integer }) default value by @​samuel871211 in nodejs/undici#4981
• fix: avoid 401 failures for stream-backed request bodies by @​mcollina in nodejs/undici#4941
• test: remove unsupported Node version checks from fetch tests by @​trivikr in nodejs/undici#4977
• types: remove legacy AbortSignal alias now provided by @​types/node by @​trivikr in nodejs/undici#4995
• fix: remove stale constructor interceptors from types and pool options by @​trivikr in nodejs/undici#4994
• doc: update incorrect description of dump.maxSize by @​samuel871211 in nodejs/undici#4982
• ci: enable coverage for node.js 25 by @​shivarm in nodejs/undici#4980
• refactor: reuse wrapRequestBody in RedirectHandler by @​trivikr in nodejs/undici#4992
• fix: preserve connect option in H2CClient by @​trivikr in nodejs/undici#5000
• types: document Client and H2CClient option declarations by @​trivikr in nodejs/undici#4998
• fix: native WebSocket over H2 server after undici import by @​mcollina in nodejs/undici#4990
• chore(test): issue 3969 by @​rozzilla in nodejs/undici#5005
• fix(1270): throw descriptive error when opts.dispatcher–passed instance methods by @​rozzilla in nodejs/undici#5007
• docs: Change the default value of allowH2 in JSDoc by @​7hokerz in nodejs/undici#5009
• chore(test): cover issue 5014 by @​rozzilla in nodejs/undici#5015
• fix: prevent cache dedup key collision via unescaped delimiters by @​eddieran in nodejs/undici#5013
• fix(proxy agent): respect connectTimeout by @​rozzilla in nodejs/undici#5011

New Contributors

• @​7hokerz made their first contribution in nodejs/undici#5009
• @​eddieran made their first contribution in nodejs/undici#5013

Full Changelog: nodejs/undici@v8.0.2...v8.0.3

Commits

• d64e7bb Bumped v8.1.0 (#5023)
• bd91f86 feat: add configurable maxPayloadSize for WebSocket (#4955)
• 8cfb762 Bumped v8.0.3 (#5019)
• 7ca6bb3 fix(proxy agent): respect connectTimeout (#5011)
• 30e9f98 fix: prevent cache dedup key collision via unescaped delimiters (#5012) (#5013)
• 85d8368 chore(test): cover issue 5014 (#5015)
• 4e4c2a3 docs: Change the default value of allowH2 in JSDoc (#5009)
• 0143e1b fix(1270): throw descriptive error when opts dispatcher passed instance metho...
• 51a27b7 chore(test): issue 3969 (#5005)
• a434502 fix: native WebSocket over H2 server after undici import (#4990)
• Additional commits viewable in compare view

Updates vite from 8.0.7 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

• update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

• hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)
• css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)
• optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)
• remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

• enable some typecheck rules (#22278) (9437518)
• typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

• update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

• allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)
• build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)
• bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)
• css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)
• deps: update all non-major dependencies (#22219) (4cd0d67)
• deps: update all non-major dependencies (#22268) (c28e9c1)
• detect Deno workspace root (fix #22237) (#22238) (1b793c0)
• dev: handle errors in watchChange hook (#22188) (fc08bda)
• optimizer: handle more chars that will be sanitized (#22208) (3f24533)
• skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

• align the descriptions in READMEs (#22231) (44c42b9)
• fix reuses wording in dev environment comment (#22173) (9163412)
• fix wording in sass error comment (#22214) (bc5c6a7)
• update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

• deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

• update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

• 32c2978 release: v8.0.10
• a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
• a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
• 83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
• b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
• 40a0847 refactor: typecheck client directory (#22284)
• 5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
• 9437518 refactor: enable some typecheck rules (#22278)
• ce729f5 release: v8.0.9
• 605bb97 docs: update build CLI defaults (#22261)
• Additional commits viewable in compare view

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5a89e5f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@​8.0.2 ⏵ 8.1.0
	pkg-ok@​3.0.0 ⏵ 4.0.0			+1	+10
	vite@​8.0.7 ⏵ 8.0.10	+1		+1
	@​changesets/​cli@​2.30.0 ⏵ 2.31.0	+1		+1	-1
	stylelint@​17.6.0 ⏵ 17.9.0				+2

View full report

[fraxken]

@dependabot please rebase