Bump the minor-updates group with 7 updates

[dependabot]

Bumps the minor-updates group with 7 updates:

Package	From	To
@github/relative-time-element	4.5.0	4.5.1
astro	5.16.0	5.16.3
zod	4.1.12	4.1.13
@astrojs/check	0.9.5	0.9.6
prettier	3.6.2	3.7.3
typescript-eslint	8.47.0	8.48.0
vitest	4.0.13	4.0.14

Updates @github/relative-time-element from 4.5.0 to 4.5.1

Release notes

Sourced from @​github/relative-time-element's releases.

v4.5.1

What's Changed

• Add explicit permissions to test.yml workflow by @​Copilot in github/relative-time-element#337
• Changes to experimental user setting featre: Use today for today, and omit current year by @​khiga8 in github/relative-time-element#338

Full Changelog: github/relative-time-element@v4.5.0...v4.5.1

Commits

• 1657fe8 Merge pull request #338 from github/use-today-format
• 79e94a0 Merge pull request #337 from github/copilot/add-workflow-permissions
• 178a631 Add custom Today format
• 99672b4 Add explicit permissions to test.yml workflow
• 6b13ec0 Initial plan
• See full diff in compare view

Updates astro from 5.16.0 to 5.16.3

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

[email protected]

Patch Changes

• #14876 b43dc7f Thanks @​florian-lefebvre! - Fixes a vite warning log during builds when using npm

• #14884 10273e0 Thanks @​florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

[email protected]

Patch Changes

• #14769 b43ee71 Thanks @​adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

• #14761 345eb22 Thanks @​ooga! - Updates button attributes types to allow command and commandfor

• #14866 65e214b Thanks @​GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

• #14894 1ad9a5b Thanks @​delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

• #14782 abed929 Thanks @​florian-lefebvre! - Improves syncing

Changelog

Sourced from astro's changelog.

5.16.3

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

5.16.2

Patch Changes

• #14876 b43dc7f Thanks @​florian-lefebvre! - Fixes a vite warning log during builds when using npm

• #14884 10273e0 Thanks @​florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

5.16.1

Patch Changes

• #14769 b43ee71 Thanks @​adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

• #14761 345eb22 Thanks @​ooga! - Updates button attributes types to allow command and commandfor

• #14866 65e214b Thanks @​GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

• #14894 1ad9a5b Thanks @​delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

• #14782 abed929 Thanks @​florian-lefebvre! - Improves syncing

Commits

• 33333e8 [ci] release (#14922)
• aa58d05 [ci] format
• e0f277d fix: prevent authentication bypass via double URL encoding in middleware (#14...
• 4bceeb0 fix: actions infer symbol (#14889)
• e82358c [ci] release (#14918)
• 0a2fe43 [ci] format
• b43dc7f fix(astro): assets vite build log (#14876)
• 10273e0 fix: 404 status in ssr (#14884)
• 6751a2e chore(cli): classes (#14897)
• 09bbdbb [ci] release (#14845)
• Additional commits viewable in compare view

Updates zod from 4.1.12 to 4.1.13

Release notes

Sourced from zod's releases.

v4.1.13

Commits:

• 5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)
• d3da530deb713c853e79405adddf770e156d50ac reflect the specified regex correctly in error (#5338)
• 39f8c45b8a29de2330b485862b83cb35849f4238 faster initialization (#5352)
• e9e27905cc0f37cb079ea473af8359d5e17a57a1 Clean up comment
• 8e4739fadbd7de710eb67d34ba7e06a1029a68ab Update inferred z.promise() type
• 2849df8907b011ab056d67ae8e3d27577ac4ed3e fix(locales): improve Dutch (nl) localization (#5367)
• b0d3c9f628b60d358b66acf8f0ef7937fc9e8950 Run tests on windows
• 6fd61b71b85e4fef4c168a46c3ebcc574f26255f feat unitest (#5358)
• a4e4bc80e204577c698cf1369dd63c2b986d35f3 Lock to node 24
• 8de8bad0fa84194b81efd32474462d7a236a1ee4 Fix windows build
• b2c186bbae3a74a12acd385c1ced3ed978235cf8 Use Node LTS
• b73b1f61c798efdf497852872b4c19cd4111c1f3 Consolidate isTransforming logic
• d85f3ea4da53a1b232017dd4e4a2874eca4d8d76 Fix #5353
• 1bac0f37b529eb9a0d833a01200f5a898e8e6220 Fix test.yml
• 86d4dad5bc27b4b35df533c9170a552ad8c6c3bc Fix partial record
• 5e6c0fd7471636feffe5763c9b7637879da459fe Fix attw on windows
• 27fc616b8edb93cc27a4d25b37479d6e418bbccf Extend test timeout
• 8d336c4d15e1917d78b67b890f7182f26633b56f Remove windows runner
• 5be72e0ef4dceb1387febb7981079ecdeb5e2817 chore(doc): update metadata.tsx (#5331)
• cb0272a0ad9962df95832a78587f54afec685351 docs: add 'cd zod' step to development setup instructions (#5394)
• 24e3325dc63010e4f74e23caf91199652e8b12a9 docs: replace 'Refinement' with 'Transform' in transforms section (#5397)
• 644a08203ebb00e23484b3f9a986ae783ce26a9a chore: add resource for validating environment variables with Zod (#5403)
• 5e1cfcf578a47527044e85455e79c907fd913adc Change doc for email validation method in Zod schema (#5392)
• 88cf9441448608d9de24b47b8a4a4ba879fc2433 Fix: Iterate over keys in catchall object using "in" operator. (#5376)
• aa437325c5957c0cf57667cd7b8568603ee7ecd3 Emphasise that enum validates against values, for object literal & enums (#5386)
• 3a4bd00aaa16276ffeb2708cc083a633bd4dd756 Improve Hebrew localization for Zod error messages (#5409)
• c10f9d109874aeca6855383616c086b077d39f89 Fix typos (#5420)
• 86f0ef918bb24f4ab9f1ce2afc5cf2d1a4a99473 Documentation Improvements (#5417)
• e120a4877f4d8d076abf2db5c5cceab91a046be9 Fix opt tuple
• f9bbb50c48f9c07ca869d28d6a7086d7290b97a3 Improve tuple
• 0ba0f348f677688b69ed78473e022f5d225b41fc Optimize docs caching/ISR (#5433)
• c3ec66c74b3fbc2616e880a90751c2cad7270bb3 Improve docs caching
• c8cce4b607a7c0ca99cfb454571a3948ee9e85fb docs: fix typos and links (#5428)
• 84ec04708525d6e83e3408d5d3a21edde742bdc5 docs(ecosystem): Add react-f3 (#5429)
• 3396515cc6f04f5f346a1e00256ad09998dbaeb3 Docs: Fix typo in safeExtend description (#5445)
• 3d93a7d593c19dc1822bc96a7c9d47312c29995e feat: MAC address validation in v4 and mini (#5440)
• f2f0d178e1c526bc00ad0385706efad318bd44b0 Fix dual package hazard for globalRegistry (#5452)
• 9fc493f86f17a5fc550df78e7e261137885f51ea fix: use oneOf for discriminated unions in JSON Schema (#5453)
• 603dbe8dba6253c702ca8cf10b5299910dba3c88 Clean up regex, drop backreferences
• ab69b9ee813713a111b56a60c2df929eaf5ba426 Update mac addr tests
• f7910528901c05293bad275fffcb54a82e28fcc9 chore: upgrade vitest to v4 (#5028)
• f97e80da9197064937a58167619967bee4ebb638 fix(core): prevent infinite recursion for recursive tuples (#5089) (#5094)
• 002e01ad0fcc17b17683adafc80f2a86e8d355a9 fix(record): handle non-function constructor field in isPlainObject (#5098)
• 67165174eb8c7d5c6e76e760830f3109b4fdbd0e docs(contributing): add instructions on building @​zod/docs (#5114)
• 8b0603dde684f1665bb2329111ed187f73ccf0ac Fix typo in ISO time documentation (#5277)
• be85ecc48a83e7f65ac0458d25f832fb4e28c9e7 docs(codecs): correct stringToDate safeDecode methods (#5302)
• 50bba5462546401939920a6566a81c0d9c8ef7e1 Add zodgres to ecosystem documentation (#5308)

... (truncated)

Commits

• 4063e80 Update check-semver script
• 2cdd82b 4.1.13
• a774750 v4.1.13
• 0e803a2 Revert "Do not allow unsound pick/omit"
• 5bfc8f2 Fix docs
• 3de39ee Implement slugify
• 162fe29 Add z.meta and z.describe
• 0f4ce73 Do not allow unsound pick/omit
• f52344e Fix vitest 4
• d44253d Add support for number literal and TypeScript's enum keys in z.record (#5334)
• Additional commits viewable in compare view

Updates @astrojs/check from 0.9.5 to 0.9.6

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.6

Patch Changes

• #14740 abfed97 Thanks @​ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

• Updated dependencies [abfed97]:

  • @​astrojs/language-server@​2.16.1

Changelog

Sourced from @​astrojs/check's changelog.

0.9.6

Patch Changes

• #14740 abfed97 Thanks @​ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

• Updated dependencies [abfed97]:

  • @​astrojs/language-server@​2.16.1

Commits

• 7523a1f [ci] release (#14907)
• abfed97 fix: replace withastro/language-tools mentions (#14740)
• f3bc8b2 fix: binary path
• b35983b fix(check): make the binary work in dev mode
• 372b7c3 feat(language-tools): Match monorepo coding style and cleanup
• 820a866 Update from language-tools
• 474f300 fix: tsconfig
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​astrojs/check since your current version.

Updates prettier from 3.6.2 to 3.7.3

Release notes

Sourced from prettier's releases.

3.7.3

What's Changed

• Fix prettier.getFileInfo() change that breaks VSCode extension by @​fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

• Fix string print when switching quotes by @​fisker in prettier/prettier#18351
• Preserve quote for embedded HTML attribute values by @​kovsu in prettier/prettier#18352
• Fix comment in empty type literal by @​fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

• Fix performance regression in doc printer (#18342 by @​fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.3

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

3.7.2

diff

JavaScript: Fix string print when switching quotes (#18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")
// Prettier 3.7.1
console.log('A descriptor\'s .kind must be "method" or "field".');
// Prettier 3.7.2
console.log('A descriptor\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
// Prettier 3.7.1
const html = /* HTML */ &lt;div class=${styles.banner}&gt;&lt;/div&gt;;
// Prettier 3.7.2
const html = /* HTML */ &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt;;

TypeScript: Fix comment in empty type literal (#18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};
// Prettier 3.7.1
</tr></table>

... (truncated)

Commits

• fdfa670 Release 3.7.3
• 2dce3ec Fix typo
• 27d6c64 Revert previous change to getFileInfo (#18375)
• f4a7afa Add types for config related functions (#18376)
• 9266e3e Add resolved test cases (#18358)
• 3bfc014 Bump Prettier dependency to 3.7.2
• 081b846 Clean changelog_unreleased
• 03384c9 Release 3.7.2
• 514e51a Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.2
• 29a11ae Fix comment in empty type literal (#18364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Updates typescript-eslint from 8.47.0 to 8.48.0

Release notes

Sourced from typescript-eslint's releases.

v8.48.0

8.48.0 (2025-11-24)

🚀 Features

• eslint-plugin: [no-redundant-type-constituents] use assignability checking for redundancy checks (#10744)
• rule-tester: remove workaround for jest circular structure error (#11772)
• typescript-estree: gate all errors behind allowInvalidAST (#11693)
• typescript-estree: replace fast-glob with tinyglobby (#11740)

🩹 Fixes

• eslint-plugin: [consistent-generic-constructors] ignore when constructor is typed array (#10477)
• scope-manager: change unhelpful aaa error message and change analyze to expects Program (#11747)
• typescript-estree: infers singleRun as true for project service (#11327)
• typescript-estree: disallow binding patterns in parameter properties (#11760)

❤️ Thank You

• Ben McCann @​benmccann
• Dima Barabash @​dbarabashh
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• JamesHenry @​JamesHenry
• Josh Goldberg
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• mdm317 @​gen-ip-1
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.48.0 (2025-11-24)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 6fb1551 chore(release): publish 8.48.0
• a4dc42a chore: migrate to nx 22 (#11780)
• See full diff in compare view

Updates vitest from 4.0.13 to 4.0.14

Release notes

Sourced from vitest's releases.

v4.0.14

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in vitest-dev/vitest#9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in vitest-dev/vitest#9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in vitest-dev/vitest#8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in vitest-dev/vitest#9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in vitest-dev/vitest#9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in vitest-dev/vitest#9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in vitest-dev/vitest#9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #9018  -  by @​sheremet-va in vitest-dev/vitest#9072 and vitest-dev/vitest#9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in vitest-dev/vitest#9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in vitest-dev/vitest#9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in vitest-dev/vitest#9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in vitest-dev/vitest#9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in vitest-dev/vitest#9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in vitest-dev/vitest#9057 (acc51)

    View changes on GitHub

Commits

• 9ca74cf chore: release v4.0.14
• 821aa20 feat(runner): Add full names to tasks (#9087)
• 1256b5c fix: rename collect to import, remove prepare (#9091)
• 3326cc9 fix: collect the duration of external imports (#9097)
• 379185b fix(pool): init VITEST_POOL_ID + VITEST_WORKER_ID before environment setu...
• 2c468ee fix(jsdom): reuse abort signals if possible (#9090)
• e1b2e08 fix: externalize before caching (#9077)
• acc5152 perf: replace debug with obug (#9057)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions