Lock file maintenance

[renovate]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "before 4am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[github-actions]

Project	Preview URL1	Manage
Limber	https://renovate-lock-file-maintenan.limber-glimdown.pages.dev	on Cloudflare
Tutorial	https://renovate-lock-file-maintenan.limber-glimmer-tutorial.pages.dev	on Cloudflare

Logs

Footnotes

1. if these branch preview links are not working, please check the logs for the commit-based preview link. There is a character limit of 28 for the branch subdomain, as well as some other heuristics, described here for the sake of implementation ease in deploy-preview.yml, that algo has been omitted. The URLs are logged in the wrangler output, but it's hard to get outputs from a matrix job. ↩

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​shikijs/​rehype@​3.7.0 ⏵ 3.15.0	+1		+3
	@​embroider/​vite@​1.2.0 ⏵ 1.3.6	+6		+1	+4
	@​glint/​tsserver-plugin@​2.0.3 ⏵ 2.0.7	-23		-30	-1
	@​embroider/​core@​4.1.3 ⏵ 4.2.5	+1		+3	+6
	@​babel/​preset-typescript@​7.27.1 ⏵ 7.28.5
	typescript-eslint@​8.42.0 ⏵ 8.46.3	+1		+1	+2
	@​babel/​plugin-transform-runtime@​7.28.3 ⏵ 7.28.5
	@​types/​qunit@​2.19.12 ⏵ 2.19.13			+1	-2
	@​types/​yargs@​17.0.33 ⏵ 17.0.34
	@​lezer/​javascript@​1.5.1 ⏵ 1.5.4	+1		+1	-1
	@​glint/​template@​1.6.1 ⏵ 1.7.2			+1	+1
	@​lezer/​highlight@​1.2.1 ⏵ 1.2.3	+1		+1
	@​iconify-json/​devicon@​1.2.29 ⏵ 1.2.47	+2
	@​babel/​plugin-transform-typescript@​7.28.0 ⏵ 7.28.5	+1		+1
	@​babel/​eslint-parser@​7.28.0 ⏵ 7.28.5			-23
	shiki@​3.7.0 ⏵ 3.15.0	+1		+1	+1
	@​codemirror/​language-data@​6.5.1 ⏵ 6.5.2
	@​codemirror/​lint@​6.8.5 ⏵ 6.9.2	+1		+1	+2
	@​lezer/​common@​1.2.3 ⏵ 1.3.0	+1		+1
	fix-bad-declaration-output@​1.1.4 ⏵ 1.1.5	+3		+1	+5
	@​babel/​runtime@​7.28.3 ⏵ 7.28.4				-1
	@​babel/​core@​7.28.3 ⏵ 7.28.5
	@​lezer/​lr@​1.4.2 ⏵ 1.4.3
	@​babel/​standalone@​7.28.3 ⏵ 7.28.5	+1		+2	+1
	@​iconify-json/​vscode-icons@​1.2.23 ⏵ 1.2.33	+2		+2	+1
	chalk@​5.6.0 ⏵ 5.6.2				-2
	publint@​0.3.12 ⏵ 0.3.15	+1		+1
	codemirror-languageserver@​1.12.1 ⏵ 1.18.1	+4		+7	+10
	@​lezer/​html@​1.3.10 ⏵ 1.3.12
	vite@​6.3.5 ⏵ 6.4.1	+1	+14	+1	+2
	mime@​4.0.7 ⏵ 4.1.0	+1		+1
	qunit@​2.24.1 ⏵ 2.24.2	+1		+1	+4
See 38 more rows in the dashboard

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report