Update dev dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sentry/vite-plugin (source)	5.1.1 → 5.2.0
@types/node (source)	25.5.0 → 25.6.0
@vue/tsconfig	0.9.0 → 0.9.1
django-stubs (changelog)	==6.0.1 → ==6.0.2
django-stubs-ext (changelog)	==6.0.1 → ==6.0.2
djangorestframework-stubs (changelog)	==3.16.8 → ==3.16.9
eslint (source)	10.1.0 → 10.2.0
mypy (changelog)	==1.19.1 → ==1.20.0
prettier (source)	3.8.1 → 3.8.2
pytest (changelog)	==9.0.2 → ==9.0.3
ruff (source, changelog)	==0.15.7 → ==0.15.10
sass	1.98.0 → 1.99.0
tox (changelog)	==4.50.3 → ==4.52.1
tox-uv (changelog)	==1.33.4 → ==1.35.1
types-channels (changelog)	==4.3.0.20260321 → ==4.3.0.20260408
vite (source)	8.0.2 → 8.0.8

---

Release Notes

getsentry/sentry-javascript-bundler-plugins (@​sentry/vite-plugin)

v5.2.0

Compare Source

New Features ✨

• (core) Pass mapDir to rewriteSourcesHook by @​chargome in #​908
• Use crypto.randomUUID rather than uuid by @​timfish in #​892

Bug Fixes 🐛

• (core) Conditionally add tracing headers by @​chargome in #​907
• (e2e-tests) Pin axios to 1.13.5 to avoid compromised 1.14.1 by @​andreiborza in #​906
• (rollup) Make rollup an optional peer dependency by @​andreiborza in #​913
• Add missing webpack5 entrypoint in webpack-plugin by @​brunodccarvalho in #​905

Internal Changes 🔧

• (deps) Bump vulnerable webpack version by @​chargome in #​909
• (tests) Use deterministic debugids by @​chargome in #​912
• Add esbuild integration tests by @​timfish in #​911
• Vite integration tests by @​timfish in #​899
• Webpack integration tests by @​timfish in #​904
• Isolate integration test package installs by @​timfish in #​902
• Pin GitHub Actions to full-length commit SHAs by @​joshuarli in #​900
• Rollup integration tests by @​timfish in #​897
• New integration tests by @​timfish in #​896
• Remove lerna by @​timfish in #​895
• Migrate to Vitest by @​timfish in #​894

vuejs/tsconfig (@​vue/tsconfig)

v0.9.1

Compare Source

Notable Changes

• Align the TypeScript peer dependency requirement with the documentation (>= 5.8, including TypeScript 6)

Full Changelog: vuejs/tsconfig@v0.9.0...v0.9.1

typeddjango/django-stubs (django-stubs)

v6.0.2

Compare Source

What's Changed

We now officially support mypy@1.20.
Since this release we run ty over our test cases.

• Add missing swappable parameter to ForeignKey and OneToOneField by @​emmanuel-ferdman in #​3204
• Support WithAnnotations TypedDict fields in queryset validation by @​emmanuel-ferdman in #​3208
• Add backend attribute stub for authenticated users by @​emmanuel-ferdman in #​3210
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​3214
• chore(deps): update dependency uv_build to >=0.11.0,<0.12.0 by @​renovate[bot] in #​3216
• Reparametrize implicit generic QuerySet subclasses by @​federicobond in #​3217
• Fix in operator false positive with union types by @​emmanuel-ferdman in #​3206
• Refactor auto reparametrize to reduce code duplication by @​UnknownPlatypus in #​3219
• Allow missing config section when DJANGO_SETTINGS_MODULE is set by @​emmanuel-ferdman in #​3223
• Fix NestedObjects.nested return type to list[Any] by @​emmanuel-ferdman in #​3226
• Update HttpRequest path methods to match Django 5.x defaults by @​01xnikhil in #​3227
• Resolve queryset annotate types for expressions with static ClassVar by @​federicobond in #​3221
• Use Model instead of Self in parms and add AltersData inheritance by @​emmanuel-ferdman in #​3228
• Expose django admin fieldset types in django_stubs_ext by @​UnknownPlatypus in #​3237
• Migrate more typecheck tests to assert_type by @​UnknownPlatypus in #​3234
• Include django and django-stubs versions in plugin config data by @​UnknownPlatypus in #​3236
• Make Lookup type argument optional by defaulting _T to Any by @​UnknownPlatypus in #​3235
• Fix mypy crash on QuerySet subclass with forward-referenced TypeVar by @​UnknownPlatypus in #​3241
• Disallow mutually exclusive arguments boolean and empty_value in admin display decorator by @​UnknownPlatypus in #​3242
• Use getattr for field.attname with fallback to field.name by @​UnknownPlatypus in #​3248
• Resolve .values() field types on annotated querysets by @​federicobond in #​3232
• Use newer syntax and enable more mypy configuration options by @​ngnpope in #​3203

New Contributors

• @​01xnikhil made their first contribution in #​3227

Full Changelog: typeddjango/django-stubs@6.0.1...6.0.2

typeddjango/djangorestframework-stubs (djangorestframework-stubs)

v3.16.9

Compare Source

Versioning

• This will be the last version to support django-stubs 5.2.
  But django-stubs 6.0 will mostly also work if you use older Django.
• This will be the last version to target djangorestframework 3.16 -- the next version will be updating to 3.17.
• Mypy 1.20 is now supported.

Help wanted!

👉 Your help is needed to update stubs for djangorestframework version 3.17!

• See https://github.com/typeddjango/djangorestframework-stubs/blob/master/scripts/stubtest/allowlist_todo_317.txt for changed APIs
• Before starting work, check that nobody has yet opened a pull request on the same topic: https://github.com/typeddjango/djangorestframework-stubs/pulls
• Open pull requests, but keep changes small.

What's Changed

• Add stub for APIClient.generic by @​noamkush in #​911
• Fix RelatedField.get_queryset type by @​amaral-daniel in #​912
• Fix incorrect function signatures in documentation and schemas by @​emmanuel-ferdman in #​909
• Remove redundant subclass method annotations in pagination by @​brianhelba in #​917
• Fix propagation of QuerySet row-type through APIs handling QuerySet by @​brianhelba in #​916
• Fix incomplete types in rest_framework.schemas by @​emmanuel-ferdman in #​919
• Fix incomplete types in rest_framework.utils by @​emmanuel-ferdman in #​935

Housekeeping

• Update dependency mypy to >=1.13,<1.21 & fix tests by @​intgr in #​940
• Add @override decorators & align mypy config with django-stubs by @​intgr in #​928
• CI: Fix Ruff unused noqa: F811 directive by @​intgr in #​926
• Version 3.16.9 release by @​intgr in #​942

New Contributors

• @​amaral-daniel made their first contribution in #​912

Full Changelog: typeddjango/djangorestframework-stubs@3.16.8...3.16.9

eslint/eslint (eslint)

v10.2.0

Compare Source

Features

• 586ec2f feat: Add meta.languages support to rules (#​20571) (Copilot)
• 14207de feat: add Temporal to no-obj-calls (#​20675) (Pixel998)
• bbb2c93 feat: add Temporal to ES2026 globals (#​20672) (Pixel998)

Bug Fixes

• 542cb3e fix: update first-party dependencies (#​20714) (Francesco Trotta)

Documentation

• a2af743 docs: add language to configuration objects (#​20712) (Francesco Trotta)
• 845f23f docs: Update README (GitHub Actions Bot)
• 5fbcf59 docs: remove sourceType from ts playground link (#​20477) (Tanuj Kanti)
• 8702a47 docs: Update README (GitHub Actions Bot)
• ddeaded docs: Update README (GitHub Actions Bot)
• 2b44966 docs: add Major Releases section to Manage Releases (#​20269) (Milos Djermanovic)
• eab65c7 docs: update eslint versions in examples (#​20664) (루밀LuMir)
• 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#​20660) (Milos Djermanovic)

Chores

• 8120e30 refactor: extract no unmodified loop condition (#​20679) (kuldeep kumar)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#​20697) (renovate[bot])
• 01ed3aa test: add unit tests for unicode utilities (#​20622) (Manish chaudhary)
• 811f493 ci: remove --legacy-peer-deps from types integration tests (#​20667) (Milos Djermanovic)
• 6b86fcf chore: update dependency npm-run-all2 to v8 (#​20663) (renovate[bot])
• 632c4f8 chore: add prettier update commit to .git-blame-ignore-revs (#​20662) (루밀LuMir)
• b0b0f21 chore: update dependency eslint-plugin-regexp to ^3.1.0 (#​20659) (Milos Djermanovic)
• 228a2dd chore: update dependency eslint-plugin-eslint-plugin to ^7.3.2 (#​20661) (Milos Djermanovic)
• 3ab4d7e test: Add tests for eslintrc-style keys (#​20645) (kuldeep kumar)

python/mypy (mypy)

v1.20.0

Compare Source

prettier/prettier (prettier)

v3.8.2

Compare Source

pytest-dev/pytest (pytest)

v9.0.3

Compare Source

pytest 9.0.3 (2026-04-07)

Bug fixes

• #​12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #​13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #​13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #​14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #​14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #​13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #​13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #​14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #​14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #​12689: The test reports are now published to Codecov from GitHub Actions.
  The test statistics is visible on the web interface.

  -- by aleguy02

astral-sh/ruff (ruff)

v0.15.10

Compare Source

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#​24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#​24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#​24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#​24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#​24410)
• Strip form feeds from indent passed to dedent_to (#​24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#​24390)
• Reject multi-line f-string elements before Python 3.12 (#​24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#​24426)

Server

• Add support for custom file extensions (#​24463)

Documentation

• Document adding fixes in CONTRIBUTING.md (#​24393)
• Fix JSON typo in settings example (#​24517)

Contributors

• @​charliermarsh
• @​dylwil3
• @​silverstein
• @​anishgirianish
• @​shizukushq
• @​zanieb
• @​AlexWaygood

v0.15.9

Compare Source

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#​24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#​24089)

Bug fixes

• [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#​24363)
• [flake8-simplify] Ignore pre-initialization references in SIM113 (#​24235)
• [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#​24236)
• [pyupgrade] Fix UP008 nested class matching (#​24273)
• [pyupgrade] Ignore strings with string-only escapes (UP012) (#​16058)
• [ruff] RUF072: skip formfeeds on dedent (#​24308)
• [ruff] Avoid re-using symbol in RUF024 fix (#​24316)
• [ruff] Parenthesize expression in RUF050 fix (#​24234)
• Disallow starred expressions as values of starred expressions (#​24280)

Rule changes

• [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#​23869)
• [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#​24215)
• [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#​24093)
• [pyupgrade] Fix UP008 callable scope handling to support lambdas (#​24274)
• [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#​24270)

Formatter

• Add nested-string-quote-style formatting option (#​24312)

Documentation

• [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#​24149)
• [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#​24322)

Other changes

• Avoid rendering fix lines with trailing whitespace after | (#​24343)

Contributors

• @​charliermarsh
• @​MichaReiser
• @​tranhoangtu-it
• @​dylwil3
• @​zsol
• @​renovate
• @​bitloi
• @​danparizher
• @​chinar-amrutkar
• @​second-ed
• @​getehen
• @​Redovo1
• @​matthewlloyd
• @​zanieb
• @​InSyncWithFoo
• @​RenzoMXD

v0.15.8

Compare Source

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#​24114)
• [ruff] New rule useless-finally (RUF072) (#​24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#​24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#​24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#​24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#​24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#​24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#​24071)
• Fix %foo? parsing in IPython assignment expressions (#​24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#​24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#​24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#​24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#​24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#​24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#​24200)

Performance

• Speed up diagnostic rendering (#​24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#​24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#​24064)
• Mention AI policy in PR template (#​24198)

Other changes

• Use trusted publishing for NPM packages (#​24171)

Contributors

• @​bitloi
• @​Sim-hu
• @​mvanhorn
• @​chinar-amrutkar
• @​markjm
• @​RenzoMXD
• @​vivekkhimani
• @​seroperson
• @​moktamd
• @​charliermarsh
• @​ntBre
• @​zanieb
• @​dylwil3
• @​MichaReiser

sass/dart-sass (sass)

v1.99.0

Compare Source

• Add support for parent selectors (&) at the root of the document. These are
  emitted as-is in the CSS output, where they're interpreted as the scoping
  root.

• User-defined functions named calc or clamp are no longer forbidden. If
  such a function exists without a namespace in the current module, it will be
  used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression,
  -url, -and, -or, or -not are no longer forbidden. These were
  originally intended to match vendor prefixes, but in practice no vendor
  prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that
  begin with - and end with -ELEMENT, as well as the same names with some
  lowercase letters are now deprecated, These are names conflict with plain CSS
  functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end
  with -expression and -url will no longer have special parsing. For now,
  these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

• Calls to functions whose names begin with - and end with -progid:... are
  deprecated.

  See the Sass website for details.

tox-dev/tox (tox)

v4.52.1

Compare Source

What's Changed

• use normalize_isa for architecture factor matching by @​rahuldevikar in #​3919
• 🐛 fix(pip): invalidate install cache on resolution env var changes by @​gaborbernat in #​3921

Full Changelog: tox-dev/tox@4.52.0...4.52.1

v4.52.0

Compare Source

What's Changed

• remove unsupported --remote flag from gh repo fork by @​rahuldevikar in #​3908
• ✨ feat(config): support escaped dots in -x override keys by @​gaborbernat in #​3910
• 🐛 fix(docs): auto-generate manpage from CLI parser by @​gaborbernat in #​3911
• ✨ feat(runner): add PEP 723 inline script metadata support by @​gaborbernat in #​3912

Full Changelog: tox-dev/tox@4.51.0...4.52.0

v4.51.0

Compare Source

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in #​3896
• Add base_python_file config option by @​rahuldevikar in #​3899
• prevent machine ISA from overriding explicit env factors by @​rahuldevikar in #​3904
• 🐛 fix(config): fix handling of env_list in nested contexts by @​Daverball in #​3905
• fix: enable persist-credentials for release workflow by @​rahuldevikar in #​3907

New Contributors

• @​Daverball made their first contribution in #​3905

Full Changelog: tox-dev/tox@4.50.3...4.51.0

tox-dev/tox-uv (tox-uv)

v1.35.1

Compare Source

What's Changed

• fix(lock-runner): respect UV_FROZEN env var and --frozen in uv_sync_flags by @​alexholtz in #​327

New Contributors

• @​alexholtz made their first contribution in #​327

Full Changelog: tox-dev/tox-uv@1.35.0...1.35.1

v1.35.0

Compare Source

What's Changed

• Add machine and architecture handling to version spec by @​griels in #​321
• 🐛 fix(installer): invalidate install cache on UV_* env var changes by @​gaborbernat in #​325

New Contributors

• @​griels made their first contribution in #​321

Full Changelog: tox-dev/tox-uv@1.34.0...1.35.0

v1.34.0

Compare Source

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in #​317
• ✨ feat(runner): add PEP 723 inline script metadata support by @​gaborbernat in #​319

Full Changelog: tox-dev/tox-uv@1.33.4...1.34.0

vitejs/vite (vite)

v8.0.8

Compare Source

Features

• update rolldown to 1.0.0-rc.15 (#​22201) (6baf587)

Bug Fixes

• avoid dns.getDefaultResultOrder temporary (#​22202) (15f1c15)
• ssr: class property keys hoisting matching imports (#​22199) (e137601)

v8.0.7

Compare Source

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#​22185) (5c05b04)

v8.0.6

Compare Source

Features

• update rolldown to 1.0.0-rc.13 (#​22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#​22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#​22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#​22151) (56ec256)

Miscellaneous Chores

• create-vite: remove unnecessary DOM.Iterable (#​22168) (bdc53ab)
• replace remaining prettier script (#​22179) (af71fb2)

v8.0.5

Compare Source

Bug Fixes

• apply server.fs check to env transport (#​22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#​22161) (79f002f)
• check server.fs after stripping query as well (#​22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#​22158) (f05f501)

v8.0.4

Compare Source

Features

• allow esbuild 0.28 as peer deps (#​22155) (b0da973)
• hmr: truncate list of files on hmr update (#​21535) (d00e806)
• optimizer: log when dependency scanning or bundling takes over 1s (#​21797) (f61a1ab)

Bug Fixes

• hasBothRollupOptionsAndRolldownOptions should return false for proxy case (#​22043) (99897d2)
• add types for vite/modulepreload-polyfill (#​22126) (17330d2)
• deps: update all non-major dependencies (#​22073) (6daa10f)
• deps: update all non-major dependencies (#​22143) (22b0166)
• resolve: resolve tsconfig paths starting with # (#​22038) (3460fc5)
• ssr: use browser platform for webworker SSR builds (fix #​21969) (#​21963) (364c227)

Documentation

• add environment.fetchModule documentation (#​22035) (54229e7)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​21989) (0ded627)

Code Refactoring

• upgrade to typescript 6 (#​22110) (cc41398)

v8.0.3

Compare Source

Features

• update rolldown to 1.0.0-rc.12 (#​22024) (84164ef)

Bug Fixes

• html: cache unfiltered CSS list to prevent missing styles across entries (#​22017) (5464190)
• module-runner: handle non-ascii characters in base64 sourcemaps (#​21985) (77c95bf)
• module-runner: skip re-import if the runner is closed (#​22020) (ee2c2cd)
• optimizer: scan is not resolving sub path import if used in a glob import (#​22018) (ddfe20d)
• ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#​22019) (cff5f0c)

Miscellaneous Chores

• deps: bump picomatch from 4.0.3 to 4.0.4 (#​22027) (7e56003)

Tests

• html: add tests for getCssFilesForChunk (#​22016) (43fbbf9)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying geodatalytics with    Cloudflare Pages

Latest commit:	70486b3
Status:	✅  Deploy successful!
Preview URL:	https://ca87fc0d.geodatalytics.pages.dev
Branch Preview URL:	https://renovate-dev-deps.geodatalytics.pages.dev

View logs