deps: npm dev dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@arethetypeswrong/core (source)	0.18.1 → 0.18.2
@graphql-codegen/typescript (source)	6.0.0 → 6.0.1
@graphql-codegen/typescript-operations (source)	6.0.0 → 6.0.2
@storybook/react (source)	10.3.6 → 10.4.0
@storybook/react-webpack5 (source)	10.3.6 → 10.4.0
graphql	16.13.2 → 16.14.0
publint (source)	0.3.17 → 0.3.21
react (source)	19.2.5 → 19.2.6
react-dom (source)	19.2.5 → 19.2.6
react-router (source)	7.14.2 → 7.15.1
storybook (source)	10.3.6 → 10.4.0
tsdown (source)	0.21.10 → 0.22.0

---

Release Notes

arethetypeswrong/arethetypeswrong.github.io (@​arethetypeswrong/core)

v0.18.2

Patch Changes

• 58dca0c: Add tsdown to recognized build tools

dotansimha/graphql-code-generator (@​graphql-codegen/typescript)

v6.0.1

Compare Source

Patch Changes

• #​10764
  c95db26
  Thanks @​renovate! - dependencies updates:
  • Updated dependency tslib@~2.8.0 ↗︎ (from
    ~2.6.0, in dependencies)
• Updated dependencies
  [5f035cb]:
  • @​graphql-codegen/visitor-plugin-common@​7.0.1

dotansimha/graphql-code-generator (@​graphql-codegen/typescript-operations)

v6.0.2

Compare Source

Patch Changes

• #​10792
  297c896
  Thanks @​eddeee888! - Fix typescript-operations incosistent
  scalar overrides for native scalars

v6.0.1

Compare Source

Patch Changes

• #​10781
  5f035cb
  Thanks @​eddeee888! - Fix const enum applying typesPrefix and
  typesSuffix incorrectly

• Updated dependencies
  [5f035cb]:

  • @​graphql-codegen/visitor-plugin-common@​7.0.1

storybookjs/storybook (@​storybook/react)

v10.4.0

Compare Source

AI-assisted setup, change-aware review, and stronger framework support

Storybook 10.4 contains hundreds of fixes and improvements including:

• 🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding
• 🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes
• 🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar
• ⚛️ TanStack React: New @storybook/tanstack-react framework with routing and server function support
• 🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server
• 📱 React Native: Zero config RN project initialization
• 🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic

List of all updates

• A11y: Add aria-live announcements via @​react-aria/live-announcer - #​33970, thanks @​copilot-swe-agent!
• A11y: Improve boolean control contrast in forced colors mode - #​34204, thanks @​anchmelev!
• Actions: Fix state mutation and keep newest actions when limit reached - #​34286, thanks @​Sidnioulz!
• Addon-Docs: Add Reset story button to re-render stories in docs - #​34086, thanks @​6810779s!
• Addon-Docs: Avoid rerendering static Source blocks - #​34206, thanks @​anchmelev!
• Addon-Vitest: Use Vitest's provide-API for injecting values - #​34518, thanks @​JReinhold!
• Agentic Setup: Add --extensive for an extra prompt - #​34730, thanks @​Sidnioulz!
• Agentic Setup: Allow failed stories to persist - #​34717, thanks @​Sidnioulz!
• Agentic Setup: Keep sample content if users want onboarding - #​34704, thanks @​Sidnioulz!
• Agentic Setup: Rework ai-init-opt-in logic - #​34739, thanks @​Sidnioulz!
• Angular: Use Story ID for renderer IDs (including standalone stories) - #​33982, thanks @​ValentinFunk!
• Automigration: Move RN on-device addons to deviceAddons - #​34659, thanks @​ndelangen!
• Builder-Vite: Add onModuleGraphChange method - #​34323, thanks @​ghengeveld!
• CLI: Add automigrate check for 'storybook' package name conflict - #​34290, thanks @​whdjh!
• CLI: Add react-vite to tanstack-react automigration - #​34718, thanks @​huang-julien!
• CLI: Change mock event detection - #​34586, thanks @​yannbf!
• CLI: Explicitly tell whether smoke tests passed or failed - #​34419, thanks @​Sidnioulz!
• CLI: Fix Next.js Vite automigration corrupting configs already using @storybook/nextjs-vite - #​34249, thanks @​nathanjessen!
• CLI: Fix agentic check - #​34678, thanks @​yannbf!
• CLI: Handle minimumReleaseAge conflicts across package managers - #​34769, thanks @​JReinhold!
• CLI: Improve package incompatibility detection and warning - #​34559, thanks @​copilot-swe-agent!
• CLI: Improve self-healing scoring observability - #​34699, thanks @​yannbf!
• CLI: Introduce Agentic Setup workflow - #​34297, thanks @​yannbf!
• CLI: Remove extensive prompt option - #​34740, thanks @​yannbf!
• CLI: Streamline Node.js version detection code - #​34440, thanks @​Sidnioulz!
• Change-Detection: Set GIT_OPTIONAL_LOCKS=0 to avoid blocking commits - #​34726, thanks @​valentinpalkovic!
• Cli: Set ai prompt to yes if yes flag for react-vite to tanstack migration - #​34743, thanks @​huang-julien!
• Code: Fix inline code blocks inside links removing link affordance - #​33903, thanks @​yatishgoel!
• Controls: Add maxPresetColors option to ColorControl - #​33998, thanks @​mixelburg!
• Core: Add ChangeDetectionService and wire up builder-vite - #​34369, thanks @​ghengeveld!
• Core: Add changeDetection feature flag - #​34314, thanks @​valentinpalkovic!
• Core: Barrel-aware named import resolution for change detection - #​34675, thanks @​valentinpalkovic!
• Core: Ensure process termination on SIGINT when telemetry is disabled - #​34585, thanks @​ghengeveld!
• Core: Fix "Open In Editor" support for VSCode - #​34747, thanks @​JReinhold!
• Core: Fix telemetry not handling canceling of prompts - #​34680, thanks @​JReinhold!
• Core: Implement Git change detection - #​34420, thanks @​ghengeveld!
• Core: Improve startup performance by deferring change detection initialization - #​34498, thanks @​ghengeveld!
• Core: Normalize file paths in ChangeDetectionService and trace-changed for Windows support - #​34445, thanks @​ghengeveld!
• Core: Quiet change-detection regex warning and swap clear icon - #​34758, thanks @​valentinpalkovic!
• Core: Rename preview.ts to preview.tsx in generated projects - #​34396, thanks @​Sidnioulz!
• Core: Show "new" status on newly added individual stories - #​34504, thanks @​ghengeveld!
• Dependencies: Update vite-plugin-storybook-nextjs to ^3.2.4 - #​34280, thanks @​k35o!
• Docs: Ensure unique control id attributes across multiple Controls blocks - #​34021, thanks @​TheSeydiCharyyev!
• Fix ArgsTable borders not visible in Windows High Contrast Mode - #​34264, thanks @​TheSeydiCharyyev!
• Fix: Add vite-plus vendored libraries version detection - #​34509, thanks @​huang-julien!
• MDX: Replace @storybook/docs-mdx with inline implementation - #​34611, thanks @​copilot-swe-agent!
• Maintenance: Add assertions outside step incorrectly nested in interactions panel - #​34296, thanks @​majiayu000!
• Maintenance: Enhance ghost stories internal tests - #​34707, thanks @​yannbf!
• Maintenance: Extract getBuilderOptions helper across framewo… - #​34260, thanks @​alex-js-ltd!
• Maintenance: Extract parseFilterParam shared helper from tags and statuses modules - #​34436, thanks @​mixelburg!
• Maintenance: Fix self healing payload - #​34782, thanks @​yannbf!
• Maintenance: Remove dead-code copy of wrap-getAbsolutePath-utils - #​34168, thanks @​mixelburg!
• Maintenance: Use errorToErrorLike in boot-test-runner for consistent stack deduplication - #​34385, thanks @​mixelburg!
• Manager: URL-based tag filter state + filter-aware initial story selection - #​34283, thanks @​valentinpalkovic!
• Nextjs: Handle node builtin webpack imports - #​34494, thanks @​JReinhold!
• Onboarding: Fix checklist MDX instructions - #​33193, thanks @​kylegach!
• Prompt: Run vitest fewer times, improve play functions - #​34651, thanks @​yannbf!
• React-Docgen: Add tsconfig fallback chain and warning for monorepos - #​34353, thanks @​viditkbhatnagar!
• React: Add component metadata extraction via Volar-style LanguageService - #​33914, thanks @​kasperpeulen!
• React: Add subcomponents to component manifests - #​34428, thanks @​kasperpeulen!
• ReactNative: Add Metro config AST codemod for init - #​34660, thanks @​ndelangen!
• ReactNative: Add true entrypoint generation - #​34663, thanks @​ndelangen!
• ReactNative: AppRegistry component name in template - #​34742, thanks @​ndelangen!
• ReactNative: New init setup - #​34665, thanks @​ndelangen!
• Refactor: Extract shared PseudoStateGrid component in pseudo-states stories - #​34334, thanks @​copilot-swe-agent!
• Security: Makes sure serialize-javascript is at latest version - #​34034, thanks @​50bbx!
• Sidebar: Add dual-slot status icons for change detection and test results - #​34346, thanks @​valentinpalkovic!
• Sidebar: Add status-based filtering with refactored status architecture - #​34339, thanks @​valentinpalkovic!
• Sidebar: Fix clear filter button not refreshing story list - #​34737, thanks @​valentinpalkovic!
• Sidebar: Fix clear status button to only clear test statuses - #​34478, thanks @​valentinpalkovic!
• Sidebar: Show same status icon at story and group level - #​34702, thanks @​valentinpalkovic!
• Sidebar: Soften change-detection signals + add Review CTA - #​34701, thanks @​valentinpalkovic!
• StatusValue: Add 'status-value:<new|modified|affected>' - #​34305, thanks @​valentinpalkovic!
• Svelte: Fix Vite 8 + Vitest breaking rolldown deps scanner - #​34783, thanks @​JReinhold!
• Tanstack: Add @storybook/tanstack-react package - #​34403, thanks @​huang-julien!
• Tanstack: Optimize tanstack react-store - #​34731, thanks @​huang-julien!
• Tanstack: Treeshake top-level unused functions - #​34760, thanks @​huang-julien!
• Telemetry: Add sidebar filter telemetry for change detection - #​34533, thanks @​valentinpalkovic!
• Telemetry: Centralize disable logic with module-level flag - #​34485, thanks @​valentinpalkovic!
• Telemetry: Fix delayed init events - #​34670, thanks @​JReinhold!
• Telemetry: Refactor init tracking - #​34629, thanks @​Programer1804!
• UI: Add Share section to onboarding checklist and redesign share tool - #​34413, thanks @​valentinpalkovic!
• UI: Ensure Controls panel can scroll horizontally for now - #​34248, thanks @​Sidnioulz!
• UI: Fix global shortcuts not showing region focus indicator - #​34201, thanks @​Sidnioulz!
• UI: Fix mobile navigation when renderLabel returns a React node - #​34262, thanks @​Nathan54Villaume!
• UI: Fix showing and hiding copy prompt in the correct scenarios - #​34706, thanks @​yannbf!
• UI: Improve interactions panel accessibility - #​34110, thanks @​anchmelev!
• Vite: Use vite hook filter for performance improvements - #​34022, thanks @​huang-julien!
• Vitest: Fix agent detection breaking runs - #​34681, thanks @​JReinhold!
• Vue3: Clear stale args/globals when nextArgs is empty in updateArgs - #​34409, thanks @​whdjh!

graphql/graphql-js (graphql)

v16.14.0

Compare Source

v16.14.0 (2026-05-03)

New Feature 🚀

• #​4317 Allow configuration of the ofType introspection depth (@​Nols1000)
• #​4521 Add experimental support for directives on directive definitions (@​BoD)

Bug Fix 🐞

• #​4652 Fix valueFromAST variable own-property checks
  (@​abishekgiri)

Docs 📝

• #​4706 Fix mistake in GraphQLError guidance (@​benjie)

Committers: 4

• Abishek Kumar Giri(@​abishekgiri)
• Benjie(@​benjie)
• Benoit 'BoD' Lubek(@​BoD)
• Nils-Börge Margotti(@​Nols1000)

publint/publint (publint)

v0.3.21

Compare Source

Patch Changes

• Suggest adding "sideEffects": false when bundler-oriented package fields or conditions are detected and the field is missing. (#​228)

v0.3.20

Compare Source

Patch Changes

• Suggest adding engines.node when it is missing from detected Node.js packages (#​226)

• Loosen "breaking change" wording in lint messages (7bb3f4f)

v0.3.19

Compare Source

Patch Changes

• Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#​224)

• Fix internal browser directory traversal logic (#​224)

v0.3.18

Compare Source

Patch Changes

• Fix deprecated subpath mapping check crash and make getPkgPathValue from publint/utils return undefined if the path is invalid (ad2aa9c)

facebook/react (react)

v19.2.6: 19.2.6 (May 6th, 2026)

Compare Source

React Server Components

• Type hardening and performance improvements
  (by @​eps1lon and @​unstubbable)

remix-run/react-router (react-router)

v7.15.1

Compare Source

Patch Changes

• Update router to operate on fetcher Maps in an immutable manner to avoid delayed React renders from potentially reading an updated but not yet committed Map. This could result in brief flickers in some fetcher-driven optimistic UI scenarios. (#​15028)
• Fix serverLoader() returning stale SSR data when a client navigation aborts pending hydration before the hydration clientLoader resolves (#​15022)
• Fix RouterProvider onError callback not being called for synchronous initial loader errors in SPA mode (#​15039) (#​14942)
• Memoize useFetchers to return a stable identity and only change if fetchers changed (#​15028)
• Internal refactor to consolidate mutation request detection through shared utility (#​15033)

Unstable Changes

⚠️ Unstable features are not recommended for production use

• Add a new unstable_useRouterState() hook that consolidates access to active and pending router states (RFC: #​12358) (#​15017)

  • Data/Framework/RSC only — throws when used without a data router

  • This should allow you to consolidate usages of the following hooks which will likely be deprecated and removed in a future major version

    • useLocation
    • useSearchParams
    • useParams
    • useMatches
    • useNavigationType
    • useNavigation

    let { active, pending } = unstable_useRouterState();
    
    // Active is always populated with the current location
    active.location; // replaces `useLocation()`
    active.searchParams; // replaces `useSearchParams()[0]`
    active.params; // replaces `useParams()`
    active.matches; // replaces `useMatches()`
    active.type; // replaces `useNavigationType()`
    
    // Pending is only populated during a navigation
    pending.location; // replaces `useNavigation().location`
    pending.searchParams; // equivalent to `new URLSearchParams(useNavigation().search)`
    pending.params; // Not directly accessible today
    pending.matches; // Not directly accessible today
    pending.type; // Not directly accessible today
    pending.state; // replaces `useNavigation().state`
    pending.formMethod; // replaces useNavigation().formMethod
    pending.formAction; // replaces useNavigation().formAction
    pending.formEncType; // replaces useNavigation().formEncType
    pending.formData; // replaces useNavigation().formData
    pending.json; // replaces useNavigation().json
    pending.text; // replaces useNavigation().text

v7.15.0

Compare Source

Minor Changes

• Stabilize unstable_defaultShouldRevalidate as defaultShouldRevalidate on <Link>, <Form>, useLinkClickHandler, useSubmit, fetcher.submit, and setSearchParams (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize the instrumentation APIs. unstable_instrumentations is now instrumentations and unstable_pattern is now pattern (a993f09)

  • The unstable_ServerInstrumentation, unstable_ClientInstrumentation, unstable_InstrumentRequestHandlerFunction, unstable_InstrumentRouterFunction, unstable_InstrumentRouteFunction, and unstable_InstrumentationHandlerResult types have had their unstable_ prefixes removed
  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize unstable_mask as mask on <Link>, useLinkClickHandler, and useNavigate, and rename the corresponding Location.unstable_mask field to Location.mask (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize the unstable_normalizePath option on staticHandler.query and staticHandler.queryRoute as normalizePath (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize future.unstable_passThroughRequests as future.v8_passThroughRequests (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Remove unstable_subResourceIntegrity from the runtime FutureConfig type; the flag is now controlled by the top-level subResourceIntegrity option in react-router.config.ts (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize unstable_url as url on loader, action, and middleware function args (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize unstable_useTransitions as useTransitions on <BrowserRouter>, <HashRouter>, <HistoryRouter>, <MemoryRouter>, <Router>, <RouterProvider>, <HydratedRouter>, and useLinkClickHandler (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

Patch Changes

• Add nonce to <Scripts> <link rel="modulepreload"> elements (if provided) (af5d49b)

• Fix a bug with unstable_defaultShouldRevalidate={false} where parent routes that did not export a shouldRevalidate function could be incorrectly included in the single fetch call for new child route data (#​15012)

• Improve server-side route matching performance by pre-computing flattened/cached route branches (#​14967) (af5d49b)

  • Performance benchmarks showed roughly a 10-15% improvement in server-side request handling performance

• Mark mask as an optional field in Location for easier mocking in unit tests (#​14999)

• Cache flattened/ranked route branches to optimize server-side route matching (#​14967)

• Improve route matching performance in Framework/Data Mode (#​14971) (af5d49b)

  • Avoiding unnecessary calls to matchRoutes in data router scenarios
    • This includes adding back the optimization that was removed in 7.6.0 (#​13562)
    • The issues that prompted the revert have been addressed by using the available router matches but always updating match.route to the latest route in the manifest
  • Leverage pre-computed pre-computing flattened/cached route branches during client side route matching
  • Performance benchmarks showed roughly a 15-30% improvement in server-side request handling performance

rolldown/tsdown (tsdown)

v0.22.0

Compare Source

   🚨 Breaking Changes

• Drop Node.js < 22.18.0 support, make unrun optional, add tsx config loader  -  by @​sxzz (a1042)
• dts: Auto-enable dts when tsconfig declaration is true  -  by @​sxzz in #​872 (085f0)
• publint: Use pkg from publint results, require publint v0.3.8+  -  by @​sxzz (413bb)

   🚀 Features

• Upgrade rolldown to 1.0.0-rc.18  -  by @​sxzz (66085)
• Upgrade rolldown to v1.0.0  -  by @​sxzz (fabba)
• exports: Auto-enable bin detection by default  -  by @​sxzz in #​873 (abda9)

   🐞 Bug Fixes

• Explicitly drop node 23 support  -  by @​sxzz (85e65)
• debug: Enhance debug logging for pack tarball  -  by @​sxzz and Copilot (5de04)
• exports: Detect types fields nested in conditional exports  -  by @​sxzz (82fa1)
• pkg: Fix duplicate configuration warning logic  -  by @​ho991217 and @​sxzz in #​935 (6a0d9)

🔄 Migration Guide

Node.js version

Upgrade to Node.js 22.18.0 or later. Bun and Deno remain supported (experimental).

unrun is no longer bundled

If your environment relies on the unrun config loader (i.e. you're on a Node version without native TypeScript support and use the default auto loader), install it manually:

npm i -D unrun

# or, alternatively, the new tsx loader:
npm i -D tsx

If you use Node.js 22.18.0+ with native TypeScript support, no change is needed — the auto loader will pick native.

dts auto-enabled from tsconfig

If your tsconfig.json has compilerOptions.declaration: true but you do not want tsdown to emit .d.ts files, opt out explicitly:

// tsdown.config.ts
export default defineConfig({
  dts: false,
})

exports.bin auto-detection

Any entry chunk containing a shebang (e.g. #!/usr/bin/env node) now causes tsdown to write a bin field in package.json automatically. The semantics differ slightly from explicit bin: true:

Value	Single shebang	Multiple shebangs	No shebangs
(unset)	Auto-set bin	Warn, skip	Silent
true	Auto-set bin	Throw	Warn
false	No bin	No bin	No bin

To opt out entirely:

export default defineConfig({
  exports: { bin: false },
})

Links

• tsdown Documentation
• v0.22.0-beta.1 Release
• v0.22.0-beta.2 Release
• v0.22.0-beta.3 Release
• Full diff from v0.21.10

---

Configuration

📅 Schedule: (in timezone Australia/Melbourne)

• Branch creation
  • "after 3:00 am and before 6:00 am every 2 weeks on Tuesday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 97bf036

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR