chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the development-dependencies group with 8 updates in the / directory:

Package	From	To
@types/node	20.19.33	20.19.37
@babel/parser	7.29.0	7.29.2
minimatch	3.1.3	3.1.5
flatted	3.3.3	3.4.2
get-tsconfig	4.13.6	4.13.7
mlly	1.8.0	1.8.2
postcss	8.5.6	8.5.8
rollup	4.59.0	4.60.0

Updates @types/node from 20.19.33 to 20.19.37

Commits

• See full diff in compare view

Updates @babel/parser from 7.29.0 to 7.29.2

Release notes

Sourced from @​babel/parser's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

• babel-parser
  • #17840 [7.x backport] async x => {} must be in leading pos (@​JLHwung)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • #17805 [7.x backport] fix: Properly handle await in finally (@​liuxingbaoyu)
• babel-preset-env
  • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

• #17813 chore: update eslint peer deps (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

• babel-standalone
  • #17771 [7.x backport] fix: ensure targets.esmodules is validated (@​JLHwung)
• babel-generator
  • #17776 [7.x backport] Fix undefined when 64 indents (@​liuxingbaoyu)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

Commits

• 37d5595 v7.29.2
• f030ad3 [7.x backport] async x => {} must be in leading pos (#17840)
• See full diff in compare view

Updates minimatch from 3.1.3 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• See full diff in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

• 3bf0909 3.4.2
• 885ddcc fix CWE-1321
• 0bdba70 added flatted-view to the benchmark
• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• Additional commits viewable in compare view

Updates get-tsconfig from 4.13.6 to 4.13.7

Release notes

Sourced from get-tsconfig's releases.

v4.13.7

4.13.7 (2026-03-22)

Bug Fixes

• parse-tsconfig: preserve files when include is also present (#128) (b09052c)

Commits

• b09052c fix(parse-tsconfig): preserve files when include is also present (#128)
• e64637d ci: add beta branch and simplify release trigger
• 07b4bd4 test(extends): add regression test for include path normalization (#74)
• See full diff in compare view

Updates mlly from 1.8.0 to 1.8.2

Release notes

Sourced from mlly's releases.

v1.8.2

compare changes

🩹 Fixes

• Generic angle bracket parsing (#341)

📖 Documentation

• Fix typo (#333)

❤️ Contributors

• Florian Heuberger (@​Flo0806)
• AngelHdz (@​angelhdzmultimedia)

v1.8.1

compare changes

🩹 Fixes

• Extract variable names ignoring function calls (#336)

❤️ Contributors

• Daniel Roe (@​danielroe)

Changelog

Sourced from mlly's changelog.

v1.8.2

compare changes

🩹 Fixes

• Extract variable names ignoring function calls (#336)
• Generic angle bracket parsing (#341)

📖 Documentation

• Fix typo (#333)

🏡 Chore

• Update deps (12913db)
• Lint (33495f9)
• release: V1.8.1 (ed17783)
• Update deps (1b09363)

❤️ Contributors

• Florian Heuberger (@​Flo0806)
• Pooya Parsa (@​pi0)
• AngelHdz angel.hernandez.12@live.com
• Daniel Roe (@​danielroe)

v1.8.1

compare changes

🩹 Fixes

• Extract variable names ignoring function calls (#336)

🏡 Chore

• Update deps (12913db)
• Lint (33495f9)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Daniel Roe (@​danielroe)

Commits

• c5ce4e5 chore(release): v1.8.2
• abef19c fix: generic angle bracket parsing (#341)
• 1b09363 chore: update deps
• ed17783 chore(release): v1.8.1
• 3f4c751 docs: fix typo (#333)
• 24bd871 chore(deps): update autofix-ci/action digest to 7a166d7 (#334)
• 938cf7e chore(deps): update actions/setup-node action to v6 (#328)
• 915dd32 chore(deps): update actions/checkout action to v6 (#332)
• 33495f9 chore: lint
• 12913db chore: update deps
• Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.8

Release notes

Sourced from postcss's releases.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

• 65de537 Release 8.5.8 version
• b2c6d97 Run git hook register
• 0ae0a49 Update Processor#version
• 6ee9f14 Release 8.5.7 version
• 3fbc951 Fix uvu Node.js 25 support
• 52db53e Update dependencies
• 497daef Speed up source map annotation cleaning by moving from RegExp
• 41e739a Remove banner
• 1329142 chore: speed up space-only string check in lib/parser.js (#2064)
• 23beff9 Update dependencies
• Additional commits viewable in compare view

Updates rollup from 4.59.0 to 4.60.0

Release notes

Sourced from rollup's releases.

v4.60.0

4.60.0

2026-03-22

Features

• Support source phase imports as long as they are external (#6279)

Pull Requests

• #6279: feat: external only Source Phase imports support (@​guybedford, @​lukastaegert)

v4.59.1

4.59.1

2026-03-21

Bug Fixes

• Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

• #6281: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6282: chore(deps): update github artifact actions (major) (@​renovate[bot], @​lukastaegert)
• #6283: chore(deps): update dependency nyc to v18 (@​renovate[bot], @​lukastaegert)
• #6284: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #6285: chore(deps): lock file maintenance (@​renovate[bot])
• #6290: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6291: chore(deps): update dependency @​shikijs/vitepress-twoslash to v4 (@​renovate[bot])
• #6292: chore(deps): lock file maintenance (@​renovate[bot])
• #6297: chore(deps): update minor/patch updates (@​renovate[bot])
• #6298: chore(deps): lock file maintenance (@​renovate[bot])
• #6299: chore(deps): lock file maintenance (@​renovate[bot])
• #6300: docs: update packagephobia link (@​bluwy)
• #6301: chore(deps): update dependency lint-staged to ^16.3.3 (@​renovate[bot])
• #6306: fix: fix chunk assignment for deoptimized module with dynamic import (@​JoaoBrlt, @​lukastaegert)
• #6307: chore(deps): update minor/patch updates (@​renovate[bot])
• #6308: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6309: chore(deps): update dependency vite to v8 (@​renovate[bot])
• #6310: chore(deps): lock file maintenance (@​renovate[bot])
• #6311: chore(deps): lock file maintenance (@​renovate[bot])
• #6312: chore(deps): lock file maintenance (@​renovate[bot])

Changelog

Sourced from rollup's changelog.

4.60.0

2026-03-22

Features

• Support source phase imports as long as they are external (#6279)

Pull Requests

• #6279: feat: external only Source Phase imports support (@​guybedford, @​lukastaegert)

4.59.1

2026-03-21

Bug Fixes

• Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

• #6281: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6282: chore(deps): update github artifact actions (major) (@​renovate[bot], @​lukastaegert)
• #6283: chore(deps): update dependency nyc to v18 (@​renovate[bot], @​lukastaegert)
• #6284: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #6285: chore(deps): lock file maintenance (@​renovate[bot])
• #6290: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6291: chore(deps): update dependency @​shikijs/vitepress-twoslash to v4 (@​renovate[bot])
• #6292: chore(deps): lock file maintenance (@​renovate[bot])
• #6297: chore(deps): update minor/patch updates (@​renovate[bot])
• #6298: chore(deps): lock file maintenance (@​renovate[bot])
• #6299: chore(deps): lock file maintenance (@​renovate[bot])
• #6300: docs: update packagephobia link (@​bluwy)
• #6301: chore(deps): update dependency lint-staged to ^16.3.3 (@​renovate[bot])
• #6306: fix: fix chunk assignment for deoptimized module with dynamic import (@​JoaoBrlt, @​lukastaegert)
• #6307: chore(deps): update minor/patch updates (@​renovate[bot])
• #6308: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6309: chore(deps): update dependency vite to v8 (@​renovate[bot])
• #6310: chore(deps): lock file maintenance (@​renovate[bot])
• #6311: chore(deps): lock file maintenance (@​renovate[bot])
• #6312: chore(deps): lock file maintenance (@​renovate[bot])

Commits

• 6ecd69f 4.60.0
• 6b725b9 feat: external only Source Phase imports support (#6279)
• 0cba9e0 4.59.1
• 4eeea29 Pin Vite
• 1cd49ae fix: fix chunk assignment for deoptimized module with dynamic import (#6306)
• c9dabc3 Downgrade Vite
• d46200f chore(deps): update dependency vite to v8 (#6309)
• aa6c853 chore(deps): update dependency lru-cache to v11 (#6308)
• 4208811 chore(deps): lock file maintenance (#6312)
• 5348a82 chore(deps): lock file maintenance (#6311)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: llm-dev-ops/maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

🔒 Security Scan Results

Scan Type	Status
Dependency Scan	⚠️ failure
CodeQL Analysis	✅ success
Secret Scan	✅ success
License Check	⚠️ failure
SAST	⚠️ failure

⚠️ Some security scans have warnings or failed. Please review the details.

---

Automated security scanning by GitHub Actions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.