build(deps): bump the non-breaking-deps group in /Cyrano with 7 updates

[dependabot]

Bumps the non-breaking-deps group in /Cyrano with 7 updates:

Package	From	To
@anthropic-ai/sdk	0.88.0	0.90.0
@aws-sdk/client-s3	3.1029.0	3.1032.0
dompurify	3.3.3	3.4.0
puppeteer	24.40.0	24.42.0
eslint	10.2.0	10.2.1
imapflow	1.3.1	1.3.2
typescript-eslint	8.58.2	8.59.0

Updates @anthropic-ai/sdk from 0.88.0 to 0.90.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.90.0

0.90.0 (2026-04-16)

Full Changelog: sdk-v0.89.0...sdk-v0.90.0

Features

• api: add claude-opus-4-7, token budgets and user_profiles (b26134b)

Chores

• actually delete release-doctor.yml (0fe984d)
• ci: remove release-doctor workflow (08e58bd)

sdk: v0.89.0

0.89.0 (2026-04-14)

Full Changelog: sdk-v0.88.0...sdk-v0.89.0

Features

• api: manual updates (57c2a11)
• api: mark Sonnet and Opus 4 as deprecated (eff41b7)

Bug Fixes

• streaming: add missing events (4c52919)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.90.0 (2026-04-16)

Full Changelog: sdk-v0.89.0...sdk-v0.90.0

Features

• api: add claude-opus-4-7, token budgets and user_profiles (b26134b)

Chores

• actually delete release-doctor.yml (0fe984d)
• ci: remove release-doctor workflow (08e58bd)

0.89.0 (2026-04-14)

Full Changelog: sdk-v0.88.0...sdk-v0.89.0

Features

• api: manual updates (57c2a11)
• api: mark Sonnet and Opus 4 as deprecated (eff41b7)

Bug Fixes

• streaming: add missing events (4c52919)

Commits

• 93ac7c7 chore: release main (#1003)
• 39549e9 chore: release main (#993)
• See full diff in compare view

Updates @aws-sdk/client-s3 from 3.1029.0 to 3.1032.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1032.0

3.1032.0(2026-04-17)

Documentation Changes

• client-neptune: Improving Documentation for Neptune (e27d9cd0)

New Features

• clients: update client endpoints as of 2026-04-17 (1fd8c265)
• client-connect: Fixes in SDK for customers using TestCase APIs (bd88a7ec)
• client-imagebuilder: ImportDiskImage API adds registerImageOptions for Secure Boot control and custom UEFI data. It adds windowsConfiguration for selecting a specific edition from multi-image .wim files during ISO import. (d211b308)
• client-quicksight: Public release of dashboard customization summary, S3 Tables data source type, Athena cross-account connector, custom sorting for controls, and AI-powered analysis generation. (da327c47)
• client-sagemaker: Adds support for providing NetworkInterface for efa enabled instances and Simplified cluster creation for Slurm-orchestrated clusters with optional Lifecycle Script (LCS) configuration. (ffcb883d)
• client-cleanrooms: This release adds support for configurable spark properties for Cleanrooms PySpark workloads. (c5de5506)
• client-groundstation: Adds support for updating contacts, listing antennas, and listing ground station reservations. New API operations - UpdateContact, ListContactVersions, DescribeContactVersion, ListAntennas, and ListGroundStationReservations. (360c3817)
• client-sts: The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader. (c5755466)
• client-connectcampaignsv2: This release adds support for campaign entry limits configuration and hourly refresh frequency in Amazon Connect Outbound Campaigns. (4ee31aed)

Bug Fixes

• core: reduce object allocations in protocol serde (#7939) (d0c9af06)

---

For list of updated packages, view updated-packages.md in assets-3.1032.0.zip

v3.1031.0

3.1031.0(2026-04-16)

Chores

• upgrade smithy to 1.69.0 (#7932) (560d9878)
• derestrict commit message linting (#7929) (a296c406)
• codegen: sync for retry attempt count api (#7927) (b742fb8b)

Documentation Changes

• client-cloudwatch: Update documentation of alarm mute rules start and end date fields (3b2342bc)

New Features

• clients: update client endpoints as of 2026-04-16 (68ae10a1)
• client-appstream: Add content redirection to Update Stack (1bde7c78)
• client-connect: This release updates the Amazon Connect Rules CRUD APIs to support a new EventSourceName - OnEmailAnalysisAvailable. Use this event source to trigger rules when conversational analytics results are available for email contacts. (7abcd2c7)
• client-rds: Adds a new DescribeServerlessV2PlatformVersions API to describe platform version properties for Aurora Serverless v2. Also introduces a new valid maintenance action value for serverless platform version updates. (b72b175a)
• client-drs: Updating regex for identification of AWS Regions. (9405d283)
• client-mediaconvert: Adds support for Elemental Inference powered smart crop feature, enabling video verticalization (c82e5cac)
• client-auto-scaling: This release adds support for specifying Availability Zone IDs as an alternative to Availability Zone names when creating or updating Auto Scaling groups. (40e2faa7)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1032.0 (2026-04-17)

Note: Version bump only for package @​aws-sdk/client-s3

3.1031.0 (2026-04-16)

Note: Version bump only for package @​aws-sdk/client-s3

3.1030.0 (2026-04-13)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• c0c0872 Publish v3.1032.0
• 33a780e Publish v3.1031.0
• 560d987 chore: upgrade smithy to 1.69.0 (#7932)
• b742fb8 chore(codegen): sync for retry attempt count api (#7927)
• 5ae7dfb Publish v3.1030.0
• See full diff in compare view

Updates dompurify from 3.3.3 to 3.4.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.0

Most relevant changes:

• Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @​kodareef5
• Fixed several minor problems and typos regarding MathML attributes, thanks @​DavidOliver
• Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @​1Jesper1
• Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @​bencalif
• Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @​trace37labs
• Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @​eddieran
• Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @​christos-eth
• Fixed an issue with USE_PROFILES prototype pollution, thanks @​christos-eth
• Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @​researchatfluidattacks and others
• Fixed an issue with closing tags leading to possible mXSS, thanks @​frevadiscor
• Fixed a problem with the type dentition patcher after Node version bump
• Fixed freezing BS runs by reducing the tested browsers array
• Bumped several dependencies where possible
• Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

Commits

• 5b16e0b Getting 3.x branch ready for 3.4.0 release (#1250)
• See full diff in compare view

Updates puppeteer from 24.40.0 to 24.42.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.42.0

24.42.0 (2026-04-20)

🎉 Features

• add metadata to extensions object (#14870) (d3e190e)
• cdp: support autofilling address (#14826) (c2acadc)
• implement URL blocklist to restrict access to unauthorized sites (#14873) (8ad881c)

🛠️ Fixes

• remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
• roll to Chrome 147.0.7727.57 (#14869) (51c4305)

puppeteer: v24.42.0

24.42.0 (2026-04-20)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.41.0 to 24.42.0

puppeteer-core: v24.41.0

24.41.0 (2026-04-15)

🎉 Features

• add support for Issues (#14845) (6e8dbe7)
• adds extension realms api (#14824) (c14f4ae)
• API to list installed browser extensions and trigger extension actions (#14821) (d6395ef)
• implement console event on web workers (#14784) (fa6158a)
• roll to Chrome 147.0.7727.24 (#14797) (ee81786)
• roll to Firefox 149.0 (#14799) (9fd5ceb)
• webmcp: add hook for tool invocation (#14835) (cf8169d)
• webmcp: add hook for tool response (#14841) (6fb05bc)
• webmcp: add initial API to inspect tool registrations (#14814) (655c996)
• webmcp: add WebMCPTool execute support (#14851) (8f95117)
• webmcp: expose WebMCPToolCall in WebMCPToolCallResult (#14848) (242ac0b)
• webmcp: Switch from WebMCPInvocationStatus Success to Completed (#14859) (375e636)

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.42.0 (2026-04-20)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.41.0 to 24.42.0

🎉 Features

• add metadata to extensions object (#14870) (d3e190e)
• cdp: support autofilling address (#14826) (c2acadc)
• implement URL blocklist to restrict access to unauthorized sites (#14873) (8ad881c)

🛠️ Fixes

• remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
• roll to Chrome 147.0.7727.57 (#14869) (51c4305)

24.41.0 (2026-04-15)

🎉 Features

• add support for Issues (#14845) (6e8dbe7)
• adds extension realms api (#14824) (c14f4ae)
• API to list installed browser extensions and trigger extension actions (#14821) (d6395ef)
• implement console event on web workers (#14784) (fa6158a)
• roll to Chrome 147.0.7727.24 (#14797) (ee81786)
• roll to Firefox 149.0 (#14799) (9fd5ceb)
• webmcp: add hook for tool invocation (#14835) (cf8169d)
• webmcp: add hook for tool response (#14841) (6fb05bc)
• webmcp: add initial API to inspect tool registrations (#14814) (655c996)
• webmcp: add WebMCPTool execute support (#14851) (8f95117)
• webmcp: expose WebMCPToolCall in WebMCPToolCallResult (#14848) (242ac0b)
• webmcp: Switch from WebMCPInvocationStatus Success to Completed (#14859) (375e636)

Dependencies

• The following workspace dependencies were updated

... (truncated)

Commits

• d265eb6 chore: release main (#14875)
• 8ad881c feat: implement URL blocklist to restrict access to unauthorized sites (#14873)
• d023bec chore(webmcp): Update toolsRemoved event tools parameter interface (#14888)
• c2acadc feat(cdp): support autofilling address (#14826)
• 67f3921 chore: update latest release sha (#14874)
• c9909a5 fix: remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from dis...
• 51c4305 fix: roll to Chrome 147.0.7727.57 (#14869)
• d3e190e feat: add metadata to extensions object (#14870)
• 2d05dfc fix: bump node to 24 to avoid publishing bugs with npm (#14868)
• 20402bc chore: release main (#14866)
• Additional commits viewable in compare view

Updates eslint from 10.2.0 to 10.2.1

Release notes

Sourced from eslint's releases.

v10.2.1

Bug Fixes

• 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
• 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
• af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
• e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

• ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)
• 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)
• c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)
• 1418d52 docs: Update README (GitHub Actions Bot)
• 39771e6 docs: Update README (GitHub Actions Bot)
• 71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)
• 22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)
• 8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

• 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770) (renovate[bot])
• fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763) (dependabot[bot])
• 7246f92 test: add tests for SuppressionsService.load() error handling (#20734) (kuldeep kumar)
• 4f34b1e chore: update pnpm/action-setup action to v5 (#20762) (renovate[bot])
• 51080eb test: processor service (#20731) (kuldeep kumar)
• e7e1889 chore: remove stale babel-eslint10 fixture and test (#20727) (kuldeep kumar)
• 4e1a87c test: remove redundant async/await in flat config array tests (#20722) (Pixel998)
• 066eabb test: add rule metadata coverage for languages and docs.dialects (#20717) (Pixel998)

Commits

• 4d1d8f9 10.2.1
• 3e33105 Build: changelog update for 10.2.1
• ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768)
• 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770)
• 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767)
• c1621b9 docs: fix typos in code-path-analyzer.js (#20700)
• fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763)
• 7246f92 test: add tests for SuppressionsService.load() error handling (#20734)
• 4f34b1e chore: update pnpm/action-setup action to v5 (#20762)
• 1418d52 docs: Update README
• Additional commits viewable in compare view

Updates imapflow from 1.3.1 to 1.3.2

Changelog

Sourced from imapflow's changelog.

1.3.2 (2026-04-17)

Bug Fixes

• Bumped deps (7b45f61)
• harden mailbox-lock and error-propagation paths (7b87d96)

Commits

• 21b73b1 chore(master): release 1.3.2 [skip-ci] (#350)
• 7b87d96 fix: harden mailbox-lock and error-propagation paths
• 7b45f61 fix: Bumped deps
• See full diff in compare view

Updates typescript-eslint from 8.58.2 to 8.59.0

Release notes

Sourced from typescript-eslint's releases.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

• Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.0 (2026-04-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• ea9ae4f chore(release): publish 8.59.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions