fix(deps): update all dependencies j:kit-282

[renovate-coveo]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@coveo/relay-event-types	13.0.3 -> 13.1.0					devDependencies	minor	13.1.3 (+2)
@coveo/relay-event-types	13.0.3 -> 13.1.0					dependencies	minor	13.1.3 (+2)
@nx/vite (source)	20.3.1 -> 20.3.2					devDependencies	patch	20.4.0 (+1)
@nx/web (source)	20.3.1 -> 20.3.2					devDependencies	patch	20.4.0 (+1)
@playwright/test (source)	1.49.1 -> 1.50.0					devDependencies	minor
@salesforce/eslint-config-lwc	3.6.0 -> 3.7.1					devDependencies	minor
@testing-library/user-event	14.5.2 -> 14.6.1					dependencies	minor
@types/node (source)	22.10.6 -> 22.10.10					devDependencies	patch	22.12.0
@types/node (source)	22.10.6 -> 22.10.10					dependencies	patch	22.12.0
actions/setup-node	39370e3 -> 1d0ff46					action	digest
cypress-real-events	1.13.0 -> 1.14.0					devDependencies	minor
cypress-web-vitals	4.1.2 -> 4.2.0					devDependencies	minor
fs-extra	11.2.0 -> 11.3.0					dependencies	minor
i18next-http-backend	3.0.1 -> 3.0.2					dependencies	patch
lint-staged	15.3.0 -> 15.4.2					devDependencies	minor	15.4.3
node (source)	22.13.0 -> 22.13.1						patch
nx (source)	20.3.1 -> 20.3.2					devDependencies	patch	20.4.0 (+1)
playwright (source)	1.49.1 -> 1.50.0					devDependencies	minor
prettier-plugin-tailwindcss	0.6.9 -> 0.6.11					devDependencies	patch
puppeteer (source)	24.0.0 -> 24.1.1					devDependencies	minor
rollup (source)	4.30.1 -> 4.31.0					devDependencies	minor	4.32.1 (+1)
step-security/harden-runner	v2.10.3 -> v2.10.4					action	patch
zone.js (source, changelog)	0.14.10 -> 0.15.0					dependencies	minor

[skip release]

---

Release Notes

coveo/analytics_schema (@​coveo/relay-event-types)

v13.1.0

Compare Source

v13.0.4

Compare Source

nrwl/nx (@​nx/vite)

v20.3.2

Compare Source

20.3.2 (2025-01-17)

🚀 Features

• module-federation: upgrade to latest version of @​module-federation/enhanced (#​29535)
• nx-dev: customer videos on customer page (#​29380)
• nx-dev: add trial pages for Powerpack and Enterprise, update contact sales team page (#​29554)
• testing: add option ciGroupName to @nx/jest/plugin (#​29365)
• web: support custom cors headers (#​29382)

🩹 Fixes

• angular: restore esm2022 bundle and drop fesm2022 in ng-packagr-lite executor (#​29615)
• core: update nx cloud bundle install directory logic (#​29555)
• core: avoid launching default plugins twice (#​29539)
• core: support subpath exports when constructing the project graph (#​29577)
• core: update package script logic to handle cli tool name as command (#​29617)
• core: show better project graph errors (#​29525)
• core: check only for watcher connections during inactivity shutdown (#​29621)
• gradle: check if java is installed (#​29572)
• graph: copy command text directly from PDV (#​29645)
• js: do not set project references to non-existing tsconfig files in sync generator (#​29536)
• js: ensure js libraries' build produce esm output in ts solution setup (#​29546)
• js: avoid nested paths in workspaces because they can lead to future issues (#​29553)
• js: Update typescript plugin check for buildable projects (#​29431)
• js: update detection of ts solution setup (#​29576)
• js: generate js libs with exports in package.json and ensure esm output when using rollup bundler (#​29565)
• js: do not generate explicit vitest task config for a js library unless adding plugin is disabled (#​29606)
• js: improve error handling during SWC compilation (#​29605)
• js: non-buildable js libs specify type=module (#​29620)
• js: sort package.json fields by idiomatic order (#​29635)
• js: fix typo so exports field in package.json is properly sorted (#​29643)
• js: do not generate package.json file for non-buildable js libraries in non-ts solution setup (#​29646)
• js: ignore bundler config files correctly in eslint config when using vitest in js library generator (#​29649)
• misc: ensure all project generators add project to workspaces config (#​29582)
• misc: ensure exports are generated for several lib generators in ts solution setup (#​29588)
• misc: update e2e config generators to align with new TS solution setup (#​29638)
• nx-dev: fix heroicons for safari (#​29544)
• nx-dev: Update Webinar link (#​29590)
• react: transpile SVGR into React 19 compatible component (#​29543)
• react: setup mf env var as input for rspack (#​29584)
• release: ensure git push option is always applied (#​29596)
• rspack: make subresourceIntegrity usage configurable (#​29629)
• testing: infer correct outputs when absolute paths are provided in playwright config (#​29549)
• testing: e2e config generators should prompt for missing serve data (#​29660)

❤️ Thank You

• Aidan Temple @​aidant
• Colum Ferry @​Coly010
• Craigory Coppola @​AgentEnder
• Emily Xiong @​xiongemi
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz
• Jonathan Cammisuli @​Cammisuli
• Juri Strumpflohner @​juristr
• Leosvel Pérez Espinosa @​leosvelperez
• MaxKless @​MaxKless
• Mike Hartington @​mhartington
• Nicholas Cunningham @​ndcunningham
• Robb Traister
• Thomas Dekiere @​thdk
• Tine Kondo @​tinesoft

microsoft/playwright (@​playwright/test)

v1.50.0

Compare Source

Test runner

• New option timeout allows specifying a maximum run time for an individual test step. A timed-out step will fail the execution of the test.

  test('some test', async ({ page }) => {
    await test.step('a step', async () => {
      // This step can time out separately from the test
    }, { timeout: 1000 });
  });

• New method test.step.skip() to disable execution of a test step.

  test('some test', async ({ page }) => {
    await test.step('before running step', async () => {
      // Normal step
    });
  
    await test.step.skip('not yet ready', async () => {
      // This step is skipped
    });
  
    await test.step('after running step', async () => {
      // This step still runs even though the previous one was skipped
    });
  });

• Expanded expect(locator).toMatchAriaSnapshot() to allow storing of aria snapshots in separate YAML files.

• Added method expect(locator).toHaveAccessibleErrorMessage() to assert the Locator points to an element with a given aria errormessage.

• Option testConfig.updateSnapshots added the configuration enum changed. changed updates only the snapshots that have changed, whereas all now updates all snapshots, regardless of whether there are any differences.

• New option testConfig.updateSourceMethod defines the way source code is updated when testConfig.updateSnapshots is configured. Added overwrite and 3-way modes that write the changes into source code, on top of existing patch mode that creates a patch file.

  npx playwright test --update-snapshots=changed --update-source-method=3way

• Option testConfig.webServer added a gracefulShutdown field for specifying a process kill signal other than the default SIGKILL.

• Exposed testStep.attachments from the reporter API to allow retrieval of all attachments created by that step.

UI updates

• Updated default HTML reporter to improve display of attachments.
• New button for picking elements to produce aria snapshots.
• Additional details (such as keys pressed) are now displayed alongside action API calls in traces.
• Display of canvas content in traces is error-prone. Display is now disabled by default, and can be enabled via the Display canvas content UI setting.
• Call and Network panels now display additional time information.

Breaking

• expect(locator).toBeEditable() and locator.isEditable() now throw if the target element is not <input>, <select>, or a number of other editable elements.
• Option testConfig.updateSnapshots now updates all snapshots when set to all, rather than only the failed/changed snapshots. Use the new enum changed to keep the old functionality of only updating the changed snapshots.

Browser Versions

• Chromium 133.0.6943.16
• Mozilla Firefox 134.0
• WebKit 18.2

This version was also tested against the following stable channels:

• Google Chrome 132
• Microsoft Edge 132

salesforce/eslint-config-lwc (@​salesforce/eslint-config-lwc)

v3.7.1

Compare Source

What's Changed

• fix: bump accepted peer dependency version of @​lwc/eslint-plugin-lwc by @​ravijayaramappa in https://github.com/salesforce/eslint-config-lwc/pull/145

Full Changelog: salesforce/eslint-config-lwc@v3.7.0...v3.7.1

What's Changed

• chore: release v3.6.0 by @​wjhsf in https://github.com/salesforce/eslint-config-lwc/pull/135
• chore(deps): bump micromatch from 4.0.7 to 4.0.8 by @​dependabot in https://github.com/salesforce/eslint-config-lwc/pull/136
• chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by @​dependabot in https://github.com/salesforce/eslint-config-lwc/pull/139
• @​W-17374681 include new ssr rules in ssr config by @​abhagta-sfdc in https://github.com/salesforce/eslint-config-lwc/pull/140
• Update README.md by @​wjhsf in https://github.com/salesforce/eslint-config-lwc/pull/138
• @​ W-17538276 Update ssr configs by @​abhagta-sfdc in https://github.com/salesforce/eslint-config-lwc/pull/142
• chore: v3.7.0 by @​ravijayaramappa in https://github.com/salesforce/eslint-config-lwc/pull/144
• fix: bump accepted peer dependency version of @​lwc/eslint-plugin-lwc by @​ravijayaramappa in https://github.com/salesforce/eslint-config-lwc/pull/145

New Contributors

• @​abhagta-sfdc made their first contribution in https://github.com/salesforce/eslint-config-lwc/pull/140

Full Changelog: salesforce/eslint-config-lwc@v3.6.0...v3.7.1

testing-library/user-event (@​testing-library/user-event)

v14.6.1

Compare Source

Bug Fixes

• correct description for delay option (#​1175) (2edf14d)
• keyboard: add ContextMenu to defaultKeyMap (#​1079) (3e471d1)
• keyboard: add brackets to defaultKeyMap (#​1226) (543ecb0)
• keyboard: walk through radio group per arrow keys (#​1049) (bf8111c)
• pointer: dispatch mouse events if pointerdown is defaultPrevented (#​1121) (f681f7b)
• pointer: set button and buttons properties on PointerEvent (#​1219) (6614f72)
• pointer: use 1 as default value for PointerEvent.width and PointerEvent.height (#​1224) (f0468d0)
• prevent click event loop on form-associated custom element (#​1238) (465fc7e)
• prevent click event on non-focusable control (#​1130) (e429094)
• upload: apply accept filter more leniently (#​1064) (a344ad4)

v14.6.0

Compare Source

Features

• dispatch FocusEvent in hidden documents (#​1252) (1ed8b15)

Bug Fixes

• clipboard: await DataTransferItem.getAsString() callback (#​1251) (7b11b0e)
• event: assign pointer coords to MouseEvent (#​1039) (8528972)
• pointer: check PointerCoords.x in isDifferentPointerPosition (#​1216) (75edef5)
• pointer: check all fields of PointerCoords in isDifferentPointerPosition() (#​1229) (5f3d28f)

dmtrKovalenko/cypress-real-events (cypress-real-events)

v1.14.0

Compare Source

Features

• Upgrade to cypress v14 (46859cf)

cmorten/cypress-web-vitals (cypress-web-vitals)

v4.2.0

Compare Source

What's Changed

• [#​35] feat: support Cypress 14 by @​AtofStryker in https://github.com/cmorten/cypress-web-vitals/pull/36

New Contributors

• @​AtofStryker made their first contribution in https://github.com/cmorten/cypress-web-vitals/pull/36

Full Changelog: cmorten/cypress-web-vitals@4.1.2...4.2.0

jprichardson/node-fs-extra (fs-extra)

v11.3.0

Compare Source

• Add promise support for newer fs methods (#​1044, #​1045)
• Use fs.opendir in copy()/copySync() for better perf/scalability (#​972, #​1028)

i18next/i18next-http-backend (i18next-http-backend)

v3.0.2

Compare Source

• optimize fetchApi selector

lint-staged/lint-staged (lint-staged)

v15.4.2

Compare Source

Patch Changes

• #​1509 8827ebf Thanks @​iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.

v15.4.1

Compare Source

Patch Changes

• #​1504 1c7a45e Thanks @​iiroj! - Default TypeScript config filenames match JS equivalents.

• #​1504 9cc18c9 Thanks @​iiroj! - Add missing conditional exports syntax for TypeScript types.

v15.4.0

Compare Source

Minor Changes

• #​1500 a8ec1dd Thanks @​iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files:

  /**
   * @​filename: lint-staged.config.js
   * @​type {import('lint-staged').Configuration}
   */
  export default {
    '*': 'prettier --write',
  }

  It's also possible to use the .ts file extension for the configuration if your Node.js version supports it. The --experimental-strip-types flag was introduced in Node.js v22.6.0 and unflagged in v23.6.0, enabling Node.js to execute TypeScript files without additional configuration.

  export NODE_OPTIONS="--experimental-strip-types"
  
  npx lint-staged --config lint-staged.config.ts

Patch Changes

• #​1501 9b79364 Thanks @​iiroj! - Handle possible failures when logging user shell for debug info.

nodejs/node (node)

v22.13.1: 2025-01-21, Version 22.13.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
• CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
• CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

• CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

• [520da342e0] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#662
• [99f217369f] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555
• [984f735e35] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650
• [2446870618] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#651

tailwindlabs/prettier-plugin-tailwindcss (prettier-plugin-tailwindcss)

v0.6.11

Compare Source

• Support TypeScript configs and plugins when using v4 (#​342)

v0.6.10

Compare Source

• Add support for @zackad/prettier-plugin-twig (#​327)
• Drop support for @zackad/prettier-plugin-twig-melody (#​327)
• Update Prettier options types (#​325)
• Don't remove whitespace inside template literals in Svelte (#​332)

puppeteer/puppeteer (puppeteer)

v24.1.1

Compare Source

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.1.0 to 24.1.1

Bug Fixes

• dispose the isolated handle (#​13542) (f9ed75e)
• roll to Chrome 132.0.6834.110 (#​13543) (2d2d214)
• roll to Firefox 134.0.2 (#​13538) (82ec05d)
• webdriver: use correct units for format pdf option (#​13516) (c764f82)

v24.1.0

Compare Source

Features

• roll to Chrome 132.0.6834.83 (#​13507) (e282992)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.0.0 to 24.1.0

Bug Fixes

• roll to Firefox 134.0.1 (#​13510) (a50357c)

rollup/rollup (rollup)

v4.31.0

Compare Source

2025-01-19

Features

• Do not immediately quit when trying to use watch mode from within non-TTY environments (#​5803)

Bug Fixes

• Handle files with more than one UTF-8 BOM header (#​5806)

Pull Requests

• #​5792: fix(deps): update rust crate swc_compiler_base to v8 (@​renovate[bot])
• #​5793: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5794: chore(deps): lock file maintenance (@​renovate[bot])
• #​5801: chore(deps): update dependency eslint-config-prettier to v10 (@​renovate[bot])
• #​5802: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5803: Support watch mode in yarn, gradle and containers (@​lukastaegert)
• #​5806: fix: strip all BOMs (@​TrickyPi)

step-security/harden-runner (step-security/harden-runner)

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

angular/angular (zone.js)

v0.15.0

Compare Source

Bug Fixes

• zone.js: Add support for addition jest functions. (#​57280) (e1240c6), closes #​57277
• zone.js: Update the default behavior of fakeAsync to flush after the test (#​57240) (70e8b40)

BREAKING CHANGES

• zone.js: fakeAsync will now flush pending timers at the end of
  the given function by default. To opt-out of this, you can use {flush: false} in options parameter of fakeAsync

0.14.10 (2024-08-05)

Features

• zone.js: Add 'flush' parameter option to fakeAsync to flush after the test (#​57137) (99d679d)

0.14.8 (2024-07-17)

Bug Fixes

• zone.js: allow enabling default beforeunload handling (#​55875) (b8d5882), closes #​47579
• zone.js: support Timeout.refresh in Node.js (#​56852) (982f1b1), closes #​56586

0.14.7 (2024-06-06)

Bug Fixes

• zone.js: do not mutate event listener options (may be readonly) (#​55796) (85c1719), closes #​54142
• zone.js: store remove abort listener on the scheduled task (#​56160) (4a3800a), closes #​56148

0.14.6 (2024-05-16)

Bug Fixes

• zone.js: add missing APIs to Node.js fs patch (#​54396) (9e07b62)
• zone.js: correctly bundle zone-patch-rxjs (#​55826) (20a530a), closes #​55825
• zone.js: remove abort listener on a signal when actual event is removed (#​55339) (a9460d0), closes #​54739

0.14.5 (2024-04-30)

Bug Fixes

• zone.js: Add 'declare' to each interface to prevent renaming (#​54966) (b3d045b)
• zone.js: make sure fakeasync use the same id pool with native (#​54600) (ddbf6bb), closes #​54323
• zone.js: should not clear onhandler when remove capture listener (#​54602) (e44b077), closes #​54581

0.14.4 (2024-02-13)

Bug Fixes

• zone.js: add __Zone_ignore_on_properties to ZoneGlobalConfigurations (#​50737) (f87f058)
• zone.js: patch fs.realpath.native as macrotask (#​54208) (19fae76), closes #​45546
• zone.js: patch Response methods returned by fetch (#​50653) (260d3ed), closes #​50327
• zone.js: patch form-associated custom element callbacks (#​50686) (1c990cd)

0.14.3 (2023-12-19)

Bug Fixes

• zone.js: handle fetch with AbortSignal (#​49595) (b06b24b)
• zone.js: Promise.resolve(s

---

Configuration

📅 Schedule: Branch creation - "before 4:00am on Tuesday" in timezone America/Toronto, Automerge - "after 9:00am and before 12:00pm on tuesday, wednesday, thursday" in timezone America/Toronto.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Pull Request Report

PR Title

✅ Title follows the conventional commit spec.

Live demo links

• Storybook

• Playwright report

Bundle Size

File	Old (kb)	New (kb)	Change (%)
case-assist	243.9	243.9	0
commerce	355.2	355.2	0
search	415.1	415.1	0
insight	406.3	406.3	0
recommendation	256.2	256.2	0
ssr	409	409	0
ssr-commerce	373	373	0

SSR Progress

Use case	SSR (#)	CSR (#)	Progress (%)
search	39	44	89
recommendation	0	4	0
case-assist	0	6	0
insight	0	27	0
commerce	0	15	0

Detailed logs

search : buildInteractiveResult
search : buildInteractiveInstantResult
search : buildInteractiveRecentResult
search : buildInteractiveCitation
search : buildGeneratedAnswer
recommendation : missing SSR support
case-assist : missing SSR support
insight : missing SSR support
commerce : missing SSR support