chore: Bump the other group across 1 directory with 14 updates

[dependabot]

Bumps the other group with 14 updates in the / directory:

Package	From	To
@anywidget/react	0.2.1	0.2.2
react	19.2.5	19.2.6
react-dom	19.2.5	19.2.6
uuid	13.0.0	14.0.0
zustand	5.0.12	5.0.13
@anywidget/types	0.2.0	0.4.0
@biomejs/biome	2.3.10	2.4.15
@statelyai/inspect	0.4.0	0.7.1
@tailwindcss/postcss	4.2.4	4.3.0
esbuild	0.27.7	0.28.0
postcss	8.5.12	8.5.14
postcss-preset-env	10.6.1	11.2.1
tailwindcss	3.4.19	4.3.0
typescript	5.9.3	6.0.3

Updates @anywidget/react from 0.2.1 to 0.2.2

Release notes

Sourced from @​anywidget/react's releases.

@​anywidget/react@​0.2.2

Patch Changes

• Updated dependencies [f227c83, f227c83, f227c83]:
  • @​anywidget/types@​0.4.0

Commits

• 5789879 Version Packages (#986)
• 4d15a1f Draft v0.11 release blog post (#991)
• bd746a4 chore(deps): bump esbuild from 0.21.5 to 0.28.0 in the prod-dependencies grou...
• c575c88 chore(deps-dev): bump @​typescript/native-preview from 7.0.0-dev.20260410.1 to...
• aec303e chore(deps): bump @​types/node from 12.20.55 to 25.6.0 (#981)
• 77c5b81 chore(deps): bump react-dom and @​types/react-dom (#982)
• cb1f469 chore(deps-dev): bump the dev-dependencies group across 1 directory with 3 up...
• b76b9c6 Fix orphaned ready promise on widget rebind (#988)
• 0399b9a Fix HMR race when _esm changes during widget load (#987)
• bad65ae Rename snake_case identifiers to camelCase (#977)
• Additional commits viewable in compare view

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• See full diff in compare view

Updates uuid from 13.0.0 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

Commits

• 7c1ea08 chore(main): release 14.0.0 (#926)
• 3d2c5b0 Merge commit from fork
• f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
• 529ef08 chore: upgrade TypeScript and fixup types (#927)
• 086fd79 chore: update dependencies (#933)
• dc4ddb8 feat!: drop node@18 support (#934)
• 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
• e2879e6 chore: use maintained version of npm-run-all (#930)
• ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
• 0423d49 docs: remove obsolete v1 option notes (#915)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Updates zustand from 5.0.12 to 5.0.13

Release notes

Sourced from zustand's releases.

v5.0.13

This release includes an improvement in the devtools middleware.

What's Changed

• refactor(devtools): remove duplicate module augmentation by @​mahmoodhamdi in pmndrs/zustand#3443
• fix(devtools): support Firefox/Safari stack format in findCallerName by @​SBolsec in pmndrs/zustand#3469

New Contributors

• @​mahmoodhamdi made their first contribution in pmndrs/zustand#3443
• @​FelixEckl-vireq made their first contribution in pmndrs/zustand#3466
• @​KimHyeongRae0 made their first contribution in pmndrs/zustand#3471
• @​lstak made their first contribution in pmndrs/zustand#3483
• @​AlexRixten made their first contribution in pmndrs/zustand#3474
• @​SBolsec made their first contribution in pmndrs/zustand#3469

Full Changelog: pmndrs/zustand@v5.0.12...v5.0.13

Commits

• 6bc451e 5.0.13
• 8ec2169 chore(deps): update dev dependencies (#3486)
• 4e9bcf0 fix(devtools): support Firefox/Safari stack format in findCallerName (#3469)
• 4b96f4e fix(docs): correct react-dom test utils import path (#3474)
• c7516c1 fix(tests): change parameters for 'expect' in test (#3483)
• 1b04af1 docs(persist): fix signature to require persistOptions (#3477)
• 95d3f33 test(middleware/immer): add runtime tests for immer middleware (#3471)
• 3201328 Update TypeScript guide links in README.md (#3466)
• 00f96a3 chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 (#3447)
• 6330044 test: expand React subscribe test coverage (#3442)
• Additional commits viewable in compare view

Updates @anywidget/types from 0.2.0 to 0.4.0

Release notes

Sourced from @​anywidget/types's releases.

@​anywidget/types@​0.4.0

Minor Changes

• Allow initialize to return an exports object (#974)

  initialize can now return a plain object to expose a programmatic API for the widget. This API is accessible to parent widgets via host.getWidget().

  export default {
    initialize({ model }) {
      return {
        getValue: () => model.get("value"),
        setValue: (v) => {
          model.set("value", v);
          model.save_changes();
        },
      };
    },
    render({ model, el }) {
      /* ... */
    },
  };

  The return type is distinguished by typeof: functions are treated as cleanup callbacks (existing behavior), objects are treated as exports, and void means neither.

• Add signal (AbortSignal) to initialize and render props for lifecycle cleanup (#974)

  Both initialize and render now receive an AbortSignal via the signal prop. The signal is aborted when the widget is destroyed (or during HMR). This is the preferred way to manage cleanup going forward — it composes with the broader web platform (addEventListener, fetch, child widgets) and avoids the need to manually track teardown logic.

  The previous callback-based pattern continues to work but is no longer recommended:

  // before
  export default {
    render({ model, el }) {
      let handler = () => { /* ... */ };
      model.on("change:value", handler);
      return () => model.off("change:value", handler);
    },
  };
  // after
  export default {
  render({ model, el, signal }) {
  let handler = () => { /* ... */ };
  model.on("change:value", handler);
  signal.addEventListener("abort", () => model.off("change:value", handler));
  },
  };

... (truncated)

Commits

• 5789879 Version Packages (#986)
• 4d15a1f Draft v0.11 release blog post (#991)
• bd746a4 chore(deps): bump esbuild from 0.21.5 to 0.28.0 in the prod-dependencies grou...
• c575c88 chore(deps-dev): bump @​typescript/native-preview from 7.0.0-dev.20260410.1 to...
• aec303e chore(deps): bump @​types/node from 12.20.55 to 25.6.0 (#981)
• 77c5b81 chore(deps): bump react-dom and @​types/react-dom (#982)
• cb1f469 chore(deps-dev): bump the dev-dependencies group across 1 directory with 3 up...
• b76b9c6 Fix orphaned ready promise on widget rebind (#988)
• 0399b9a Fix HMR race when _esm changes during widget load (#987)
• bad65ae Rename snake_case identifiers to camelCase (#977)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​anywidget/types since your current version.

Updates @biomejs/biome from 2.3.10 to 2.4.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Commits

• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• e0a54cc feat(lint/js/vue): add useVueNextTickPromise (#10254)
• 1110256 feat(lint/vue): add noVueImportCompilerMacros (#10238)
• 7f7419c fix: grammar in extends docstring (#10263)
• 0ae5840 feat(lint/js): add useThisForClassMethods (#9807)
• 83f7385 feat(lint/js): add noBaseToString (#9838)
• 64aee45 feat(lint/html/vue): add noVueVOnNumberValues (#10219)
• 46393e0 ci: release (#10100)
• Additional commits viewable in compare view

Updates @statelyai/inspect from 0.4.0 to 0.7.1

Release notes

Sourced from @​statelyai/inspect's releases.

v0.7.1

Patch Changes

• e79da70 Thanks @​davidkpiano! - Fix remove-node-module-import

v0.7.0

Minor Changes

• bcb4666 Thanks @​davidkpiano! - ### Breaking changes

  • ESM-only: the package is now "type": "module" and ships .mjs / .d.mts. Use import / import() instead of require() for @statelyai/inspect and @statelyai/inspect/server.

  Features

  • Add createInspectorServer() for Node.js inspection via WebSocket; import from @statelyai/inspect/server. The server relays inspection events to the Stately inspector UI in the browser (with buffering and replay for late connections).

  Fixes

  • createWebSocketInspector() now starts the WebSocket connection reliably.
  • stop() no longer throws if called before start().
  • Remove noisy console.log calls from the WebSocket adapter and receiver.

  Chores

  • Build with tsdown (Rolldown) instead of tsup; align tooling with @statelyai/graph (pnpm 10, Node 24 in CI, frozen lockfile, pnpm verify, publint).
  • Release workflow uses npm trusted publishing (OIDC); drop long-lived NPM_TOKEN from Actions.

Changelog

Sourced from @​statelyai/inspect's changelog.

0.7.1

Patch Changes

• e79da70 Thanks @​davidkpiano! - Fix remove-node-module-import

0.7.0

Minor Changes

• bcb4666 Thanks @​davidkpiano! - ### Breaking changes

  • ESM-only: the package is now "type": "module" and ships .mjs / .d.mts. Use import / import() instead of require() for @statelyai/inspect and @statelyai/inspect/server.

  Features

  • Add createInspectorServer() for Node.js inspection via WebSocket; import from @statelyai/inspect/server. The server relays inspection events to the Stately inspector UI in the browser (with buffering and replay for late connections).

  Fixes

  • createWebSocketInspector() now starts the WebSocket connection reliably.
  • stop() no longer throws if called before start().
  • Remove noisy console.log calls from the WebSocket adapter and receiver.

  Chores

  • Build with tsdown (Rolldown) instead of tsup; align tooling with @statelyai/graph (pnpm 10, Node 24 in CI, frozen lockfile, pnpm verify, publint).
  • Release workflow uses npm trusted publishing (OIDC); drop long-lived NPM_TOKEN from Actions.

0.7.0

Minor Changes

• #50 5c9a711 Thanks @​davidkpiano! - Add createInspectorServer() for inspecting Node.js apps via WebSocket. Import from @statelyai/inspect/server. The server relays inspection events to the Stately inspector UI in the browser.

  • Add createInspectorServer() with event buffering and replay
  • Fix createWebSocketInspector() not auto-starting the WebSocket connection
  • Fix stop() crash when called before start()
  • Remove noisy console.log calls from WebSocket adapter and receiver

0.6.0

Minor Changes

• #48 e1e45ed Thanks @​davidkpiano! - Fixed DOM serialization issues that could cause the inspector to freeze when HTML elements or deeply nested structures were included in state context. Added serializationDepthLimit option (default: 10) to prevent infinite recursion during serialization. HTMLElement instances are now safely converted to their outerHTML string representation.

0.5.2

Patch Changes

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​statelyai/inspect since your current version.

Updates @tailwindcss/postcss from 4.2.4 to 4.3.0

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Commits

• 588bd73 4.3.0 (#20023)
• 12eb5ae Cleanup noisy test output (#20015)
• 4255671 Improve snapshot tests (#20013)
• 52f94c7 Improve codebase quality (#19999)
• d194d4c docs: fix various typos in comments and documentation (#19878)
• bfb5732 Fall back to the plugin base when PostCSS has no from option (#19980)
• 3a890c3 Bump dependencies (#19957)
• See full diff in compare view

Updates esbuild from 0.27.7 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Changelog

Sourced from esbuild's changelog.

0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• See full diff in compare view

Updates postcss from 8.5.12 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

Changelog

Sourced from postcss's changelog.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

Commits

• 3ec1394 Release 8.5.14 version
• f2bb827 Update dependencies
• d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
• 68bd213 fix: always call raw to retrieve raw values
• af58cf1 Release 8.5.13 version