fix(deps): update patch updates (patch)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@eslint-react/eslint-plugin (source)	^1.52.2 -> ^1.52.6
@eslint-react/eslint-plugin (source)	^1.52.3 -> ^1.52.6
@eslint/compat (source)	^1.3.1 -> ^1.3.2
@eslint/plugin-kit@<0.3.3 (source)	>=0.3.3 -> >=0.3.5
browserslist	4.25.1 -> 4.25.3
caniuse-lite	^1.0.30001731 -> ^1.0.30001735
chrono-node@<2.2.4	>=2.8.3 -> >=2.8.4
esbuild	^0.25.8 -> ^0.25.9
esbuild@<=0.24.2	>=0.25.6 -> >=0.25.9
lint-staged	^16.1.4 -> ^16.1.5
pkg-pr-new (source)	^0.0.54 -> ^0.0.55
tsx (source)	^4.20.3 -> ^4.20.4

---

Release Notes

Rel1cx/eslint-react (@​eslint-react/eslint-plugin)

v1.52.6

Compare Source

🐞 Fixes

• fix: correct logic in naming-convention/component-name validation to continue on valid names, closes #​1176 by @​Rel1cx in #​1177

Full Changelog: Rel1cx/eslint-react@v1.52.5...v1.52.6

v1.52.5

Compare Source

🐞 Fixes

• fix: refactor is-from-react utility in react-debug/is-from-react rule and improve react-x/no-forward-ref rule autofix handling, closes #​1172 by @​Rel1cx in https://github.com/Rel1cx/eslint-react/pull/1173

Full Changelog: Rel1cx/eslint-react@v1.52.4...v1.52.5

v1.52.4

Compare Source

🐞 Fixes

• fix: improve logic for detecting significant children in JSX elements, closes #​1163 by @​Rel1cx in https://github.com/Rel1cx/eslint-react/pull/1165

Full Changelog: Rel1cx/eslint-react@v1.52.3...v1.52.4

v1.52.3

Compare Source

🐞 Fixes

• fix: remove bun engine requirement from package.json files, closes #​1157 by @​Rel1cx in https://github.com/Rel1cx/eslint-react/pull/1158

Full Changelog: Rel1cx/eslint-react@v1.52.2...v1.52.3

eslint/rewrite (@​eslint/compat)

v1.3.2

Compare Source

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.15.1 to ^0.15.2

eslint/rewrite (@​eslint/plugin-kit@<0.3.3)

v0.3.5

Compare Source

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^0.15.1 to ^0.15.2

v0.3.4

Compare Source

Bug Fixes

• potential quadratic runtime in regular expression (#​240) (b283f64)

browserslist/browserslist (browserslist)

v4.25.3

Compare Source

• Fixed ReDoS (by @​ericcornelissen).

v4.25.2

Compare Source

• Fixed Node.js --permission support (by @​broofa).

browserslist/caniuse-lite (caniuse-lite)

v1.0.30001735

Compare Source

v1.0.30001734

Compare Source

v1.0.30001733

Compare Source

wanasit/chrono (chrono-node@<2.2.4)

v2.8.4

Compare Source

• Fix: Timezone override in the options is not correctly applied in reference #​608, 958eb3d
• New: Swedish (SW) initial support (by @​Nicklasfox) a5c52cf.

---

evanw/esbuild (esbuild)

v0.25.9

Compare Source

• Better support building projects that use Yarn on Windows (#​3131, #​3663)

  With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

  1. Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive
  2. Some developers put their projects on the D: drive
  3. Yarn generates relative paths that use ../.. to get from the project directory to the cache directory
  4. Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)
  5. I didn't have access to a Windows machine for testing this edge case

  Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.

• Preserve parentheses around function expressions (#​4252)

  The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

  Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:

  // Original code
  const fn0 = () => 0
  const fn1 = (() => 1)
  console.log(fn0, function() { return fn1() }())
  
  // Old output
  const fn0 = () => 0;
  const fn1 = () => 1;
  console.log(fn0, function() {
    return fn1();
  }());
  
  // New output
  const fn0 = () => 0;
  const fn1 = (() => 1);
  console.log(fn0, (function() {
    return fn1();
  })());

  Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.

• Update Go from 1.23.10 to 1.23.12 (#​4257, #​4258)

  This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

lint-staged/lint-staged (lint-staged)

v16.1.5

Compare Source

Patch Changes

• #​1608 4e3ce22 Thanks @​srsatt! - Detect the git repo's top-level directory correctly when in a worktree.

stackblitz-labs/pkg.pr.new (pkg-pr-new)

v0.0.55

Compare Source

privatenumber/tsx (tsx)

v4.20.4

Compare Source

---

Configuration

📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Thank you for following the naming conventions! 🙏

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	esbuild@​0.25.8 ⏵ 0.25.9
	browserslist@​4.25.1 ⏵ 4.25.3	+1
	@​eslint/​compat@​1.3.1 ⏵ 1.3.2				+3
	@​eslint-react/​eslint-plugin@​1.52.3 ⏵ 1.52.6
	caniuse-lite@​1.0.30001731 ⏵ 1.0.30001737	+1		+27	+5

View full report