chore(deps): update devdependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
eslint-plugin-prettier	5.5.4 → 5.5.5
lint-staged	16.2.3 → 16.4.0
prettier (source)	3.6.2 → 3.8.1
stylelint-csstree-validator	3.0.0 → 3.1.0
typescript (source)	~5.8.0 → ~5.9.0
yjs (source)	13.6.27 → 13.6.30

---

Release Notes

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

v5.5.5

Compare Source

Patch Changes

• #​772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #​776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

lint-staged/lint-staged (lint-staged)

v16.4.0

Compare Source

Minor Changes

• #​1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Compare Source

Patch Changes

• #​1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Compare Source

Patch Changes

• #​1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

v16.3.2

Compare Source

Patch Changes

• #​1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Compare Source

Patch Changes

• #​1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Compare Source

Minor Changes

• #​1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #​1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #​1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

v16.2.7

Compare Source

Patch Changes

• #​1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

v16.2.6

Compare Source

Patch Changes

• #​1693 33d4502 Thanks @​Adrian-Baran-GY! - Fix problems with --continue-on-error option, where tasks might have still been killed (SIGINT) when one of them failed.

v16.2.5

Compare Source

Patch Changes

• #​1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.

v16.2.4

Compare Source

Patch Changes

• #​1682 0176038 Thanks @​iiroj! - Update dependencies, including nano-spawn@2.0.0 with bug fixes.

• #​1671 581a54e Thanks @​iiroj! - Speed up execution by only importing the yaml depedency if using YAML configuration files.

prettier/prettier (prettier)

v3.8.1

Compare Source

v3.8.0

Compare Source

diff

🔗 Release note

v3.7.4

Compare Source

diff

LWC: Avoid quote around interpolations (#​18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>

<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>

<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#​18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;

// Prettier 3.7.3
type Foo = /** comment */ (/** comment */ a | b) | c;

// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#​18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);

// Prettier 3.7.3 (first format)
type X = (A | B) &
  (// comment
  A | B);

// Prettier 3.7.3 (second format)
type X = (
  | A
  | B // comment
) &
  (A | B);

// Prettier 3.7.4
type X = (A | B) &
  // comment
  (A | B);

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

csstree/stylelint-validator (stylelint-csstree-validator)

v3.1.0

Compare Source

• Bumped css-tree to ^3.2.1

microsoft/TypeScript (typescript)

v5.9.3: TypeScript 5.9.3

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

v5.9.2: TypeScript 5.9

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

yjs/yjs (yjs)

v13.6.30

Compare Source

• lint 0504939
• fix mutation of DeleteItem in sortAndMergeDeleteSet - closes #​767 5d5f1ad

---

v13.6.29

Compare Source

• catch errors in deep event handlers cff7de1

---

v13.6.28

Compare Source

• proper cloning of yxmlElement with attributes that are not strings ed29b64
• Merge pull request #​725 from mattkrick/mattkrick-patch-1 4120d72
• remove newValue from YEvent 783a7c4
• Merge pull request #​716 from i3dly/patch-2 f94f2eb
• Merge pull request #​722 from hyonun321/typos d5a74c9
• fix typos f4fa053
• Merge pull request #​719 from kasugamirai/chore/readme b3c92f6
• add tiptap 0b8a0fc
• add milkdown c87430a
• add blocknote 61258d8
• added superdoc as one of the providers fcfdba1
• Merge pull request #​721 from cloneot/patch-1 2995fcd
• README: Update y-sweet debugger hyperlink bc941a5
• Add reearth-flow to the README as a collaborative data calculation tool 7310314
• add lightpage as a user 55df734
• add yjs-cf-ws-provider 273c53b
• add electric-sql as a provider 2d09ed4
• README: add pluv.io provider 4ea9a75

---

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated devDependencies in package.json: lint-staged bumped from 16.2.3 to 16.4.0, and TypeScript bumped from ~5.8.0 to ~5.9.0. Both are development-only dependency version updates; no exported API or runtime behavioral changes included.

Sequence Diagram(s)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately describes the main change: updating development dependencies in package.json across multiple packages.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Updates Docs	✅ Passed	Dependency maintenance update with no new features or user-facing changes; documentation not required for routine version bumps.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4eede54 and 47f630b.

📒 Files selected for processing (1)

• package.json

🔇 Additional comments (2)

package.json (2)

89-89: PR description claims 4 updates; diff shows 2.

PR objectives mention prettier 3.6.2→3.7.4 and yjs 13.6.27→13.6.28, but these lines show no changes.

Also applies to: 92-92, 101-102

---

89-89: lint-staged 16.2.7 is safe to use.

Version published November 19, 2025 with a minor fix for error message handling when tasks fail. No issues identified.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

(node:1307) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
(Use `node --trace-deprecation ...` to show where the warning was created)
error Error: https://npm.pkg.github.com/@deepnote%2fblocks: authentication token not provided
    at params.callback [as _callback] (/opt/containerbase/tools/yarn/1.22.22/24.14.0/node_modules/yarn/lib/cli.js:66680:18)
    at self.callback (/opt/containerbase/tools/yarn/1.22.22/24.14.0/node_modules/yarn/lib/cli.js:141410:22)
    at Request.emit (node:events:508:28)
    at Request.<anonymous> (/opt/containerbase/tools/yarn/1.22.22/24.14.0/node_modules/yarn/lib/cli.js:142382:10)
    at Request.emit (node:events:508:28)
    at IncomingMessage.<anonymous> (/opt/containerbase/tools/yarn/1.22.22/24.14.0/node_modules/yarn/lib/cli.js:142304:12)
    at Object.onceWrapper (node:events:622:28)
    at IncomingMessage.emit (node:events:520:35)
    at endReadableNT (node:internal/streams/readable:1729:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:90:21)

[codecov]

⚠️ JUnit XML file not found

The CLI was unable to find any JUnit XML files to upload.
For more help, visit our troubleshooting guide.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 101: package.json currently pins "typescript": "~5.9.0" but the
`@typescript-eslint` packages need bumping; update the dependency entries for
"@typescript-eslint/parser" and "@typescript-eslint/eslint-plugin" to ">=6.5.0"
(e.g., "6.5.0" or a compatible caret range) in package.json, then run your
package manager install (npm/yarn/pnpm) to refresh node_modules and the lockfile
so the parser and plugin match TypeScript 5.9; ensure any ESLint config
references (parser in .eslintrc or eslint config) remain pointed to
"@typescript-eslint/parser".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 71302b8e-2f42-4f41-9bbd-d1aa706d63b8

📥 Commits

Reviewing files that changed from the base of the PR and between 0e5c11d and 2a097f4.

📒 Files selected for processing (1)

• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What TypeScript versions are officially supported by @typescript-eslint/parser6.1.0 and@typescript-eslint/eslint-plugin 6.1.0? Does that support include TypeScript 5.9.x?

💡 Result:

For @typescript-eslint/parser 6.1.0 (and therefore @typescript-eslint/eslint-plugin 6.1.0, which relies on the parser), the project’s “officially supported TypeScript versions” range for that v6 line is:

• TypeScript >=3.3.1 <5.2.0 (this is the range emitted in the tool’s own “SUPPORTED TYPESCRIPT VERSIONS” warning output for v6-era installs). [1]
• Shortly after, in @typescript-eslint/parser 6.5.0, they bumped support to TypeScript 5.2, implying versions before 6.5.0 (including 6.1.0) did not include 5.2+. [2]

So: No—TypeScript 5.9.x is not included in the official support for 6.1.0 (it’s far above the <5.2.0 ceiling). [1]

Sources:
[1] GitHub (eslint/eslint) issue showing the parser’s warning output with “SUPPORTED TYPESCRIPT VERSIONS: >=3.3.1 <5.2.0” eslint/eslint#18825
[2] NewReleases entry for @typescript-eslint/parser 6.5.0 noting “bump supported TS version to 5.2” https://newreleases.io/project/npm/%40typescript-eslint/parser/release/6.5.0

---

Upgrade @typescript-eslint to ≥6.5.0 for TypeScript 5.9 support.

TypeScript 5.9.0 exceeds the supported range for @typescript-eslint 6.1.0 (which caps at <5.2.0). Support for TypeScript 5.2+ was added in @typescript-eslint/parser 6.5.0. Update both @typescript-eslint/parser and @typescript-eslint/eslint-plugin to 6.5.0 or later.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 101, package.json currently pins "typescript": "~5.9.0"
but the `@typescript-eslint` packages need bumping; update the dependency entries
for "@typescript-eslint/parser" and "@typescript-eslint/eslint-plugin" to
">=6.5.0" (e.g., "6.5.0" or a compatible caret range) in package.json, then run
your package manager install (npm/yarn/pnpm) to refresh node_modules and the
lockfile so the parser and plugin match TypeScript 5.9; ensure any ESLint config
references (parser in .eslintrc or eslint config) remain pointed to
"@typescript-eslint/parser".