fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/code-frame (source)	^8.0.0-beta.1 -> ^8.0.0-beta.2
@babel/core (source)	^7.28.3 -> ^7.28.4
@babel/eslint-parser (source)	^7.28.0 -> ^7.28.4
@babel/runtime (source)	^7.28.3 -> ^7.28.4
@changesets/cli (source)	^2.29.6 -> ^2.29.7
@eslint/js (source)	^9.34.0 -> ^9.35.0
@reduxjs/toolkit (source)	^2.8.2 -> ^2.9.0
@storybook/addon-onboarding (source)	^9.1.3 -> ^9.1.5
@storybook/react-vite (source)	^9.1.3 -> ^9.1.5
@types/chrome (source)	^0.1.4 -> ^0.1.9
@types/node (source)	^22.18.0 -> ^22.18.1
@types/ramda (source)	^0.31.0 -> ^0.31.1
@types/semver (source)	^7.7.0 -> ^7.7.1
@typescript-eslint/eslint-plugin (source)	^8.41.0 -> ^8.43.0
@typescript-eslint/parser (source)	^8.41.0 -> ^8.43.0
chalk	^5.6.0 -> ^5.6.2
eslint (source)	^9.34.0 -> ^9.35.0
globals	^16.3.0 -> ^16.4.0
jest (source)	^30.1.2 -> ^30.1.3
pnpm (source)	10.15.1 -> 10.16.0
react-router-dom (source)	^7.8.2 -> ^7.9.0
storybook (source)	^9.1.3 -> ^9.1.5
typescript-eslint (source)	^8.41.0 -> ^8.43.0
vite (source)	^7.1.4 -> ^7.1.5

---

Release Notes

babel/babel (@​babel/code-frame)

v8.0.0-beta.2

Compare Source

v8.0.0-beta.2 (2025-09-05)

💥 Breaking Change

• babel-standalone
  • #​17421 Do not enable default plugins in @babel/standalone (@​gwillen)

🐛 Bug Fix

• babel-types
  • #​17495 fix: allow d and v flag in regExpLiteral builder (@​JLHwung)
• babel-parser
  • #​17479 [Babel 8] Align TSMappedType AST (@​JLHwung)

💅 Polish

• babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-object-rest-spread, babel-traverse
  • #​17485 Improve @​babel/traverse typings (@​JLHwung)
• babel-core, babel-helpers, babel-runtime-corejs3, babel-traverse, babel-types
  • #​17471 Improve @​babel/core typings (@​JLHwung)
• babel-core
  • #​17470 export PartialConfig and NormalizedOptions (@​JLHwung)

🏠 Internal

• #​17468 build(Babel 8): disable JSON module transform (@​JLHwung)

Committers: 9

• Babel Bot (@​babel-bot)
• Bill Collins (@​mrginglymus)
• Glenn Willen (@​gwillen)
• Huáng Jùnliàng (@​JLHwung)
• Jam Balaya (@​JamBalaya56562)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• SOUHAILA SERBOUT (@​souhailaS)
• @​liuxingbaoyu
• easrng (@​easrng)

babel/babel (@​babel/eslint-parser)

v7.28.4

Compare Source

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #​17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #​17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #​17474 Switch to @​jridgewell/remapping (@​mrginglymus)

changesets/changesets (@​changesets/cli)

v2.29.7

Compare Source

Patch Changes

• Updated dependencies [957f24e]:
  • @​changesets/apply-release-plan@​7.0.13

reduxjs/redux-toolkit (@​reduxjs/toolkit)

v2.9.0

Compare Source

This feature release rewrites RTK Query's internal subscription and polling systems and the useStableQueryArgs hook for better perf, adds automatic AbortSignal handling to requests still in progress when a cache entry is removed, fixes a bug with the transformResponse option for queries, adds a new builder.addAsyncThunk method, and fixes assorted other issues.

Changelog

RTK Query Performance Improvements

We had reports that RTK Query could get very slow when there were thousands of subscriptions to the same cache entry. After investigation, we found that the internal polling logic was attempting to recalculate the minimum polling time after every new subscription was added. This was highly inefficient, as most subscriptions don't change polling settings, and it required repeated O(n) iteration over the growing list of subscriptions. We've rewritten that logic to debounce the update check and ensure a max of one polling value update per tick for the entire API instance.

Related, while working on the request abort changes, testing showed that use of plain Records to hold subscription data was inefficient because we have to iterate keys to check size. We've rewritten the subscription handling internals to use Maps instead, as well as restructuring some additional checks around in-flight requests.

These two improvements drastically improved runtime perf for the thousands-of-subscriptions-one-cache-entry repro, eliminating RTK methods as visible hotspots in the perf profiles. It likely also improves perf for general usage as well.

We've also changed the implementation of our internal useStableQueryArgs hook to avoid calling serializeQueryArgs on its value, which can avoid potential perf issues when a query takes a very large object as its cache key.

[!NOTE]
The internal logic switched from serializing the query arg to doing reference checks on nested values. This means that if you are passing a non-POJO value in a query arg, such as useSomeQuery({a: new Set()}), and you have refetchOnMountOrArgChange enabled, this will now trigger refeteches each time as the Set references are now considered different based on equality instead of serialization.

Abort Signal Handling on Cleanup

We've had numerous requests over time for various forms of "abort in-progress requests when the data is no longer needed / params change / component unmounts / some expensive request is taking too long". This is a complex topic with multiple potential use cases, and our standard answer has been that we don't want to abort those requests - after all, cache entries default to staying in memory for 1 minute after the last subscription is removed, so RTKQ's cache can still be updated when the request completes. That also means that it doesn't make sense to abort a request "on unmount".

However, it does then make sense to abort an in-progress request if the cache entry itself is removed. Given that, we've updated our cache handling to automatically call the existing resPromise.abort() method in that case, triggering the AbortSignal attached to the baseQuery. The handling at that point depends on your app - fetchBaseQuery should handle that, a custom baseQuery or queryFn would need to listen to the AbortSignal.

We do have an open issue asking for further discussions of potential abort / cancelation use cases and would appreciate further feedback.

New Options

The builder callback used in createReducer and createSlice.extraReducers now has builder.addAsyncThunk available, which allows handling specific actions from a thunk in the same way that you could define a thunk inside createSlice.reducers:

        const slice = createSlice({
          name: 'counter',
          initialState: {
            loading: false,
            errored: false,
            value: 0,
          },
          reducers: {},
          extraReducers: (builder) =>
            builder.addAsyncThunk(asyncThunk, {
              pending(state) {
                state.loading = true
              },
              fulfilled(state, action) {
                state.value = action.payload
              },
              rejected(state) {
                state.errored = true
              },
              settled(state) {
                state.loading = false
              },
            }),
        })

createApi and individual endpoint definitions now accept a skipSchemaValidation option with an array of schema types to skip, or true to skip validation entirely (in case you want to use a schema for its types, but the actual validation is expensive).

Bug Fixes

The infinite query implementation accidentally changed the query internals to always run transformResponse if provided, including if you were using upsertQueryData(), which then broke. It's been fixed to only run on an actual query request.

The internal changes to the structure of the state.api.provided structure broke our handling of extractRehydrationInfo - we've updated that to handle the changed structure.

The infinite query status fields like hasNextPage are now a looser type of boolean initially, rather than strictly false.

TS Types

We now export Immer's WritableDraft type to fix another non-portable types issue.

We've added an api.endpoints.myEndpoint.types.RawResultType types-only field to match the other available fields.

What's Changed

• Add RawResultType as a type-only property on endpoints by @​EskiMojo14 in #​5037
• allow passing an array of specific schemas to skip by @​EskiMojo14 in #​5042
• fix(types): re-exporting WritableDraft from immer by @​marinsokol5 in #​5015
• Remove Serialisation from useStableQueryArgs by @​riqts in #​4996
• add addAsyncThunk method to reducer map builder by @​EskiMojo14 in #​5007
• Only run transformResponse when a query is used by @​markerikson in #​5049
• Assorted bugfixes for 2.8.3 by @​markerikson in #​5060
• Abort pending requests if the cache entry is removed by @​markerikson in #​5061
• Update TS CI config by @​markerikson in #​5065
• Rewrite subscription handling and polling calculations for better perf by @​markerikson in #​5064

Full Changelog: reduxjs/redux-toolkit@v2.8.2...v2.9.0

storybookjs/storybook (@​storybook/addon-onboarding)

v9.1.5

Compare Source

9.1.5

• CSF: Support satisfies x as y syntax - #​32169, thanks @​diagramatics!
• Vitest addon: Handle Playwright installation errors gracefully - #​32329, thanks @​ndelangen!

v9.1.4

Compare Source

9.1.4

• Angular: Properly merge builder options and browserTarget options - #​32272, thanks @​kroeder!
• Core: Optimize bundlesize, by reusing internal/babel in mocking-utils - #​32350, thanks @​ndelangen!
• Svelte & Vue: Add framework-specific docgen option to disable docgen processing - #​32319, thanks @​copilot-swe-agent!
• Svelte: Support @sveltejs/vite-plugin-svelte v6 - #​32320, thanks @​JReinhold!

storybookjs/storybook (@​storybook/react-vite)

v9.1.5

Compare Source

• CSF: Support satisfies x as y syntax - #​32169, thanks @​diagramatics!
• Vitest addon: Handle Playwright installation errors gracefully - #​32329, thanks @​ndelangen!

v9.1.4

Compare Source

• Angular: Properly merge builder options and browserTarget options - #​32272, thanks @​kroeder!
• Core: Optimize bundlesize, by reusing internal/babel in mocking-utils - #​32350, thanks @​ndelangen!
• Svelte & Vue: Add framework-specific docgen option to disable docgen processing - #​32319, thanks @​copilot-swe-agent!
• Svelte: Support @sveltejs/vite-plugin-svelte v6 - #​32320, thanks @​JReinhold!

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.43.0

Compare Source

🚀 Features

• typescript-estree: disallow empty type parameter/argument lists (#​11563)

🩹 Fixes

• eslint-plugin: [prefer-return-this-type] don't report an error when returning a union type that includes a classType (#​11432)
• eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#​11359)
• eslint-plugin: [no-floating-promises] allowForKnownSafeCalls now supports function names (#​11423, #​11430)
• eslint-plugin: [consistent-type-exports] fix declaration shadowing (#​11457)
• eslint-plugin: [no-unnecessary-type-conversion] only report ~~ on integer literal types (#​11517)
• scope-manager: exclude Program from DefinitionBase node types (#​11469)
• eslint-plugin: [no-non-null-assertion] do not suggest optional chain on LHS of assignment (#​11489)
• type-utils: add union type support to TypeOrValueSpecifier (#​11526)

❤️ Thank You

• Dima @​dbarabashh
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• tao
• Victor Genaev @​mainframev
• Yukihiro Hasegawa @​y-hsgw
• 민감자(Minji Kim) @​mouse0429
• 송재욱

You can read about our versioning strategy and releases on our website.

v8.42.0

Compare Source

🩹 Fixes

• deps: update eslint monorepo to v9.33.0 (#​11482)

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.43.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.42.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

chalk/chalk (chalk)

v5.6.2

Compare Source

• Fix vulnerability in 5.6.1, see: #​656

sindresorhus/globals (globals)

v16.4.0

Compare Source

pnpm/pnpm (pnpm)

v10.16.0

Compare Source

Minor Changes

• There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

  The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

  If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

  minimumReleaseAgeExclude:
    - webpack

  Related issue: #​9921.

• Added support for finders #​9946.

  In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:

  pnpm why minimist
  

  prints the chain of dependencies to any installed instance of minimist:

  verdaccio 5.20.1
  ├─┬ handlebars 4.7.7
  │ └── minimist 1.2.8
  └─┬ mv 2.1.1
    └─┬ mkdirp 0.5.6
      └── minimist 1.2.8
  

  What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

  This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

  Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:

  module.exports = {
    finders: {
      react17: (ctx) => {
        return ctx.readManifest().peerDependencies?.react === "^17.0.0";
      },
    },
  };

  Now we can use this finder function by running:

  pnpm why --find-by=react17
  

  pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.

  @​apollo/client 4.0.4
  ├── @​graphql-typed-document-node/core 3.2.0
  └── graphql-tag 2.12.6
  

  It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:

  module.exports = {
    finders: {
      react17: (ctx) => {
        const manifest = ctx.readManifest();
        if (manifest.peerDependencies?.react === "^17.0.0") {
          return `license: ${manifest.license}`;
        }
        return false;
      },
    },
  };

  Every matched package will also print out the license from its package.json:

  @​apollo/client 4.0.4
  ├── @​graphql-typed-document-node/core 3.2.0
  │   license: MIT
  └── graphql-tag 2.12.6
      license: MIT
  

Patch Changes

• Fix deprecation warning printed when executing pnpm with Node.js 24 #​9529.
• Throw an error if nodeVersion is not set to an exact semver version #​9934.
• pnpm publish should be able to publish a .tar.gz file #​9927.
• Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #​9626.

remix-run/react-router (react-router-dom)

v7.9.0

Compare Source

Patch Changes

• Updated dependencies:
  • [email protected]

typescript-eslint/typescript-eslint (typescript-eslint)

v8.43.0

Compare Source

🩹 Fixes

• eslint-plugin: [no-deprecated] should report deprecated exports and reexports (#​11359)

❤️ Thank You

• Victor Genaev @​mainframev

You can read about our versioning strategy and releases on our website.

v8.42.0

Compare Source

🚀 Features

• deprecate tseslint.config() (#​11531)

🩹 Fixes

• typescript-eslint: handle non-normalized windows paths produced by jiti (#​11546)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 99bdf4a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR