chore(deps): lock file maintenance npm packages

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
		lockFileMaintenance	All locks refreshed
@modelcontextprotocol/sdk (source)	dependencies	patch	1.18.1 -> 1.18.2
memfs	devDependencies	minor	4.43.0 -> 4.47.0
motion	devDependencies	patch	12.23.16 -> 12.23.22
vue (source)	devDependencies	patch	3.5.21 -> 3.5.22
@vscode/vsce (source)	devDependencies	patch	3.6.0 -> 3.6.2
pnpm (source)	packageManager	patch	10.17.0 -> 10.17.1
@typescript-eslint/visitor-keys (source)	devDependencies	patch	8.44.0 -> 8.44.1
playwright (source)	devDependencies	patch	1.55.0 -> 1.55.1
rolldown (source)	devDependencies	patch	1.0.0-beta.38 -> 1.0.0-beta.40

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

modelcontextprotocol/typescript-sdk (@​modelcontextprotocol/sdk)

v1.18.2

Compare Source

What's Changed

• Updates the sampling code example in the README by @​viniciuscsouza in #​958
• Use redirect Uri passed in in demoInMemoryOAuthProvider by @​TylerLeonhardt in #​931
• fix(auth-router): correct Protected Resource Metadata for pathful RS and add explicit resourceServerUrl (RFC 9728) by @​blustAI in #​858
• chore: update version to 1.18.2 for weekly release by @​felixweinberger in #​970

New Contributors

• @​viniciuscsouza made their first contribution in #​958
• @​TylerLeonhardt made their first contribution in #​931
• @​blustAI made their first contribution in #​858

Full Changelog: modelcontextprotocol/typescript-sdk@1.18.1...1.18.2

streamich/memfs (memfs)

v4.47.0

Compare Source

Features

• align openAsBlob errors with Node.js behavior (1f1afb7)

4.46.1 (2025-09-25)

Bug Fixes

• handle Uint8Array byteOffset and byteLength in readSync (bba8729)

v4.46.1

Compare Source

Features

• align openAsBlob errors with Node.js behavior (1f1afb7)

4.46.1 (2025-09-25)

Bug Fixes

• handle Uint8Array byteOffset and byteLength in readSync (bba8729)

v4.46.0

Compare Source

Features

• align openAsBlob errors with Node.js behavior (1f1afb7)

4.46.1 (2025-09-25)

Bug Fixes

• handle Uint8Array byteOffset and byteLength in readSync (bba8729)

v4.45.0

Compare Source

Bug Fixes

• 🐛 inline Buffer and URL (0b6c43a)

Features

• inline fs.ts types to remove node:fs dependency (22886c3)

v4.44.0

Compare Source

Bug Fixes

• 🐛 remove dependence on "assert" module (c7c6f6c)

Features

• move internal files to vendor/node/internal and cleanup unused error codes (3a9ee47)

4.43.1 (2025-09-24)

Bug Fixes

• Use cross-platform dirname instead of posix.dirname (7a51ac3), closes #​1193

v4.43.1

Compare Source

Bug Fixes

• 🐛 remove dependence on "assert" module (c7c6f6c)

Features

• move internal files to vendor/node/internal and cleanup unused error codes (3a9ee47)

4.43.1 (2025-09-24)

Bug Fixes

• Use cross-platform dirname instead of posix.dirname (7a51ac3), closes #​1193

motiondivision/motion (motion)

v12.23.22

Compare Source

Added

• Exporting HTMLElements and useComposedRefs type for internal use.

v12.23.21

Compare Source

Fixed

• Fixing main-thread scroll with animations that contain delay.

v12.23.20

Compare Source

Fixed

• Suppress non-animatable value warning for instant animations.

v12.23.19

Compare Source

Fixed

• Remove support for changing ref prop.

v12.23.18

Compare Source

Fixed

• <motion /> components now support changing ref prop.

vuejs/core (vue)

v3.5.22

Compare Source

Bug Fixes

• compiler-core: identifiers in switch-case should not be inferred as references (#​13923) (5953c9f)
• compiler-dom: nodes with v-once shouldn't be stringified (#​13878) (95c1975)
• compiler-sfc: add support for @vue-ignore in runtime type resolution (#​13906) (ba7f7f9)
• compiler-sfc: enhance inferRuntimeType to support TSMappedType with indexed access (#​13848) (e388f1a), closes #​13847
• compiler-sfc: ensure css custom properties do not start with a digit (#​13870) (9c27951)
• compiler-sfc: ensure props bindings register before compiling template (#​13922) (abd5638), closes #​13920
• compiler-ssr: ensure v-show has a higher priority in SSR (#​12171) (836b829), closes #​12162
• custom-element: properly mount multiple Teleports in custom element component w/ shadowRoot false (#​13900) (5e1e791), closes #​13899
• custom-element: set prop runs pending mutations before disconnect (#​13897) (c4a88cd), closes #​13315
• custom-element: use PatchFlags.BAIL for slot when props are present (#​13907) (5358bca), closes #​13904
• reactivity: respect readonly during ref unwrapping (#​13905) (aba7fed), closes #​13903
• reactivity: update iterator to check for completion instead of value presence (#​13761) (2078f8b)
• runtime-core: simplify block-tracking disabling in h helper (#​13841) (75220c7)
• transition-group: run forceReflow on the correct document (fix #​13849) (#​13853) (1be5ddf)
• types: more precise types for Events and added missing definitions (#​9675) (8bb8fb2)
• types: set dom stub type to never instead of {} (#​13915) (8620a61), closes #​11564
• types: widen directive arg type from string to any (#​13758) (4b71706), closes #​13757

Features

• custom-element: allow specifying additional options for shadowRoot in custom elements (#​12965) (47e628d), closes #​12964

Reverts

• Revert "fix(hmr): prevent VUE_HMR_RUNTIME from being overwritten by vue runtime in 3rd-party libraries" (#​13925) (6b68f72), closes #​13925

Microsoft/vsce (@​vscode/vsce)

v3.6.2

Compare Source

Changes:

• #​1199: fix: generate language model tag for languageModelChatProvider contributions

This list of changes was auto generated.

v3.6.1

Compare Source

Changes:

• #​1198: chore: bump vsce-sign to 2.0.7
• #​1194: Engineering - do not run Azure Pipeline for pull requests
• #​1193: fix: check exec params
• #​1191: Bump tmp from 0.2.3 to 0.2.4
• #​1188: Avoid Node.js DEP0190 warning by using string form for prepublish command
• #​1190: chore: migrate PR check to GitHub Actions
• #​1189: update secretlint
• #​1187: Bump form-data from 4.0.0 to 4.0.4
• #​1185: chore: onboard OSS pipeline to 1ES template
• #​1179: add commonjs annotation to package.json

This list of changes was auto generated.

pnpm/pnpm (pnpm)

v10.17.1

Compare Source

Patch Changes

• When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #​9974.
• Fix state.json creation path when executing pnpm patch in a workspace project #​9733.
• When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #​9987.

typescript-eslint/typescript-eslint (@​typescript-eslint/visitor-keys)

v8.44.1

Compare Source

This was a version bump only for visitor-keys to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

microsoft/playwright (playwright)

v1.55.1

Compare Source

Highlights

#​37479 - [Bug]: Upgrade Chromium to 140.0.7339.186.
#​37147 - [Regression]: Internal error: step id not found.
#​37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects.
#​37137 - Revert "fix(a11y): track inert elements as hidden".

Browser Versions

• Chromium 140.0.7339.186
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

rolldown/rolldown (rolldown)

v1.0.0-beta.40

Compare Source

🚀 Features

• rolldown: oxc v0.92.0 (#​6322) by @​Boshen
• adding partial MagicString binding (#​6289) by @​IWANABETHATGUY
• rolldown_plugin_vite_html: initialize (#​6292) by @​shulaoda

🐛 Bug Fixes

• rolldown_plugin_react_refresh_wrapper: avoid using cwd to allow using as a callable plugin (#​6318) by @​sapphi-red
• rolldown_plugin_transform: resolve tsconfig from absolute path (#​6311) by @​shulaoda

🚜 Refactor

• Construct MagicString with Cow<str> instead of &str (#​6288) by @​IWANABETHATGUY
• throw error if generating oxc runtime helper fails (#​6291) by @​shulaoda

📚 Documentation

• add more description about sourcemapIgnoreList (#​6314) by @​IWANABETHATGUY

⚡ Performance

• reduce sourcemap_ignore_list js function call (#​6313) by @​IWANABETHATGUY
• string_wizard: use memchr to find patterns in replace (#​6312) by @​IWANABETHATGUY
• simplify sourcemap token processing in collapse_sourcemaps (#​6310) by @​IWANABETHATGUY
• rolldown: some minor perf optimization (#​6306) by @​Brooooooklyn
• rolldown: fine-tuning the tokio scheduler (#​6272) by @​Brooooooklyn

⚙️ Miscellaneous Tasks

• deps: lock file maintenance rust crates (#​6302) by @​renovate[bot]
• deps: lock file maintenance npm packages (#​6301) by @​renovate[bot]
• use lto: thin in profile mode for better profiling experience. (#​6320) by @​IWANABETHATGUY
• adjust the tokio runtime config in bench (#​6305) by @​Brooooooklyn
• deps: update dependency rolldown-plugin-dts to v0.16.8 (#​6307) by @​renovate[bot]

v1.0.0-beta.39

Compare Source

🚀 Features

• rolldown: oxc v0.90.0 + other oxc crate updates (#​6274) by @​Boshen
• support ignoring /* @​vite-ignore */ comment for dynamic imports (#​6264) by @​IWANABETHATGUY
• dev: merge mergeable queued tasks into one (#​6253) by @​hyf0
• dev: ignore self imports when computing update for invalidate (#​6252) by @​sapphi-red
• support #__NO_SIDE_EFFECTS__ annotation for export default function declaration (#​6239) by @​IWANABETHATGUY
• rolldown_plugin_dynamic_import_vars: respect @vite-ignore comment (#​6240) by @​shulaoda
• rolldown_plugin_import_glob: support exhaustive option (#​6236) by @​shulaoda
• cross chunk /* @​NO_SIDE_EFFECTS */ support (#​6207) by @​IWANABETHATGUY
• rolldown_plugin_react_refresh_wrapper: make the plugin callable (#​6229) by @​sapphi-red

🐛 Bug Fixes

• handle optional chaining in scope hoisting member expression rewriting (#​6278) by @​shulaoda
• release: Fix semver commit release format to use plus instead of dash (#​6273) by @​Copilot
• dev: ensure_latest_build_output should work correctly when eagerBuild: false (#​6262) by @​hyf0
• browser: does not work in stackblitz (#​6257) by @​shulaoda
• only inline constants that are not reassigned (#​6247) by @​IWANABETHATGUY
• handle lexical declarations in root scope (#​6230) by @​IWANABETHATGUY

🚜 Refactor

• move oxc runtime helper generation from build.rs to task generator (#​6284) by @​shulaoda
• remove unused SpanExt (#​6266) by @​IWANABETHATGUY
• remove @rolldown-ignore ignore comment support (#​6265) by @​IWANABETHATGUY
• enhance CommonJsAstType to track property names (#​6250) by @​IWANABETHATGUY
• simplify usage for Address::from (#​6245) by @​IWANABETHATGUY
• remove stmt_info_idx in StmtInfo (#​6244) by @​IWANABETHATGUY
• extract CrossModuleOptimizationRunnerContext in cross_module_optimization (#​6243) by @​IWANABETHATGUY
• dev: task-queue based deisgn (#​6233) by @​hyf0
• extract immutable context from AstScanner (#​6238) by @​IWANABETHATGUY
• dev: rename WatcherEventService to BuildDriverService (#​6232) by @​hyf0
• move FlatOptions to rolldown_common (#​6235) by @​IWANABETHATGUY
• extract mutable state from ScopeHoistingFinalizerContext (#​6234) by @​IWANABETHATGUY
• wait this.load using futures instead of callbacks (#​6222) by @​sapphi-red
• rolldown_plugin_transform: remove unused runtime_resolve_base option (#​6226) by @​sapphi-red

📚 Documentation

• add "edit this page on GitHub" button (#​6241) by @​siaeyy

⚡ Performance

• rolldown: minor performance optimization (#​6271) by @​Brooooooklyn
• rolldown: take advantage of tokio blocking threads (#​6270) by @​Brooooooklyn

🧪 Testing

• dev: add rebuild after HMR case (#​6260) by @​sapphi-red
• dev: support full reload in tests (#​6259) by @​sapphi-red
• dev: extract waitFor from waitForPathExists (#​6261) by @​sapphi-red
• add class like cases for empty function optimizations (#​6248) by @​sapphi-red

⚙️ Miscellaneous Tasks

• deps: update github-actions (#​6298) by @​renovate[bot]
• deps: update dependency dprint/dprint-plugin-typescript to v0.95.11 (#​6296) by @​renovate[bot]
• deps: update dependency dprint/dprint-plugin-markdown to v0.19.0 (#​6295) by @​renovate[bot]
• deps: update dependency g-plane/pretty_yaml to v0.5.1 (#​6294) by @​renovate[bot]
• use a forked version of openharmony-rs/setup-ohos-sdk (#​6290) by @​Boshen
• deps: update dependency tsdown to v0.15.4 (#​6286) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to v0.16.7 (#​6285) by @​renovate[bot]
• rust: continue to make cargo publish --workspace work (#​6281) by @​Boshen
• deps: update dependency tsdown to v0.15.3 (#​6280) by @​renovate[bot]
• rust: fixes for cargo publish --dry-run --workspace (#​6279) by @​Boshen
• deps: update dependency rust to v1.90.0 (#​6277) by @​renovate[bot]
• deps: update dependency rolldown-plugin-dts to v0.16.6 (#​6276) by @​renovate[bot]
• adding tracing for all sub stage in LinkStage:link (#​6268) by @​IWANABETHATGUY
• deps: update oxc-project/setup-node action to v1.0.4 (#​6258) by @​renovate[bot]
• deps: update github-actions (#​6249) by @​renovate[bot]
• deps: update dependency tsdown to v0.15.2 (#​6242) by @​renovate[bot]
• dev: output error when the initial bundle failed (#​6228) by @​sapphi-red

❤️ New Contributors

• @​siaeyy made their first contribution in #​6241

---

Configuration

📅 Schedule: Branch creation - "before 9am on monday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[graphite-app]

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• 0-merge - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.