chore(deps): update all non-major npm dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
axios (source)	^1.13.4 → ^1.13.5
caniuse-lite	^1.0.30001766 → ^1.0.30001769
postcss-preset-env (source)	^11.1.2 → ^11.1.3
puppeteer (source)	^24.36.1 → ^24.37.2
stylelint (source)	^17.1.0 → ^17.2.0
stylelint-config-recess-order	^7.6.0 → ^7.6.1
webpack	^5.104.1 → ^5.105.1

---

Release Notes

axios/axios (axios)

v1.13.5

Compare Source

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)

Fixes

• Fix/5657. (PR #​7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #​7326)
• Refactor: bump minor package versions. (PR #​7356)

Documentation

• Clarify object-check comment. (PR #​7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #​7355)
• CI: update workflow YAMLs. (PR #​7372)
• CI: fix run condition. (PR #​7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
• Chore(release): prepare release 1.13.5. (PR #​7379)

New Contributors

• @​sachin11063 (first contribution — PR #​7323)
• @​asmitha-16 (first contribution — PR #​7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

browserslist/caniuse-lite (caniuse-lite)

v1.0.30001769

Compare Source

v1.0.30001768

Compare Source

v1.0.30001767

Compare Source

csstools/postcss-plugins (postcss-preset-env)

v11.1.3

Compare Source

February 6, 2026

• Updated @csstools/postcss-text-decoration-shorthand to 5.0.2 (patch)

puppeteer/puppeteer (puppeteer)

v24.37.2

Compare Source

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.37.1 to 24.37.2

🛠️ Fixes

• improve ConsoleMessage text() results (#​14662) (0bb4703)

📄 Documentation

• document signal option in Page waitFor methods (#​14648) (771b885)

v24.37.1

Compare Source

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.37.1 to 24.37.2

🛠️ Fixes

• improve ConsoleMessage text() results (#​14662) (0bb4703)

📄 Documentation

• document signal option in Page waitFor methods (#​14648) (771b885)

v24.37.0

Compare Source

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.37.0 to 24.37.1

🛠️ Fixes

• roll to Chrome 145.0.7632.46 (#​14653) (d2a5591)
• roll to Firefox 147.0.3 (#​14658) (ad5cee0)

stylelint/stylelint (stylelint)

v17.2.0

Compare Source

It fixes 7 bugs, including 5 performance ones that make Stylelint 7x faster and use 3x less memory on larger codebases such as design systems and monorepos. We also restructured our docs to create a contributor guide. If you'd like to help out and contribute to Stylelint, that's the place to start.

• Fixed: performance of config augmentation and module imports (#​9021) (@​adalinesimonian).
• Fixed: performance of config override matching (#​9023) (@​adalinesimonian).
• Fixed: performance of config resolution (#​9033) (@​adalinesimonian).
• Fixed: performance of rule resolution (#​9022) (@​adalinesimonian).
• Fixed: declaration-property-value-no-unknown false negatives for math functions (#​9011) (@​ragini-pandey).
• Fixed: no-duplicate-selectors false negatives for matching escaped selectors (#​8953) (@​bjnewman).
• Fixed: no-invalid-position-at-import-rule false negatives for layers with blocks (#​9026) (@​romainmenke).

v17.1.1

Compare Source

It fixes 2 bugs.

• Fixed: resolution of configs, plugins, processors, and custom syntaxes in Yarn PnP environments (#​9010) (@​adalinesimonian).
• Fixed: lightness-notation autofix for decimals (#​9009) (@​IlyaSemenov).

stormwarning/stylelint-config-recess-order (stylelint-config-recess-order)

v7.6.1

Compare Source

Patch Changes

• Remove invalid anchor-center property (#​458)
• Fix typo in scroll-behavior property (#​457)

webpack/webpack (webpack)

v5.105.1

Compare Source

Patch Changes

• Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @​xiaoxiaojx in #​20424)

• Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @​hai-x in #​20433)

• Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @​hai-x in #​20433)

v5.105.0

Compare Source

Minor Changes

• Allow resolving worker module by export condition name when using new Worker() (by @​hai-x in #​20353)

• Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @​hai-x in #​20320)

• Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @​alexander-akait in #​20400)

• Support import.defer() for context modules. (by @​ahabhgk in #​20399)

• Added support for array values ​​to the devtool option. (by @​hai-x in #​20191)

• Improve rendering node built-in modules for ECMA module output. (by @​hai-x in #​20255)

• Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @​xiaoxiaojx in #​20312)

Patch Changes

• Fixed ESM default export handling for .mjs files in Module Federation (by @​y-okt in #​20189)

• Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @​xiaoxiaojx in #​20313)

• Respect the stats.errorStack option in stats output. (by @​samarthsinh2660 in #​20258)

• Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @​xiaoxiaojx in #​20265)

• Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by @​xiaoxiaojx in #​20390)

• Fixed Worker self-import handling to support various URL patterns (e.g., import.meta.url, new URL(import.meta.url), new URL(import.meta.url, import.meta.url), new URL("./index.js", import.meta.url)). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by @​xiaoxiaojx in #​20381)

• Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by @​xiaoxiaojx in #​20345)

• Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by @​samarthsinh2660 in #​20251)

• Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by @​hai-x in #​20346)

• Fixed import.meta.env.xxx behavior: when accessing a non-existent property, it now returns empty object instead of full object at runtime. (by @​xiaoxiaojx in #​20289)

• Improved parsing error reporting by adding a link to the loader documentation. (by @​gaurav10gg in #​20244)

• Fix typescript types. (by @​alexander-akait in #​20305)

• Add declaration for unused harmony import specifier. (by @​hai-x in #​20286)

• Fix compressibility of modules while retaining portability. (by @​dmichon-msft in #​20287)

• Optimize source map generation: only include ignoreList property when it has content, avoiding empty arrays in source maps. (by @​xiaoxiaojx in #​20319)

• Preserve star exports for dependencies in ECMA module output. (by @​hai-x in #​20293)

• Consider asset modulem to be side-effect free. (by @​hai-x in #​20352)

• Avoid generating JavaScript modules for CSS exports that are not used, reducing unnecessary output and bundle size. (by @​xiaoxiaojx in #​20337)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.61%. Comparing base (b6a0b0e) to head (548fb78).

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #1228   +/-   ##
========================================
  Coverage    77.61%   77.61%           
========================================
  Files           54       54           
  Lines         1407     1407           
========================================
  Hits          1092     1092           
  Misses         315      315           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.