build(deps-dev): bump the npm-packages group across 1 directory with 9 updates

[dependabot]

Bumps the npm-packages group with 9 updates in the / directory:

Package	From	To
@types/node	24.9.1	24.10.1
autoprefixer	10.4.21	10.4.22
cypress	15.5.0	15.7.0
eleventy-plugin-svg-sprite	2.4.5	2.4.6
esbuild	0.25.11	0.27.0
js-yaml	4.1.0	4.1.1
rimraf	6.0.1	6.1.2
sass	1.93.2	1.94.2
start-server-and-test	2.1.2	2.1.3

Updates @types/node from 24.9.1 to 24.10.1

Commits

• See full diff in compare view

Updates autoprefixer from 10.4.21 to 10.4.22

Release notes

Sourced from autoprefixer's releases.

10.4.22

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

Changelog

Sourced from autoprefixer's changelog.

10.4.22

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

Commits

• 73dc62c Release 10.4.22 version
• 9973c59 Lock CI action versions
• 4b4feca Fix Node.js 10 on CI
• 15c21d3 Fix old Node.js CI
• 27523c1 Update fraction.js
• 88a0d3e Update dependencies and fix stretch and update example
• See full diff in compare view

Updates cypress from 15.5.0 to 15.7.0

Release notes

Sourced from cypress's releases.

v15.7.0

Changelog: https://docs.cypress.io/app/references/changelog#15-7-0

v15.6.0

Changelog: https://docs.cypress.io/app/references/changelog#15-6-0

Commits

• 201e22e chore: Revert "dependency: update mime from 3.0.0 to 4.1.0 (#32936)" (#32975)
• 4b2e6dc chore: release 15.7.0 (#32973)
• 71a393e fix: make sure angular project configs can resolve correctly on windows (#32971)
• a267d31 dependency: update mime from 3.0.0 to 4.1.0 (#32936)
• 763d701 chore: reduce max visibility checks for command log entries to 10 (#32962)
• 1bfe23f chore: updating v8 snapshot cache (#32967)
• 71c90d8 chore: updating v8 snapshot cache (#32966)
• 85bf4e5 chore: updating v8 snapshot cache (#32965)
• ae46f1e fix: filter large user-supplied config values from the cloud API (#32957)
• 70a9525 chore: release @​cypress/webpack-dev-server-v5.2.0
• Additional commits viewable in compare view

Updates eleventy-plugin-svg-sprite from 2.4.5 to 2.4.6

Commits

• See full diff in compare view

Updates esbuild from 0.25.11 to 0.27.0

Release notes

Sourced from esbuild's releases.

v0.27.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#4208, #4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

• Enable trusted publishing (#4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

v0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#4208, #4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

0.26.0

• Enable trusted publishing (#4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

... (truncated)

Commits

• 2b91699 publish 0.27.0 to npm
• 22b425c fix #4286: use Uint8Array.fromBase64 if present (#4295)
• 6d187ef update go 1.25.3 => 1.25.4
• 9d0d4e7 update go 1.23.12 => 1.25.3 (#4318)
• b6979d8 use a patched go compiler for release builds
• 893d2b9 delete temporary release.yml workflow
• cee3918 add a temporary release.yml workflow
• f5bb1d6 fix publish.yml
• 17ff82b publish 0.26.0 to npm
• f87181f enable trusted publishing (#4319)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates rimraf from 6.0.1 to 6.1.2

Changelog

Sourced from rimraf's changelog.

6.1

• Move to native fs/promises usage instead of promisifying manually.

6.0

• Drop support for nodes before v20
• Add --version to CLI

5.0

• No default export, only named exports

4.4

• Provide Dirent or Stats object as second argument to filter

4.3

• Return boolean indicating whether the path was fully removed
• Add filter option
• bin: add --verbose, -v to print files as they are deleted
• bin: add --no-verbose, -V to not print files as they are deleted
• bin: add -i --interactive to be prompted on each deletion
• bin: add -I --no-interactive to not be prompted on each deletion
• 4.3.1 Fixed inappropriately following symbolic links to directories

v4.2

• Brought back glob support, using the new and improved glob v9

v4.1

• Improved hybrid module with no need to look at the .default dangly bit. .default preserved as a reference to rimraf for compatibility with anyone who came to rely on it in v4.0.
• Accept and ignore -rf and -fr arguments to the bin.

v4.0

• Remove glob dependency entirely. This library now only accepts actual file and folder names to delete.
• Accept array of paths or single path.
• Windows performance and reliability improved.
• All strategies separated into explicitly exported methods.
• Drop support for Node.js below version 14
• rewrite in TypeScript

... (truncated)

Commits

• cd45498 6.1.2
• fe9a962 glob@13
• 30dc9d8 6.1.1
• 9dffc3e update glob
• b6462ea mock platform properly in test/index.ts
• 668309f ci: update typedoc action
• 18dc77a 6.1.0
• 2bd2e62 changelog 6.1
• 19311cf refactor: switch to native fs.promises
• 0c437d4 Create separate dir for integration tests
• Additional commits viewable in compare view

Updates sass from 1.93.2 to 1.94.2

Release notes

Sourced from sass's releases.

Dart Sass 1.94.2

To install Sass 1.94.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Command-Line Interface

• Using --fatal-deprecation <version> no longer emits warnings about deprecations that are obsolete.

Dart API

• Deprecation.forVersion now excludes obsolete deprecations from the set it returns.

JS API

• Excludes obsolete deprecations from fatalDeprecations when a Version is passed.

Node.js Embedded Host

• Fix a bug where a variable could be used before it was initialized during async compilation.

See the full changelog for changes in earlier releases.

Dart Sass 1.94.1

To install Sass 1.94.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• No user-visible changes.

See the full changelog for changes in earlier releases.

Dart Sass 1.94.0

To install Sass 1.94.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Potentially breaking compatibility fix: @function rules whose names begin with -- are now parsed as unknown at-rules to support the plain CSS @function rule. Within this rule, the result property is parsed as raw CSS just like custom properties.

• Potentially breaking compatibility fix: @mixin rules whose names begin with -- are now errors. These are not yet parsed as unknown at-rules because no browser currently supports CSS mixins.

... (truncated)

Changelog

Sourced from sass's changelog.

1.94.2

Command-Line Interface

• Using --fatal-deprecation <version> no longer emits warnings about deprecations that are obsolete.

Dart API

• Deprecation.forVersion now excludes obsolete deprecations from the set it returns.

JS API

• Excludes obsolete deprecations from fatalDeprecations when a Version is passed.

Node.js Embedded Host

• Fix a bug where a variable could be used before it was initialized during async compilation.

1.94.1

• No user-visible changes.

1.94.0

• Potentially breaking compatibility fix: @function rules whose names begin with -- are now parsed as unknown at-rules to support the plain CSS @function rule. Within this rule, the result property is parsed as raw CSS just like custom properties.

• Potentially breaking compatibility fix: @mixin rules whose names begin with -- are now errors. These are not yet parsed as unknown at-rules because no browser currently supports CSS mixins.

1.93.3

• Fix a performance regression that was introduced in 1.92.0.

Commits

• 7af5122 Mention obsolete deprecation fix in all API surfaces (#2683)
• 82b96b0 Update pubspec/changelog for sass/embedded-host-node#399 (#2682)
• 18fddef --fatal-deprecation excludes obsolete Deprecations (#2671)
• 0356a2b Pass --provenance to npm publish (#2681)
• 52fc718 Update the repository URL for JS packages (#2679)
• bfccce8 Parse selectors in the sass-parser package (#2670)
• 795557c Add support for plain-CSS @function rules (#2655)
• 2c9d3c8 Track offsets instead of locations in InterpolationMap (#2674)
• d8d7f9c Add a separate StylesheetParser.interpolatedStringToken() method (#2675)
• 9d68793 Make sure all source spans use interpolation maps (#2673)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sass since your current version.

Updates start-server-and-test from 2.1.2 to 2.1.3

Release notes

Sourced from start-server-and-test's releases.

v2.1.3

2.1.3 (2025-11-19)

Bug Fixes

• deps: update dependency wait-on to v9 (#408) (8f1942b)

Commits

• 8f1942b fix(deps): update dependency wait-on to v9 (#408)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.