chore(deps-dev): bump the dev-deps group in /client with 6 updates

[dependabot]

Bumps the dev-deps group in /client with 6 updates:

Package	From	To
@hey-api/openapi-ts	0.90.10	0.94.4
@types/node	25.0.10	25.5.0
canvas	3.2.1	3.2.2
eslint	9.39.2	10.1.0
pdfjs-dist	5.4.530	5.5.207
vitest	4.0.18	4.1.0

Updates @hey-api/openapi-ts from 0.90.10 to 0.94.4

Release notes

Sourced from @​hey-api/openapi-ts's releases.

@​hey-api/openapi-ts@​0.94.4

Patch Changes

• plugin(orpc): initial release (#3264) (8e1e62d) by @​hyoban

@​hey-api/openapi-ts@​0.94.3

Patch Changes

• output: pass context as second argument in module.resolve() function (#3615) (b6a65d6) by @​mrlubos

• plugin(@​hey-api/client-nuxt): preserve AbortSignal, FormData, and ReadableStream in unwrapRefs (#3614) (129afa0) by @​copilot-swe-agent

• parser: fix: self-referencing discriminator (#3601) (857eb19) by @​pgraug

• output: add module option (#3616) (e4eea23) by @​mrlubos

• plugin(@​hey-api/transformers): expose plugin and $ in transformer function context (#3610) (18ccc81) by @​mrlubos

Updated Dependencies:

• @​hey-api/shared@​0.2.5
• @​hey-api/codegen-core@​0.7.4

@​hey-api/openapi-ts@​0.94.2

Patch Changes

• internal: export Plugins namespace (#3586) (12827e3) by @​mrlubos

• plugin(nestjs): initial release (#3573) (e596edb) by @​mikhin

• internal: expand TypeScript peer dependency range (#3588) (ae5ecc9) by @​mrlubos

• output: pass default value to header function (#3585) (c076e4d) by @​mrlubos

Updated Dependencies:

• @​hey-api/shared@​0.2.4
• @​hey-api/codegen-core@​0.7.3
• @​hey-api/types@​0.1.4

@​hey-api/openapi-ts@​0.94.1

Patch Changes

• plugin(@​hey-api/typescript): add Resolvers API (#3531) (0e47fcb) by @​mrlubos

• dsl: expand list of JavaScript globals (#3508) (1e00a69) by @​mrlubos

• plugin(valibot): provide more resolvers (#3547) (854ee1c) by @​mrlubos

• cli: show environment value in development (#3546) (571bc8a) by @​mrlubos

... (truncated)

Commits

• bcdd174 Merge pull request #3633 from hey-api/changeset-release/main
• 91604ed ci: release
• ad3163c Merge pull request #3264 from hyoban/1-25-orpc
• 518038b chore: align output to docs
• 51becd4 chore: rename plugin to orpc
• 6156182 chore: remove router options
• 3663649 chore: add contracts options
• d61d2b1 Merge pull request #3603 from hey-api/changeset-release/main
• ee6835d chore: add contracts type
• 014e038 chore: polish validator option
• Additional commits viewable in compare view

Updates @types/node from 25.0.10 to 25.5.0

Commits

• See full diff in compare view

Updates canvas from 3.2.1 to 3.2.2

Release notes

Sourced from canvas's releases.

v3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

Changelog

Sourced from canvas's changelog.

3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

Commits

• ac82fa7 v3.2.2
• 103a620 add the last flurry of commits to CHANGELOG
• 7304c7a avoid integer overflow in getImageData
• f9fcc5f avoid integer overflow in putImageData
• 802a8ca avoid integer overflow in new ImageData
• 9d1b478 wrap negative values passed to createImageData
• 779483c bail early when setting zero-length image source
• 22ed2b7 make canvas types unsigned
• 2faab61 keep canvas width and height valid
• 351aacf avoid integer overflow in ensureSurface
• Additional commits viewable in compare view

Updates eslint from 9.39.2 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
• 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

• 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
• e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

• b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
• 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
• 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
• 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
• e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
• 7f10d84 docs: Update README (GitHub Actions Bot)
• aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
• a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
• cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
• dbb4c95 chore: remove trunk (#20478) (sethamus)
• c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
• c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
• 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
• 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
• 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
• f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

v10.0.3

Bug Fixes

• e511b58 fix: update eslint (#20595) (renovate[bot])
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
• ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

• 9fc31b0 docs: Update README (GitHub Actions Bot)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
• 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
• 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
• 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
• e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

• ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)

... (truncated)

Commits

• 8351ec7 10.1.0
• 3270bc1 Build: changelog update for 10.1.0
• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652)
• cc43f79 chore: update dependency c8 to v11 (#20650)
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649)
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646)
• dbb4c95 chore: remove trunk (#20478)
• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638)
• Additional commits viewable in compare view

Updates pdfjs-dist from 5.4.530 to 5.5.207

Release notes

Sourced from pdfjs-dist's releases.

v5.5.207

This release contains improvements for accessibility, font conversion, image conversion, performance, text selection and the viewer.

Changes since v5.4.624

• Bump the stable version in pdfjs.config by @​timvandermeij in mozilla/pdf.js#20617
• Replace the various interfaces in web/interfaces.js with proper classes by @​Snuffleupagus in mozilla/pdf.js#20607
• Add support for Brotli decompression by @​calixteman in mozilla/pdf.js#20610
• Change all relevant BasePDFStream implementations to take an actual URL instance by @​Snuffleupagus in mozilla/pdf.js#20614
• Report loading progress "automatically" when using the PDFDataTransportStream class, and remove the PDFDataRangeTransport.prototype.onDataProgress method by @​Snuffleupagus in mozilla/pdf.js#20615
• Use the ccittfax decoder from pdfium by @​calixteman in mozilla/pdf.js#20613
• Avoid to have to download the model when toggling the button in the alt-text image settings dialog (bug 2013899) by @​calixteman in mozilla/pdf.js#20621
• Let the toggle button in the alt-text dialog downloading (resp. delete) the model and enabling (resp. disabling) alt-text guessing (bug 2014167) by @​calixteman in mozilla/pdf.js#20622
• Flush the text content chunk only on real font changes (bug 2013793) by @​calixteman in mozilla/pdf.js#20624
• Improve progress reporting in ChunkedStreamManager, and prevent unnecessary data copy in ChunkedStream.prototype.onReceiveData by @​Snuffleupagus in mozilla/pdf.js#20627
• Cap the max canvas dimensions in order to avoid to downscale large images in the worker (bug 2014399) by @​calixteman in mozilla/pdf.js#20628
• Fix Worker was terminated error when loading is cancelled by @​andriivitiv in mozilla/pdf.js#20503
• In tagged pdfs, TH can be either a column header or a row header (bug 2014080) by @​calixteman in mozilla/pdf.js#20623
• [api-minor] Update the supported Node.js "patch" versions by @​Snuffleupagus in mozilla/pdf.js#20635
• Ensure that pending requests are resolved when calling PDFDataTransportStreamReader.prototype.progressiveDone by @​Snuffleupagus in mozilla/pdf.js#20634
• Normalize the font name in getBaseFontMetrics (issue 20246) by @​Snuffleupagus in mozilla/pdf.js#20637
• Avoid branching in convertBlackAndWhiteToRGBA by @​calixteman in mozilla/pdf.js#20638
• Set a pages mapper per loaded document by @​calixteman in mozilla/pdf.js#20640
• Bump library version to 5.5 by @​Snuffleupagus in mozilla/pdf.js#20642
• [api-minor] Update the minimum supported Google Chrome version to 118 by @​Snuffleupagus in mozilla/pdf.js#20645
• Update dependencies and translations to the most recent versions by @​timvandermeij in mozilla/pdf.js#20639
• Fix a 'FreeText accessibility' integration test by @​calixteman in mozilla/pdf.js#20643
• Add firefox-devtools-mcp to let AI agents test and debug in Firefox by @​marco-c in mozilla/pdf.js#20644
• Convert PDFPageProxy.prototype.getTextContent to an asynchronous method by @​Snuffleupagus in mozilla/pdf.js#20648
• Ends the current drawing session when closing the tab (bug 2015385) by @​calixteman in mozilla/pdf.js#20649
• Start using Response.prototype.bytes() in the code-base by @​Snuffleupagus in mozilla/pdf.js#20651
• Move and re-use the stripPath helper function more by @​Snuffleupagus in mozilla/pdf.js#20656
• Update jbig2 decoder (pdfium@0455e822ded1a5537d826703988e986a33d2d4a1) by @​calixteman in mozilla/pdf.js#20655
• Enable a couple of additional eslint-plugin-unicorn rules by @​Snuffleupagus in mozilla/pdf.js#20654
• Fix types to make "gulp typestest" succeeding by @​calixteman in mozilla/pdf.js#20641
• Avoid parsing skipped range requests in ChunkedStreamManager (PR 10694 follow-up) by @​Snuffleupagus in mozilla/pdf.js#20652
• Enable the unicorn/prefer-class-fields ESLint plugin rule by @​Snuffleupagus in mozilla/pdf.js#20657
• Add code coverage for unit tests running in node by @​calixteman in mozilla/pdf.js#20658
• Add a Codecov badge by @​calixteman in mozilla/pdf.js#20659
• Remove Object.hasOwn usage from the src/core/xref.js file by @​Snuffleupagus in mozilla/pdf.js#20663
• Truncate too long /Decode map entries (issue 20668) by @​Snuffleupagus in mozilla/pdf.js#20669
• Convert the PDFObjects class to use a Map internally by @​Snuffleupagus in mozilla/pdf.js#20673
• Fix the keyboard accessibility of the manage button in the thumbnails view (bug 2015916) by @​calixteman in mozilla/pdf.js#20675
• fix: support text selection under search highlights by @​matt-atticus in mozilla/pdf.js#20463
• Fix code coverage line mapping by @​calixteman in mozilla/pdf.js#20665
• Remove unused CanvasGraphics properties (PR 700 follow-up) by @​Snuffleupagus in mozilla/pdf.js#20682
• Add an aria-label to the checkboxes in the thumbnails view (bug 2016136) by @​calixteman in mozilla/pdf.js#20678
• Correctly handle tab/page down when on a menu (bug 2016212) by @​calixteman in mozilla/pdf.js#20681
• Add an aria-label to the sidebar resizer (bug 2016142) by @​calixteman in mozilla/pdf.js#20679
• Add support for deleting, cutting, copying and pasting pages (bug 2010830, 2010831) by @​calixteman in mozilla/pdf.js#20670
• Add the possibility to navigate with the keyboard to go from a checkbox to an other in the thumbnail view (bug 2016007) by @​calixteman in mozilla/pdf.js#20677

... (truncated)

Commits

• 5279646 Merge pull request #20751 from calixteman/bug2016693
• 98d0332 Merge pull request #20767 from calixteman/followup_20742
• c1fe547 Add an integration test for the issue fixed in #20742
• 62ceac6 Merge pull request #20769 from timvandermeij/updates
• 3d2d145 Fix vulnerabilities in dependency versions
• ced9b47 Upgrade c8 to version 11.0.0
• 4cb0d50 Update dependencies to the most recent versions
• 5cbb841 Merge pull request #20768 from calixteman/rm_yargs
• 1861a4c Merge pull request #20756 from Snuffleupagus/PDFDataRangeTransport-tests
• f32b9d2 Merge pull request #20738 from Snuffleupagus/function-shorten
• Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.0

Release notes

Sourced from vitest's releases.

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

• Return a disposable from doMock()  -  by @​kirkwaiblinger in vitest-dev/vitest#9332 (e3e65)
• Added chai style assertions  -  by @​ronnakamoto and @​sheremet-va in vitest-dev/vitest#8842 (841df)
• Update to sinon/fake-timers v15 and add setTickMode to timer controls  -  by @​atscott and @​sheremet-va in vitest-dev/vitest#8726 (4b480)
• Expose matcher types  -  by @​sheremet-va in vitest-dev/vitest#9448 (3e4b9)
• Add toTestSpecification to reported tasks  -  by @​sheremet-va in vitest-dev/vitest#9464 (1a470)
• Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module  -  by @​sheremet-va in vitest-dev/vitest#9387 (5db54)
• Track and display expectedly failed tests (.fails) in UI and CLI  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#9476 (77d75)
• Support tags  -  by @​sheremet-va in vitest-dev/vitest#9478 (de7c8)
• Implement aroundEach and aroundAll hooks  -  by @​sheremet-va in vitest-dev/vitest#9450 (2a8cb)
• Stabilize experimental features  -  by @​sheremet-va in vitest-dev/vitest#9529 (b5fd2)
• Accept new or all in --update flag  -  by @​sheremet-va in vitest-dev/vitest#9543 (a5acf)
• Support meta in test options  -  by @​sheremet-va in vitest-dev/vitest#9535 (7d622)
• Support type inference with a new test.extend syntax  -  by @​sheremet-va in vitest-dev/vitest#9550 (e5385)
• Support vite 8 beta, fix type issues in the config with different vite versions  -  by @​sheremet-va in vitest-dev/vitest#9587 (99028)
• Add assertion helper to hide internal stack traces  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9594 (eeb0a)
• Store failure screenshots using artifacts API  -  by @​macarie in vitest-dev/vitest#9588 (24603)
• Allow vitest list to statically collect tests instead of running files to collect them  -  by @​sheremet-va in vitest-dev/vitest#9630 (7a8e7)
• Add --detect-async-leaks  -  by @​AriPerkkio in vitest-dev/vitest#9528 (c594d)
• Implement mockThrow and mockThrowOnce  -  by @​thor-juhasz and @​sheremet-va in vitest-dev/vitest#9512 (61917)
• Support update: "none" and add docs about snapshots behavior on CI  -  by @​hi-ogawa in vitest-dev/vitest#9700 (05f18)
• Support playwright launchOptions with connectOptions  -  by @​hi-ogawa in vitest-dev/vitest#9702 (f0ff1)
• Add page/locator.mark API to enhance playwright trace  -  by @​hi-ogawa in vitest-dev/vitest#9652 (d0ee5)
• api:
  • Support tests starting or ending with test in experimental_parseSpecification  -  by @​jgillick and Jeremy Gillick in vitest-dev/vitest#9235 (2f367)
  • Add filters to createSpecification  -  by @​sheremet-va in vitest-dev/vitest#9336 (c8e6c)
  • Expose runTestFiles as alternative to runTestSpecifications  -  by @​sheremet-va in vitest-dev/vitest#9443 (43d76)
  • Add allowWrite and allowExec options to api  -  by @​sheremet-va in vitest-dev/vitest#9350 (20e00)
  • Allow passing down test cases to toTestSpecification  -  by @​sheremet-va in vitest-dev/vitest#9627 (6f17d)
• browser:
  • Add userEvent.wheel API  -  by @​macarie in vitest-dev/vitest#9188 (66080)
  • Add filterNode option to prettyDOM for filtering browser assertion error output  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#9475 (d3220)
  • Support playwright persistent context  -  by @​hi-ogawa, Claude Opus 4.6 and @​sheremet-va in vitest-dev/vitest#9229 (f865d)
  • Added detailsPanelPosition option and button  -  by @​shairez in vitest-dev/vitest#9525 (c8a31)
  • Use BlazeDiff instead of pixelmatch  -  by @​macarie in vitest-dev/vitest#9514 (30936)
  • Add findElement and enable strict mode in webdriverio and preview  -  by @​sheremet-va in vitest-dev/vitest#9677 (c3f37)
• cli:
  • Add @​bomb.sh/tab completions  -  by @​AmirSa12 and @​sheremet-va in vitest-dev/vitest#8639 (200f3)
• coverage:
  • Support ignore start/stop ignore hints  -  by @​AriPerkkio in vitest-dev/vitest#9204 (e59c9)
  • Add coverage.changed option to report only changed files  -  by @​kykim00 and @​AriPerkkio in vitest-dev/vitest#9521 (1d939)
• experimental:
  • Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (e977f)
  • Option to disable the module runner  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9210 (9be61)

... (truncated)

Commits

• 4150b91 chore: release v4.1.0
• 1de0aa2 fix: correctly identify concurrent test during static analysis (#9846)
• c3cac1c fix: use isAgent check, not just TTY, for watch mode (#9841)
• eab68ba chore(deps): update all non-major dependencies (#9824)
• 031f02a fix: allow catch/finally for async assertion (#9827)
• 3e9e096 feat(reporters): add agent reporter to reduce ai agent token usage (#9779)
• 0c2c013 chore: release v4.1.0-beta.6
• 8181e06 fix: hideSkippedTests should not hide test.todo (fix #9562) (#9781)
• a8216b0 fix: manual and redirect mock shouldn't load or transform original module...
• 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions