deps: bump the dependencies group with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates:

Package	From	To
@typescript-eslint/eslint-plugin	8.57.2	8.58.0
@typescript-eslint/parser	8.57.2	8.58.0
@vitest/coverage-v8	4.1.1	4.1.2
graphql	16.13.1	16.13.2
@cloudflare/workers-types	4.20260317.1	4.20260329.1
vitest	4.1.1	4.1.2
wrangler	4.76.0	4.78.0
@codemirror/lang-yaml	6.1.2	6.1.3
@codemirror/language	6.12.2	6.12.3
wonka	6.3.5	6.3.6

Updates @typescript-eslint/eslint-plugin from 8.57.2 to 8.58.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4933417 chore(release): publish 8.58.0
• 5a9bd36 fix(eslint-plugin): [prefer-regexp-exec] avoid fixing unknown RegExp flags (#...
• edb90eb fix(eslint-plugin): [no-extraneous-class] handle index signatures (#12142)
• 8cde2d0 feat: support TypeScript 6 (#12124)
• 1bf86c9 fix(eslint-plugin): crash in no-unnecessary-type-arguments (#12163)
• e9cc25a docs(eslint-plugin): fix typo (#12155)
• See full diff in compare view

Updates @typescript-eslint/parser from 8.57.2 to 8.58.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.1 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• See full diff in compare view

Updates graphql from 16.13.1 to 16.13.2

Release notes

Sourced from graphql's releases.

v16.13.2 (2026-03-24)

Docs 📝

• #4611 add dev mode docs (@​yaacovCR)

Polish 💅

• #4631 Use Object.create(null) over {} to avoid prototype issues - v16 (@​benjie)

Internal 🏠

• #4626 backport: internal: streamline release process (#4615) (@​yaacovCR)

Committers: 2

• Benjie(@​benjie)
• Yaacov Rydzinski (@​yaacovCR)

Commits

• 123e958 chore(release): v16.13.2 (#4632)
• 13f130d Use Object.create(null) over {} to avoid prototype issues - v16 (#4631)
• 6ca59e1 backport: internal: streamline release process (#4615) (#4626)
• df8c53f docs: dev mode for v17 (#4611)
• See full diff in compare view

Updates @cloudflare/workers-types from 4.20260317.1 to 4.20260329.1

Commits

• See full diff in compare view

Updates vitest from 4.1.1 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• 6f97b55 feat: disable colors if agent is detected (#9851)
• b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
• 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
• f54abad chore: add typo-checker skill and fix typos (#9963)
• 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
• See full diff in compare view

Updates wrangler from 4.76.0 to 4.78.0

Release notes

Sourced from wrangler's releases.

wrangler@4.78.0

Minor Changes

• #13031 eeaa473 Thanks @​WalshyDev! - Add support for Cloudflare Access Service Token authentication via environment variables

  When running wrangler dev with remote bindings behind a Cloudflare Access-protected domain, Wrangler previously required cloudflared access login which opens a browser for interactive authentication. This does not work in CI/CD environments.

  You can now set the CLOUDFLARE_ACCESS_CLIENT_ID and CLOUDFLARE_ACCESS_CLIENT_SECRET environment variables to authenticate using an Access Service Token instead:

  export CLOUDFLARE_ACCESS_CLIENT_ID="<your-client-id>.access"
  export CLOUDFLARE_ACCESS_CLIENT_SECRET="<your-client-secret>"
  wrangler dev

  Additionally, when running in a non-interactive environment (CI) without these credentials, Wrangler now throws a clear, actionable error instead of hanging on cloudflared access login.

• #13027 9fcdfca Thanks @​G4brym! - feat: Add ai_search_namespaces and ai_search binding types

  Two new binding types for AI Search:

  • ai_search_namespaces: Namespace binding — namespace is required and auto-provisioned at deploy time if it doesn't exist (like R2 buckets)
  • ai_search: Single instance binding bound directly to a pre-existing instance in the default namespace

  Both are remote-only in local dev.

• #12874 53ed15a Thanks @​xortive! - Add Workers VPC service support for Hyperdrive origins

  Hyperdrive configs can now connect to databases through Workers VPC services using the --service-id option:

  wrangler hyperdrive create my-config --service-id <vpc-service-uuid> --database mydb --user myuser --password mypassword

  This enables Hyperdrive to connect to databases hosted in private networks that are accessible through Workers VPC TCP services.

• #12852 6b50bfa Thanks @​Carolx715! - Add interactive data catalog validation to R2 object and lifecycle commands.

  When performing R2 operations that could affect data catalog state (object put, object delete, lifecycle add, lifecycle set), Wrangler now validates with the API and prompts users for confirmation if a conflict is detected. For bulk put operations, Wrangler prompts upfront before starting the batch. Users can bypass prompts with --force (-y). In non-interactive/CI environments, the operation proceeds automatically.

• #13030 0386553 Thanks @​natewong1313! - Add local mode support for Stream bindings

  Miniflare and wrangler dev now support using Cloudflare Stream bindings locally.

  Supported operations:

  • upload() — upload video via URL
  • video(id).details(), .update(), .delete(), .generateToken()
  • videos.list()
  • captions.generate(), .list(), .delete()

... (truncated)

Commits

• 81b2b9b Version Packages (#13038)
• 9fcdfca feat: add ai_search_namespaces and ai_search binding types (#13027)
• 53ed15a Add support for WVPC TCP services, and using them as Hyperdrive origins (#12874)
• 9c5ebf5 [wrangler] Only allow "worker" queue consumer type in wrangler config (#13018)
• 535582d [wrangler] fix: resolve secondary worker types when environment overrides wor...
• 8c08b3f [wrangler] Fix R2 e2e snapshot for data catalog confirmation prompt (#13059)
• 25cb184 [wrangler] fix e2e flakiness: use waitForLong to verify response body after d...
• 6b50bfa [wrangler] add validation to actions that could affect r2 data catalog state ...
• 0386553 [Stream] Add Stream binding local mode (#13030)
• f6cdab2 [wrangler] Support source phase imports (#12996)
• Additional commits viewable in compare view

Updates @codemirror/lang-yaml from 6.1.2 to 6.1.3

Changelog

Sourced from @​codemirror/lang-yaml's changelog.

6.1.3 (2026-03-24)

Bug fixes

Fix a regression in indentation caused by a bugfix in @​lezer/lr 1.4.7.

Commits

• 1a5b4f7 Mark version 6.1.3
• eda1a0d Use start of first pair, rather than start of block node, in indent
• 7ecebaa Remove duplicated slash in forum url in README
• d5a487a Fix forum link in readme
• 721f1f1 Add a usage section to readme
• See full diff in compare view

Updates @codemirror/language from 6.12.2 to 6.12.3

Changelog

Sourced from @​codemirror/language's changelog.

6.12.3 (2026-03-25)

Bug fixes

Fix a crash in bracketMatching when composing at end of document.

Commits

• f5af31e Mark version 6.12.3
• 371c9ba Fix bogus bracket highlighting being generated at end of document
• 9531899 Remove duplicated slash in forum url in README
• 2f4e701 Fix forum link in readme
• See full diff in compare view

Updates wonka from 6.3.5 to 6.3.6

Release notes

Sourced from wonka's releases.

v6.3.6

Patch Changes

• Replace for...in with for...of Object.keys() to avoid iterating inherited properties Submitted by @​majgaard (See #177)

Changelog

Sourced from wonka's changelog.

6.3.6

Patch Changes

• Replace for...in with for...of Object.keys() to avoid iterating inherited properties Submitted by @​majgaard (See #177)

Commits

• 9c28bb0 Version Packages (#179)
• 8bdb42c chore: Update image for workflow
• ff7e103 docs: Fix typo in operators.md (#171)
• f00ba1c Fix zip/combine for...in iterating inherited properties (#177)
• 70815c2 chore: Update actions
• 881a736 Add git mirror action
• 0051a2f use asyncIteratorSymbol helper to check for async Iterator (#176)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wonka since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions