chore(deps): bump the minor-and-patch group with 5 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates:

Package	From	To
@supabase/supabase-js	2.99.1	2.99.3
maplibre-gl	5.20.1	5.21.0
eslint	10.0.3	10.1.0
typescript-eslint	8.57.0	8.57.1
vite	8.0.0	8.0.1

Updates @supabase/supabase-js from 2.99.1 to 2.99.3

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.99.3

2.99.3 (2026-03-19)

🩹 Fixes

• auth: guard navigator lock steal against cascade when lock is stolen by another request (#2178)
• storage: structural detection on json() to detect Response-like errors (#2179)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.99.3-canary.0

2.99.3-canary.0 (2026-03-16)

🚀 Features

• realtime: use phoenix's js lib inside realtime-js (#2119)

❤️ Thank You

• Alan Guzek

v2.99.2

2.99.2 (2026-03-16)

🩹 Fixes

• storage: do not rewrite signed URL to render endpoint for empty transform object (#2162)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.99.2-canary.0

2.99.2-canary.0 (2026-03-13)

🩹 Fixes

• storage: do not rewrite signed URL to render endpoint for empty transform object (#2162)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.99.2 (2026-03-16)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

Commits

• bc435b3 chore(release): version 2.99.2 changelogs (#2168)
• b85174f chore(release): version 2.99.1 changelogs (#2161)
• See full diff in compare view

Updates maplibre-gl from 5.20.1 to 5.21.0

Release notes

Sourced from maplibre-gl's releases.

v5.21.0

✨ Features and improvements

• Add compatibility for ES2020 (#7283) (by @​claudiobgit)
• Add referrerPolicy option to RequestParameters to allow controlling the referrer policy for tile requests (#7278) (by @​Bingtagui404)
• Wait for the GPU to finish its callstack for rendering benchmarks (#7285) (by @​xavierjs)
• Remove Edge 18 WebP detection workaround; always send Accept: image/webp header for image requests (#7293) (by @​johanrd)
• Remove legacy browser compatibility code targeting IE11 and pre-2016 browsers (#7294) (by @​johanrd)
• Remove legacy DOM.remove() and DOM.mouseButton() wrappers; use native APIs directly (baseline 2015) (#7295) (by @​johanrd)
• Make setTransformRequest accept an async function in addition to a sync function. (#7184) (by @​kikuomax )

🐞 Bug fixes

• Fix incorrect popup location in case of terrain and jumpTo (#7267) (by @​HarelM)
• Fix memory leak in VideoSource: remove playing event listener and pause video on source removal (#7279) (by @​johanrd)
• Fix memory leak where typed array views retained StructArray buffers after GPU upload, preventing garbage collection (#7280) (by @​johanrd)
• Fix raster DEM tiles getting stuck in "reloading" state (#7284) (by @​katemihalikova)
• Fix GeolocateControl leaking a movestart listener on the map after removal, which could also crash if the control was in active tracking state when removed (#7286) (by @​johanrd)
• Cap tile texture reuse pool to prevent unbounded VRAM growth during rapid zoom/pan (#7289) (by @​johanrd)
• Fix Marker click listener not removed on remove(), leaking the handler added in #7028 (#7287) (by @​johanrd)
• Fix Terrain GPU resource leak: free FBO, textures, and meshes when terrain is disabled via setTerrain(null) (#7288) (by @​johanrd)
• Fix guard against partial layout in PauseablePlacement (#7079) (by @​garethbowker)
• Fix missing tile encoding for MLT queryRenderedFeatures (#7056) (by @​dannote and @​ted-piotrowski)
• Fix 3D Tiles example (#7275) (by @​hh-hang)

v5.20.2

🐞 Bug fixes

• Fix update GeoJSON when using diff update by updating geojson-vt package (#7257) (by @​HarelM)

Changelog

Sourced from maplibre-gl's changelog.

5.21.0

✨ Features and improvements

• Add compatibility for ES2020 (#7283) (by @​claudiobgit)
• Add referrerPolicy option to RequestParameters to allow controlling the referrer policy for tile requests (#7278) (by @​Bingtagui404)
• Wait for the GPU to finish its callstack for rendering benchmarks (#7285) (by @​xavierjs)
• Remove Edge 18 WebP detection workaround; always send Accept: image/webp header for image requests (#7293) (by @​johanrd)
• Remove legacy browser compatibility code targeting IE11 and pre-2016 browsers (#7294) (by @​johanrd)
• Remove legacy DOM.remove() and DOM.mouseButton() wrappers; use native APIs directly (baseline 2015) (#7295) (by @​johanrd)
• Make setTransformRequest accept an async function in addition to a sync function. (#7184) (by @​kikuomax )

🐞 Bug fixes

• Fix incorrect popup location in case of terrain and jumpTo (#7267) (by @​HarelM)
• Fix memory leak in VideoSource: remove playing event listener and pause video on source removal (#7279) (by @​johanrd)
• Fix memory leak where typed array views retained StructArray buffers after GPU upload, preventing garbage collection (#7280) (by @​johanrd)
• Fix raster DEM tiles getting stuck in "reloading" state (#7284) (by @​katemihalikova)
• Fix GeolocateControl leaking a movestart listener on the map after removal, which could also crash if the control was in active tracking state when removed (#7286) (by @​johanrd)
• Cap tile texture reuse pool to prevent unbounded VRAM growth during rapid zoom/pan (#7289) (by @​johanrd)
• Fix Marker click listener not removed on remove(), leaking the handler added in #7028 (#7287) (by @​johanrd)
• Fix Terrain GPU resource leak: free FBO, textures, and meshes when terrain is disabled via setTerrain(null) (#7288) (by @​johanrd)
• Fix guard against partial layout in PauseablePlacement (#7079) (by @​garethbowker)
• Fix missing tile encoding for MLT queryRenderedFeatures (#7056) (by @​dannote and @​ted-piotrowski)
• Fix 3D Tiles example (#7275) (by @​hh-hang)

5.20.2

🐞 Bug fixes

• Fix update GeoJSON when using diff update by updating geojson-vt package (#7257) (by @​HarelM)

Commits

• 44a48f8 Bump js version to 5.21.0 (#7304)
• 7aae226 feat: async RequestTransformFunction (#7184)
• 901b3af fix: guard against unhydrated layout in PauseablePlacement (#7079)
• bab57d5 fix: store encoding when caching raw tile data for MLT queryRenderedFeatures ...
• bf4735e chore(deps-dev): bump @​typescript-eslint/eslint-plugin (#7302)
• ff37d1f chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 (#7261)
• 80a8628 chore(deps-dev): bump @​types/murmurhash-js from 1.0.6 to 1.0.7 (#7300)
• 4e21c3f chore(deps-dev): bump @​typescript-eslint/parser from 8.57.0 to 8.57.1 (#7301)
• 16bde40 chore(deps-dev): bump nise from 6.1.3 to 6.1.4 (#7297)
• c1c4252 chore(deps-dev): bump jsdom from 28.1.0 to 29.0.0 (#7298)
• Additional commits viewable in compare view

Updates eslint from 10.0.3 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
• 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

• 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
• e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

• b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
• 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
• 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
• 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
• e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
• 7f10d84 docs: Update README (GitHub Actions Bot)
• aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
• a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
• cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
• dbb4c95 chore: remove trunk (#20478) (sethamus)
• c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
• c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
• 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
• 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
• 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
• f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

Commits

• 8351ec7 10.1.0
• 3270bc1 Build: changelog update for 10.1.0
• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652)
• cc43f79 chore: update dependency c8 to v11 (#20650)
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649)
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646)
• dbb4c95 chore: remove trunk (#20478)
• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.57.0 to 8.57.1

Release notes

Sourced from typescript-eslint's releases.

v8.57.1

8.57.1 (2026-03-16)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] no report for property on intersection type (#12126)

❤️ Thank You

• Newton Yuan @​NewtonYuan

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.57.1 (2026-03-16)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• c7c38aa chore(release): publish 8.57.1
• See full diff in compare view

Updates vite from 8.0.0 to 8.0.1

Release notes

Sourced from vite's releases.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.1 (2026-03-19)

Features

• update rolldown to 1.0.0-rc.10 (#21932) (b3c067d)

Bug Fixes

• bundled-dev: properly disable inlineConst optimization (#21865) (6d97142)
• css: lightningcss minify failed when build.target: 'es6' (#21933) (5fcce46)
• deps: update all non-major dependencies (#21878) (6dbbd7f)
• dev: always use ESM Oxc runtime (#21829) (d323ed7)
• dev: handle concurrent restarts in _createServer (#21810) (40bc729)
• handle + symbol in package subpath exports during dep optimization (#21886) (86db93d)
• improve no-cors request block error (#21902) (5ba688b)
• use precise regexes for transform filter to avoid backtracking (#21800) (dbe41bd)
• worker: require(json) result should not be wrapped (#21847) (0672fd2)
• worker: make worker output consistent with client and SSR (#21871) (69454d7)

Miscellaneous Chores

• add changelog rearrange script (#21835) (efef073)
• deps: bump required @vitejs/devtools version to 0.1+ (#21925) (12932f5)
• deps: update rolldown-related dependencies (#21787) (1af1d3a)
• rearrange 8.0 changelog (8e05b61)
• rearrange 8.0 changelog (#21834) (86edeee)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
packforge	Ready	Preview, Comment	Mar 23, 2026 11:24am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ca9f1668-7c00-493f-adb9-369c2209fa99

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/minor-and-patch-db898f4ba5

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}