fix(deps): update non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
alpine	final	patch	3.23.0 → 3.23.2
docker/setup-buildx-action	action	minor	v3.11.1 → v3.12.0
eslint-plugin-react-refresh	devDependencies	patch	0.4.25 → 0.4.26
gcr.io/cadvisor/cadvisor		minor	0.52.1 → 0.54.1
github.com/jackc/pgx/v5	require	minor	v5.7.6 → v5.8.0
github.com/quic-go/quic-go	replace	patch	v0.57.0 → v0.57.1
github/codeql-action	action	patch	v4.31.8 → v4.31.9
grafana/grafana		patch	12.3.0 → 12.3.1
lucide-react (source)	dependencies	minor	0.561.0 → 0.562.0
postcss-preset-env (source)	devDependencies	minor	10.5.0 → 10.6.0
prom/alertmanager		minor	0.29.0 → 0.30.0
prom/prometheus		patch	v3.8.0 → v3.8.1
prom/prometheus		patch	3.8.0 → 3.8.1
react-router-dom (source)	dependencies	minor	7.10.1 → 7.11.0
typescript-eslint (source)	devDependencies	minor	8.49.0 → 8.50.0
vite (source)	devDependencies	patch	7.3.0 → 7.3.1

---

Release Notes

docker/setup-buildx-action (docker/setup-buildx-action)

v3.12.0

Compare Source

• Deprecate install input by @​crazy-max in #​455
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in #​434
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​436
• Bump form-data from 2.5.1 to 2.5.5 in #​432
• Bump undici from 5.28.4 to 5.29.0 in #​435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

ArnaudBarre/eslint-plugin-react-refresh (eslint-plugin-react-refresh)

v0.4.26

Compare Source

• Revert changes to fix #​93 (fixes #​95)

jackc/pgx (github.com/jackc/pgx/v5)

v5.8.0

Compare Source

quic-go/quic-go (github.com/quic-go/quic-go)

v0.57.1

Compare Source

This release resolves a panic during the server handshake when using the upcoming Go 1.26 toolchain, specifically occurring with TLS session tickets disabled (#​5462). This issue does not impact builds on Go 1.25 or earlier versions.

github/codeql-action (github/codeql-action)

v4.31.9

Compare Source

grafana/grafana (grafana/grafana)

v12.3.1

Compare Source

Features and enhancements

• Alerting: Update alerting dependency #​114259, @​moustafab
• Azure: Improved column handling in logs query builder #​114841, @​aangelisc
• Azure: Include aggregate columns in logs builder #​114835, @​aangelisc
• Dependencies: Bump Go to v1.25.5 #​114751, @​macabu
• Docs: Clarify section title for repeating rows and tabs #​115346, @​imatwawana
• Plugins: Add PluginContext to plugins when scenes is disabled #​115064, @​hugohaggmark
• QueryEditorRows: Clear hideSeriesFrom override on query edit #​114628, @​Sergej-Vlasov

Bug fixes

• Azure: Fix dcount aggregation #​114907, @​aangelisc
• Azure: Fix percentile syntax #​114707, @​aangelisc
• Dashboards: Fix empty space under time controls when a dashboard has a lot of variables #​114730, @​oscarkilhed
• Plugins: Datasource breadcrumb link should link to settings tab #​113910, @​wbrowne
• Postgresql: Fix variable interpolation logic when the variable has multiple values #​114876, @​itsmylife

lucide-icons/lucide (lucide-react)

v0.562.0

Compare Source

csstools/postcss-plugins (postcss-preset-env)

v10.6.0

Compare Source

December 27, 2025

• Added @csstools/postcss-property-rule-prelude-list Check the plugin README for usage details.
• Added @csstools/postcss-syntax-descriptor-syntax-production Check the plugin README for usage details.
• Updated cssdb to 8.6.0

prometheus/alertmanager (prom/alertmanager)

v0.30.0: 0.30.0 / 2025-12-15

Compare Source

• [CHANGE] Don't allow calling qids with an empty ids list. #​4707
• [FEATURE] Add mattermost integration. #​4090
• [FEATURE] Add saturday to the first day of the week options. #​4473
• [FEATURE] Add templating functions for working with urls. #​4625
• [FEATURE] cluster: Allow persistent peer names. #​4636
• [FEATURE] dispatch: Add start delay. #​4704
• [FEATURE] provider: Add subscriber channel metrics. #​4630
• [FEATURE] template: Add tojson function. #​4773
• [FEATURE] Add api http metrics. #​4162
• [FEATURE] Add distributed tracing support. #​4745
• [FEATURE] Add names to inhibit rules. #​4628
• [FEATURE] Add timeout option for pagerduty notifier. #​4354
• [FEATURE] Add timeout option for slack notifier. #​4355
• [FEATURE] Allow nested details fields in pagerduty. #​3944
• [FEATURE] Implement phantom_threading to group email alerts into threads. #​4623
• [FEATURE] gc: Report errors, but remove erroneous silences and continue. #​4724
• [FEATURE] jira: Template customfields. #​4029
• [FEATURE] jira: Allow configuring issue update via parameter. #​4621
• [FEATURE] Slack app support. #​4211
• [ENHANCEMENT] Add comment about smtp plain authentication. #​4741
• [ENHANCEMENT] Add documentation about high availability. #​4708
• [ENHANCEMENT] Add documentation for client_allowed_sans. #​4706
• [ENHANCEMENT] Improve logging around webhook dispatch failure. #​4511
• [ENHANCEMENT] Compile silence matchers when the silence is added. #​4695
• [ENHANCEMENT] Fix 's/client/alerts_api/g' broken link in 0.29. #​4718
• [ENHANCEMENT] Fix rocketchat_config docs. #​4767
• [ENHANCEMENT] Fix: <mute_time_interval> was renamed. #​4729
• [ENHANCEMENT] Improve inhibition performance. #​4607
• [ENHANCEMENT] Loadsnapshot: update matcher index properly while not holding lock. #​4714
• [ENHANCEMENT] Logging improvements. #​4113
• [ENHANCEMENT] Move query locking back into private query function. #​4694
• [ENHANCEMENT] Optimize the new inhibitor implementation for ~2.5x performance improvement. #​4668
• [ENHANCEMENT] Reduce the time dispatch.group holds the mutex. #​4670
• [ENHANCEMENT] Use b.loop() to simplify the code and improve performance. #​4642
• [ENHANCEMENT] Remove duplicate slice during silences query. #​4696
• [ENHANCEMENT] Silences: optimize incremental mutes queries via a silence version index. #​4723
• [ENHANCEMENT] Update description for filter param in openapi. #​4775
• [BUGFIX] Add new behavior to avoid races on config reload. #​4705
• [BUGFIX] config: Fix duplicate header detection for all case variants. #​2810
• [BUGFIX] marker: Stop state leakage from aggregation groups. #​4438
• [BUGFIX] Fix pprof debug endpoints not working with --web.route-prefix. #​4698
• [BUGFIX] Set context timeout for resolvepeers. #​4343

prometheus/prometheus (prom/prometheus)

v3.8.1: 3.8.1 / 2025-12-16

Compare Source

• [BUGFIX] remote: Fix Remote Write receiver, so it does not send wrong response headers for v1 flow and cause Prometheus senders to emit false partial error log and metrics. #​17683

remix-run/react-router (react-router-dom)

v7.11.0

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.11.0

typescript-eslint/typescript-eslint (typescript-eslint)

v8.50.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v7.3.1

Compare Source

Please refer to CHANGELOG.md for details.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 6.98%. Comparing base (f072724) to head (083a0ce).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #336   +/-   ##
=====================================
  Coverage   6.98%   6.98%           
=====================================
  Files         82      82           
  Lines      15183   15183           
=====================================
  Hits        1060    1060           
  Misses     14075   14075           
  Partials      48      48           

Flag	Coverage Δ
mariadb	6.98% <ø> (ø)
postgres	6.98% <ø> (ø)
unittests	6.98% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.