Update all minor dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@fontsource/nunito (source)	5.1.0 → 5.2.7			dependencies	minor
@fortawesome/fontawesome-free (source)	6.6.0 → 6.7.2			dependencies	minor
@vitejs/plugin-vue (source)	5.1.4 → 5.2.4			devDependencies	minor
alpinejs (source)	3.14.3 → 3.15.8			devDependencies	minor
axios (source)	1.7.7 → 1.13.5			devDependencies	minor
brianium/paratest	7.5.7 → 7.19.0			require-dev	minor
chart.js (source)	4.4.5 → 4.5.1			dependencies	minor
fakerphp/faker	1.23.1 → 1.24.1			require-dev	minor
friendsofphp/php-cs-fixer	3.64.0 → 3.94.1			require-dev	minor
larastan/larastan	2.9.8 → 2.11.2			require-dev	minor
laravel-vite-plugin	1.0.5 → 1.3.0			devDependencies	minor
laravel-vue-i18n	2.7.7 → 2.8.0			dependencies	minor
laravel/breeze	2.2.2 → 2.3.8			require-dev	minor
laravel/framework (source)	11.27.2 → 11.48.0			require	minor
laravel/passport	12.3.0 → 12.4.2			require	minor
laravel/sail	1.35.0 → 1.53.0			require-dev	minor
laravel/tinker	2.10.0 → 2.11.1			require	minor
laravel/ui	4.5.2 → 4.6.1			require	minor
node (source)	20.18.0 → 20.20.0				minor
nunomaduro/collision	8.4.0 → 8.9.1			require-dev	minor
phpunit/phpunit (source)	11.4.1 → 11.5.55			require-dev	minor
postcss (source)	8.4.47 → 8.5.6			devDependencies	minor
sass	1.77.6 → 1.97.3			devDependencies	minor
spatie/laravel-html	3.11.0 → 3.12.3			require	minor
spatie/laravel-ignition (source)	2.8.0 → 2.10.0			require-dev	minor
sweetalert2 (source)	11.14.3 → 11.26.19			dependencies	minor
vite-plugin-pwa	^0.20.5 → ^0.21.0			devDependencies	minor
workbox-precaching (source)	7.1.0 → 7.4.0			dependencies	minor
workbox-routing (source)	7.1.0 → 7.4.0			dependencies	minor
workbox-window (source)	7.1.0 → 7.4.0			dependencies	minor

---

Release Notes

fontsource/font-files (@​fontsource/nunito)

v5.2.7

Compare Source

v5.2.6

Compare Source

v5.2.5

Compare Source

v5.2.4

Compare Source

v5.2.1

Compare Source

v5.2.0

Compare Source

v5.1.1

Compare Source

FortAwesome/Font-Awesome (@​fortawesome/fontawesome-free)

v6.7.2

Compare Source

Change log available at https://fontawesome.com/docs/changelog/

v6.7.1

Compare Source

Change log available at https://fontawesome.com/docs/changelog/

v6.7.0

Compare Source

Change log available at https://fontawesome.com/docs/changelog/

vitejs/vite-plugin-vue (@​vitejs/plugin-vue)

v5.2.4

Features

• plugin-vue: use transformWithOxc if rolldown-vite is detected (#​584) (6ac8e3a)

Bug Fixes

• plugin-vue: handle sourcemap with empty script code (#​585) (7f73970)
• plugin-vue: when the resource path contains chinese characters, dev/build is inconsistent (#​550) (5f6affe)

Miscellaneous Chores

• deps: update upstream (#​542) (ef446fc)
• deps: update upstream (#​569) (98381b2)
• fix types with Vite 6.3 (#​559) (8002511)
• use rollup types exposed from Vite (#​583) (2e1287f)

v5.2.3

5.2.3 (2025-03-17)

v5.2.2

Features

• css: tree shake scoped styles (#​533) (333094f)
• pass descriptor vapor flag to compileTemplte (219e007)

Bug Fixes

• deps: update all non-major dependencies (#​482) (cdbae68)
• deps: update all non-major dependencies (#​488) (5d39582)
• generate unique component id (#​538) (2704e85)
• index: move the if check earlier to avoid creating unnecessary ssr when entering return block (#​523) (2135c84)
• plugin-vue: default value for compile time flags (#​495) (ae9d948)
• plugin-vue: ensure HMR updates styles when SFC is treated as a type dependency (#​541) (4abe3be)
• plugin-vue: resolve sourcemap conflicts in build watch mode with cached modules (#​505) (906cebb)
• plugin-vue: support external import URLs for monorepos (#​524) (cdd4922)
• plugin-vue: support vapor template-only component (#​529) (95be153)
• plugin-vue: suppress warnings for non-recognized pseudo selectors form lightningcss (#​521) (15c0eb0)
• properly interpret boolean values in define (#​545) (46d3d65)

Miscellaneous Chores

• deps: update dependency rollup to ^4.27.4 (#​479) (428320d)
• deps: update dependency rollup to ^4.28.1 (#​484) (388403f)
• deps: update dependency rollup to ^4.29.1 (#​493) (b092bc8)
• deps: update upstream (#​503) (8c12b9f)
• deps: update upstream (#​511) (d057351)
• deps: update upstream (#​526) (59946d3)
• plugin-vue: simplify resolved declaration (7288a59)

v5.2.1

Miscellaneous Chores

• add vite 6 peer dep (#​481) (4288652)
• deps: update dependency rollup to ^4.27.2 (#​476) (b2df95e)
• fix lint (378aea3)

v5.2.0

Features

• add a feature option to support custom component id generator (#​461) (7a1fc4c)

v5.1.5

Bug Fixes

• deps: update all non-major dependencies (#​439) (e432bcb)
• hmr: re-resolve script after type dep changed (#​446) (8f9c624)
• hmr: should reload if relies file changed after re-render (#​471) (62b17f3)

Performance Improvements

• use hash to replace createHash (#​460) (de88394)

Miscellaneous Chores

• deps: update dependency rollup to ^4.24.0 (#​448) (0fc9cd0)
• deps: update dependency rollup to ^4.25.0 (#​472) (91210cc)
• deps: update upstream (#​462) (5625fc9)
• fix typo (#​464) (4a811b0)

alpinejs/alpine (alpinejs)

v3.15.8

Compare Source

Fixed

• Flush x-model.blur value before form submit handlers run #​4729

v3.15.7

Compare Source

Fixed

• Fix $watch firing callback when primitive value unchanged #​4732

v3.15.6

Compare Source

Added

• Add reactive effect transactions #​4731

v3.15.5

Compare Source

Added

• feat(x-model): add .change, .blur, and .enter event modifiers #​4728

v3.15.4

Compare Source

Fixed

• Fix sort auto evaluation #​4716
• Fix duplicate attribute/value situations

v3.15.3

Compare Source

Changes

• Improve evaluator #​4711
• fix add support for ShadowRoot in findClosest function and export of injectMagics/initInterceptors #​4699
• fix(docs): initialise data, fix typo in x-on example #​4701

v3.15.2

Compare Source

Changes

• Imrove CSP bundle #​4704
• Add setErrorHandler #​4673

v3.15.1

Compare Source

Changed

• x-sort improvements
• CSP build allowGlobals now defaults to false instead of true

v3.15.0

Compare Source

Changed

• Improve CSP build #​4671
• Add Alpine.morphBetween() #​4629
• style: use let instead of var in x-model.js #​4645
• style: use let/const instead of var in debounce.js #​4644
• style: remove useless param #​4650
• feat(persist): add 'exports' field for proper ESM/CJS resolution #​4611
• Fix Chrome warning when using x-trap.inert #​4640
• Fixes license #​4647

v3.14.9

Compare Source

What's Changed

• Fix focus documentation example code by @​iamshcc in #​4496
• Add skip children to morph by @​joshhanley in #​4568

New Contributors

• @​iamshcc made their first contribution in #​4496

Full Changelog: alpinejs/alpine@v3.14.8...v3.14.9

v3.14.8

Compare Source

Fixed

• Fix x-mask triggering update requests on load #​4481

v3.14.7

Compare Source

Fixed

• Fix x-teleport by removing clone x-ignore #​4469

v3.14.6

Compare Source

Fixed

• Fix regression on x-ignore when removed #​4458

v3.14.5

Compare Source

Changed

• Optimize mutation observer to better handle move operations - ref #​4450 #​4451
• 🐛 Fixes Regression in Mutation handling #​4450

v3.14.4

Compare Source

What's Changed

• Fix deep morphdom key bug by @​calebporzio in #​4423
• Don't init trees within ignore elements (x-ignore) by @​calebporzio in #​4428
• Adjust mutation observer to be faster and still account for moving and wrapping nodes by @​calebporzio in #​4447

Full Changelog: alpinejs/alpine@v3.14.3...v3.14.4

axios/axios (axios)

v1.13.5

Compare Source

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)

Fixes

• Fix/5657. (PR #​7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #​7326)
• Refactor: bump minor package versions. (PR #​7356)

Documentation

• Clarify object-check comment. (PR #​7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #​7355)
• CI: update workflow YAMLs. (PR #​7372)
• CI: fix run condition. (PR #​7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
• Chore(release): prepare release 1.13.5. (PR #​7379)

New Contributors

• @​sachin11063 (first contribution — PR #​7323)
• @​asmitha-16 (first contribution — PR #​7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Compare Source

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#​7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release
  • Cleaned up interceptor test files
  • Improved workflow configurations

Infrastructure & CI/CD

• refactor: ci and build (#​7340) (8ff6c19)

  • Major refactoring of CI/CD workflows
  • Consolidated workflow files for better maintainability
  • Added mise configuration for the development environment
  • Improved sponsor block update automation
  • Enhanced issue and PR templates
  • Added automatic release notes generation
  • Implemented workflow cancellation for concurrent runs

• chore: codegen and some updates to workflows (76cf77b)

  • Code generation improvements
  • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

• jasonsaayman - Release management and CI/CD improvements

v1.13.3

Compare Source

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#​7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#​6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#​5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#​5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7257) (7d19335)
• turn AxiosError into a native error (#​5394) (#​5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#​5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#​7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#​6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#​5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#​6053) (65a7584)
• add Node.js coverage script using c8 (closes #​7289) (#​7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#​6265) (860e033)
• enhance pipeFileToResponse with error handling (#​7169) (88d7884)
• types: Intellisense for string literals in a widened union (#​6134) (f73474d), closes /github.com/microsoft/TypeScript/issues/33471#issuecomment-1376364329

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7…" (#​7298) (a4230f5), closes #​7253 #​7 #​7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#​7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad
• JohnTitor
• rohit miryala
• Wilson Mun
• techcodie
• Ved Vadnere
• svihpinc
• SANDESH LENDVE
• Lubos
• Jarred Sumner
• Adam Hines
• Subhan Kumar Rai
• Joseph Frazier
• KT0803
• Albie
• Jake Hayes

v1.13.2

Compare Source

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#​7206) (8d37233)
• http: use default export for http2 module to support stubs; (#​7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#​7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

v1.13.1

Compare Source

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#​7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

v1.13.0

Compare Source

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#​7155) (015faec)
• resolve issue #​7131 (added spacing in mergeConfig.js) (#​7133) (9b9ec98)

Features

• http: add HTTP2 support; (#​7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma
• Abhishek3880
• Dhvani Maktuporia
• Usama Ayoub
• ikuy1203
• Nikhil Simon Toppo
• Jane Wangari
• Supakorn Ieamgomol
• Kian-Meng Ang
• UTSUMI Keiji

1.12.2 (2025-09-14)

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

v1.12.2

Compare Source

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

[v1.12.1](https://redirect.github.com/ax

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.