Bump the patch-updates group across 1 directory with 16 updates

[dependabot]

Bumps the patch-updates group with 16 updates in the / directory:

Package	From	To
@astrojs/check	0.9.4	0.9.9
@astrojs/rss	4.0.12	4.0.18
@fontsource-variable/jetbrains-mono	5.2.6	5.2.8
@fontsource/roboto	5.2.6	5.2.10
@iconify-json/iconoir	1.2.9	1.2.11
@iconify-json/line-md	1.2.11	1.2.16
@iconify-json/material-symbols	1.2.33	1.2.72
@tailwindcss/typography	0.5.16	0.5.19
katex	0.16.22	0.16.46
markdown-it	14.1.0	14.1.1
sanitize-html	2.17.0	2.17.4
@types/sanitize-html	2.16.0	2.16.1
sharp	0.34.3	0.34.5
tailwindcss	3.4.17	3.4.19
typescript	5.9.2	5.9.3
@astrojs/ts-plugin	1.10.4	1.10.8

Updates @astrojs/check from 0.9.4 to 0.9.9

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Changelog

Sourced from @​astrojs/check's changelog.

0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

0.9.8

Patch Changes

• #15892 a2f597d Thanks @​Princesseuh! - Fixes Astro not being able to find astro check sometimes

• Updated dependencies [7b4b254]:

  • @​astrojs/language-server@​2.16.5

0.9.7

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #15198 55107a1 Thanks @​HiDeoo! - Updates to Astro 6 beta

• Updated dependencies [bbb5811, df6d2d7]:

  • @​astrojs/language-server@​2.16.1

0.9.7-beta.1

Patch Changes

• #15198 55107a1 Thanks @​HiDeoo! - Updates to Astro 6 beta

0.9.6-beta.1

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• Updated dependencies [bbb5811]:

  • @​astrojs/language-server@​2.16.1-beta.1

0.9.6-alpha.0

Patch Changes

• Updated dependencies [df6d2d7]:
  • @​astrojs/language-server@​2.16.1-alpha.0

... (truncated)

Commits

• c1f2e4f [ci] release (#16467)
• f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
• 184700c fix(deps): update language tools (#16230)
• 88fcc98 fix integrations links across docs (#16098)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• 09ecdd7 [ci] release (#15889)
• a2f597d fix(check): Revert publint lint fix (#15892)
• 48e5c4d [ci] release (#15808)
• 1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
• ddeb230 chore: address publint suggestions (#15653)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​astrojs/check since your current version.

Updates @astrojs/rss from 4.0.12 to 4.0.18

Release notes

Sourced from @​astrojs/rss's releases.

@​astrojs/rss@​4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

Changelog

Sourced from @​astrojs/rss's changelog.

4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

4.0.17

Patch Changes

• #15830 8d3f3aa Thanks @​Princesseuh! - Pin fast-xml-parser to 5.4.1 in order to fix an upstream bug

4.0.16

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #14956 0ff51df Thanks @​matthewp! - Updates usage of zod to own dependency rather than relying on astro/zod

• #15561 413b0f7 Thanks @​renovate! - Updates fast-xml-parser to v5.3.6

• #15283 daf41c6 Thanks @​eldair! - Updates validation to use Zod v4

• #15373 14252b2 Thanks @​renovate! - Updates zod to v4

4.0.15-beta.4

Patch Changes

• #15561 413b0f7 Thanks @​renovate! - Updates fast-xml-parser to v5.3.6

4.0.15-beta.3

Patch Changes

• #15373 14252b2 Thanks @​renovate! - Updates zod to v4

4.0.15-beta.2

Patch Changes

• #15283 daf41c6 Thanks @​eldair! - Updates validation to use Zod v4

4.0.15-beta.1

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

... (truncated)

Commits

• 4a6ff2a [ci] release (#16020)
• fdd2c5a fix(rss): unpin fast-xml-parser to resolve entity expansion CVEs (#16037)
• a2fff74 [ci] release (#15826)
• 8d3f3aa fix(rss): Pin fast-xml-parser until upstream fix (#15830)
• 48e5c4d [ci] release (#15808)
• 6453380 fix: manually updates packages who had main releases later than betas (#15816)
• 6414732 Spelling (#15601)
• 1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
• 10088fd fix(deps): update all non-major dependencies (#15707)
• 4d49632 [ci] release (beta) (#15590)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​astrojs/rss since your current version.

Updates @fontsource-variable/jetbrains-mono from 5.2.6 to 5.2.8

Commits

• See full diff in compare view

Updates @fontsource/roboto from 5.2.6 to 5.2.10

Commits

• See full diff in compare view

Updates @iconify-json/iconoir from 1.2.9 to 1.2.11

Commits

• See full diff in compare view

Updates @iconify-json/line-md from 1.2.11 to 1.2.16

Commits

• See full diff in compare view

Updates @iconify-json/material-symbols from 1.2.33 to 1.2.72

Commits

• See full diff in compare view

Updates @tailwindcss/typography from 0.5.16 to 0.5.19

Release notes

Sourced from @​tailwindcss/typography's releases.

v0.5.19

Fixed

• Fixed broken color styles (#405)

v0.5.18

Fixed

• Fixed undefined variable error (#403)

v0.5.17

Added

• Add modifiers for description list elements (#357)
• Add prose-picture modifier (#367)

Fixed

• Include unit in hr border-width value (#379)
• Ensure <kbd> styles work with Tailwind CSS v4 (#387)

Changed

• Remove lodash dependencies (#402)

Changelog

Sourced from @​tailwindcss/typography's changelog.

[0.5.19] - 2025-09-24

Fixed

• Fixed broken color styles (#405)

[0.5.18] - 2025-09-19

Fixed

• Fixed undefined variable error (#403)

[0.5.17] - 2025-09-19

Added

• Add modifiers for description list elements (#357)
• Add prose-picture modifier (#367)

Fixed

• Include unit in hr border-width value (#379)
• Ensure <kbd> styles work with Tailwind CSS v4 (#387)

Changed

• Remove lodash dependencies (#402)

Commits

• e002ab8 0.5.19
• bbb1c21 Fix bad RGB syntax (#405)
• b316f95 0.5.18
• ed95206 Fix variable declaration in opacity function (#403)
• 7efcb4a 0.5.17
• e0ec248 chore(ci): update actions for release insiders
• 511afcb Add modifiers for description list elements (#357)
• 042a531 Add prose-picture modifiers (#367)
• f822222 Fix kbd shadow colors not being calculated on oklch colors (#387)
• ecb7e87 Add Tailwind v4 custom color theme example to README (#396)
• Additional commits viewable in compare view

Updates katex from 0.16.22 to 0.16.46

Release notes

Sourced from katex's releases.

v0.16.46

0.16.46 (2026-05-13)

Bug Fixes

• preserve math font in some styling commands (#4214) (e9ee046), closes #4213

v0.16.45

0.16.45 (2026-04-05)

Bug Fixes

• wrap vcenter mpadded in mrow for valid MathML (#4193) (ee66b78), closes #4078

v0.16.44

0.16.44 (2026-03-27)

Bug Fixes

• remove extra \jot space at bottom of align/gather/etc. (#4184) (3870ee9)

v0.16.43

0.16.43 (2026-03-26)

Bug Fixes

• use makeEm() consistently to truncate long CSS decimals (#4181) (0967dcc)

v0.16.42

0.16.42 (2026-03-24)

Features

• \underbracket and \overbracket (#4147) (5be9abb)

v0.16.41

0.16.41 (2026-03-24)

Bug Fixes

• \sout in text mode (#4173) (e748578)

v0.16.40

0.16.40 (2026-03-20)

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.46 (2026-05-13)

Bug Fixes

• preserve math font in some styling commands (#4214) (e9ee046), closes #4213

0.16.45 (2026-04-05)

Bug Fixes

• wrap vcenter mpadded in mrow for valid MathML (#4193) (ee66b78), closes #4078

0.16.44 (2026-03-27)

Bug Fixes

• remove extra \jot space at bottom of align/gather/etc. (#4184) (3870ee9)

0.16.43 (2026-03-26)

Bug Fixes

• use makeEm() consistently to truncate long CSS decimals (#4181) (0967dcc)

0.16.42 (2026-03-24)

Features

• \underbracket and \overbracket (#4147) (5be9abb)

0.16.41 (2026-03-24)

Bug Fixes

• \sout in text mode (#4173) (e748578)

0.16.40 (2026-03-20)

Bug Fixes

• css: specify position: relative for .katex (#4170) (020f0d8)

0.16.39 (2026-03-19)

... (truncated)

Commits

• 2c25b47 chore(release): 0.16.46 [ci skip]
• e9ee046 fix: preserve math font in some styling commands (#4214)
• 88256c0 ci(screenshotter): require safe to test label for PRs (#4211)
• a3fce45 ci(screenshotter): disable cache (#4209)
• 9de4b3d chore: update linters (#4205)
• c224153 refactor: improve typing for fonts (#4200)
• 89a3d67 chore(deps): update dependency postcss to v8.5.10 [security] (#4202)
• 441e6ca chore: update stylelint and adjust styles for updated set of rules (#4201)
• bdec9b0 docs: support for persian/arabic numerals (#4190)
• efedddd refactor(types): resolve most as any casts and TODO(ts) comments (#4171)
• Additional commits viewable in compare view

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

• Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.

Commits

• b4a9b65 14.1.1 released
• 4b4bbca Fixed perf regression in linkify-it wrapper
• d2782d8 Add supplementary example-driven documentation (#1092)
• See full diff in compare view

Updates sanitize-html from 2.17.0 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

2.17.3 (2026-04-15)

Security

• Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

2.17.2 (2026-03-19)

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &[#0000001](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/0000001)) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

2.17.1 (2026-02-18)

Fixes

• Fix unclosed tags (e.g., <hello) returning empty string in escape and recursiveEscape modes. Fixes #706. Thanks to Byeong Hyeon for the fix.

Commits

• See full diff in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

• See full diff in compare view

Updates sharp from 0.34.3 to 0.34.5

Release notes

Sourced from sharp's releases.

v0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.1

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.0

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

... (truncated)

Commits

• e062456 Release v0.34.5
• 6450c70 Prerelease v0.34.5-rc.1
• f7c95d1 TypeScript: consolidate a few enum-like properties
• ef86a75 Prerelease v0.34.5-rc.0
• 6c1e840 Use structured binding for tuples where possible
• e1628d8 Simplify ICC processing when retaining input profiles #4468
• 4f9f817 Linter: apply all recommended biome settings
• 09d5aa8 Docs: update internal and libvips doc links
• 040b73c Upgrade to libvips v8.17.3
• 1f2f33d Ensure licensing headers are retained by code bundlers
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for sharp since your current version.

Install script changes

This version modifies install script that runs during installation. Review the package contents before updating.

Updates tailwindcss from 3.4.17 to 3.4.19

Release notes

Sourced from tailwindcss's releases.

v3.4.19

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

v3.4.18

Fixed

• Improve support for raw supports-[…] queries in arbitrary values (#13605)
• Fix require.cache error when loaded through a TypeScript file in Node 22.18+ (#18665)
• Support import.meta.resolve(…) in configs for new enough Node.js versions (#18938)
• Allow using newer versions of postcss-load-config for better ESM and TypeScript PostCSS config support with the CLI (#18938)
• Remove irrelevant utility rules when matching important classes (#19030)

Changelog

Sourced from tailwindcss's changelog.

[3.4.19] - 2025-12-10

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

[4.1.16] - 2025-10-23

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

[4.1.15] - 2025-10-20

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)(tailwindlabs/tailwindcss#19149)

[4.1.14] - 2025-10-01

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)

... (truncated)

Commits

• See full diff in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Updates @astrojs/ts-plugin from 1.10.4 to 1.10.8

Release notes

Sourced from @​astrojs/ts-plugin's releases.

@​astrojs/ts-plugin@​1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @​astrojs/ts-plugin's changelog.

1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

1.10.7

Patch Changes

• #15820 e20474b Thanks @​Princesseuh! - Fixes broken publish

• Updated dependencies [e20474b]:

  • @​astrojs/yaml2ts@​0.2.3

1.10.6

Patch Changes

• #14740 abfed97 Thanks @​ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

1.10.5

Patch Changes

• 6dfd814: Updated internal Volar version. This update should improve compatibility with newer versions of TypeScript and fix minor issues.

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​astrojs/ts-plugin since your current version.

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

• See full diff in compare view

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
boospace	Ready	Preview, Comment	May 16, 2026 3:28am