chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@playwright/test (source)	1.57.0 → 1.58.1
@types/node (source)	24.10.4 → 24.10.10
@types/react (source)	19.2.7 → 19.2.11
eslint-config-next (source)	16.1.1 → 16.1.6
pnpm (source)	10.26.2 → 10.28.2
use-debounce	10.0.6 → 10.1.0

---

Release Notes

microsoft/playwright (@​playwright/test)

v1.58.1

Compare Source

Highlights

#​39036 fix(msedge): fix local network permissions
#​39037 chore: update cft download location
#​38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

v1.58.0

Compare Source

vercel/next.js (eslint-config-next)

v16.1.6

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#​88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#​88509)
• tweak LRU sentinel key (#​89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Compare Source

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

Compare Source

v16.1.3

Compare Source

v16.1.2

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Turbopack: Update to swc_core v50.2.3 (#​87841) (#​88296)
  • Fixes a crash when processing mdx files with multibyte characters. (#​87713)
• Turbopack: mimalloc upgrade and enabling it on musl (#​88503) (#​87815) (#​88426)
  • Fixes a significant performance issue on musl-based Linux distributions (e.g. Alpine in Docker) related to musl's allocator.
  • Other platforms have always used mimalloc, but we previously did not use mimalloc on musl because of compilation issues that have since been resolved.

Credits

Huge thanks to @​mischnic for helping!

pnpm/pnpm (pnpm)

v10.28.2: pnpm 10.28.2

Compare Source

Patch Changes

• Security fix: prevent path traversal in directories.bin field.

• When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

  This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

  Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.

• Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #​9950.

Platinum Sponsors

Gold Sponsors

v10.28.1

Compare Source

v10.28.0

Compare Source

v10.27.0

Compare Source

xnimorz/use-debounce (use-debounce)

v10.1.0

Compare Source

• New parameter introduced: flushOnExit. See issue #​205 for details. This parameter allows the callback to be executed on component unmount or page exit, enabling specific side-effect such as persistence or other required I/O operations. Thanks to @​h for the contribution. PR

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.