chore(deps-dev): bump the dev-dependencies group with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates:

Package	From	To
oxfmt	0.52.0	0.53.0
oxlint	1.67.0	1.68.0
@tailwindcss/typography	0.5.19	0.5.20
@vitest/browser-playwright	4.1.7	4.1.8
@vitest/ui	4.1.7	4.1.8
@flue/cli	0.8.1	0.10.0

Updates oxfmt from 0.52.0 to 0.53.0

Changelog

Sourced from oxfmt's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

[0.54.0] - 2026-06-08

📚 Documentation

• dadafe3 oxlint, oxfmt: Mention migrate skills in npm READMEs (#22965) (Boshen)
• f88961a oxfmt: Annotate each config option with supported languages (#22953) (leaysgur)

Commits

• 964a758 release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (#22883)
• See full diff in compare view

Updates oxlint from 1.67.0 to 1.68.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.68.0] - 2026-06-01

🚀 Features

• e4b1f46 linter/typescript: Implement method-signature-style rule (#22679) (Mikhail Baev)
• bc462ca linter/vue: Implement no-reserved-component-names rule (#22741) (bab)
• ef9e751 linter/vue: Implement component-definition-name-casing rule (#22818) (bab)
• d67f51a linter/vue: Implement require-prop-type-constructor rule (#22708) (bab)
• 8422e8b linter/jsdoc: Implement require-yields-description rule (#22805) (Mikhail Baev)
• fe93f97 linter/eslint: Implement prefer-named-capture-group rule (#22759) (Sebastian Poxhofer)

Commits

• 964a758 release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (#22883)
• 3f05c5e feat(linter): expose override::exclude_files option (#22884)
• e4b1f46 feat(linter/typescript): implement method-signature-style rule (#22679)
• bc462ca feat(linter/vue): implement no-reserved-component-names rule (#22741)
• ef9e751 feat(linter/vue): implement component-definition-name-casing rule (#22818)
• d67f51a feat(linter/vue): implement require-prop-type-constructor rule (#22708)
• 8422e8b feat(linter/jsdoc): implement require-yields-description rule (#22805)
• fe93f97 feat(linter/eslint): implement prefer-named-capture-group rule (#22759)
• See full diff in compare view

Updates @tailwindcss/typography from 0.5.19 to 0.5.20

Release notes

Sourced from @​tailwindcss/typography's releases.

v0.5.20

Fixed

• Support installing with stable versions of Tailwind CSS v4 (#424)

Changelog

Sourced from @​tailwindcss/typography's changelog.

[0.5.20] - 2026-06-08

Fixed

• Support installing with stable versions of Tailwind CSS v4 (#424)

Commits

• e3714a3 0.5.20
• f34283d Update tailwindcss peer dependency version (#424)
• 543de42 bump Node.js
• 881b048 Setup OIDC (#423)
• 74a3da7 Fix typo in README.md (#413)
• 3963dfe Bump js-yaml from 3.14.1 to 3.14.2 (#410)
• abf85cc className instead of classname (#406)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/typography since your current version.

Updates @vitest/browser-playwright from 4.1.7 to 4.1.8

Release notes

Sourced from @​vitest/browser-playwright's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• 675b434 fix(browser): remove orphaned Playwright route when same module is mocked via...
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Updates @vitest/ui from 4.1.7 to 4.1.8

Release notes

Sourced from @​vitest/ui's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• See full diff in compare view

Updates @flue/cli from 0.8.1 to 0.10.0

Changelog

Sourced from @​flue/cli's changelog.

0.10.0 - 2026-06-08

This is a large pre-1.0 release that establishes Flue's durability model across Node.js and Cloudflare. Rather than cataloging every intermediate beta change, this entry highlights the final APIs and the most important upgrade work. For guides and API reference, see the documentation.

Breaking Changes

• Cloudflare durable deployments require a migration. Generated Durable Object bindings and class names changed to FLUE_<NAME>_AGENT, FLUE_<NAME>_WORKFLOW, FLUE_REGISTRY, Flue<Name>Agent, Flue<Name>Workflow, and FlueRegistry. Existing deployments must add authored Wrangler renamed_classes migrations for already-deployed agent and workflow classes, update direct binding access such as env.Assistant to env.FLUE_ASSISTANT_AGENT, and introduce fresh SQLite-backed agent classes through new_sqlite_classes; existing KV-backed classes cannot be converted in place. Install agents >=0.14.1 <0.15.0 for the audited Agents SDK behavior used by this release.
• Runtime surface cleanup. Removed tool_execution_* event types, the @flue/runtime/app, @flue/runtime/client, and @flue/runtime/sandbox compat subpaths, public AgentConfig / DirectAgentPayload exports, public Cloudflare agent WebSocket adapters, store() from @flue/runtime/cloudflare, and the old Cloudflare shell migration stubs.
• Persistence adapter contracts changed. Custom adapters now implement connectRunStore() and connectRunRegistry() on PersistenceAdapter, use SubmissionClaimRef for claimSubmission(), and provide renewLeases(), listExpiredSubmissions(), and deleteSession() on AgentSubmissionStore.
• Session state changed. Ordinary session names beginning with task: are now reserved for framework-owned delegated-task history, and existing version-4 beta session state is rejected because provider affinity now uses one opaque aff_<ULID> key instead of derived instance/harness/session identifiers.
• OpenTelemetry sanitization changed. captureContent is replaced by an application-owned sanitize(event) callback; metadata and generic failure messages are exported by default.

New Features

• Unified durable agent execution. Direct HTTP, SSE, WebSocket, local CLI, and dispatch(...) inputs now share one SQL-backed submission lifecycle on Node and Cloudflare: admission, same-session ordering, claiming, journaled execution, conservative recovery, and retained terminal receipts.

• Pluggable persistence. Add source-root db.ts adapters, built-in sqlite(path?) persistence for Node, the new @flue/postgres package, and the @flue/runtime/adapter / @flue/runtime/test-utils subpaths for custom backend authors.

  // src/db.ts
  import { sqlite } from '@flue/runtime/node';
  export default sqlite('./data/flue.db');

  // src/db.ts
  import { postgres } from '@flue/postgres';
  export default postgres(process.env.DATABASE_URL!);

• Signal messages and mid-turn recovery. Stream chunks are persisted during provider output so interrupted turns can resume from partial assistant text. Framework-injected context now uses signal messages for stream interruption/continuation, terminal submission advisories, dispatched input, compaction summaries, and branch summaries.

• Cloudflare extension hooks. Agent and workflow modules may export cloudflare = extend({ base, wrap }) from @flue/runtime/cloudflare to add native Agents SDK lifecycle hooks beneath Flue-owned routing or wrap generated Durable Object classes with integrations such as Sentry.

Fixes & Other Changes

• Node execution is concurrent and shutdown-aware. Different sessions now process in parallel through a concurrent claim loop. Claimed submissions carry renewable leases, and SIGINT/SIGTERM drains active work at turn boundaries before reclaiming unfinished submissions on next startup.
• Postgres workflow history is durable. @flue/postgres stores runs, run events, and the run registry in SQL-backed tables; built-in SQLite keeps run history in memory.
• Cloudflare routing and recovery are stricter. Generated agent and workflow bindings are resolved explicitly instead of inferred from the Agents SDK environment scanner, workflow event identity is append-only by (runId, eventIndex), and Cloudflare workflow storage preserves same-ID reset behavior and explicit terminal null results.
• Observability is more accurate. OpenTelemetry now closes interrupted workflow spans correctly, exposes event indexes and compaction usage, and supports resolveRootContext(event, ctx) for parenting Flue roots under application-owned spans.
• Runtime resilience improved. Prompt operations retry transient provider failures with abortable exponential backoff, generated import paths are escaped safely, and Bun compatibility diagnostics now point users at the right runtime upgrade.

0.9.2 - 2026-06-03

Fixes & Other Changes

• Fixed agents' ability to activate skills autonomously with the activate_skill tool.

0.9.1 - 2026-06-02

Fixes & Other Changes

... (truncated)

Commits

• 03f8018 chore: release v0.10.0
• ea351ca feat: durable execution, pluggable persistence, and more (#217)
• b2d6803 feat(cloudflare): extend workflow durable objects (#209)
• 7bb09c1 refactor(cloudflare): use agents sdk custom routing
• e1766cf style: format repository
• be0340a feat(cloudflare): own generated durable object routing
• c6fc8b1 fix(runtime): reserve detached task sessions
• fe92e6d feat(cloudflare): add authored deployment and agent extensions (#194)
• 48549d9 fix(cli): report unsupported Bun runtimes accurately
• 4cc5b46 chore: release v0.9.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Scope check

This PR changes 1,037 lines across 5 files. Large PRs are harder to review and more likely to be closed without review.

If this scope is intentional, no action needed. A maintainer will review it. If not, please consider splitting this into smaller PRs.

See CONTRIBUTING.md for contribution guidelines.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml