chore(deps): update support-deps

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@commitlint/cli (source)	20.5.3 → 21.0.1			devDependencies	major
@commitlint/config-conventional (source)	20.5.3 → 21.0.1			devDependencies	major
@playwright/test (source)	1.59.1 → 1.60.0			devDependencies	minor
@types/node (source)	24.12.2 → 24.12.4			devDependencies	patch
@vitest/coverage-v8 (source)	4.1.5 → 4.1.6			devDependencies	patch
astral-sh/uv	0.11.11 → 0.11.14				patch
astral-sh/uv	0.11.11 → 0.11.14			uses-with	patch
defenseunicorns/uds-cli	v0.30.4 → v0.31.0				minor
defenseunicorns/uds-common	v1.24.9 → v1.24.10				patch
ghcr.io/zarf-dev/packages/init	v0.75.1 → v0.76.0				minor
helm-unittest/helm-unittest	v1.0.3 → v1.1.0				minor
lint-staged	17.0.2 → 17.0.4			devDependencies	patch	17.0.5
mcr.microsoft.com/playwright	v1.59.1-noble → v1.60.0-noble				minor
playwright (source)	1.59.1 → 1.60.0			devDependencies	minor
semver	7.7.4 → 7.8.0			dependencies	minor
vitest (source)	4.1.5 → 4.1.6			devDependencies	patch
yaml (source)	2.8.4 → 2.9.0			dependencies	minor
zarf-dev/zarf	v0.75.1 → v0.76.0				minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

conventional-changelog/commitlint (@​commitlint/cli)

v21.0.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v21.0.0

Compare Source

• chore!: minimum node version v22 (#​4679) (ac2b3f4), closes #​4679

BREAKING CHANGES

• drop node v18 and v20 support

• Bump engines to >=v22 in all 39 package.json files
• Update @​types/node to ^22.0.0
• Update CI matrix to [22, 24]
• Update Ubuntu baseline job to ubuntu:26.04
• Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
• Update pre-commit hook to use --ignore-engines
• Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/cli

20.5.2 (2026-04-25)

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v21.0.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v21.0.0

Compare Source

• chore!: minimum node version v22 (#​4679) (ac2b3f4), closes #​4679

BREAKING CHANGES

• drop node v18 and v20 support

• Bump engines to >=v22 in all 39 package.json files
• Update @​types/node to ^22.0.0
• Update CI matrix to [22, 24]
• Update Ubuntu baseline job to ubuntu:26.04
• Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
• Update pre-commit hook to use --ignore-engines
• Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/config-conventional

microsoft/playwright (@​playwright/test)

v1.60.0

Compare Source

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});

await page.locator('#dropzone').drop({
  data: {
    'text/plain': 'hello world',
    'text/uri-list': 'https://example.com',
  },
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

• Event browser.on('context') — fired when a new context is created on the browser.
• BrowserContext now mirrors lifecycle events from its pages: browserContext.on('download'), browserContext.on('frameattached'), browserContext.on('framedetached'), browserContext.on('framenavigated'), browserContext.on('pageclose'), browserContext.on('pageload').

Locators and Assertions

• New option description in page.getByRole() / locator.getByRole() / frame.getByRole() / frameLocator.getByRole() for matching the accessible description.
• New option pseudo in expect(locator).toHaveCSS() reads computed styles from ::before or ::after.
• New option style in locator.highlight() applies extra inline CSS to the highlight overlay, plus new page.hideHighlight() to clear all highlights.

Network

• webSocketRoute.protocols() returns the WebSocket subprotocols requested by the page.
• New option noDefaults in browserType.connectOverCDP() disables Playwright's default overrides on the default context (download behavior, focus emulation, media emulation), so attaching to a user's daily-driver browser doesn't disturb its state.

Errors and Reporting

• New webError.location() mirrors consoleMessage.location().
• consoleMessage.location() now exposes line / column properties (lineNumber / columnNumber are deprecated).
• New testInfoError.errorContext surfaces additional diagnostic context, such as the aria snapshot of the receiver at the time of an expect(...) matcher failure.
• reporter.onError() now receives a workerInfo argument with details about the worker for fixture teardown errors.

Test runner

• New {testFileBaseName} token in testProject.snapshotPathTemplate — file name without extension.
• Test runner now errors when a config tries to override a non-option fixture, and rejects workers: 0 or negative values.

🛠️ Other improvements

• HTML reporter:
  • npx playwright show-report accepts .zip files directly — no need to unzip first.
  • Steps that contain attachments inside nested children show an indicator on the parent step.
  • The repeatEachIndex is shown in the test header when non-zero.
• Trace Viewer adds a pretty-print toggle for JSON / form request and response bodies in the network details panel.

Breaking Changes ⚠️

• Removed long-deprecated APIs:
  • Locator.ariaRef() — use the standard locator.ariaSnapshot() pipeline.
  • handle option on BrowserContext.exposeBinding and Page.exposeBinding.
  • logger option on BrowserType.connect and BrowserType.connectOverCDP — use tracing instead.
  • Context options videosPath / videoSize — use recordVideo instead.

Browser Versions

• Chromium 148.0.7778.96
• Mozilla Firefox 150.0.2
• WebKit 26.4

This version was also tested against the following stable channels:

• Google Chrome 147
• Microsoft Edge 147

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.6

Compare Source

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in #​10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in #​10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in #​10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in #​10276 (9f7b1)

    View changes on GitHub

astral-sh/uv (astral-sh/uv)

v0.11.14

Compare Source

Released on 2026-05-12.

Enhancements

• Add Astral mirror URL override (#​19206)
• Ignore top_level.txt entries in uninstall that are not valid Python identifiers (#​19340)

Bug fixes

• Avoid applying .env files in parent process (#​19343)
• Filter ANSI codes in logging output (#​19311)
• Fix uv tree showing extra-conditional deps for packages required without extras (#​19332)
• Respect build options (e.g., --no-build) during lock validation (#​19366)

v0.11.13

Compare Source

Released on 2026-05-10.

Bug fixes

• Include data files in editable builds (#​19312)
• Respect --require-hashes when installing from pylock.toml files (#​19334)

Python

• Add CPython 3.14.5

v0.11.12

Compare Source

Released on 2026-05-08.

Python

• Add CPython 3.15.0b1

Enhancements

• Add --no-editable support to uv pip install (#​19306)
• Require git refs in URLs to be percent-encoded (#​19320)

Bug fixes

• Respect --no-dev over UV_DEV=1 (#​19313)

• Don't suggest non-existent --no-frozen flag (#​19290) (#​19294)

Documentation

• Fix bug from inconsistent workflow name in GHA-PyPI guide example (#​19309)

defenseunicorns/uds-cli (defenseunicorns/uds-cli)

v0.31.0

Compare Source

What's Changed

• chore(deps): update github-actions by @​renovate[bot] in #​1375
• chore(deps): update github-actions by @​renovate[bot] in #​1379
• chore(config): migrate Renovate config by @​renovate[bot] in #​1382
• chore(deps): update github-actions by @​renovate[bot] in #​1384
• chore(deps): update github actions to v5 by @​renovate[bot] in #​1383
• feat: add package level namespace override to bundles by @​corang in #​1386
• fix(deps): update zarf to v0.76.0 by @​renovate[bot] in #​1387

Full Changelog: defenseunicorns/uds-cli@v0.30.4...v0.31.0

defenseunicorns/uds-common (defenseunicorns/uds-common)

v1.24.10

Compare Source

Bug Fixes

• add id-token:write to auto-update and callable-auto-update workflows (#​671) (f102aac)

Miscellaneous

• deps: update uds common foundation dependencies to v1.3.1 (#​667) (96dab3f)

helm-unittest/helm-unittest (helm-unittest/helm-unittest)

v1.1.0

Compare Source

Fixes

• Fix handling skipped tests in output properly (resolves #​838)
• Fix documentSelector on unset YAML keys (resolves #​812, credits @​Semih702)
• Fix isType assertion on unset YAML keys (resolves #​794, credits @​SAY-5)
• Fix skip tests when subcharts are disabled via conditions (resolves #​792, credits @​bebosudo)

Improvements

• Enable native windows installation (resolves #​748)
• Signed release (resolves #​362)

Features

• Add skip schema validation with a flag to enable and disable it (resolves #​772, credits @​FinnHuelsbusch)
• Add support for testing CRDs (credits @​blacksd)

Updates

• Update release and package process, so the plugin can also be installed using helm 4 (resolves #​785)
• Update packages to latest patch versions
• Update pipeline actions
• Update documentation (credits @​pratikshmalik05)

lint-staged/lint-staged (lint-staged)

v17.0.4

Compare Source

Patch Changes

• #​1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

v17.0.3

Compare Source

Patch Changes

• #​1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

npm/node-semver (semver)

v7.8.0

Compare Source

Features

• 0d0a0a2 #​855 Add truncate function (#​855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #​859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #​853 fix typos in documentation (#​853) (@​ankitkumar572005)
• 37776c3 #​846 fix BNF grammar to distinguish prerelease from build identifiers (#​846) (@​abhu85, @​claude)

Chores

• 9542e09 #​860 template-oss-apply (@​owlstronaut)
• 937bc2c #​860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #​852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#​852) (@​dependabot[bot], @​npm-cli-bot)

eemeli/yaml (yaml)

v2.9.0

Compare Source

zarf-dev/zarf (zarf-dev/zarf)

v0.76.0

Compare Source

⚠ BREAKING CHANGES

• sign: align signing and verification flags to cosign (#​4880)

Features

• add OCI support for Argo CD sources (#​4354) (6b54e0a)
• implement import logic for Zarf Values (#​4427) (fde1211)
• sign: align signing and verification flags to cosign (#​4880) (04fb929)
• values: package inspect values feature support (#​4867) (2a3ef1b)
• verify dynamic path fields in package config are clean (#​4883) (579ec27)

Bug Fixes

• add cluster timeout cluster.New in dev deploy (#​4882) (fe7fc39)
• deploy: scope installedCharts by namespace override (#​4873) (6c6ee8c)
• init: skip namespace agent labels when agent is disabled (#​4851) (8ed2439)
• variables: file variable substitution alignment (#​4866) (a16872c)

What's Changed

🚀 Updates

• chore(main): release 0.76.0 by @​zarf-release-please[bot] in #​4868

Full Changelog: zarf-dev/zarf@v0.76.0-rc1...v0.76.0

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.