build(deps-dev): bump the npm-packages group across 1 directory with 7 updates

[dependabot]

Bumps the npm-packages group with 7 updates in the / directory:

Package	From	To
@types/node	24.3.0	24.5.2
cypress	14.5.4	15.2.0
dotenv	17.2.1	17.2.2
esbuild	0.25.9	0.25.10
luxon	3.7.1	3.7.2
sass	1.90.0	1.93.1
start-server-and-test	2.0.13	2.1.2

Updates @types/node from 24.3.0 to 24.5.2

Commits

• See full diff in compare view

Updates cypress from 14.5.4 to 15.2.0

Release notes

Sourced from cypress's releases.

v15.2.0

Changelog: https://docs.cypress.io/app/references/changelog#15.2.0

v15.1.0

Changelog: https://docs.cypress.io/app/references/changelog#15.1.0

v15.0.0

Changelog: https://docs.cypress.io/app/references/changelog#15.0.0

Commits

• 058e7d2 chore: release 15.2.0 (#32453)
• 14199e0 chore: updating v8 snapshot cache (#32451)
• d327955 chore: updating v8 snapshot cache (#32450)
• 0f65f18 chore: updating v8 snapshot cache (#32449)
• 02fb097 chore: add --glob to rimraf command (#32444)
• 9f0e71f chore: Update styles in runner to not be fractional + only update scrollbar s...
• a07062d fix(dns-cache): prevent local family cache collisions (#32403)
• 9ebddda chore: Migrate @​packages/electron to TS (#32417)
• 4671317 feat: (studio) support @cypress/grep package in Cypress Studio (#32311)
• 8eda0c8 chore: Update v8 snapshot cache - linux (#32439)
• Additional commits viewable in compare view

Updates dotenv from 17.2.1 to 17.2.2

Changelog

Sourced from dotenv's changelog.

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

Commits

• 2ea1a76 17.2.2
• 0947a83 changelog 🪵
• c8fb4aa changelog 🪵
• a2b13d2 update README
• d92a91e remove
• See full diff in compare view

Updates esbuild from 0.25.9 to 0.25.10

Release notes

Sourced from esbuild's releases.

v0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @supports (color: blue) { color: blue }
  }
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  {
  color: blue;
  }
  }
  /* New output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  ::placeholder {
  color: blue;
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @supports (color: blue) { color: blue }
  }
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  {
  color: blue;
  }
  }
  /* New output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  ::placeholder {
  color: blue;

... (truncated)

Commits

• d6b668f publish 0.25.10 to npm
• 5088c19 refactor: use strings.Builder (#4290)
• 755da31 run make update-compat-table
• a1d9c86 fix #4287: marked the wrong issue as fixed
• 73a0b2a fix #4286: minifier panic due to identity function
• 134dadf fix #4265: @supports nested inside ::pseudo
• See full diff in compare view

Updates luxon from 3.7.1 to 3.7.2

Changelog

Sourced from luxon's changelog.

3.7.2 (2025-07-09)

• Fix ES6 packaging

Commits

• 4262a38 Version 3.7.2
• 738144d Fix the build ES6 code having the wrong file extension and use it in package....
• See full diff in compare view

Updates sass from 1.90.0 to 1.93.1

Release notes

Sourced from sass's releases.

Dart Sass 1.93.1

To install Sass 1.93.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• No user-visible changes.

JavaScript API

• Fix an error in the release process for @sass/types.

See the full changelog for changes in earlier releases.

Dart Sass 1.93.0

To install Sass 1.93.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a crash when a style rule contains a nested @import, and the loaded file @uses a user-defined module as well as @includes a top-level mixin which emits top-level declarations.

JavaScript API

• Release a @sass/types package which contains the type annotations used by both the sass and sass-embedded package without any additional code or dependencies.

See the full changelog for changes in earlier releases.

Dart Sass 1.92.1

To install Sass 1.92.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a bug where variable definitions from one imported, forwarded module would not be passed as implicit configuration to a later imported, forwarded module.

See the full changelog for changes in earlier releases.

Dart Sass 1.92.0

To install Sass 1.92.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

... (truncated)

Changelog

Sourced from sass's changelog.

1.93.1

• No user-visible changes.

JavaScript API

• Fix an error in the release process for @sass/types.

1.93.0

• Fix a crash when a style rule contains a nested @import, and the loaded file @uses a user-defined module as well as @includes a top-level mixin which emits top-level declarations.

JavaScript API

• Release a @sass/types package which contains the type annotations used by both the sass and sass-embedded package without any additional code or dependencies.

1.92.1

• Fix a bug where variable definitions from one imported, forwarded module would not be passed as implicit configuration to a later imported, forwarded module.

1.92.0

• Breaking change: Emit declarations, childless at-rules, and comments in the order they appear in the source even when they're interleaved with nested rules. This obsoletes the mixed-decls deprecation.

• Breaking change: The function name type() is now fully reserved for the plain CSS function. This means that @function definitions with the name type will produce errors, while function calls will be parsed as special function strings.

• Configuring private variables using @use ... with, @forward ... with, and meta.load-css(..., $with: ...) is now deprecated. Private variables were always intended to be fully encapsulated within the module that defines them, and this helps enforce that encapsulation.

• Fix a bug where @extend rules loaded through a mixture of @import and @use rules could fail to apply correctly.

Command-Line Interface

• In --watch mode, delete the source map when the associated source file is deleted.

... (truncated)

Commits

• 0b7d6d9 Empty commit
• 4e94339 Fix the release script for @sass/types (#2651)
• 710ef80 Switch to macos-15-intel runner (#2650)
• 307226a Publish a @sass/types package with the types of the shared JS API (#2639)
• edfe90d Fix crash when @​importing a Sass file that @​uses another file (#2599)
• 9360866 Bump actions/setup-node from 4 to 5 (#2643)
• 7737af5 Bump actions/setup-node from 4 to 5 in /.github/util/initialize (#2644)
• f7f0342 Fix bug with implicit configuration (#2642)
• ea9f7be Bump postcss from 8.5.5 to 8.5.6 in /pkg/sass-parser (#2607)
• ff1847b Bump browser-actions/setup-chrome from 1 to 2 (#2604)
• Additional commits viewable in compare view

Updates start-server-and-test from 2.0.13 to 2.1.2

Release notes

Sourced from start-server-and-test's releases.

v2.1.2

2.1.2 (2025-09-19)

Bug Fixes

• deps: update dependency wait-on to v8.0.5 (#407) (e09a718)

v2.1.1

2.1.1 (2025-09-17)

Bug Fixes

• deps: update dependency debug to v4.4.3 (#406) (d0db7f6)

v2.1.0

2.1.0 (2025-09-04)

Features

• support axios proxy (#402) (b399fec)

Commits

• e09a718 fix(deps): update dependency wait-on to v8.0.5 (#407)
• d0db7f6 fix(deps): update dependency debug to v4.4.3 (#406)
• b399fec feat: support axios proxy (#402)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.