Bump the development group across 1 directory with 6 updates

[dependabot]

Bumps the development group with 6 updates in the / directory:

Package	From	To
turbo	2.9.14	2.9.15
typescript-eslint	8.59.4	8.60.0
sass	1.99.0	1.100.0
vite	8.0.13	8.0.14
postcss	8.5.14	8.5.15
terser	5.47.1	5.48.0

Updates turbo from 2.9.14 to 2.9.15

Release notes

Sourced from turbo's releases.

Turborepo v2.9.15

What's Changed

Changelog

• release(turborepo): 2.9.14 by @​github-actions[bot] in vercel/turborepo#12805
• fix: Prune package.json workspaces by @​anthonyshew in vercel/turborepo#12808
• fix: Wait for process trees before task completion by @​anthonyshew in vercel/turborepo#12809
• release(turborepo): 2.9.15-canary.1 by @​github-actions[bot] in vercel/turborepo#12810
• ci: Sign macOS release binaries by @​anthonyshew in vercel/turborepo#12811
• release(turborepo): 2.9.15-canary.2 by @​github-actions[bot] in vercel/turborepo#12812
• fix: Prevent cache archive symlink reads by @​anthonyshew in vercel/turborepo#12813
• release(turborepo): 2.9.15-canary.3 by @​github-actions[bot] in vercel/turborepo#12814
• fix: Avoid path-racy chmod during directory restore by @​anthonyshew in vercel/turborepo#12815
• fix: Prevent cache restore symlink race writes by @​anthonyshew in vercel/turborepo#12817
• chore: Deny Rust panic extraction by default by @​anthonyshew in vercel/turborepo#12818
• fix: Make structured log symlink defense race-safe by @​anthonyshew in vercel/turborepo#12821
• fix: Preserve Bun alias child packages by @​anthonyshew in vercel/turborepo#12822
• fix: Avoid UTF-8 panics at boundaries by @​anthonyshew in vercel/turborepo#12823
• fix: Preserve non-UTF-8 Git path boundaries by @​anthonyshew in vercel/turborepo#12826
• fix: Create daemon dirs with private permissions by @​anthonyshew in vercel/turborepo#12827
• fix: Return Berry lockfile errors instead of panicking by @​anthonyshew in vercel/turborepo#12828
• fix: Isolate Corepack state in integration tests by @​anthonyshew in vercel/turborepo#12831
• ci: Use larger Windows runners for Rust tests by @​anthonyshew in vercel/turborepo#12832
• docs: Add with-vite-module-federation example by @​gioboa in vercel/turborepo#12794
• test: Run Rust tests without partitioning by @​anthonyshew in vercel/turborepo#12833
• chore: Remove TaskHashTracker-based expect() calls by @​anthonyshew in vercel/turborepo#12836
• chore: Deduplicate hash canonicalization by @​anthonyshew in vercel/turborepo#12837
• fix: Prevent Windows process drain hangs by @​anthonyshew in vercel/turborepo#12838
• fix: Refactor execsync to execfilesync for Shell command built from environment values by @​bjormgyg in vercel/turborepo#12829
• test: Bound vt100 random quickcheck by @​anthonyshew in vercel/turborepo#12839
• fix: Validate daemon discovery responses by @​anthonyshew in vercel/turborepo#12840
• fix: Store PackageGraph root invariants by @​anthonyshew in vercel/turborepo#12841
• chore: Avoid engine graph node expects by @​anthonyshew in vercel/turborepo#12842
• test: Make Rust tests parallel-safe by @​anthonyshew in vercel/turborepo#12843
• fix: Avoid graph utility node lookup panics by @​anthonyshew in vercel/turborepo#12844
• fix: Avoid graph walker expect() calls by @​anthonyshew in vercel/turborepo#12845
• fix: Remove fs panic extraction lints by @​anthonyshew in vercel/turborepo#12846
• fix: Remove fixed map panic extraction calls by @​anthonyshew in vercel/turborepo#12847
• fix: Remove devtools WebSocket panics by @​anthonyshew in vercel/turborepo#12850
• fix: Remove json rewrite panic lint allow by @​anthonyshew in vercel/turborepo#12848
• fix: Remove turborepo-types panic lint allows by @​anthonyshew in vercel/turborepo#12849
• chore: Remove turborepo-hash build expect by @​anthonyshew in vercel/turborepo#12851
• fix: Remove napi panic lint allows by @​anthonyshew in vercel/turborepo#12852
• fix: Avoid globwatch expect calls by @​anthonyshew in vercel/turborepo#12853
• fix: Remove LSP expect callsites by @​anthonyshew in vercel/turborepo#12854
• fix: Remove scope panic lint allows by @​anthonyshew in vercel/turborepo#12855
• fix: Remove task hash panic lints by @​anthonyshew in vercel/turborepo#12856
• fix: Remove frameworks panic lint allows by @​anthonyshew in vercel/turborepo#12857
• fix: Remove microfrontends proxy expect lint allow by @​anthonyshew in vercel/turborepo#12859

... (truncated)

Commits

• 3e78ad2 publish 2.9.15 to registry
• 076ff97 fix: Harden OTEL endpoint validation (#12954)
• f96ccc4 fix: Respect root gitignore during prune (#12953)
• ebebf41 chore: Switch Geist font imports to npm geist package (#12952)
• 5fa3039 chore(turbo-codemod): remove duplicate "in" in transforms path comment (#12948)
• 8fc94f3 docs: Correct attribute presence claims in turborepo-otel (#12932)
• 06e81ea release(turborepo): 2.9.15-canary.8 (#12945)
• c7ad6f2 feat: Add heap allocation profiling (#12943)
• 31123f4 fix: Preserve pnpm injected peer package entries (#12940)
• 6ed6fb0 fix: Use build-scale OTel duration buckets (#12939)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.59.4 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• f891c29 chore(release): publish 8.60.0
• See full diff in compare view

Updates sass from 1.99.0 to 1.100.0

Release notes

Sourced from sass's releases.

Dart Sass 1.100.0

To install Sass 1.100.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

  See the Sass website for details.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.100.0

• Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

  See the Sass website for details.

Commits

• 5fd18c7 Bump node engine requirement to >=20.19.0 and chokidar requirement to ^5.0.0 ...
• 8c1d984 Deprecate adjacent compound selectors (#2765)
• 8e5f718 Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (#2767)
• 1447f9b Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (#2766)
• See full diff in compare view

Updates vite from 8.0.13 to 8.0.14

Release notes

Sourced from vite's releases.

v8.0.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.14 (2026-05-21)

Features

• update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

• deps: update all non-major dependencies (#22471) (98b8163)
• dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
• html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
• optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22470) (7cb728e)
• remove irrelevant commits from changelog (2c69495)

Code Refactoring

• glob: do not rewrite import path for absolute base (#22310) (0ae2844)

Tests

• css: sass does not use main field (#22449) (ebf39a0)

Commits

• c917f1e release: v8.0.14
• 5d94d1b fix(html): handle trailing slash paths in transformIndexHtml (#22480)
• 98b8163 fix(deps): update all non-major dependencies (#22471)
• 96efc88 feat: update rolldown to 1.0.2 (#22484)
• ebf39a0 test(css): sass does not use main field (#22449)
• 0ae2844 refactor(glob): do not rewrite import path for absolute base (#22310)
• 7cb728e chore(deps): update rolldown-related dependencies (#22470)
• b3132da fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...
• e8e9a34 fix(dev): handle errors when sending messages to vite server (#22450)
• 2c69495 chore: remove irrelevant commits from changelog
• See full diff in compare view

Updates postcss from 8.5.14 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

Changelog

Sourced from postcss's changelog.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

Commits

• eae46db Release 8.5.15 version
• 79508ff Update CI actions
• b128e21 Speed up declaration parsing by avoiding creating new array on each token
• 9825dca Fix code format
• 55789c8 Update dependencies
• 84fbbe9 Install older pnpm action for old Node.js
• 9f860bd Revert pnpm action for old Node.js
• 0877198 Update CI actions
• b2d1a33 Fix linter warnings
• 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
• Additional commits viewable in compare view

Updates terser from 5.47.1 to 5.48.0

Changelog

Sourced from terser's changelog.

v5.48.0

• Support import source ... and import defer ... (#1682)

Commits

• 794a474 5.48.0
• 9778373 update changelog
• 7f77594 do not fuzz test in questionable OS
• 702926f Support source-phase imports (import source / import defer and dynamic `i...
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 508222f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR