chore(deps): update all non-major dependencies with stable versions (minor)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@stylistic/stylelint-plugin	^5.0.1 → ^5.1.0
autoprefixer	^10.4.27 → ^10.5.0
brace-expansion@>=2.0.0 <=2.0.1	[>=2.0.3 → >=2.1.0](https://renovatebot.com/diffs/npm/brace-expansion@>=2.0.0 <=2.0.1/2.0.3/2.1.0)
devalue@<5.6.4	>=5.6.4 → >=5.7.1
devalue@<=5.6.2	>=5.6.4 → >=5.7.1
devalue@>=5.1.0 <5.6.2	[>=5.6.4 → >=5.7.1](https://renovatebot.com/diffs/npm/devalue@>=5.1.0 <5.6.2/5.6.4/5.7.1)
devalue@>=5.3.0 <=5.6.1	[>=5.6.4 → >=5.7.1](https://renovatebot.com/diffs/npm/devalue@>=5.3.0 <=5.6.1/5.6.4/5.7.1)
sass	^1.98.0 → ^1.99.0
undici@<7.24.0 (source)	>=7.24.0 → >=7.25.0

---

Release Notes

stylelint-stylistic/stylelint-stylistic (@​stylistic/stylelint-plugin)

v5.1.0

Compare Source

Added

• The no-multiple-whitespaces rule, which disallows multiple whitespaces between property values and function arguments.

Fixed

• The dependencies have now been updated to versions that include security fixes.

postcss/autoprefixer (autoprefixer)

v10.5.0

Compare Source

• Added mask-position-x and mask-position-y support (by @​toporek).

juliangruber/brace-expansion (brace-expansion@>=2.0.0 <=2.0.1)

v2.1.0

Compare Source

sveltejs/devalue (devalue@<5.6.4)

v5.7.1

Compare Source

Patch Changes

• 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

v5.7.0

Compare Source

Minor Changes

• df2e284: feat: use native alternatives to encode/decode base64
• 498656e: feat: add DataView support
• a210130: feat: whitelist Float16Array
• df2e284: feat: simplify TypedArray slices

Patch Changes

• 5590634: fix: get uneval type handling up to parity with stringify
• 57f73fc: fix: correctly support boxed bigints and sentinel values

sass/dart-sass (sass)

v1.99.0

Compare Source

• Add support for parent selectors (&) at the root of the document. These are
  emitted as-is in the CSS output, where they're interpreted as the scoping
  root.

• User-defined functions named calc or clamp are no longer forbidden. If
  such a function exists without a namespace in the current module, it will be
  used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression,
  -url, -and, -or, or -not are no longer forbidden. These were
  originally intended to match vendor prefixes, but in practice no vendor
  prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that
  begin with - and end with -ELEMENT, as well as the same names with some
  lowercase letters are now deprecated, These are names conflict with plain CSS
  functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end
  with -expression and -url will no longer have special parsing. For now,
  these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

• Calls to functions whose names begin with - and end with -progid:... are
  deprecated.

  See the Sass website for details.

nodejs/undici (undici@<7.24.0)

v7.25.0

Compare Source

What's Changed

Full Changelog: nodejs/undici@v7.24.8...v7.25.0

v7.24.8

Compare Source

What's Changed

• fix: backport 401 stream-backed body fix to v7.x by @​mcollina in #​5006

Full Changelog: nodejs/undici@v7.24.7...v7.24.8

v7.24.7

Compare Source

What's Changed

• docs: update broken links in file "Dispatcher.md" by @​samuel871211 in #​4924
• doc: remove unused parameter redirectionLimitReached by @​samuel871211 in #​4933
• test: skip flaky macOS Node 20 cookie fetch cases by @​mcollina in #​4932
• fix(types): align Response with DOM fetch types by @​theamodhshetty in #​4867
• fix(types): Fix clone method type declaration to be an instance method rather than instance property by @​mistval in #​4925
• test: skip IPv6 tests when IPv6 is not available by @​mcollina in #​4939
• fix: correctly handle multi-value rawHeaders in fetch by @​mcollina in #​4938
• ignore AGENTS.md by @​mcollina in #​4942

New Contributors

• @​samuel871211 made their first contribution in #​4924
• @​mistval made their first contribution in #​4925

Full Changelog: nodejs/undici@v7.24.6...v7.24.7

v7.24.6

Compare Source

What's Changed

• fix(test): client wasm compatible with clang 22 by @​rozzilla in #​4909
• fix(mock): improve error message when intercepts are exhausted by @​travisbreaks in #​4912
• fix(websocket): support open diagnostics over h2 by @​mcollina in #​4921
• fix: assume http/https scheme for scheme-less proxy env vars by @​travisbreaks in #​4914
• fix(cache): check Authorization on request headers per RFC 9111 §3.5 by @​metalix2 in #​4911
• fix: wrap kConnector call in try/catch to prevent client hang by @​veeceey in #​4834
• docs: clarify fetch and FormData pairing by @​mcollina in #​4922
• fix: support Connection header with connection-specific header names per RFC 7230 by @​mcollina in #​4775
• fix: avoid prototype collisions in parseHeaders by @​mcollina in #​4923
• build(deps-dev): bump typescript from 5.9.3 to 6.0.2 by @​dependabot[bot] in #​4926
• test: auto-init WPT submodule by @​mcollina in #​4930

New Contributors

• @​rozzilla made their first contribution in #​4909
• @​veeceey made their first contribution in #​4834

Full Changelog: nodejs/undici@v7.24.5...v7.24.6

v7.24.5

Compare Source

What's Changed

• Formdata tests by @​KhafraDev in #​4902
• test: add unexpected disconnect guards to more client test files by @​samayer12 in #​4844
• fix(cache): only apply 1-year deleteAt for immutable responses by @​metalix2 in #​4913

New Contributors

• @​metalix2 made their first contribution in #​4913

Full Changelog: nodejs/undici@v7.24.4...v7.24.5

v7.24.4

Compare Source

What's Changed

• fix(fetch): handle URL credentials in dispatch path extraction by @​mcollina in #​4892

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

Compare Source

What's Changed

• fix(h2): TypeError: Cannot read properties of null (reading 'push') i… by @​hxinhan in #​4881

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

Compare Source

What's Changed

• fix fetch path logic by @​KhafraDev in #​4890
• remove maxDecompressedMessageSize by @​KhafraDev in #​4891

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

Compare Source

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • Monday through Friday (* * * * 1-5)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 67, reused 0, downloaded 0, added 0
Progress: resolved 70, reused 0, downloaded 0, added 0
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "vite@6.4.1" (possible package takeover)

This error happened while installing a direct dependency of /tmp/renovate/repos/github/Kong/kongponents

Trust checks are based solely on publish date, not semver. A package cannot be installed if any earlier-published version had stronger trust evidence. Earlier versions had trusted publisher, but this version has provenance attestation. A trust downgrade may indicate a supply chain incident.

[netlify]

❌ Deploy Preview for kongponents-sandbox failed.

Name	Link
🔨 Latest commit	0aaf522
🔍 Latest deploy log	https://app.netlify.com/projects/kongponents-sandbox/deploys/69ec691362ebca00082f96b0