chore(deps): bump the minor group across 1 directory with 6 updates

[dependabot]

Bumps the minor group with 6 updates in the / directory:

Package	From	To
@cloudflare/workers-types	4.20260305.1	4.20260312.1
mermaid	11.12.3	11.13.0
oxfmt	0.36.0	0.39.0
oxlint	1.51.0	1.54.0
posthog-js	1.359.0	1.360.1
wrangler	4.71.0	4.72.0

Updates @cloudflare/workers-types from 4.20260305.1 to 4.20260312.1

Commits

• See full diff in compare view

Updates mermaid from 11.12.3 to 11.13.0

Release notes

Sourced from mermaid's releases.

mermaid@11.13.0

Minor Changes

• #7352 d6db0b0 Thanks @​remcohaszing! - feat: Export the AsyncIconLoader, SyncIconLoader, and IconLoader types.

• #5932 cdacb0b Thanks @​exoego! - feat: Add venn-beta diagram

• #6789 73e9849 Thanks @​omkarht! - feat: Add half-arrowheads (solid & stick) and central connection support

• #7387 acce4db Thanks @​exoego! - feat: Add Ishikawa diagram (ishikawa-beta)

• #6995 9745f32 Thanks @​darshanr0107! - feat: Deprecate flowchart.htmlLabels in favor of root-level htmlLabels in Mermaid config

• #5814 2dd29be Thanks @​kairi003! - feat: allow to put notes in namespaces on classDiagram

Patch Changes

• #7075 96a766d Thanks @​darshanr0107! - fix: Prevent HTML tags from being escaped in sandbox label rendering

• #6843 32723b2 Thanks @​saurabhg772244! - fix: Support edge animation in hand drawn look

• #7453 a60e615 Thanks @​darshanr0107! - fix: ER diagram edge label positioning

• #6989 1a9d45a Thanks @​darshanr0107! - fix: Resolved parsing error where direction TD was not recognized within subgraphs

• #7178 96ca7c0 Thanks @​omkarht! - fix(treemap): Fixed treemap classDef style application to properly apply user-defined styles

• #7076 60f6331 Thanks @​darshanr0107! - fix: Correct viewBox casing and make SVGs responsive

• #7055 fa15ce8 Thanks @​darshanr0107! - fix: Improve participant parsing and prevent recursive loops on invalid syntax

• #7276 33c7c72 Thanks @​darshanr0107! - fix: respect markdownAutoWrap: false to prevent text auto-wrapping in flowchart markdown labels with htmlLabels enabled.

  Markdown labels with markdownAutoWrap: false, htmlLabels: false set doesn't work correctly.

• #7416 3c069b5 Thanks @​Crafter-Y! - fix: architecture diagram lines should now have the correct length

• #6995 9745f32 Thanks @​darshanr0107! - fix: Support the htmlLabels Mermaid config value whenever possible

• #7293 a408b55 Thanks @​darshanr0107! - fix: Prevent browser hang when using multiline accDescr in XY charts

• #6119 712c1ec Thanks @​NealGooch! - fix: correct block positioning when nested blocks span multiple columns

• #7424 981a62e Thanks @​knsv! - fix: correct BT orientation arc sweep flags in gitGraph drawArrow()

  Swapped SVG arc sweep-flag values in the BT (bottom-to-top) orientation branches of drawArrow() so curves bend in the correct direction. Affects both rerouting and non-rerouting code paths for merge and non-merge arrows.

  Resolves #6593

... (truncated)

Commits

• b1a5e9b Version Packages (#7466)
• bdd7abd fix: use correct package name for elk
• a900618 dummy commit
• a60e615 Fix: ER diagram edge label positioning (#7453)
• 1d17c14 Merge branch 'master' of https://github.com/mermaid-js/mermaid
• 500be12 chore: Update coupon
• 981fbb8 fix(gantt): restore readable outside-text for done tasks in dark mode (#7456)
• 0d5e35a fix(elk): scope rounded edge curve to ELK layout only (#7454)
• de20da7 fix: plausible build
• fcdd95b chore: Update plausible
• Additional commits viewable in compare view

Updates oxfmt from 0.36.0 to 0.39.0

Changelog

Sourced from oxfmt's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

Commits

• 36e7d29 release(apps): oxlint v1.54.0 && oxfmt v0.39.0 (#20267)
• 856781f release(apps): oxlint v1.53.0 && oxfmt v0.38.0 (#20218)
• 9870467 release(apps): oxlint v1.52.0 && oxfmt v0.37.0 (#20143)
• See full diff in compare view

Updates oxlint from 1.51.0 to 1.54.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.54.0] - 2026-03-12

📚 Documentation

• 0c7da4f linter: Fix extra closing brace in example config. (#20253) (connorshea)

[1.52.0] - 2026-03-09

🚀 Features

• 61bf388 linter: Add options.reportUnusedDisableDirectives to config file (#19799) (Peter Wagenet)
• 2919313 linter: Introduce denyWarnings config options (#19926) (camc314)
• a607119 linter: Introduce maxWarnings config option (#19777) (camc314)

📚 Documentation

• 6c0e0b5 linter: Add oxlint.config.ts to the config docs. (#19941) (connorshea)
• 160e423 linter: Add a note that the typeAware and typeCheck options require oxlint-tsgolint (#19940) (connorshea)

Commits

• 36e7d29 release(apps): oxlint v1.54.0 && oxfmt v0.39.0 (#20267)
• 0c7da4f docs(linter): Fix extra closing brace in example config. (#20253)
• 856781f release(apps): oxlint v1.53.0 && oxfmt v0.38.0 (#20218)
• 9870467 release(apps): oxlint v1.52.0 && oxfmt v0.37.0 (#20143)
• 61bf388 feat(linter): add options.reportUnusedDisableDirectives to config file (#19...
• 6c0e0b5 docs(linter): Add oxlint.config.ts to the config docs. (#19941)
• 160e423 docs(linter): Add a note that the typeAware and typeCheck options require oxl...
• 2919313 feat(linter): introduce denyWarnings config options (#19926)
• a607119 feat(linter): introduce maxWarnings config option (#19777)
• See full diff in compare view

Updates posthog-js from 1.359.0 to 1.360.1

Release notes

Sourced from posthog-js's releases.

posthog-js@1.360.1

1.360.1

Patch Changes

• Updated dependencies [4009c15]:
  • @​posthog/core@​1.23.3
  • @​posthog/types@​1.360.1

posthog-js@1.360.0

1.360.0

Patch Changes

• #3213 db089fd Thanks @​TueHaulund! - fix(replay): treat legacy configs without cache_timestamp as fresh

  Configs persisted by older SDK versions never include a cache_timestamp. Defaulting to 0 treats them as always stale, causing the persisted config to be cleared before start() runs — so recording never starts for customers on older core SDK versions paired with the latest CDN recorder. (2026-03-09)

• #3207 c5a37cb Thanks @​dustinbyrne! - fix: PostHogFeatureFlags uses a TreeShakeable type (2026-03-09)

• Updated dependencies [c5a37cb]:

  • @​posthog/types@​1.360.0

posthog-js@1.359.1

1.359.1

Patch Changes

• #3204 2b0cd52 Thanks @​marandaneto! - chore: upgrade dompurify to 3.3.2 (2026-03-06)
• Updated dependencies []:
  • @​posthog/types@​1.359.1

Commits

• 92c030b chore: update versions and lockfile [version bump]
• a8ca323 fix(convex): support $-prefixed property keys in events (#3226)
• 0da6356 fix(convex): update example lockfile for rebuilt package (#3225)
• 4009c15 feat: custom event handling (#3220)
• 2af7d48 chore: add concurrency control to CI workflows (#3221)
• 52cbe29 chore: remove ci-security.yaml, replaced by org-level CI audit (#3218)
• f4bcfbe chore: update versions and lockfile [version bump]
• 429b389 feat(next): rename optOutByDefault to seedAnonymousCookie (#3215)
• c7f144b chore: update versions and lockfile [version bump]
• 2d9eb60 feat(ai): add version-aware prompt cache clearing (#3210)
• Additional commits viewable in compare view

Updates wrangler from 4.71.0 to 4.72.0

Release notes

Sourced from wrangler's releases.

wrangler@4.72.0

Minor Changes

• #12746 211d75d Thanks @​NuroDev! - Add support for inheritable bindings in type generation

  When using wrangler types with multiple environments, bindings from inheritable config properties (like assets) are now correctly inherited from the top-level config in all named environments. Previously, if you defined assets.binding at the top level with named environments, the binding would be marked as optional in the generated Env type because the type generation didn't account for inheritance.

  Example:

  {
  	"assets": {
  		"binding": "ASSETS",
  		"directory": "./public"
  	},
  	"env": {
  		"staging": {},
  		"production": {}
  	}
  }

  Before this change, ASSETS would be typed as ASSETS?: Fetcher (optional). Now, ASSETS is correctly typed as ASSETS: Fetcher (required). This fix currently applies to the assets binding, with an extensible mechanism to support additional inheritable bindings in the future.

• #12826 de65c58 Thanks @​gabivlj! - Enable container egress interception in local dev without the experimental compatibility flag

  Container local development now always prepares the egress interceptor sidecar image needed for interceptOutboundHttp(). This makes container-to-Worker interception available by default in Wrangler, Miniflare, and the Cloudflare Vite plugin.

Patch Changes

• #12790 5451a7f Thanks @​petebacondarwin! - Bump node-forge to ^1.3.2 to address security vulnerabilities

  node-forge had ASN.1 unbounded recursion, OID integer truncation, and ASN.1 validator desynchronization vulnerabilities. This is a bundled dependency used for local HTTPS certificate handling.

• #12795 82cc2a8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260301.1	1.20260306.1

• #12811 3c67c2a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260306.1	1.20260307.1

... (truncated)

Commits

• 24f807b Version Packages (#12789)
• b8c33f5 Make remote dev exchange_url optional (#12771)
• ba18c02 [wrangler] Make worker deletion in e2e test cleanup best-effort (#12832)
• de65c58 containers: Remove experimental flag from enabling egress interception for co...
• 9f93b54 Strip query strings from module names when writing to disk (#12824)
• d645594 Bump the workerd-and-workers-types group with 2 updates (#12827)
• 6ed249b [wrangler] Fix d1 execute --json returning string "null" for SQL NULL values ...
• 3c67c2a Bump the workerd-and-workers-types group with 2 updates (#12811)
• 82cc2a8 Bump the workerd-and-workers-types group with 2 updates (#12795)
• 211d75d fix(wrangler): Fix type generation inheritable bindings (#12746)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions