build(deps): bump the npm-workspace group with 8 updates

[dependabot]

Bumps the npm-workspace group with 8 updates:

Package	From	To
@antfu/eslint-config	8.1.1	8.2.0
@tanstack/react-router	1.168.10	1.168.19
@tanstack/router-generator	1.166.24	1.166.30
@tanstack/router-plugin	1.167.12	1.167.19
@types/node	18.19.130	25.6.0
fast-glob	3.3.1	3.3.3
pagefind	1.5.0	1.5.2
picomatch	2.3.2	4.0.4

Updates @antfu/eslint-config from 8.1.1 to 8.2.0

Release notes

Sourced from @​antfu/eslint-config's releases.

v8.2.0

   🐞 Bug Fixes

• Disbale e18e/prefer-static-regex in non-lib mode  -  by @​antfu (52069)

    View changes on GitHub

Commits

• 98f4dd8 chore: release v8.2.0
• 1ebc1c5 chore: add tsnapi
• 73feb2c chore: update deps
• 52069a3 fix: disbale e18e/prefer-static-regex in non-lib mode
• 8d36546 chore: update snapshot
• See full diff in compare view

Updates @tanstack/react-router from 1.168.10 to 1.168.19

Changelog

Sourced from @​tanstack/react-router's changelog.

1.168.19

Patch Changes

• Fix route file transforms to preserve route ID quoting, handle more exported Route patterns, and avoid incorrect import rewrites in edge cases. (#7167)

  Improve transform robustness with clearer route-call detection, safer import removal, and expanded test coverage for quote preservation, constructor swaps, and unsupported route definitions.

1.168.18

Patch Changes

• Updated dependencies [0e2c900]:
  • @​tanstack/router-core@​1.168.14

1.168.17

Patch Changes

• Updated dependencies [812792f]:
  • @​tanstack/router-core@​1.168.13

1.168.16

Patch Changes

• Updated dependencies [8ec9ca9]:
  • @​tanstack/router-core@​1.168.12

1.168.15

Patch Changes

• shorten internal non-minifiable store names for byte shaving (#7152)

• Updated dependencies [6355bb7]:

  • @​tanstack/router-core@​1.168.11

1.168.14

Patch Changes

• migrate createStore > createAtom for simpler API (#7150)

• Updated dependencies [459057c]:

  • @​tanstack/router-core@​1.168.10

1.168.13

Patch Changes

... (truncated)

Commits

• 85db378 ci: changeset release
• 105d056 fix(router-generator): harden route file transform rewrites (#7167)
• c3900c8 ci: changeset release
• 3ef971f ci: changeset release
• 5cec6fb ci: changeset release
• b059766 chore(types): re-export SearchMiddleware type from react-router (#7087)
• c066031 ci: changeset release
• 6355bb7 refactor: shorten internal router store names (#7152)
• 27890af ci: changeset release
• 459057c refactor: switch router stores to atom get/set API (#7150)
• Additional commits viewable in compare view

Updates @tanstack/router-generator from 1.166.24 to 1.166.30

Changelog

Sourced from @​tanstack/router-generator's changelog.

1.166.30

Patch Changes

• Fix route file transforms to preserve route ID quoting, handle more exported Route patterns, and avoid incorrect import rewrites in edge cases. (#7167)

  Improve transform robustness with clearer route-call detection, safer import removal, and expanded test coverage for quote preservation, constructor swaps, and unsupported route definitions.

1.166.29

Patch Changes

• Updated dependencies [0e2c900]:
  • @​tanstack/router-core@​1.168.14

1.166.28

Patch Changes

• Updated dependencies [812792f]:
  • @​tanstack/router-core@​1.168.13

1.166.27

Patch Changes

• Updated dependencies [8ec9ca9]:
  • @​tanstack/router-core@​1.168.12

1.166.26

Patch Changes

• Updated dependencies [6355bb7]:
  • @​tanstack/router-core@​1.168.11

1.166.25

Patch Changes

• Updated dependencies [459057c]:
  • @​tanstack/router-core@​1.168.10

Commits

• 85db378 ci: changeset release
• 105d056 fix(router-generator): harden route file transform rewrites (#7167)
• c3900c8 ci: changeset release
• 3ef971f ci: changeset release
• 5cec6fb ci: changeset release
• c066031 ci: changeset release
• 27890af ci: changeset release
• See full diff in compare view

Updates @tanstack/router-plugin from 1.167.12 to 1.167.19

Changelog

Sourced from @​tanstack/router-plugin's changelog.

1.167.19

Patch Changes

• Updated dependencies [105d056]:
  • @​tanstack/router-generator@​1.166.30
  • @​tanstack/react-router@​1.168.19

1.167.18

Patch Changes

• add vite 8 to peer deps (#7160)

1.167.17

Patch Changes

• Updated dependencies [0e2c900]:
  • @​tanstack/router-core@​1.168.14
  • @​tanstack/react-router@​1.168.18
  • @​tanstack/router-generator@​1.166.29

1.167.16

Patch Changes

• Updated dependencies [812792f]:
  • @​tanstack/router-core@​1.168.13
  • @​tanstack/react-router@​1.168.17
  • @​tanstack/router-generator@​1.166.28

1.167.15

Patch Changes

• Updated dependencies [8ec9ca9]:
  • @​tanstack/router-core@​1.168.12
  • @​tanstack/react-router@​1.168.16
  • @​tanstack/router-generator@​1.166.27

1.167.14

Patch Changes

• shorten internal non-minifiable store names for byte shaving (#7152)

• Updated dependencies [6355bb7]:

  • @​tanstack/react-router@​1.168.15
  • @​tanstack/router-core@​1.168.11

... (truncated)

Commits

• 85db378 ci: changeset release
• 105d056 fix(router-generator): harden route file transform rewrites (#7167)
• 2cda538 ci: changeset release
• 656a2a0 chore: add vite 8 to peer deps (#7160)
• c3900c8 ci: changeset release
• 3ef971f ci: changeset release
• 5cec6fb ci: changeset release
• c066031 ci: changeset release
• 6355bb7 refactor: shorten internal router store names (#7152)
• 27890af ci: changeset release
• Additional commits viewable in compare view

Updates @types/node from 18.19.130 to 25.6.0

Commits

• See full diff in compare view

Updates fast-glob from 3.3.1 to 3.3.3

Release notes

Sourced from fast-glob's releases.

3.3.3

Full Changelog: mrmlnc/fast-glob@3.3.2...3.3.3

💬 Common

• Refer to micromatch@4.0.8 to avoid annoying npm audit spam (#443, #444, #454, #456, #457, #461)

🐛 Bug fixes

• Apply absolute negative patterns to full path instead of file path (#441, thanks @​webpro)

3.3.2

Full Changelog: mrmlnc/fast-glob@3.3.1...3.3.2

🐛 Bug fixes

• Handle square brackets as a special character on Windows in escape functions (#425)
• Keep escaping after brace expansion (#422)

Commits

• 4868789 3.3.3
• 73be367 Merge pull request #464 from mrmlnc/3.3.3
• 55c7b33 perf: optimizing the patterns set matching by exiting early
• ea113fd docs: add information about enumerable properties for the fs option
• 41e4730 fix: apply absolute negative patterns to full path instead of file path
• 54ad12d build: fix watch command
• 7410547 chore: refer to micromatch@4.0.8 to avoid annoying npm audit spam
• ca61085 build: freeze fdir dependency to avoid tsc issues
• e60a9f5 3.3.2
• 8638dc6 fix: escape square braces on Windows platform
• Additional commits viewable in compare view

Updates pagefind from 1.5.0 to 1.5.2

Release notes

Sourced from pagefind's releases.

v1.5.2

• v1.5.0 was meant to 2x indexing performance, which it does on macOS and Windows. On Linux, with the published musl build, it actually halves the indexing performance. This release subs in jemalloc on Linux musl builds to fix the musl allocator thrashing, and performance now achieves the 2x v1.4.0 claim.
• Further improved deterministic index filenames between indexes (PR #1104 — thanks @​gissimo !).
• Cleaned up a wasm-bindgen deprecation warning popping up in the browser console.

Changelog

Sourced from pagefind's changelog.

v1.5.2 (April 12, 2026)

• v1.5.0 was meant to 2x indexing performance, which it does on macOS and Windows. On Linux, with the published musl build, it actually halves the indexing performance. This release subs in jemalloc on Linux musl builds to fix the musl allocator thrashing, and performance now achieves the 2x v1.4.0 claim.
• Further improved deterministic index filenames between indexes (PR #1104 — thanks @​gissimo !).
• Cleaned up a wasm-bindgen deprecation warning popping up in the browser console.

v1.5.1 (April 8, 2026)

Crate release only. Fixes busted 1.5.0 deployment of the pagefind crate to crates.io.

Commits

• bf17396 Changelog for 1.5.2
• a2e9f40 Fix aarch64-musl cross-compilation for jemalloc (#1122)
• 54d36e3 1.5.2 changelog (#1121)
• 309f57a Use jemalloc on musl (#1120)
• 7aa4ddd Docs release workflow (#1118)
• f4a5baa Update component UI docs for IIFE script tag configuration (#1117)
• 4e31f3c chore(deps-dev): bump esbuild, esbuild-svelte, and svelte (#1116)
• dd09815 chore(deps-dev): bump uv (#1115)
• af4ad9d Fix wasm-bindgen deprecation warning (#1113)
• 3ec189b Complete deterministic index output by converting variant maps to BTreeMap (#...
• Additional commits viewable in compare view

Updates picomatch from 2.3.2 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

4.0.3

What's Changed

• fix: exception when glob pattern contains constructor by @​Jason3S in micromatch/picomatch#144

New Contributors

• @​Jason3S made their first contribution in micromatch/picomatch#144

Full Changelog: micromatch/picomatch@4.0.2...4.0.3

3.0.2

This is a security release fixing several security relevant issues.

What's Changed

• fix: exception when glob pattern contains constructor by @​Jason3S in micromatch/picomatch#144
• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@3.0.1...3.0.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

• Fix bad text values in parse #126, thanks to @​connor4312

Changed

• Remove process global to work outside of node #129, thanks to @​styfle
• Add sideEffects to package.json #128, thanks to @​frandiox
• Removed os, make compatible browser environment. See #124, thanks to @​gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

• e5474fc Publish 4.0.4
• 4516eb5 Merge commit from fork
• 5eceecd Merge commit from fork
• 0db7dd7 Run benchmark again against latest minimatch version (#161)
• 9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
• 2661f23 fix typo in globstars.js test name (#138)
• 1798b07 docs: fix makeRe example (#143)
• 9d76bc5 chore: undocument removed options (#146)
• e4d718b Remove unused time-require (#160)
• 38dffeb chore(deps): pin dependencies (#158)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.