Bump the dependencies group with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates:

Package	From	To
satori	0.19.2	0.26.0
fast-xml-parser	5.5.6	5.7.0
oxlint	1.56.0	1.60.0
turndown	7.2.2	7.2.4
typescript	5.9.3	6.0.3

Updates satori from 0.19.2 to 0.26.0

Release notes

Sourced from satori's releases.

0.26.0

0.26.0 (2026-03-20)

Features

• builtin minimal JSX runtime (#737) (eab60ee)

0.25.0

0.25.0 (2026-03-05)

Features

• CSS variables (#736) (d246913)

0.24.1

0.24.1 (2026-03-03)

Bug Fixes

• Consistent text positioning when embedFont is false (#723) (dc07b70)

0.24.0

0.24.0 (2026-03-03)

Features

• Improved object-position support (#734) (9377f70)

0.23.0

0.23.0 (2026-03-03)

Features

• Add text-indent support (#733) (2b7e825)

0.22.0

0.22.0 (2026-03-03)

Features

• Support for object-fit fill and scale-down (#732) (453fd91)

0.21.0

0.21.0 (2026-03-02)

... (truncated)

Commits

• eab60ee feat: builtin minimal JSX runtime (#737)
• d246913 feat: CSS variables (#736)
• dc07b70 fix: Consistent text positioning when embedFont is false (#723)
• 54a749b chore: export InitInput and allow Promise (#726)
• 9377f70 feat: Improved object-position support (#734)
• 2b7e825 feat: Add text-indent support (#733)
• 453fd91 feat: Support for object-fit fill and scale-down (#732)
• c8dd6f5 chore: Add more tests (#731)
• c1087d6 chore: Update benchmark code (#730)
• 4e761c6 feat: 10% perf improvements in the core lib (#729)
• Additional commits viewable in compare view

Updates fast-xml-parser from 5.5.6 to 5.7.0

Release notes

Sourced from fast-xml-parser's releases.

use @​nodable/entities to replace entities

• No API change
• No change in performance for basic usage
• No typing change
• No config change
• new dependency
• breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call

fix bugs of entity parsing and value parsing

fix: entity expansion limits update strnum package to 2.2.0

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.2 / 2026-04-25

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

• fix typo in CJS typing file

5.7.0 / 2026-04-17

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to user entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

• fix: entity replacement for numeric entities
• use @​nodable/entities to replace entities
  • this may change some error messages related to entities expansion limit or inavlid use
  • post check would be exposed in future version

5.5.12 / 2026-04-13

• Performance Improvement: update path-expression-matcher
  • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

• Performance Improvement
  • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

• increase default entity explansion limit as many projects demand for that
• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

... (truncated)

Commits

• f529642 update to release v5.7.0
• 52a8583 Revert "improve performance of attributes reading"
• 8d187f9 update builder
• e174168 improve performance of attributes reading
• 79a8dde update docs
• f5cd5a5 set xml version to decoder even if attributes are ignored
• f44b923 remove unwanted tests
• 869ec8b Use @​nodable/entities v2.1.0
• 7cb49e5 update release detail
• 1b14fa7 include currency entities in default list
• Additional commits viewable in compare view

Updates oxlint from 1.56.0 to 1.60.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.60.0] - 2026-04-13

📚 Documentation

• cfd8a4f linter: Don't rely on old eslint doc for available globals (#21334) (Nicolas Le Cam)

[1.59.0] - 2026-04-06

🐛 Bug Fixes

• dd2df87 npm: Export package.json for oxlint and oxfmt (#20784) (kazuya kawaguchi)

[1.58.0] - 2026-03-30

🚀 Features

• 16516de linter: Enhance types for DummyRule (#20751) (camc314)

📚 Documentation

• be3dcc1 linter: Add note about node version + custom TS plugin (#19381) (camc314)

[1.55.0] - 2026-03-12

🐛 Bug Fixes

• bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#20273) (leaysgur)

📚 Documentation

• f339f10 linter/plugins: Promote JS plugins to alpha status (#20281) (overlookmotel)

[1.54.0] - 2026-03-12

📚 Documentation

• 0c7da4f linter: Fix extra closing brace in example config. (#20253) (connorshea)

[1.52.0] - 2026-03-09

🚀 Features

• 61bf388 linter: Add options.reportUnusedDisableDirectives to config file (#19799) (Peter Wagenet)
• 2919313 linter: Introduce denyWarnings config options (#19926) (camc314)
• a607119 linter: Introduce maxWarnings config option (#19777) (camc314)

📚 Documentation

• 6c0e0b5 linter: Add oxlint.config.ts to the config docs. (#19941) (connorshea)
• 160e423 linter: Add a note that the typeAware and typeCheck options require oxlint-tsgolint (#19940) (connorshea)

... (truncated)

Commits

• e16848e release(apps): oxlint v1.60.0 && oxfmt v0.45.0 (#21375)
• cfd8a4f docs(linter): don't rely on old eslint doc for available globals (#21334)
• a69e707 release(apps): oxlint v1.59.0 && oxfmt v0.44.0 (#21085)
• dd2df87 fix(npm): export package.json for oxlint and oxfmt (#20784)
• 0384f4b release(apps): oxlint v1.58.0 && oxfmt v0.43.0 (#20867)
• 91f38fc chore(oxlint): bump min tsgolint version to 0.18.0 (#20800)
• be3dcc1 docs(linter): add note about node version + custom TS plugin (#19381)
• 16516de feat(linter): enhance types for DummyRule (#20751)
• 8b0f61d release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)
• b33fbde Revert "release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)"
• Additional commits viewable in compare view

Updates turndown from 7.2.2 to 7.2.4

Release notes

Sourced from turndown's releases.

v7.2.4

• Revert "Merge pull request #515 from Corion/master" f11801c

---

mixmark-io/turndown@v7.2.3...v7.2.4

v7.2.3

• Merge pull request #521 from mixmark-io/dependabot/npm_and_yarn/flatted-3.4.2 3cb11bd
• Bump flatted from 3.4.1 to 3.4.2 20bd64e
• Merge pull request #520 from pavelhoral/remove-browserify 0a6d298
• Replace Browserify with RollupJS build 54123af
• Merge pull request #519 from pavelhoral/upgrade-deps 8c2055e
• Merge pull request #477 from za3k/demo-link a1bb94a
• Add Babel transpilation step so that the output stays the same fc21b5f
• Upgrade standard linter and fix connected issues c1e9141
• Merge pull request #518 from pavelhoral/upgrade-deps 88ebe7c
• Upgrade dependencies 5337d5b
• Merge pull request #515 from Corion/master 01b35ad
• Normalize linebreaks within PRE elements ae008ec
• Merge pull request #511 from vicb/vicb/up-rollup 162ef46
• Bump rollup f82dcaa
• Merge pull request #517 from pavelhoral/fix-link-destination 1986fd3
• Fix escaping link destination with spaces ce16479
• Merge pull request #474 from orchitech/fix-image-links a22e6dc
• Properly escape inline link and image attributes. Fix #473. ea45ddd
• Add demo link b6874f7

---

mixmark-io/turndown@v7.2.2...v7.2.3

Commits

• fb7a865 7.2.4
• f11801c Revert "Merge pull request #515 from Corion/master"
• 0c9954b 7.2.3
• 3cb11bd Merge pull request #521 from mixmark-io/dependabot/npm_and_yarn/flatted-3.4.2
• 20bd64e Bump flatted from 3.4.1 to 3.4.2
• 0a6d298 Merge pull request #520 from pavelhoral/remove-browserify
• 54123af Replace Browserify with RollupJS build
• 8c2055e Merge pull request #519 from pavelhoral/upgrade-deps
• a1bb94a Merge pull request #477 from za3k/demo-link
• fc21b5f Add Babel transpilation step so that the output stays the same
• Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions