Update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@prettier/plugin-pug	3.0.0 → 3.4.2			devDependencies	minor
@prettier/plugin-xml	3.2.2 → 3.4.2			devDependencies	minor
actions/cache	v4 → v5			action	major
actions/checkout	v4 → v6			action	major
actions/create-github-app-token	v1 → v3			action	major
actions/setup-node	v4 → v6			action	major
actions/upload-artifact	v4 → v7			action	major
autoprefixer	10.4.16 → 10.5.0			devDependencies	minor
copy-webpack-plugin	11.0.0 → 14.0.0			devDependencies	major
cross-env	7.0.3 → 10.1.0			devDependencies	major
css-loader	6.8.1 → 7.1.4			devDependencies	major
css-minimizer-webpack-plugin	5.0.1 → 8.0.0			devDependencies	major
del-cli	5.1.0 → 7.0.0			devDependencies	major
eslint-plugin-import	2.29.1 → 2.32.0			devDependencies	minor
get-relative-luminance	1.0.0 → 2.0.0			devDependencies	major
github/codeql-action	v3 → v4			action	major
html-webpack-plugin	5.6.0 → 5.6.7			devDependencies	patch
husky	8.0.3 → 9.1.7			devDependencies	major
is-ci	3.0.1 → 4.1.0			devDependencies	major
jest (source)	29.7.0 → 30.4.2			devDependencies	major
jest-puppeteer (source)	9.0.2 → 11.0.0			devDependencies	major
mini-css-extract-plugin	2.7.6 → 2.10.2			devDependencies	minor
node	20.x → 24.x			uses-with	major
pdfkit (source)	0.14.0 → 0.19.1			dependencies	minor
postcss-loader	7.3.3 → 8.2.1			devDependencies	major
puppeteer (source)	21.6.1 → 25.1.0			devDependencies	major
serve	14.2.1 → 14.2.6			devDependencies	patch
stefanzweifel/git-auto-commit-action	v5 → v7			action	major
webpack-cli (source)	5.1.4 → 7.0.3			devDependencies	major
xo	0.58.0 → 2.0.2			devDependencies	major

---

Release Notes

prettier/plugin-pug (@​prettier/plugin-pug)

v3.4.2

Compare Source

diff

• Followup for: Handle unexpected missing block SyntaxError when parsing unbuffered code (#​600)

v3.4.1

Compare Source

diff

• Handle unexpected missing block SyntaxError when parsing unbuffered code (#​600)

v3.4.0

Compare Source

diff

• Handle TS syntax in vue context (#​365)
• Enhance quotation of variable formatting (#​512)
• Enhance quotation of vue v-bind (#​531)

v3.3.0

Compare Source

diff

• Add pugPreserveWhitespace option (#​567)

v3.2.1

Compare Source

diff

• Fix special case for escaped double quotes in Vue expressions (#​529)

v3.2.0

Compare Source

diff

• Multiple fixes for class attribute conversions (#​509)

v3.1.0

Compare Source

diff

• Add option to set indent depth of closing brackets (#​502)
• Fix class attributes not counting towards attribute wrapping (#​503)

prettier/plugin-xml (@​prettier/plugin-xml)

v3.4.2

Compare Source

Changed

• Exclude .ts and .tsx as XML extensions.

v3.4.1

Compare Source

Changed

• Fix the npm publish.

v3.4.0

Compare Source

Added

• Export plugin type.

Changed

• Fix printing around reference nodes.
• Trim only XML whitespace, not JS whitespace.

v3.3.1

Compare Source

Changed

• Allow elements to be marked as whitespace ignored even when they have reference nodes.

v3.3.0

Compare Source

Added

• Support for formatWithCursor.

Changed

• Always keep whitespace around in xsl:text tags.

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

Compare Source

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

v5

Compare Source

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

actions/create-github-app-token (actions/create-github-app-token)

v3.2.0

Compare Source

Features

• add support for enterprise-level GitHub Apps (#​263) (952a2a7)
• support full repository names in repositories input (#​372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#​364) (43e5c34)
• validate private-key input (#​376) (f24bbd8)

v3.1.1

Compare Source

Bug Fixes

• improve error message when app identifier is empty (#​362) (07e2b76), closes #​249

v3.1.0

Compare Source

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#​357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#​353) (e6bd4e6)
• update permission inputs (#​358) (076e948)

v3.0.0

Compare Source

• feat!: node 24 support (#​275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#​342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#​143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3

Compare Source

v2.2.2

Compare Source

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#​337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#​335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#​336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#​323) (b4f638f)

v2.2.1

Compare Source

Bug Fixes

• deps: bump the production-dependencies group with 2 updates (#​311) (b212e6a)

v2.2.0

Compare Source

Bug Fixes

• deps: bump glob from 10.4.5 to 10.5.0 (#​305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#​294) (dce3be8)
• deps: bump the production-dependencies group with 2 updates (#​292) (55e2a4b)

Features

• update permission inputs (#​296) (d90aa53)

v2.1.4

Compare Source

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#​257) (bef1eaf)

v2.1.3

Compare Source

Bug Fixes

• deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#​254) (f3d5ec2)

v2.1.2

Compare Source

Bug Fixes

• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#​256) (5d7307b)

v2.1.1

Compare Source

Bug Fixes

• revert "use node24 as runner" (#​278) (5204204), closes actions/create-github-app-token#267

v2.1.0

Compare Source

Features

• use node24 as runner (#​267) (a1cbe0f)

v2.0.6

Compare Source

Bug Fixes

• replace - with _ (#​246) (3336784)

v2.0.5

Compare Source

Bug Fixes

• deps: bump the production-dependencies group with 3 updates (#​240) (d64d7d7)

v2.0.4

Compare Source

Bug Fixes

• permission input handling (#​243) (2950cbc)

v2.0.3

Compare Source

Bug Fixes

• README: use v2 in examples (#​234) (9ba274d), closes #​232
• use core.getBooleanInput() to retrieve boolean input values (#​223) (c3c17c7)

v2.0.2

Compare Source

Bug Fixes

• improve log messages for token creation (#​226) (eaef294)

v2.0.1

Compare Source

Bug Fixes

• deps: bump the production-dependencies group across 1 directory with 2 updates (#​228) (2411bfc)

v2.0.0

Compare Source

• feat!: remove deprecated inputs (#​213) (5cc811b)

BREAKING CHANGES

• Removed deprecated inputs (app_id, private_key, skip_token_revoke) and made app-id and private-key required in the action configuration.

v2

Compare Source

actions/setup-node (actions/setup-node)

v6.4.0

Compare Source

v6.3.0

Compare Source

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in #​1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in #​1491
• Replace uuid with crypto.randomUUID() by @​trivikr in #​1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in #​1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in #​1495

New Contributors

• @​susnux made their first contribution in #​1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

Compare Source

v6.1.0

Compare Source

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in #​1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in #​1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in #​1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in #​1419

Full Changelog: actions/setup-node@v6...v6.1.0

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in #​1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #​1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #​1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #​1362

Full Changelog: actions/setup-node@v5...v6.0.0

v6

Compare Source

v5.0.0

Compare Source

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in #​1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in #​1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in #​1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in #​1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in #​1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​1345

New Contributors

• @​priya-kinthali made their first contribution in #​1348
• @​salmanmkc made their first contribution in #​1325

Full Changelog: actions/setup-node@v4...v5.0.0

v5

Compare Source

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

• Update the readme with direct upload details by @​danwkennedy in #​795
• Readme: bump all the example versions to v7 by @​danwkennedy in #​796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in #​797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v7

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.0

Compare Source

v5

Compare Source

postcss/autoprefixer (autoprefixer)

v10.5.0

Compare Source

• Added mask-position-x and mask-position-y support (by @​toporek).

v10.4.27

Compare Source

• Removed development key from package.json.

v10.4.26

Compare Source

• Reduced package size.

v10.4.25

Compare Source

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

v10.4.24

Compare Source

• Made Autoprefixer a little faster (by @​Cherry).

v10.4.23

Compare Source

• Reduced dependencies (by @​hyperz111).

v10.4.22

Compare Source

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

v10.4.21

Compare Source

• Fixed old -moz- prefix for :placeholder-shown (by @​Marukome0743).

v10.4.20

Compare Source

• Fixed fit-content prefix for Firefox.

v10.4.19

Compare Source

• Removed end value has mixed support, consider using flex-end warning
  since end/start now have good support.

v10.4.18

Compare Source

• Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

v10.4.17

Compare Source

• Fixed user-select: contain prefixes.

webpack/copy-webpack-plugin (copy-webpack-plugin)

v14.0.0

Compare Source

⚠ BREAKING CHANGES

• minimum supported Node.js version is 20.9.0 (#​819) (2881203)

Bug Fixes

• update serialize-javascript to fix security problems

13.0.1 (2025-08-12)

Bug Fixes

• better handling globs for watching (#​808) (a527c89)

v13.0.1

Compare Source

⚠ BREAKING CHANGES

• minimum supported Node.js version is 20.9.0 (#​819) (2881203)

Bug Fixes

• update serialize-javascript to fix security problems

13.0.1 (2025-08-12)

Bug Fixes

• better handling globs for watching (#​808) (a527c89)

v13.0.0

Compare Source

⚠ BREAKING CHANGES

• minimum supported Node.js version is 20.9.0 (#​819) (2881203)

Bug Fixes

• update serialize-javascript to fix security problems

13.0.1 (2025-08-12)

Bug Fixes

• better handling globs for watching (#​808) (a527c89)

v12.0.2

Compare Source

⚠ BREAKING CHANGES

• switch from globby and fast-glob to tinyglobby (#​795) (19fd937)

For more information please visit tinyglobby.

The breaking change only affects the developer who used these options - gitignore and ignoreFiles in the globOptions option.

Please migrate to the ignore option.

Bug Fixes

• concurrency option is limited to files now (#​796) (d42469c)
• the order of patterns provided by the developer is respected

12.0.2 (2024-01-17)

Bug Fixes

• improve perf (#​764) (a7379a9)

12.0.1 (2024-01-11)

Bug Fixes

• improve perf (#​760) (55036ab)

v12.0.1

Compare Source

⚠ BREAKING CHANGES

• switch from globby and fast-glob to tinyglobby (#​795) (19fd937)

For more information please visit tinyglobby.

The breaking change only affects the developer who used these options - gitignore and ignoreFiles in the globOptions option.

Please migrate to the ignore option.

Bug Fixes

• concurrency option is limited to files now (#​796) (d42469c)
• the order of patterns provided by the developer is respected

12.0.2 (2024-01-17)

Bug Fixes

• improve perf (#​764) (a7379a9)

12.0.1 (2024-01-11)

Bug Fixes

• improve perf (#​760) ([55036ab](https://redirect.github.com/webpack-contrib/copy-webpack-plugin/commit/55036ab50357326dafdbeb7dc91c93

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on the 2nd and 4th day instance on sunday after 11pm"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying simple-icons-website with    Cloudflare Pages

Latest commit:	fb1cd16
Status:	✅  Deploy successful!
Preview URL:	https://5d0745d5.simple-icons-website.pages.dev
Branch Preview URL:	https://renovate-all.simple-icons-website.pages.dev

View logs

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: simple-icons-website@1.0.0
npm error Found: webpack@5.89.0
npm error node_modules/webpack
npm error   dev webpack@"5.89.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer webpack@"^5.101.0" from webpack-cli@7.0.3
npm error node_modules/webpack-cli
npm error   dev webpack-cli@"7.0.3" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry this command with --force or --legacy-peer-deps to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-06-10T19_47_56_859Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-06-10T19_47_56_859Z-debug-0.log