chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@babel/eslint-parser (source)	^7.18.9 → ^7.29.7			devDependencies	minor
@cypress/vue (source)	^5.0.0 → ^5.0.5			devDependencies	patch
@cypress/webpack-dev-server (source)	^3.0.0 → ^3.11.0			devDependencies	patch
@druxt-contrib/config-pages	^0.1.2 → ^0.1.3			dependencies	patch
@nuxt/image (source)	^0.7.1 → ^0.7.2			devDependencies	patch
@nuxtjs/stylelint-module	^4.1.0 → ^4.2.2			devDependencies	minor
composer/installers (source)	^2.2 → ^2.3.0			require	minor
core-js (source)	3.25.0 → 3.49.0			dependencies	minor
cweagans/composer-patches	^1.7 → ^1.7.3			require	patch
drupal/admin_audit_trail (source)	^1.0 → ^1.0.10			require	patch
drupal/admin_toolbar (source)	^3.1 → ^3.6.3			require	minor
drupal/advanced_text_formatter (source)	^2.1 → ^2.1.1			require	patch
drupal/anonymous_redirect (source)	^2.2 → ^2.4.0			require	minor
drupal/coffee (source)	^1.2 → ^1.4.0			require	minor
drupal/config_filter (source)	^2.4 → ^2.7.0			require	minor
drupal/config_ignore (source)	^3.0 → ^3.4.0			require	minor
drupal/config_pages (source)	^2.10 → ^2.22.0			require	minor
drupal/content_lock (source)	^2.2 → ^2.4.0			require	minor
drupal/core-composer-scaffold (source)	^9.4 → ^9.5.11			require	minor
drupal/core-dev	^9.4 → ^9.5.11			require-dev	minor
drupal/core-project-message (source)	^9.4 → ^9.5.11			require	minor
drupal/diff (source)	^1.0 → ^1.10.0			require	minor
drupal/druxt (source)	^1.1.1 → ^1.2.1			require	minor
drupal/entity_browser (source)	^2.8 → ^2.15.0			require	minor
drupal/entity_browser_enhanced (source)	^1.0 → ^1.4.0			require	minor
drupal/environment_indicator (source)	^4.0 → ^4.0.25			require	patch
drupal/field_group (source)	^3.2 → ^3.6.0			require	minor
drupal/jsonapi_hypermedia (source)	^1.8 → ^1.10.0			require	minor
drupal/jsonapi_node_preview (source)	^1.0.0-beta2@beta → 1.0.0-beta4@beta			require	patch
drupal/jsonapi_node_preview_tab (source)	1.0.x-dev → 1.0.2			require	patch
drupal/length_indicator (source)	^1.2 → ^1.4.0			require	minor
drupal/linky_revision_ui (source)	^2.127 → ^2.314.0			require	minor
drupal/linkychecker (source)	^2.0 → ^2.2.2			require	minor
drupal/linkyreplacer (source)	^2.2 → ^2.4.2			require	minor
drupal/m4032404 (source)	^1.0 → ^1.1.0			require	minor
drupal/masquerade (source)	^2.0 → ^2.2.0			require	minor
drupal/maxlength (source)	^2.0 → ^2.1.6			require	minor
drupal/media_file_delete (source)	^1.2 → ^1.3.1			require	minor
drupal/memcache (source)	^2.5 → ^2.8.0			require	minor
drupal/metatag (source)	^1.21 → ^1.26.0			require	minor
drupal/node_edit_protection (source)	^1.0 → ^1.2.0			require	minor
drupal/oembed_providers (source)	^2.1 → ^2.2.3			require	minor
drupal/paragraphs_ee (source)	^2.0 → ^2.1.1			require	minor
drupal/pathauto (source)	^1.11 → ^1.15.0			require	minor
drupal/redirect (source)	^1.8 → ^1.13.0			require	minor
drupal/revision_log_default (source)	^1.3 → ^1.4.0			require	minor
drupal/role_delegation (source)	^1.2 → ^1.6.0			require	minor
drupal/scheduled_transitions (source)	^2.3 → ^2.8.4			require	minor
drupal/schema_metatag (source)	^2.3 → ^2.6.0			require	minor
drupal/simple_oauth (source)	^5.2 → ^5.2.5			require	patch
drupal/tome (source)	^1.7 → ^1.14.0			require	minor
drupal/transliterate_filenames (source)	^2.0 → ^2.0.2			require	patch
drupal/username_enumeration_prevention (source)	^1.2 → ^1.4.0			require	minor
drush/drush (source)	^11.1 → ^11.6.0			require-dev	minor
druxt-layout-paragraphs	0.3.0 → 0.4.1			dependencies	minor
druxt-site (source)	0.13.0 → 0.14.3			dependencies	minor
ellipsize	^0.5.1 → ^0.7.0			dependencies	minor
eslint (source)	^8.23.0 → ^8.57.1			devDependencies	minor
eslint-config-prettier	^8.5.0 → ^8.10.2			devDependencies	minor
html-webpack-plugin	5 → 5.6.7			devDependencies	minor
mglaman/phpstan-drupal	^1.2 → ^1.3.9			require-dev	patch
node (source)	16.17.0 → 16.20.2				minor
node	16 → 16.20.2			uses-with	minor
php	>=8.1 → >=8.5.7			require	minor
phpstan/phpstan	^1.10 → ^1.12.33			require-dev	patch
phpstan/phpstan-deprecation-rules	^1.1 → ^1.2.1			require-dev	patch
postcss (source)	8.4.31 → 8.5.15			devDependencies	minor
postcss-html	^1.5.0 → ^1.8.1			devDependencies	minor
prettier (source)	^2.7.1 → ^2.8.8			devDependencies	minor
start-server-and-test	^1.14.0 → ^1.15.4			devDependencies	minor
stylelint (source)	^14.11.0 → ^14.16.1			devDependencies	minor
stylelint-config-prettier	^9.0.3 → ^9.0.5			devDependencies	patch
stylelint-config-recommended-vue	^1.4.0 → ^1.6.1			devDependencies	minor
vue-gtag	^1 → ^1.16.1			dependencies	patch
webpack-dev-server	^4.10.1 → ^4.15.2			devDependencies	minor

---

Release Notes

babel/babel (@​babel/eslint-parser)

v7.29.7

Compare Source

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.28.6

Compare Source

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

• babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • #​17589 Improve Unicode handling in code-frame tokenizer (@​JLHwung)
• babel-plugin-transform-regenerator
  • #​17556 fix: transform-regenerator correctly handles scope (@​liuxingbaoyu)
• babel-plugin-transform-react-jsx
  • #​17538 fix: Keep jsx comments (@​liuxingbaoyu)

💅 Polish

• babel-core, babel-standalone
  • #​17606 Polish(standalone): improve message on invalid preset/plugin (@​JLHwung)

🏠 Internal

• babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex
  • #​17580 Allow Babel 8 in compatible Babel 7 plugins (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-plugin-transform-react-jsx
  • #​17555 perf: Use lighter traversal for jsx __source,__self (@​liuxingbaoyu)

Committers: 7

• Babel Bot (@​babel-bot)
• Eliot Pontarelli (@​kolvian)
• Huáng Jùnliàng (@​JLHwung)
• Kadhirash Sivakumar (@​kadhirash)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• coderaiser (@​coderaiser)

v7.28.5

Compare Source

👓 Spec Compliance

• babel-parser
  • #​17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #​17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #​17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #​17521 Improve @babel/parser error typing (@​JLHwung)
  • #​17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #​17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #​17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #​17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #​17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #​17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

v7.28.4

Compare Source

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #​17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #​17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #​17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.0

Compare Source

🚀 New Feature

• babel-node
  • #​17147 Support top level await in node repl (@​liuxingbaoyu)
• babel-types
  • #​17258 feat(matchesPattern): support super/private/meta (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #​17355 Add explicit resource management to preset-env (@​JLHwung)
• babel-core, babel-parser
  • #​17390 Support sourceType: "commonjs" (@​JLHwung)
• babel-generator, babel-parser
  • #​17346 Materialize explicitResourceManagement parser plugin (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #​17391 LVal coverage updates (Part 2) (@​JLHwung)
• babel-parser, babel-traverse, babel-types
  • #​17378 Accept bigints in t.bigIntLiteral factory (@​JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #​17277 Transform discard binding (@​JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #​17163 Parse discard binding (@​JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #​17297 Create babel-helper-globals (@​JLHwung)
• babel-types
  • #​17009 feature: TSTypeOperator: keyof (#​16799) (@​coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #​17403 Update babel-polyfill packages (@​nicolo-ribaudo)

v7.27.5

Compare Source

🐛 Bug Fix

• babel-plugin-transform-regenerator
  • #​17359 fix: Unexpected infinite loop with regenerator for try (@​liuxingbaoyu)
• Other
  • #​17349 Map ESLint's sourceType: commonjs to script (@​JLHwung)

💅 Polish

• babel-parser
  • #​17333 Improve using declaration errors (@​JLHwung)

v7.27.1

Compare Source

👓 Spec Compliance

• babel-parser
  • #​17254 Allow using of as lexical declaration within for (@​JLHwung)
  • #​17230 Disallow get/set in TSPropertySignature (@​JLHwung)
• babel-parser, babel-types
  • #​17193 Stricter TSImportType options parsing (@​JLHwung)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse
  • #​17137 fix: do expressions should allow early exit (@​kermanx)
• babel-helper-wrap-function, babel-plugin-transform-async-to-generator
  • #​17251 Fix: propagate argument evaluation errors through async promise chain (@​magic-akari)
• babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator
  • #​17231 fix apply()/call() annotated as pure (@​Lacsw)
• babel-helper-fixtures, babel-parser
  • #​17233 Create ChainExpression within TSInstantiationExpression (@​JLHwung)
• babel-generator, babel-parser
  • #​17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@​JLHwung)
• babel-parser
  • #​17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@​JLHwung)
  • #​17080 Fix start of TSParameterProperty (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #​17228 Update firefox bugfix compat data (@​JLHwung)
• babel-traverse
  • #​17156 fix: Objects and arrays with multiple references should not be evaluated (@​liuxingbaoyu)
• babel-generator
  • #​17216 Fix: support const type parameter in generator (@​JLHwung)

💅 Polish

• babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse
  • #​17221 Reduce generated names size for the 10th-11th (@​nicolo-ribaudo)

🏠 Internal

• babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #​17263 Remove unused regenerator-runtime dep in @babel/runtime (@​nicolo-ribaudo)
• babel-compat-data, babel-preset-env
  • #​17256 Tune plugin compat data (@​JLHwung)
• babel-compat-data, babel-standalone
  • #​17236 migrate babel-compat-data build script to mjs (@​JLHwung)
• Other
  • #​17232 Bump typescript-eslint to 8.29.1 (@​JLHwung)
  • #​17219 test: add basic typescript-eslint integration tests (@​JLHwung)
  • #​17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
• babel-register
  • #​16844 Migrate @babel/register to cts (@​liuxingbaoyu)
• babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types
  • #​17207 Enforce node protocol import (@​JLHwung)
• babel-plugin-transform-regenerator
  • #​17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
  • #​17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #​17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-regenerator
  • #​17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
  • #​17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
• babel-helpers
  • #​17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs3
  • #​16538 Reduce interopRequireWildcard size (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #​17213 Reduce regeneratorRuntime size (@​liuxingbaoyu)

v7.27.0

Compare Source

👓 Spec Compliance

• babel-generator, babel-parser
  • #​16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #​17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #​17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #​17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #​17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #​17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #​17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #​17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #​16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #​17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #​17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #​17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #​17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #​16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #​17176 fix: improve duplicate named groups check (@​JLHwung)

v7.26.10

Compare Source

👓 Spec Compliance

• babel-parser
  • #​17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #​17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #​17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #​17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #​17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #​17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #​17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #​17173 Fix processing of replacement p

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🚀 Deployed on https://6360745b42d1e218ee27ead8--stuartclark.netlify.app

[codecov]

Codecov Report

Merging #88 (f0b9eee) into develop (f52bcd4) will not change coverage.
The diff coverage is n/a.

❗ Current head f0b9eee differs from pull request most recent head f9057fa. Consider uploading reports for the commit f9057fa to get more accurate results

@@           Coverage Diff            @@
##           develop      #88   +/-   ##
========================================
  Coverage    18.51%   18.51%           
========================================
  Files           13       13           
  Lines           27       27           
  Branches         8        8           
========================================
  Hits             5        5           
  Misses          16       16           
  Partials         6        6           

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: drupal/composer.lock

Command failed: composer update composer/installers:2.3.0 cweagans/composer-patches:1.7.3 drupal/admin_audit_trail:1.0.10 drupal/admin_toolbar:3.6.3 drupal/advanced_text_formatter:2.1.1 drupal/anonymous_redirect:2.4.0 drupal/coffee:1.4.0 drupal/config_filter:2.7.0 drupal/config_ignore:3.4.0 drupal/config_pages:2.22.0 drupal/content_lock:2.4.0 drupal/core-composer-scaffold:9.5.11 drupal/core-dev:9.5.11 drupal/core-project-message:9.5.11 drupal/diff:1.10.0 drupal/druxt:1.2.1 drupal/entity_browser:2.15.0 drupal/entity_browser_enhanced:1.4.0 drupal/environment_indicator:4.0.25 drupal/field_group:3.6.0 drupal/jsonapi_hypermedia:1.10.0 drupal/jsonapi_node_preview:1.0.0-beta4 drupal/jsonapi_node_preview_tab:1.0.2 drupal/length_indicator:1.4.0 drupal/linky_revision_ui:2.314.0 drupal/linkychecker:2.2.2 drupal/linkyreplacer:2.4.2 drupal/m4032404:1.1.0 drupal/masquerade:2.2.0 drupal/maxlength:2.1.6 drupal/media_file_delete:1.3.1 drupal/memcache:2.8.0 drupal/metatag:1.26.0 drupal/node_edit_protection:1.2.0 drupal/oembed_providers:2.2.3 drupal/paragraphs_ee:2.1.1 drupal/pathauto:1.15.0 drupal/redirect:1.13.0 drupal/revision_log_default:1.4.0 drupal/role_delegation:1.6.0 drupal/scheduled_transitions:2.8.4 drupal/schema_metatag:2.6.0 drupal/simple_oauth:5.2.5 drupal/tome:1.14.0 drupal/transliterate_filenames:2.0.2 drupal/username_enumeration_prevention:1.4.0 drush/drush:11.6.0 mglaman/phpstan-drupal:1.3.9 php:8.5.7 phpstan/phpstan:1.12.33 phpstan/phpstan-deprecation-rules:1.2.1 --with-dependencies --ignore-platform-req=ext-* --ignore-platform-req=lib-* --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins --minimal-changes
Loading composer repositories with package information
Pattern "php" listed for update matches platform packages, but these cannot be updated by Composer.
Dependency drupal/linky is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies (-W) to include root dependencies.
Dependency drupal/dynamic_entity_reference is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies (-W) to include root dependencies.
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires drupal/admin_audit_trail ^1.0.10 -> satisfiable by drupal/admin_audit_trail[1.0.10].
    - drupal/admin_audit_trail 1.0.10 requires drupal/core ^10 || ^11 -> found drupal/core[10.0.0-alpha1, ..., 10.6.x-dev, 11.0.0-alpha1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2023-001", "SA-CORE-2023-002", "SA-CORE-2023-003", "SA-CORE-2023-004", "SA-CORE-2023-005", "SA-CORE-2023-006", "SA-CORE-2024-001", "SA-CORE-2024-002", "SA-CORE-2024-003", "SA-CORE-2024-004", "SA-CORE-2024-006", "SA-CORE-2024-007", "SA-CORE-2024-008", "SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4", "PKSA-xd2s-f2mt-7tf3", "PKSA-g51h-n1x3-mszr", "PKSA-jthw-vxjy-kxnx", "PKSA-ts55-c66h-g96n", "PKSA-yjvc-rnsz-8n3c", "PKSA-q8r5-cgs2-dxxk", "PKSA-mh8z-kh9f-vv4z", "PKSA-styk-3knc-d1bt", "PKSA-2gfj-5sh8-j3c5", "PKSA-my7h-svxh-5q3g", "PKSA-h7d4-5mdz-2965"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 2
    - drupal/core-recommended is locked to version 9.5.x-dev and an update of this package was not requested.
    - drupal/core-recommended 9.5.x-dev requires symfony/polyfill-intl-idn ~v1.26.0 -> found symfony/polyfill-intl-idn[v1.26.0] but these were not loaded, because they are affected by security advisories ("PKSA-dwsq-ppd2-mb1x"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 3
    - Root composer.json requires drupal/diff ^1.10.0 -> satisfiable by drupal/diff[1.10.0].
    - drupal/diff 1.10.0 requires drupal/core ^10 || ^11 -> found drupal/core[10.0.0-alpha1, ..., 10.6.x-dev, 11.0.0-alpha1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2023-001", "SA-CORE-2023-002", "SA-CORE-2023-003", "SA-CORE-2023-004", "SA-CORE-2023-005", "SA-CORE-2023-006", "SA-CORE-2024-001", "SA-CORE-2024-002", "SA-CORE-2024-003", "SA-CORE-2024-004", "SA-CORE-2024-006", "SA-CORE-2024-007", "SA-CORE-2024-008", "SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4", "PKSA-xd2s-f2mt-7tf3", "PKSA-g51h-n1x3-mszr", "PKSA-jthw-vxjy-kxnx", "PKSA-ts55-c66h-g96n", "PKSA-yjvc-rnsz-8n3c", "PKSA-q8r5-cgs2-dxxk", "PKSA-mh8z-kh9f-vv4z", "PKSA-styk-3knc-d1bt", "PKSA-2gfj-5sh8-j3c5", "PKSA-my7h-svxh-5q3g", "PKSA-h7d4-5mdz-2965"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 4
    - Root composer.json requires drupal/entity_browser ^2.15.0 -> satisfiable by drupal/entity_browser[2.15.0].
    - drupal/entity_browser 2.15.0 requires drupal/core ^10.2 || ^11 -> found drupal/core[10.2.0-alpha1, ..., 10.6.x-dev, 11.0.0-alpha1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2024-001", "SA-CORE-2024-002", "SA-CORE-2024-003", "SA-CORE-2024-004", "SA-CORE-2024-006", "SA-CORE-2024-007", "SA-CORE-2024-008", "SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4", "PKSA-xd2s-f2mt-7tf3", "PKSA-g51h-n1x3-mszr", "PKSA-jthw-vxjy-kxnx", "PKSA-ts55-c66h-g96n", "PKSA-yjvc-rnsz-8n3c", "PKSA-q8r5-cgs2-dxxk", "PKSA-mh8z-kh9f-vv4z", "PKSA-styk-3knc-d1bt", "PKSA-2gfj-5sh8-j3c5"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 5
    - Root composer.json requires drupal/linkyreplacer ^2.4.2 -> satisfiable by drupal/linkyreplacer[2.4.2].
    - drupal/linkyreplacer 2.4.2 requires drupal/linky ^2 -> found drupal/linky[dev-2.x, 2.0.0-beta1, 2.x-dev (alias of dev-2.x)] but it conflicts with your root composer.json require (^1.0).
  Problem 6
    - Root composer.json requires drupal/oembed_providers ^2.2.3 -> satisfiable by drupal/oembed_providers[2.2.3].
    - drupal/oembed_providers 2.2.3 requires drupal/core ^10|^11 -> found drupal/core[10.0.0-alpha1, ..., 10.6.x-dev, 11.0.0-alpha1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2023-001", "SA-CORE-2023-002", "SA-CORE-2023-003", "SA-CORE-2023-004", "SA-CORE-2023-005", "SA-CORE-2023-006", "SA-CORE-2024-001", "SA-CORE-2024-002", "SA-CORE-2024-003", "SA-CORE-2024-004", "SA-CORE-2024-006", "SA-CORE-2024-007", "SA-CORE-2024-008", "SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4", "PKSA-xd2s-f2mt-7tf3", "PKSA-g51h-n1x3-mszr", "PKSA-jthw-vxjy-kxnx", "PKSA-ts55-c66h-g96n", "PKSA-yjvc-rnsz-8n3c", "PKSA-q8r5-cgs2-dxxk", "PKSA-mh8z-kh9f-vv4z", "PKSA-styk-3knc-d1bt", "PKSA-2gfj-5sh8-j3c5", "PKSA-my7h-svxh-5q3g", "PKSA-h7d4-5mdz-2965"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 7
    - Root composer.json requires drupal/pathauto ^1.15.0 -> satisfiable by drupal/pathauto[1.15.0].
    - drupal/pathauto 1.15.0 requires drupal/core ^10.2 || ^11 -> found drupal/core[10.2.0-alpha1, ..., 10.6.x-dev, 11.0.0-alpha1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2024-001", "SA-CORE-2024-002", "SA-CORE-2024-003", "SA-CORE-2024-004", "SA-CORE-2024-006", "SA-CORE-2024-007", "SA-CORE-2024-008", "SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4", "PKSA-xd2s-f2mt-7tf3", "PKSA-g51h-n1x3-mszr", "PKSA-jthw-vxjy-kxnx", "PKSA-ts55-c66h-g96n", "PKSA-yjvc-rnsz-8n3c", "PKSA-q8r5-cgs2-dxxk", "PKSA-mh8z-kh9f-vv4z", "PKSA-styk-3knc-d1bt", "PKSA-2gfj-5sh8-j3c5"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 8
    - Root composer.json requires drupal/redirect ^1.13.0 -> satisfiable by drupal/redirect[1.13.0].
    - drupal/redirect 1.13.0 requires drupal/core ^10 || ^11 -> found drupal/core[10.0.0-alpha1, ..., 10.6.x-dev, 11.0.0-alpha1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2023-001", "SA-CORE-2023-002", "SA-CORE-2023-003", "SA-CORE-2023-004", "SA-CORE-2023-005", "SA-CORE-2023-006", "SA-CORE-2024-001", "SA-CORE-2024-002", "SA-CORE-2024-003", "SA-CORE-2024-004", "SA-CORE-2024-006", "SA-CORE-2024-007", "SA-CORE-2024-008", "SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4", "PKSA-xd2s-f2mt-7tf3", "PKSA-g51h-n1x3-mszr", "PKSA-jthw-vxjy-kxnx", "PKSA-ts55-c66h-g96n", "PKSA-yjvc-rnsz-8n3c", "PKSA-q8r5-cgs2-dxxk", "PKSA-mh8z-kh9f-vv4z", "PKSA-styk-3knc-d1bt", "PKSA-2gfj-5sh8-j3c5", "PKSA-my7h-svxh-5q3g", "PKSA-h7d4-5mdz-2965"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 9
    - Root composer.json requires drupal/role_delegation ^1.6.0 -> satisfiable by drupal/role_delegation[1.6.0].
    - drupal/role_delegation 1.6.0 requires drupal/core ^10.3 || ^11 -> found drupal/core[10.3.0-beta1, ..., 10.6.x-dev, 11.0.0-alpha1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2024-003", "SA-CORE-2024-004", "SA-CORE-2024-006", "SA-CORE-2024-007", "SA-CORE-2024-008", "SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4", "PKSA-xd2s-f2mt-7tf3", "PKSA-g51h-n1x3-mszr", "PKSA-jthw-vxjy-kxnx", "PKSA-ts55-c66h-g96n", "PKSA-yjvc-rnsz-8n3c", "PKSA-styk-3knc-d1bt"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 10
    - Root composer.json requires drupal/scheduled_transitions ^2.8.4 -> satisfiable by drupal/scheduled_transitions[2.8.4].
    - drupal/scheduled_transitions 2.8.4 requires drupal/core ^11.1 -> found drupal/core[11.1.0-beta1, ..., 11.x-dev] but these were not loaded, because they are affected by security advisories ("SA-CORE-2025-001", "SA-CORE-2025-002", "SA-CORE-2025-003", "SA-CORE-2025-004", "SA-CORE-2025-007", "SA-CORE-2025-008", "SA-CORE-2025-005", "SA-CORE-2025-006", "SA-CORE-2026-001", "SA-CORE-2026-003", "SA-CORE-2026-002", "SA-CORE-2026-004", "PKSA-787q-p7fn-mcw7", "PKSA-7kyj-yy4m-jzhv", "PKSA-j351-xv4b-pryh", "PKSA-d8tb-wwz2-ctxk", "PKSA-dh1f-zjm5-qg8y", "PKSA-bn52-vyzy-rmnm", "PKSA-xj83-g6g8-41vf", "PKSA-s1zc-gcfk-ddw5", "PKSA-ctyc-dmct-npkz", "PKSA-42zc-x5ss-z64p", "PKSA-s6zc-mws4-ngh4"). Review the advisory details above for more information. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
  Problem 11
    - Root composer.json requires drush/drush ^11.6.0 -> satisfiable by drush/drush[11.6.0].
    - chi-teck/drupal-code-generator[2.4.0, ..., 2.4.1] require twig/twig ^2.12 || ^3.1 -> found twig/twig[v2.12.0, ..., 2.x-dev, v3.1.0, ..., 3.x-dev] but these were not loaded, because they are affected by security advisories ("PKSA-fbvq-z33h-r2np", "PKSA-g9zw-qxh8-pq8w", "PKSA-yd6k-t2gh-1m43", "PKSA-1tmc-rt7x-12w6", "PKSA-xx6c-6d96-db2w", "PKSA-5k7f-wvjj-jrgw", "PKSA-sjvz-tbbr-vwth", "PKSA-h8hf-ytnd-5t9q", "PKSA-wwb1-81rc-pd65", "PKSA-hgmw-wn4d-hpcy", "PKSA-kvv6-36cr-fkzb", "PKSA-n14z-jjjg-g8vd", "PKSA-3mcc-k66d-pydb", "PKSA-gw7n-z4yx-7xjt", "PKSA-dpx1-78wg-1kqs", "PKSA-21g2-dzjv-sky5", "PKSA-v3kg-5xkr-pykw", "PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-8kk8-h2xr-h5nx"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
    - chi-teck/drupal-code-generator[2.5.0, ..., 2.x-dev] require twig/twig ^2.14.11 || ^3.1 -> found twig/twig[v2.14.11, ..., 2.x-dev, v3.1.0, ..., 3.x-dev] but these were not loaded, because they are affected by security advisories ("PKSA-fbvq-z33h-r2np", "PKSA-g9zw-qxh8-pq8w", "PKSA-yd6k-t2gh-1m43", "PKSA-1tmc-rt7x-12w6", "PKSA-xx6c-6d96-db2w", "PKSA-5k7f-wvjj-jrgw", "PKSA-sjvz-tbbr-vwth", "PKSA-h8hf-ytnd-5t9q", "PKSA-wwb1-81rc-pd65", "PKSA-hgmw-wn4d-hpcy", "PKSA-kvv6-36cr-fkzb", "PKSA-n14z-jjjg-g8vd", "PKSA-3mcc-k66d-pydb", "PKSA-gw7n-z4yx-7xjt", "PKSA-dpx1-78wg-1kqs", "PKSA-21g2-dzjv-sky5", "PKSA-v3kg-5xkr-pykw", "PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-8kk8-h2xr-h5nx"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add their IDs to the "policy.advisories.ignore-id" config or add the package to "policy.advisories.ignore". To turn the feature off entirely, you can set "policy.advisories.block" to false.
    - drush/drush 11.6.0 requires chi-teck/drupal-code-generator ^2.4 -> satisfiable by chi-teck/drupal-code-generator[2.4.0, ..., 2.x-dev].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.