deps(deps): bump the minor-and-patch group with 13 updates

[dependabot]

Bumps the minor-and-patch group with 13 updates:

Package	From	To
@amplitude/analytics-browser	2.42.3	2.42.4
agentic-flow	2.0.11	2.0.13
date-fns	4.1.0	4.3.0
@types/node	25.8.0	25.9.1
@types/react	19.2.14	19.2.15
@vitest/coverage-v8	4.1.6	4.1.7
postcss	8.5.14	8.5.15
ruflo	3.6.30	3.10.0
sass-embedded	1.99.0	1.100.0
vite	8.0.13	8.0.14
vitest	4.1.6	4.1.7
@uiw/react-md-editor	4.1.0	4.1.1
tsx	4.22.1	4.22.3

Updates @amplitude/analytics-browser from 2.42.3 to 2.42.4

Release notes

Sourced from @​amplitude/analytics-browser's releases.

@​amplitude/analytics-browser@​2.42.4

2.42.4 (2026-05-21)

Note: Version bump only for package @​amplitude/analytics-browser

Commits

• e299163 chore(release): publish
• ab2e029 fix(analytics-react-native): use workspace:* for analytics-core dep (#1766)
• 0cdd90a fix(session-replay-browser): merge queued sends after throttle pause (SR-4286...
• 302a08f fix(session-replay-browser): drop empty batches at the store layer (SR-4284) ...
• c242dc3 feat(session-replay-browser): add flushIntervalConfig to tune rrweb event-spl...
• e28dd6b chore: add size limit gating to Amplitude (#1756)
• 90ea3f6 chore: remove Jira workflows (#1761)
• 516719a fix(analytics-browser): bump background capture version (#1750)
• 5ffe544 chore(session-replay-browser): scrub customer name from privacy e2e test (SR-...
• 4cea6b6 feat(react-native-example): integrate into pnpm workspace and add iOS smoke t...
• Additional commits viewable in compare view

Updates agentic-flow from 2.0.11 to 2.0.13

Commits

• See full diff in compare view

Updates date-fns from 4.1.0 to 4.3.0

Release notes

Sourced from date-fns's releases.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #4193.

• Fixed pt locale first day of week to be Sunday. See #4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #4194 by @​puneetdixit200.

v4.2.1

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Commits

• f95bcf1 (docs): Add missing tsx dependency
• baaca11 Add //pkgs/core:release/docs task
• 8aa0373 Update docs website secrets location in scripts
• c7ad6eb Promote to v4.3.0
• da8c548 Add change log entry for Chinese locale fix (#4194)
• f8d8fa8 Split Chinese locale tests (#4194)
• b9c5865 Fix Chinese locale month parsing (#4194)
• 39d1e14 Add pt fix change log entry (#4195)
• f3f1963 Fix pt locale first day of week to be Sunday (#4195)
• cd6ebda Add basic AGENTS.md
• Additional commits viewable in compare view

Updates @types/node from 25.8.0 to 25.9.1

Commits

• See full diff in compare view

Updates @types/react from 19.2.14 to 19.2.15

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.6 to 4.1.7

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Updates postcss from 8.5.14 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

Changelog

Sourced from postcss's changelog.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

Commits

• eae46db Release 8.5.15 version
• 79508ff Update CI actions
• b128e21 Speed up declaration parsing by avoiding creating new array on each token
• 9825dca Fix code format
• 55789c8 Update dependencies
• 84fbbe9 Install older pnpm action for old Node.js
• 9f860bd Revert pnpm action for old Node.js
• 0877198 Update CI actions
• b2d1a33 Fix linter warnings
• 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
• Additional commits viewable in compare view

Updates ruflo from 3.6.30 to 3.10.0

Release notes

Sourced from ruflo's releases.

v3.10.0 — ADR-130 Unified Knowledge Graph Backend (P4-P6)

ADR-130 Unified Knowledge Graph Backend — Phases 4-6

Completes the full ADR-130 implementation shipping P1-P3 (3.9.0) + P4-P6 (3.10.0).

New in 3.10.0

• P4 — Plugin Adapter: Graph-to-plugin bridge exposing graph_edges reads/writes to the plugin runtime
• P5 — Pathfinder Algorithms: Three graph traversal strategies over the graph_edges SQLite backend:
  • Personalized PageRank (PPR) for relevance-weighted neighbourhood scoring
  • Dynamic MinCut for partitioning agent communication graphs
  • Spectral Sparsification for efficient sparse approximations
• P6 — Benchmark Suite: CI-friendly benchmark measuring:
  • Write throughput: >500 ops/sec (single-session, N=200 edges)
  • k-hop query latency: depth-1 <10ms p99, depth-3 <50ms p99
  • PQ encode <1ms p99, PQ decode <0.5ms p99
  • SQLite footprint: <1 KB/edge

Install

npx @claude-flow/cli@latest
npx claude-flow@latest
npx ruflo@latest

Tracking issue: #2128

v3.9.0 — ADR-130 Unified Graph Intelligence Backend

ADR-130 — Unified Knowledge Graph Backend (All 6 Phases)

Gives all 4 existing graph layers (graph-node, AgentDB, ruflo-knowledge-graph, ruflo-graph-intelligence) a shared graph_edges sql.js table with PQ-encoded embeddings, two new MCP tools, SONA trajectory hooks, and a plugin adapter contract.

New features

Phase 1 — graph_edges schema + PQ encoder

• graph_edges table with temporal columns: confidence, decay_rate, last_reinforced, witness_id, embedding_ref
• embedding-quantization.ts: Int8 global-scalar PQ (400 bytes/384-dim); inlineCosine() for zero-decode similarity
• graph-edge-writer.ts: thin sql.js accessor with fire-and-forget writes

Phase 2 — agentdb_graph-query MCP tool

• k-hop traversal via recursive CTE (sql-cte backend)
• Personalized PageRank (PPR) power iteration
• Semantic cosine ranking on inline PQ embeddings
• complexityBudget enforcement: maxNodesVisited, maxDepth, maxMillis

Phase 3 — SONA trajectory-to-graph hooks

• hooks_intelligence_trajectory-step: writes trajectory-caused edges fire-and-forget
• hooks_post-task (success=true): writes reinforced-by edges fire-and-forget
• Neither write blocks tool response (<200ms latency preserved)

... (truncated)

Commits

• e1bd1f0 chore: bump all packages to 3.10.0 — ADR-130 P4+P5+P6
• edde98f feat(graph): ADR-130 — unified graph intelligence backend (P1-P6) (#2129)
• bf0f505 chore(release): v3.8.0 — ADR-129 rvagent full integration
• cfc3417 fix(memory): #2120 — accept NULL status in memory_entries (legacy DBs) + 3.7....
• a778148 fix(daemon): #2110 — WSL2 silent-degrade triple fix + alpha.81
• 6bcee19 Merge pull request #2115 from ruvnet/fix/2112-otlp-overrides-on-published-pac...
• 6ac3156 fix(deps): #2112 — opentelemetry transitives overrides on ruflo wrapper (alph...
• 0e1d26c fix(security): patch CVEs, shell injection, SSRF in ruflo (#2114)
• a75d733 chore(release): 3.7.0-alpha.79 — guidance 2.70x quantization win
• 8e97433 chore(release): publish 3.7.0-alpha.78 — #2042 #2078 fixes
• Additional commits viewable in compare view

Updates sass-embedded from 1.99.0 to 1.100.0

Changelog

Sourced from sass-embedded's changelog.

1.100.0

• Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

  See the Sass website for details.

Commits

• 0d6a291 Update Dart Sass version and release
• 0d8e150 Improve error messages (#429)
• See full diff in compare view

Updates vite from 8.0.13 to 8.0.14

Release notes

Sourced from vite's releases.

v8.0.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.14 (2026-05-21)

Features

• update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

• deps: update all non-major dependencies (#22471) (98b8163)
• dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
• html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
• optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22470) (7cb728e)
• remove irrelevant commits from changelog (2c69495)

Code Refactoring

• glob: do not rewrite import path for absolute base (#22310) (0ae2844)

Tests

• css: sass does not use main field (#22449) (ebf39a0)

Commits

• c917f1e release: v8.0.14
• 5d94d1b fix(html): handle trailing slash paths in transformIndexHtml (#22480)
• 98b8163 fix(deps): update all non-major dependencies (#22471)
• 96efc88 feat: update rolldown to 1.0.2 (#22484)
• ebf39a0 test(css): sass does not use main field (#22449)
• 0ae2844 refactor(glob): do not rewrite import path for absolute base (#22310)
• 7cb728e chore(deps): update rolldown-related dependencies (#22470)
• b3132da fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...
• e8e9a34 fix(dev): handle errors when sending messages to vite server (#22450)
• 2c69495 chore: remove irrelevant commits from changelog
• See full diff in compare view

Updates vitest from 4.1.6 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Updates @uiw/react-md-editor from 4.1.0 to 4.1.1

Release notes

Sourced from @​uiw/react-md-editor's releases.

v4.1.1

Documentation v4.1.1: https://raw.githack.com/uiwjs/react-md-editor/98bb85f/index.html
Comparing Changes: uiwjs/react-md-editor@v4.1.0...v4.1.1

npm i @uiw/react-md-editor@4.1.1

Commits

• 40c6906 released v4.1.1
• bfe8c11 doc: Update README.md
• 0bd6878 doc: update README.md
• 13d11e4 doc: update README.md
• e0b23a4 doc: update core/README.md.
• bdc6460 ci: update workflows config.
• See full diff in compare view

Updates tsx from 4.22.1 to 4.22.3

Release notes

Sourced from tsx's releases.

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

• decode typed loader source (dce02fc)
• preserve entrypoint with TypeScript preload hooks (68f72f3)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• dce02fc fix: decode typed loader source
• 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
• 69455cf test: cover package exports for ambiguous ESM reexports
• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• 674bb30 test: consolidate tsImport commonjs mts coverage
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.