chore(deps): update all non-major dependencies#150
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
11 times, most recently
from
July 6, 2026 09:12
ca1aa21 to
2ef8077
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
7 times, most recently
from
July 9, 2026 05:53
c51113b to
8e88122
Compare
Copilot stopped work on behalf of
TechWatching due to an error
July 9, 2026 08:19
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
10 times, most recently
from
July 12, 2026 11:47
f20e9fe to
f12fb65
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
9 times, most recently
from
July 17, 2026 22:32
a7fe5d8 to
c32eb3c
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 18, 2026 01:07
c32eb3c to
bbc6118
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.2.114→^1.2.117^1.2.87→^1.2.90^1.2.59→^1.2.67^3.14.0→^3.15.01.2.1→1.3.1^4.9.0→^4.10.0^4.2.0→^4.3.1^10.5.0→^10.7.0v0.80.9→v0.82.11v0.82.1210.34.4→10.34.5^1.393.0→^1.404.01.404.1^4.3.1→^4.3.3^3.3.5→^3.3.7Release Notes
nuxt/content (@nuxt/content)
v3.15.0Compare Source
Features
bunsqlite connector for Bun runtime deployments (#3741) (92ac2ab)Bug Fixes
nuxt/scripts (@nuxt/scripts)
v1.3.1Compare Source
🐞 Bug Fixes
warmupStrategy: falsewhen defaulting to preload - by @harlan-zw in #828 (6cbea)View changes on GitHub
v1.3.0Compare Source
🚀 Features
🐞 Bug Fixes
View changes on GitHub
nuxt/ui (@nuxt/ui)
v4.10.0Compare Source
Features
actionsprop for tool approval (#6694) (1a3a9dc)unmountOnHideprop (#6523) (f03f98b)closeandcloseIconprops (#6669) (53e88a4)loadingandloadingIconprops (#6707) (86cd25c)unmountOnHideprop (#6626) (4deb61b), closes #5839 #3605@nuxt/iconclient bundle (#6633) (8d46034)enableTouchprop (#6626) (54125f3), closes #2346claudeaction (#6693) (7bdcb13)getScrollElementvirtualize option (#6650) (a84de85)getScrollElementvirtualize option (#6657) (7e6d0f7)Bug Fixes
$attrsto root element whentoprop is absent (#6628) (d3b5f1d)data-slotto component root (#6643) (c9c5232)prefers-reduced-motionin animations (#6723) (f951529)arrowdownto shiftable keys (#6702) (2128414)aria-disabledattribute when disabled (#6653) (c3b2996)useRoute().fullPathreactive across navigations (#6696) (c256997)relprop to internal links (#6677) (276302e)localePathfails (#6637) (906e8fd)hookOncein colors plugin (#6658) (e4ca579)create-item(#6689) (a71dece)defaultVariantsoverridewithDefaults(#6686) (f5e58fb)Performance Improvements
sideEffectsfor barrel tree-shaking (#6729) (2cc2849)useComponentPropsfrom the component-types barrel (#6648) (6576fb8)shikijs/shiki (@shikijs/engine-javascript)
v4.3.1Compare Source
🚀 Features
typefield forThemedToken- by @ije in #1293 (585b5)View changes on GitHub
v4.3.0Compare Source
🚀 Features
View changes on GitHub
eslint/eslint (eslint)
v10.7.0Compare Source
Features
cf2a9bffeat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)f8b873afeat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)557fde8feat: support computedNumber.parseIntmember access inradixrule (#21041) (Pixel)0b4a73bfeat: add suggestions to no-compare-neg-zero (#21034) (den$)96cdd42feat: report invalid signed numeric radix values inradixrule (#21030) (Pixel)Bug Fixes
3e7bf15fix: applyignoreClassesWithImplementsto class expressions (#21069) (Pixel)0d7d70cfix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)75ec753fix: handle static template literals ineqeqeqrule (#21058) (Pixel)b717a22fix: preventeqeqeqnull option from reporting non-equality operators (#21057) (Pixel)e35b05ffix: avoidno-invalid-regexpfalse positive for shadowed RegExp (#21051) (Pixel)a3172b6fix: avoidno-control-regexfalse positive for shadowed RegExp (#21050) (Pixel)d1f637efix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)8859baffix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)a9e5961fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)8a240a7fix: avoid false positives inradixrule for spread arguments (#21044) (Pixel)Documentation
c30d808docs: Update README (GitHub Actions Bot)5139800docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)04174cbdocs: Update README (GitHub Actions Bot)026e130docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)9d42fefdocs: Update README (GitHub Actions Bot)b230159docs: Update README (GitHub Actions Bot)0129972docs: correct**/.jsglob to**/*.jsin config files guide (#21036) (EduardF1)Chores
9489379chore: update dependency @eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])81a4774chore: updates for v9.39.5 release (Jenkins)9835414chore: enable$ExpectTypeannotations in all TypeScript files (#21071) (Francesco Trotta)72adf6bchore: restrictmarkdownlint-cli2updates in renovate (#21067) (lumir)833ec10chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])7ea106dchore: update ecosystem plugins (#21059) (ESLint Bot)8fb550echore: add prettier update commit to.git-blame-ignore-revs(#21056) (lumir)e4e1166chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])0493f53chore: update prettier to v3.9.0 (#21054) (Pixel)1056a99chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])4d4155dci: run ecosystem tests on pull requests (#21027) (sethamus)993539fchore: update dependency @eslint/json to ^2.0.1 (#21042) (renovate[bot])53f8b69test: add error locations tono-constant-binary-expression(#21039) (lumir)5ab71d5refactor: clean up radix rule internals (#21015) (Pixel)a80a9a4chore: update ecosystem plugins (#21035) (ESLint Bot)7c9a029ci: add Node.js 26 to CI (#20847) (lumir)v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)github/gh-aw-actions (github/gh-aw-actions)
v0.82.11Compare Source
Sync of actions from gh-aw at
v0.82.11.v0.82.10Compare Source
Sync of actions from gh-aw at
v0.82.10.v0.82.9Compare Source
Sync of actions from gh-aw at
v0.82.9.v0.82.8Compare Source
Sync of actions from gh-aw at
v0.82.8.v0.82.7Compare Source
Sync of actions from gh-aw at
v0.82.7.v0.82.6Compare Source
Sync of actions from gh-aw at
v0.82.6.v0.82.5Compare Source
Sync of actions from gh-aw at
v0.82.5.v0.82.4Compare Source
Sync of actions from gh-aw at
v0.82.4.v0.82.3Compare Source
Sync of actions from gh-aw at
v0.82.3.v0.82.2Compare Source
Sync of actions from gh-aw at
v0.82.2.v0.82.1Compare Source
Sync of actions from gh-aw at
v0.82.1.v0.82.0Compare Source
Sync of actions from gh-aw at
v0.82.0.v0.81.6Compare Source
Sync of actions from gh-aw at
v0.81.6.v0.81.5Compare Source
Sync of actions from gh-aw at
v0.81.5.v0.81.4Compare Source
Sync of actions from gh-aw at
v0.81.4.v0.81.3Compare Source
Sync of actions from gh-aw at
v0.81.3.v0.81.2Compare Source
Sync of actions from gh-aw at
v0.81.2.v0.81.1Compare Source
Sync of actions from gh-aw at
v0.81.1.v0.81.0Compare Source
Sync of actions from gh-aw at
v0.81.0.pnpm/pnpm (pnpm)
v10.34.5: pnpm 10.34.5Compare Source
Patch Changes
78e29fe: Prevent a craftedpnpm-lock.yamlfrom writing package content outside the virtual store. A dependency path key whose name reconstructs to a path-traversal sequence (e.g.../../../tmp/x@1.0.0) is now rejected by the isolated (virtual-store) linker and the Plug'n'Play resolver map, matching the containment already applied to the hoisted linker. Under the global virtual store, a traversal in the version-derived path segment (e.g. a snapshotversion: "../../x") is now rejected atiterateHashedGraphNodes, the single point every global-virtual-store slot path funnels through.78e29fe: Fixed a path traversal vulnerability where a dependency whose manifestnamewas a scoped path traversal (e.g.@x/../../../<path>) could be written outsidenode_modulesto an attacker-controlled location duringpnpm install, even with--ignore-scripts. The isolated linker now validates the package name before using it as a directory name, matching the existing protection in the hoisted linker.47ef6f0: Fixed switching to and self-updating to pnpm v12. pnpm v12 (the Rust port) ships as thepnpmand@pnpm/exenpm packages whose bins are placeholders replaced at install time by the host's native binary from a@pnpm/exe.<platform>-<arch>[-musl]optional dependency. Because pnpm installs its own engine with--ignore-scripts, that relinking never ran, leaving a non-executable placeholder. pnpm now relinks the native binary itself for v12 (recognizing the new platform-package naming scheme and the nativepnpmpackage), and verifies the native binary's npm registry signature before running it.36928be:${...}environment-variable placeholders in thehttpProxy,httpsProxy,noProxy,proxy, andnoproxysettings are no longer expanded when these settings come from a project'spnpm-workspace.yaml. They now receive the same protection already applied toregistry.Platinum Sponsors
Gold Sponsors
PostHog/posthog-js (posthog-js)
v1.404.0Compare Source
1.404.0
Minor Changes
607bf54Thanks @pauldambra! - Add dead swipe detection to dead clicks autocapture. When dead clicks autocapture is enabled, touch swipe gestures that produce no observable screen change (no scroll, mutation, selection or visibility change) are now captured as$dead_swipeevents, surfacing failed navigations on touch devices. Configurable viacapture_dead_swipes(defaulttrue) andswipe_threshold_px(default30) on thecapture_dead_clicksconfig. Swipes over surfaces whose response cannot be observed (canvas, video and other media elements under the finger) are skipped, and captures are limited per page load viamax_dead_swipes_per_page_load(default10).(2026-07-16)
Patch Changes
df17ddcThanks @posthog! - Catch synchronous throws from a monkey-patchedwindow.fetchso they no longer escape as unhandled exceptions. A synchronous throw is now routed through the same handling as an async rejection, so the request queue retries instead of the error leaking into error tracking.(2026-07-16)
607bf54]:v1.403.0Compare Source
1.403.0
Minor Changes
#4159
fad6d9aThanks @haacked! - add$feature_flag_has_experimentto$feature_flag_calledevents$feature_flag_calledevents now carry a$feature_flag_has_experimentboolean sourced from the server'shas_experimentflag metadata (the/flags?v=2response for remote evaluation, the/api/feature_flag/local_evaluationdefinitions for posthog-node local evaluation). The property is only sent when the server explicitly reportshas_experiment; it is omitted entirely when the value is unknown (older servers, missing metadata, bootstrapped or locally injected flags). (2026-07-16)Patch Changes
fad6d9a]:v1.402.3Compare Source
1.402.3
Patch Changes
#4157
4a2ecf5Thanks @posthog! - Session recording no longer emits an uncaughtNotAllowedError("Sharing constructed stylesheets in multiple documents is not allowed") when a page assigns aCSSStyleSheetconstructed in a different document toadoptedStyleSheets. That assignment is the host page's own invalid operation, but the recorder's patched setter sat on the call stack, so the exception was attributed to rrweb and churned fingerprints in error tracking. The recorder now contains this specific rejection (matched by its standardizedNotAllowedErrorname, so it works even when the setter throws from an iframe realm) and skips recording those sheets, while still re-throwing any other native-setter error so host-page behaviour is preserved.(2026-07-15)
#4158
0dc389eThanks @posthog! - fix(replay): session recording no longer throwsTypeError: Converting circular structure to JSONwhen replay event data contains a circular reference. The circular-reference guard now also detects cycles that pass through an array, and affected events are captured with[Circular]markers instead of surfacing an unhandled error and being dropped.(2026-07-15)
Updated dependencies [
fc2cb2e]:v1.402.2Compare Source
1.402.2
Patch Changes
81adbfdThanks @posthog! - Session recording no longer emits an uncaughtTypeError: Illegal invocationwhen a programmatic input-value change happens on an object that is not a genuine native input element (for example a proxy on the element prototype chain). The recorder drops that one replay update instead of throwing.(2026-07-15)
v1.402.1[Compare Source](https:
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.