⬆️ deps: Update dependencies (non-major)#48
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
zrr-website-slides | 1cd6bec | Commit Preview URL Branch Preview URL |
Jul 04 2026, 09:58 PM |
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
zrr-website-root | 1cd6bec | Commit Preview URL Branch Preview URL |
Jul 04 2026, 09:57 PM |
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
zrr-website-blog | 1cd6bec | Commit Preview URL Branch Preview URL |
Jul 04 2026, 10:00 PM |
655e827 to
e040105
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
e040105 to
864447c
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
864447c to
46c4c0c
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
46c4c0c to
9fee82e
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
9fee82e to
58997f6
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
58997f6 to
694ec67
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
694ec67 to
daf2ea6
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, vite-plus, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
daf2ea6 to
5d079f9
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, vite-plus, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
5d079f9 to
fe74176
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, vite-plus, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
fe74176 to
3bd060b
Compare
There was a problem hiding this comment.
Stale comment
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, vite-plus, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver
3bd060b to
1cd6bec
Compare
There was a problem hiding this comment.
Risk: medium. Not approving: this Renovate dependency update exceeds the low-risk approval threshold (Node.js runtime, wrangler, vite-plus, and lockfile changes). Cursor Bugbot was not present on this PR; zrr1999 is already assigned for human review.
Sent by Cursor Approval Agent: Pull Request Approver


This PR contains the following updates:
7.2.0→7.2.17.0.0→7.0.26.0.0→6.0.16.0.0→6.0.14.0.18→4.0.197.0.0→7.0.11.21.0→1.23.04.3.1→4.3.22.0.4→2.1.02.0.0→2.0.11.0.30001799→1.0.3000180011.15.0→11.16.022.18.0→22.23.11.71.0→1.72.011.9.0→11.10.010.29.2→10.29.44.3.1→4.3.20.2.1→0.2.20.2.1→0.2.23.5.38→3.5.394.104.0→4.107.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
withastro/astro (@astrojs/markdown-remark)
v7.2.1Compare Source
Patch Changes
eb6f97e]:withastro/astro (@astrojs/mdx)
v7.0.2Compare Source
Patch Changes
eb6f97e]:v7.0.1Compare Source
Patch Changes
02b73b0Thanks @ematipico! - Fixes an issue where thepeerDependenciesfield used incorrect dependencies.withastro/astro (@astrojs/preact)
v6.0.1Compare Source
Patch Changes
eb6f97e]:withastro/astro (@astrojs/react)
v6.0.1Compare Source
Patch Changes
eb6f97e]:withastro/astro (@astrojs/rss)
v4.0.19Compare Source
Patch Changes
fbcfa03Thanks @matthewp! - Hardens RSS feed generation by escaping thesourceandenclosureitem fields. These fields are now serialized as structured XML values, ensuring that special characters in values likesource.titleandenclosure.typeare always treated as text rather than markup, consistent with how other feed fields are handled.withastro/astro (@astrojs/vue)
v7.0.1Compare Source
Patch Changes
02b73b0Thanks @ematipico! - Fixes an issue where thepeerDependenciesfield used incorrect dependencies.lucide-icons/lucide (@lucide/astro)
v1.23.0: Version 1.23.0Compare Source
What's Changed
paper-bagicon by @dkast in #4023New Contributors
Full Changelog: lucide-icons/lucide@1.22.0...1.23.0
v1.22.0: Version 1.22.0Compare Source
What's Changed
carroticon by @jguddas in #4010ungroupicon by @jguddas in #3969phiicon also used asgolden-ratioby @whoisBugsbunny in #4218New Contributors
Full Changelog: lucide-icons/lucide@1.21.0...1.22.0
tailwindlabs/tailwindcss (@tailwindcss/vite)
v4.3.2Compare Source
Fixed
auto-rows-*andauto-cols-*utilities (e.g.auto-rows-12andauto-cols-16) (#20229)@tailwindcss/cliin--watchmode from crashing on Windows when@sourcepoints to a directory that doesn't exist (#20242)@tailwindcss/vitefrom crashing in Deno v2.8.x whencontext.parentURLis not a valid URL (#20245)@tailwindcss/cliin--watchmode rebuilds when the input CSS file changes in an ignored directory (#20246)@variantrules used inaddBase(…)to use custom variants defined later (#20247)@tailwindcss/vitefrom crashing during HMR when scanned files or directories are deleted (#20259)font-sizeinstead ofcolordeclarations fortext-[--spacing(…)](#20260)@sourcepatterns from scanning unrelated sibling files and folders (#20263)%]…[%in.tt,.tt2, and.txfiles (#20269)p.text-black[condition](#20269)@position-tryrules from triggering unknown at-rule warnings when optimizing CSS (#20277)--opacitytheme values (#20287)@tailwindcss/postcsswhen used with newer PostCSS patch releases (#20289)joesaby/astro-mermaid (astro-mermaid)
v2.1.0Compare Source
Features
shishkin/astro-pagefind (astro-pagefind)
v2.0.1Compare Source
Bug Fixes
browserslist/caniuse-lite (caniuse-lite)
v1.0.30001800Compare Source
mermaid-js/mermaid (mermaid)
v11.16.0Compare Source
Minor Changes
#7535
ea1c48fThanks @ragelink! - feat(cynefin): Adds the Cynefin framework as a new diagram type (beta) to Mermaid (available ascynefin-beta). The Cynefin framework, created by Dave Snowden, is a decision-making framework that categorizes problems into five complexity domains, widely used in agile, incident management, strategy, and organizational design.#7721
f45cc2cThanks @notionparallax! - feat(treeView): add box-drawing character input support for treeView diagrams#7550
f1f4d45Thanks @DominicBurkart! - feat(xychart): add per-point text labels for xychart line plots#7527
b4d0442Thanks @notionparallax! - feat(treeView): Extends the existing treeView-beta diagram with features useful for representing file/directory structures.#7793
a6f097dThanks @SSDWGG! - feat(er): support optional ER attribute types with a?suffix#7772
37f2e36Thanks @devareddy05! - feat(gantt): support multipleexcludes/includeslines so long exclusion lists can be split into commented groups (#6270)#7708
4e63e9dThanks @txmxthy! - feat(architecture): addalign row|column {ids…}directive to architecture-beta diagrams so authors can declare horizontal or vertical alignment of services explicitly.#7760
05223beThanks @ngdaniels! - feat(pie): Enhance Pie Chart - Enable donut chart, Set legend position, and highlight slice#7251
216e4e9Thanks @ydah! - feat(railroad): Add support for Railroad Diagrams (Syntax Diagrams) with four input syntaxes: IR (railroad-beta), EBNF (railroad-ebnf-beta), ABNF (railroad-abnf-beta), and PEG (railroad-peg-beta).#7774
e5c75e6Thanks @ngdaniels! - feat(xychart): enable rotate label on X-axis#7791
974fa7bThanks @knsv-bot! - feat(swimlane): add swimlane as a standalone diagram type with a dedicated layered orthogonal layout algorithmPatch Changes
#7744
633c261Thanks @ashishjain0512! - fix(architecture): addarchitecture.seedconfig option to make architecture diagrams render deterministically. Resolves #7729.#7732
c8ba156Thanks @rkdfx! - fix: tolerate leading horizontal whitespace before YAML frontmatter delimiters. Closes #7613#7314
4e4e6c4Thanks @darshanr0107! - fix(flowchart): Prevent crash when flowchart node shape is undefined#7762
cfd2391Thanks @Dharya-dev! - fix(class): support styling and callbacks for generic classes#7284
c1f116dThanks @darshanr0107! - fix(gantt): Render gantt vertical markers without affecting row layout or chart height#7786
72fbab1Thanks @knsv-bot! - fix(er): allow special characters (e.g. dots) in ER diagram attribute names and types by escaping them with backticks#7672
4887e97Thanks @sjackson0109! - fix(flowchart): respect per-subgraph direction keyword in Dagre layout. Fixes #4648#7734
a4c1e50Thanks @OfirHaf! - fix(block): read block padding and sanitize config dynamically instead of at module load time#7674
cc75089Thanks @cyphercodes! - fix(block): respect current DOMPurify config when sanitizing labels#7711
be2e282Thanks @Jinacker! - fix(flowchart): render flowchart and state self-loop edges as a single SVG path.#7781
d945968Thanks @Dharya-dev! - fix(radar): align axis labels based on angular position to prevent clipping#7661
2f5e9e8Thanks @nabila401! - fix(venn): fix 3-circle venn diagram union rendering#7780
8dcdce4Thanks @Dharya-dev! - fix(xychart): truncate plot data to match x-axis category count#7235
1bbc189Thanks @darshanr0107! - fix: Support consecutive LaTeX in node text#7247
365c1b1Thanks @darshanr0107! - fix(treeView): Ensure treemap labels render correctly in large nested diagrams#7754
06a32b7Thanks @palgunatm66! - fix(sequence): sequenceDiagram rect backgrounds using theme-aware fallback colors#7693
afaf306Thanks @dull-bird! - fix(quadrant-chart): allow CJK, emoji, Latin-1 accented characters, and other non-ASCII text in unquoted axis/quadrant/point labels. Fixes #7120.#7751
79e97cdThanks @puneetdixit200! - fix(state): render state diagram click tooltips with mermaidTooltip#7570
c2305dfThanks @PinguinsRule! - fix(state): Fix invalid syntax between state and '{'#7758
a4a250bThanks @mk24x7! - fix(venn): render labeled higher-arity unions when the underlying pairwise unions are not declared. Resolves #7656.Updated dependencies [
ea1c48f,b4d0442,4e63e9d,216e4e9]:nodejs/node (node)
v22.23.1: 2026-06-23, Version 22.23.1 'Jod' (LTS), @RafaelGSSCompare Source
This release includes a fix for an unexpected behavior introduced
by the recent security release (22.23.0).
Commits
41d2ee13be] - build: switch coverage-windows towindows-2022(Richard Lau) #63940eaa292549e] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #64004v22.23.0: 2026-06-18, Version 22.23.0 'Jod' (LTS), @aduh95Compare Source
This is a security release.
Notable Changes
Commits
38b4c5ed51] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878ad8a10c1bb] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890ca825a87cc] - deps: update undici to 6.27.0 (aduh95) #63711a1a5bb9683] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #628910f48583512] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #6289138c869fc05] - deps: update nghttp2 to 1.68.0 (nodejs-github-bot) #61136290667c84f] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #59790c9f3da76aa] - deps: update nghttp2 to 1.66.0 (Node.js GitHub Bot) #5878660890be563] - deps: update nghttp2 to 1.65.0 (Node.js GitHub Bot) #572695024c7d5d8] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #638207f4eb5af2e] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #63820ebb4ec78a8] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #626565763d40826] - deps: update llhttp to 9.4.1 (Node.js GitHub Bot) #63045c551a51d0c] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#8680a22d40180] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846c79968e108] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#8550c37bff2ff] - http2: fix DEP0194 message (KaKa) #58669ea5dc6b529] - (SEMVER-MAJOR) http2: remove support for priority signaling (Matteo Collina) #582939b6af26132] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#86728dcd38864] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#8732f62693801] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#8701662a3ea09] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854718d5d0e2c] - test: skiptest-fs-utimes-y2K38on armv7 (Richard Lau) #63836041185b61f] - test: skip test-cluster-dgram-reuse on AIX 7.3 (Stewart X Addison) #62238fd890ba01d] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#85439d1d09684] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#8572197a47144] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869v22.22.3: 2026-05-13, Version 22.22.3 'Jod' (LTS), @marco-ippolitoCompare Source
Commits
4f780905c5] - crypto: fix potential null pointer dereference when BIO_meth_new() fails (Nora Dossche) #617884a09efb947] - crypto: update root certificates to NSS 3.121 (Node.js GitHub Bot) #62485e4c0d99839] - deps: update timezone to 2026a (Node.js GitHub Bot) #621640226c8dd7a] - deps: update simdjson to 4.5.0 (Node.js GitHub Bot) #62382e742ab748c] - deps: update sqlite to 3.51.3 (Node.js GitHub Bot) #6225673cac0571a] - deps: update amaro to 1.1.8 (Node.js GitHub Bot) #62151ae5c162b93] - deps: update amaro to 1.1.7 (Node.js GitHub Bot) #61730b819cb9977] - deps: update amaro to 1.1.6 (Node.js GitHub Bot) #61603bbcce09dc7] - deps: update sqlite to 3.52.0 (Node.js GitHub Bot) #6215022ff2d81ce] - deps: update simdjson to 4.3.1 (Node.js GitHub Bot) #61930f49b51d75c] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #619281a5cec0d49] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925d339497688] - deps: update nbytes to 0.1.3 (Node.js GitHub Bot) #618793ff8ffd459] - deps: remove stale OpenSSL arch configs (René) #61834b8ddbc1e9a] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #61827ffda97afd4] - deps: update googletest to2461743(Node.js GitHub Bot) #6248479aa32cf4f] - deps: update googletest to73a63ea(Node.js GitHub Bot) #61927b6957e13b6] - deps: update archs files for openssl-3.5.6 (Node.js GitHub Bot) #626293a27669063] - deps: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) #62629d568a1bb53] - deps: upgrade npm to 10.9.8 (npm team) #62463ec11f3c1d5] - deps: V8: backport85b3900(Thibaud Michaud) #6278308609712ed] - deps: V8: backport1b27e46(Thibaud Michaud) #62783dcc60d5ab2] - deps: V8: backport9997fc0(Thibaud Michaud) #627831d1f4451fb] - deps: V8: cherry-pickb96e40d(Clemens Backes) #627832268567237] - deps: V8: cherry-pick7cb6188(Thibaud Michaud) #6278392804cdbea] - deps: V8: cherry-picke7ccf0a(Thibaud Michaud) #62783eae2c27a40] - deps: V8: cherry-pick8e214ec(Thibaud Michaud) #62783a1799a49bb] - deps: V8: backport63b8849(Thibaud Michaud) #62783a2df2d8731] - deps: V8: backport3239427(Thibaud Michaud) #62783e3d65c7dca] - deps: V8: backport89dc6ea(Thibaud Michaud) #627835e7db133de] - deps: V8: backport910cb91(Jakob Kummerow) #62783d0c24a28af] - deps: V8: cherry-pickb8f91e5(Thibaud Michaud) #62783d358687824] - deps: V8: cherry-pickcf03d55(Thibaud Michaud) #6278367c8b2c349] - deps: V8: cherry-pick692f3d5(Sébastien Doeraene) #6278371e5a59ffd] - deps: V8: cherry-pickc734674(Manos Koukoutos) #62783f0dbe81c7b] - deps: V8: cherry-pickb2f3aea(Thibaud Michaud) #62783d333f480c3] - deps: V8: cherry-pick5f1342c(Matthias Liedtke) #62783db722725bb] - deps: use npm undici@six tag inupdate-undici.sh(Matteo Collina) #630129b57979d9c] - doc: add Rafael to last security release steward (Rafael Gonzaga) #62423d8075585bf] - doc: add path to vulnerabilities.json mention (Rafael Gonzaga) #623556ec9a70204] - doc: clarify fs.ReadStream and fs.WriteStream are not constructable (Kit Dallege) #622081fc86fcb6e] - doc: add note (and caveat) formock.moduleabout customization hooks (Jacob Smith) #62075491be80bd9] - doc: add efekrskl as triager (Efe) #6187618558293a3] - doc: fix module.stripTypeScriptTypes indentation (René) #619928e20976522] - doc: explicitly mention Slack handle (Rafael Gonzaga) #6198670b8e6b4fb] - doc: rename invalidfunctionparameter (René) #619424045c76f6c] - doc: clarify status of feature request issues (Antoine du Hamel) #61505c54652f2aa] - doc: remove incorrect mention ofmoduleintypescript.md(Rob Palmer) #618399fad6cedf5] - doc: clarify async caveats forevents.once()(René) #615722f1e5733fe] - doc: update Juan's security steward info (Juan José) #61754a64bdb5068] - doc: fix overstated Date header requirement in response.sendDate (Kit Dallege) #6220602797de923] - doc: fix small environment_variables typo (chris) #62279f22ebdc809] - doc: fix small logic error in DETECT_MODULE_SYNTAX (René) #620259f4508062a] - doc: fix methods being documented as properties inprocess.md(Antoine du Hamel) #617653ea39ff135] - doc: fix dropdown menu being obscured at <600px due to stacking context (Jeff) #61735c22445079b] - doc: fix spacing in process message event (Aviv Keller) #6175632831b5223] - doc: fix broken links of net.md (YuSheng Chen) #61673005508d509] - doc: remove obsolete Boxstarter automated install (Mike McCready) #6178537c2fd6f7d](Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.