chore(deps): update all non-major dependencies#150
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
11 times, most recently
from
July 6, 2026 09:12
ca1aa21 to
2ef8077
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
7 times, most recently
from
July 9, 2026 05:53
c51113b to
8e88122
Compare
Copilot stopped work on behalf of
TechWatching due to an error
July 9, 2026 08:19
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
10 times, most recently
from
July 12, 2026 11:47
f20e9fe to
f12fb65
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
12 times, most recently
from
July 18, 2026 13:46
86c02c3 to
7bc1dd9
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 18, 2026 21:11
7bc1dd9 to
ee23904
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.2.114→^1.2.1171.2.118^1.2.87→^1.2.90^1.2.59→^1.2.67^3.14.0→^3.15.01.1.3→1.1.41.2.1→1.3.1^4.9.0→^4.10.0^4.2.0→^4.3.1^10.5.0→^10.7.0v0.80.9→v0.82.12v0.82.1310.34.4→10.34.5^1.393.0→^1.404.1^4.3.1→^4.3.3^3.3.5→^3.3.7Release Notes
nuxt/content (@nuxt/content)
v3.15.0Compare Source
Features
bunsqlite connector for Bun runtime deployments (#3741) (92ac2ab)Bug Fixes
nuxt/hints (@nuxt/hints)
v1.1.4Compare Source
🚀 Enhancements
🩹 Fixes
🏡 Chore
❤️ Contributors
nuxt/scripts (@nuxt/scripts)
v1.3.1Compare Source
🐞 Bug Fixes
warmupStrategy: falsewhen defaulting to preload - by @harlan-zw in #828 (6cbea)View changes on GitHub
v1.3.0Compare Source
🚀 Features
🐞 Bug Fixes
View changes on GitHub
nuxt/ui (@nuxt/ui)
v4.10.0Compare Source
Features
actionsprop for tool approval (#6694) (1a3a9dc)unmountOnHideprop (#6523) (f03f98b)closeandcloseIconprops (#6669) (53e88a4)loadingandloadingIconprops (#6707) (86cd25c)unmountOnHideprop (#6626) (4deb61b), closes #5839 #3605@nuxt/iconclient bundle (#6633) (8d46034)enableTouchprop (#6626) (54125f3), closes #2346claudeaction (#6693) (7bdcb13)getScrollElementvirtualize option (#6650) (a84de85)getScrollElementvirtualize option (#6657) (7e6d0f7)Bug Fixes
$attrsto root element whentoprop is absent (#6628) (d3b5f1d)data-slotto component root (#6643) (c9c5232)prefers-reduced-motionin animations (#6723) (f951529)arrowdownto shiftable keys (#6702) (2128414)aria-disabledattribute when disabled (#6653) (c3b2996)useRoute().fullPathreactive across navigations (#6696) (c256997)relprop to internal links (#6677) (276302e)localePathfails (#6637) (906e8fd)hookOncein colors plugin (#6658) (e4ca579)create-item(#6689) (a71dece)defaultVariantsoverridewithDefaults(#6686) (f5e58fb)Performance Improvements
sideEffectsfor barrel tree-shaking (#6729) (2cc2849)useComponentPropsfrom the component-types barrel (#6648) (6576fb8)shikijs/shiki (@shikijs/engine-javascript)
v4.3.1Compare Source
🚀 Features
typefield forThemedToken- by @ije in #1293 (585b5)View changes on GitHub
v4.3.0Compare Source
🚀 Features
View changes on GitHub
eslint/eslint (eslint)
v10.7.0Compare Source
Features
cf2a9bffeat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)f8b873afeat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)557fde8feat: support computedNumber.parseIntmember access inradixrule (#21041) (Pixel)0b4a73bfeat: add suggestions to no-compare-neg-zero (#21034) (den$)96cdd42feat: report invalid signed numeric radix values inradixrule (#21030) (Pixel)Bug Fixes
3e7bf15fix: applyignoreClassesWithImplementsto class expressions (#21069) (Pixel)0d7d70cfix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)75ec753fix: handle static template literals ineqeqeqrule (#21058) (Pixel)b717a22fix: preventeqeqeqnull option from reporting non-equality operators (#21057) (Pixel)e35b05ffix: avoidno-invalid-regexpfalse positive for shadowed RegExp (#21051) (Pixel)a3172b6fix: avoidno-control-regexfalse positive for shadowed RegExp (#21050) (Pixel)d1f637efix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)8859baffix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)a9e5961fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)8a240a7fix: avoid false positives inradixrule for spread arguments (#21044) (Pixel)Documentation
c30d808docs: Update README (GitHub Actions Bot)5139800docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)04174cbdocs: Update README (GitHub Actions Bot)026e130docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)9d42fefdocs: Update README (GitHub Actions Bot)b230159docs: Update README (GitHub Actions Bot)0129972docs: correct**/.jsglob to**/*.jsin config files guide (#21036) (EduardF1)Chores
9489379chore: update dependency @eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])81a4774chore: updates for v9.39.5 release (Jenkins)9835414chore: enable$ExpectTypeannotations in all TypeScript files (#21071) (Francesco Trotta)72adf6bchore: restrictmarkdownlint-cli2updates in renovate (#21067) (lumir)833ec10chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])7ea106dchore: update ecosystem plugins (#21059) (ESLint Bot)8fb550echore: add prettier update commit to.git-blame-ignore-revs(#21056) (lumir)e4e1166chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])0493f53chore: update prettier to v3.9.0 (#21054) (Pixel)1056a99chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])4d4155dci: run ecosystem tests on pull requests (#21027) (sethamus)993539fchore: update dependency @eslint/json to ^2.0.1 (#21042) (renovate[bot])53f8b69test: add error locations tono-constant-binary-expression(#21039) (lumir)5ab71d5refactor: clean up radix rule internals (#21015) (Pixel)a80a9a4chore: update ecosystem plugins (#21035) (ESLint Bot)7c9a029ci: add Node.js 26 to CI (#20847) (lumir)v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)github/gh-aw-actions (github/gh-aw-actions)
v0.82.12Compare Source
Sync of actions from gh-aw at
v0.82.12.v0.82.11Compare Source
Sync of actions from gh-aw at
v0.82.11.v0.82.10Compare Source
Sync of actions from gh-aw at
v0.82.10.v0.82.9Compare Source
Sync of actions from gh-aw at
v0.82.9.v0.82.8Compare Source
Sync of actions from gh-aw at
v0.82.8.v0.82.7Compare Source
Sync of actions from gh-aw at
v0.82.7.v0.82.6Compare Source
Sync of actions from gh-aw at
v0.82.6.v0.82.5Compare Source
Sync of actions from gh-aw at
v0.82.5.v0.82.4Compare Source
Sync of actions from gh-aw at
v0.82.4.v0.82.3Compare Source
Sync of actions from gh-aw at
v0.82.3.v0.82.2Compare Source
Sync of actions from gh-aw at
v0.82.2.v0.82.1Compare Source
Sync of actions from gh-aw at
v0.82.1.v0.82.0Compare Source
Sync of actions from gh-aw at
v0.82.0.v0.81.6Compare Source
Sync of actions from gh-aw at
v0.81.6.v0.81.5Compare Source
Sync of actions from gh-aw at
v0.81.5.v0.81.4Compare Source
Sync of actions from gh-aw at
v0.81.4.v0.81.3Compare Source
Sync of actions from gh-aw at
v0.81.3.v0.81.2Compare Source
Sync of actions from gh-aw at
v0.81.2.v0.81.1Compare Source
Sync of actions from gh-aw at
v0.81.1.v0.81.0Compare Source
Sync of actions from gh-aw at
v0.81.0.pnpm/pnpm (pnpm)
v10.34.5: pnpm 10.34.5Compare Source
Patch Changes
78e29fe: Prevent a craftedpnpm-lock.yamlfrom writing package content outside the virtual store. A dependency path key whose name reconstructs to a path-traversal sequence (e.g.../../../tmp/x@1.0.0) is now rejected by the isolated (virtual-store) linker and the Plug'n'Play resolver map, matching the containment already applied to the hoisted linker. Under the global virtual store, a traversal in the version-derived path segment (e.g. a snapshotversion: "../../x") is now rejected atiterateHashedGraphNodes, the single point every global-virtual-store slot path funnels through.78e29fe: Fixed a path traversal vulnerability where a dependency whose manifestnamewas a scoped path traversal (e.g.@x/../../../<path>) could be written outsidenode_modulesto an attacker-controlled location duringpnpm install, even with--ignore-scripts. The isolated linker now validates the package name before using it as a directory name, matching the existing protection in the hoisted linker.47ef6f0: Fixed switching to and self-updating to pnpm v12. pnpm v12 (the Rust port) ships as thepnpmand@pnpm/exenpm packages whose bins are placeholders replaced at install time by the host's native binary from a@pnpm/exe.<platform>-<arch>[-musl]optional dependency. Because pnpm installs its own engine with--ignore-scripts, that relinking never ran, leaving a non-executable placeholder. pnpm now relinks the native binary itself for v12 (recognizing the new platform-package naming scheme and the nativepnpmpackage), and verifies the native binary's npm registry signature before running it.36928be:${...}environment-variable placeholders in thehttpProxy,httpsProxy,noProxy,proxy, andnoproxysettings are no longer expanded when these settings come from a project'spnpm-workspace.yaml. They now receive the same protection already applied toregistry.Platinum Sponsors
Gold Sponsors
PostHog/posthog-js (posthog-js)
v1.404.1Compare Source
1.404.1
Patch Changes
66c1666Thanks @turnipdabeets! - Honour the project-level autocapture opt-out when the remote config request fails. Previously a failed config fetch (network error, timeout, blocked request) enabled autocapture on opted-out projects and persisted that state for later page loads. Autocapture now keeps the last successfully received server value, and stays off until the first successful config response.(2026-07-17)
v1.404.0Compare Source
1.404.0
Minor Changes
607bf54Thanks @pauldambra! - Add dead swipe detection to dead clicks autocapture. When dead clicks autocapture is enabled, touch swipe gestures that produce no observable screen change (no scroll, mutation, selection or visibility change) are now captured as$dead_swipeevents, surfacing failed navigations on touch devices. Configurable viacapture_dead_swipes(defaulttrue) andswipe_threshold_px(default30) on thecapture_dead_clicksconfig. Swipes over surfaces whose response cannot be observed (canvas, video and other media elements under the finger) are skipped, and captures are limited per page load viamax_dead_swipes_per_page_load(default10).(2026-07-16)
Patch Changes
df17ddcThanks @posthog! - Catch synchronous throws from a monkey-patchedwindow.fetchso they no longer escape as unhandled exceptions. A synchronous throw is now routed through the same handling as an async rejection, so the request queue retries instead of the error leaking into error tracking.(2026-07-16)
607bf54]:v1.403.0Compare Source
1.403.0
Minor Changes
#4159
fad6d9aThanks @haacked! - add$feature_flag_has_experimentto$feature_flag_calledevents$feature_flag_calledevents now carry a$feature_flag_has_experimentboolean sourced from the server'shas_experimentflag metadata (the/flags?v=2response for remote evaluation, the/api/feature_flag/local_evaluationdefinitions for posthog-node local evaluation). The property is only sent when the server explicitly reportshas_experiment; it is omitted entirely when the value is unknown (older servers, missing metadata, bootstrapped or locally injected flags). (2026-07-16)Patch Changes
fad6d9a]:v1.402.3Compare Source
1.402.3
Patch Changes
4a2ecf5Thanks @posthog! - Session recording no longer emits an uncaughtNotAllowedError("Sharing constructed stylesheetsConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.