Skip to content

fix(deps): update non-major dependencies#1116

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major-deps
Open

fix(deps): update non-major dependencies#1116
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/non-major-deps

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Pending OpenSSF
@auth0/auth0-react dependencies minor 2.19.02.21.0 OpenSSF Scorecard
@graphql-tools/graphql-file-loader (source) dependencies patch 8.1.148.1.16 OpenSSF Scorecard
@tailwindcss/postcss (source) devDependencies patch 4.3.14.3.2 OpenSSF Scorecard
@types/node (source) devDependencies patch 25.9.425.9.5 OpenSSF Scorecard
@types/three (source) devDependencies patch 0.185.00.185.1 OpenSSF Scorecard
framer-motion dependencies patch 12.42.012.42.2 OpenSSF Scorecard
node (source) minor 24.16.024.18.0 OpenSSF Scorecard
postcss (source) devDependencies patch 8.5.158.5.16 8.5.19 (+2) OpenSSF Scorecard
posthog-js (source) dependencies minor 1.395.01.399.1 1.399.3 (+1) OpenSSF Scorecard
postprocessing dependencies patch 6.39.16.39.2 OpenSSF Scorecard
prettier (source) devDependencies minor 3.8.43.9.5 OpenSSF Scorecard
tailwindcss (source) devDependencies patch 4.3.14.3.2 OpenSSF Scorecard
three (source) devDependencies patch 0.185.00.185.1 OpenSSF Scorecard

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

auth0/auth0-react (@​auth0/auth0-react)

v2.21.0

Compare Source

Full Changelog

Added

v2.20.0

Compare Source

Full Changelog

Added

ardatan/graphql-tools (@​graphql-tools/graphql-file-loader)

v8.1.16

Compare Source

Patch Changes

v8.1.15

Compare Source

Patch Changes
tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.3.2

Compare Source

Fixed
  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#​20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#​20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#​20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#​20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#​20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#​20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#​20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#​20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#​20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#​20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#​20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#​20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#​20289)
motiondivision/motion (framer-motion)

v12.42.2

Compare Source

Fixed
  • animateView: Cropped group layers now animate border-radius from the old to new radius.

v12.42.1

Compare Source

Fixed
  • animateView: Old layer fade out now cancelled when defining .new().
nodejs/node (node)

v24.18.0: 2026-06-23, Version 24.18.0 'Krypton' (LTS), @​richardlau prepared by @​sxa

Compare Source

Notable Changes
  • [e07e7a31e1] - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot) #​63527
  • [44c8ebcbd6] - http: avoid stream listeners on idle agent sockets (Matteo Collina) #​64004
  • [d3ef4122ee] - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina) #​63597
  • [bb2857b85a] - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan) #​62527
  • [b9d5e87880] - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan) #​62527
  • [ccd756d61e] - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan) #​62183
  • [4c9251fc09] - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry) #​63155
  • [8c989ec4a3] - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook) #​63079
  • [3f54c8ba32] - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison) #​63834
Commits

v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits
postcss/postcss (postcss)

v8.5.16

Compare Source

PostHog/posthog-js (posthog-js)

v1.399.1

Compare Source

v1.399.0

Compare Source

1.399.0

Minor Changes
  • #​4115 86bb3a5 Thanks @​DanielVisca! - add the posthog.metrics API (count, gauge, histogram) — alpha

    A statsd-style pre-aggregating metrics client for the PostHog Metrics product (alpha). Samples are folded into per-series aggregates in memory (counts sum, gauges keep the last value, histograms accumulate buckets) and flushed periodically as OTLP/JSON to /i/v1/metrics — one data point per series per flush window, no matter how many calls. No OpenTelemetry SDK setup required:

    posthog.metrics.count('orders_created', 1)
    posthog.metrics.gauge('active_connections', 42)
    posthog.metrics.histogram('api_latency', 187, { unit: 'ms' })

    Configure via metrics: { serviceName, environment, flushIntervalMs, maxSeriesPerFlush, beforeSend, ... }. (2026-07-08)

Patch Changes

v1.398.7

Compare Source

1.398.7

Patch Changes
  • #​4113 45f17ee Thanks @​TueHaulund! - fix session replay leaking a shadow-root observer when a same-origin iframe is removed

    Follow-up to the shadow-observer iframe-teardown fix: takeFullSnapshot's onSerialize registers every shadow root with the top-level document, so a root nested in a same-origin iframe was keyed to the wrong document and its observer/buffer were not disconnected when that iframe was removed (they lingered until the next full snapshot). addShadowRoot now derives the owning document from the host element, so per-document teardown matches iframe-nested roots too. (2026-07-08)

[v1.398.6](https://redirect.github.com/PostHog/posthog-js/releases/tag/posthog-j

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone Europe/London)

  • Branch creation
    • "before 7am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the renovate label Jul 6, 2026
@renovate renovate Bot requested review from a team as code owners July 6, 2026 01:05
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
midnight-wiki Error Error Jul 13, 2026 5:21pm

Request Review

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

🚀 Preview Deployment

Deployment Ready

🔗 Preview URL: https://pr-1116-midnight-docs.vercel.app

📝 Latest commit: 78f2e47
Updated: Jul 13, 2026, 5:27 PM UTC


This preview updates automatically when you push new commits to this PR.

@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 0b1a7f0 to 1c7427d Compare July 6, 2026 13:41
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 1c7427d to 3a28a2d Compare July 6, 2026 17:17
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 3a28a2d to 238e27f Compare July 7, 2026 03:06
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 238e27f to ae4cbda Compare July 7, 2026 14:20
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from ae4cbda to 8f199c7 Compare July 8, 2026 03:18
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 8f199c7 to 0f86f90 Compare July 8, 2026 14:41
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 0f86f90 to 74fed92 Compare July 9, 2026 00:15
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 74fed92 to 57ce8a9 Compare July 9, 2026 00:25
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 57ce8a9 to a0f659a Compare July 9, 2026 17:28
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from a0f659a to ceec801 Compare July 9, 2026 22:50
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from ceec801 to 6fc189f Compare July 10, 2026 17:47
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 6fc189f to 3900a6d Compare July 11, 2026 09:29
@jina-simulation

jina-simulation Bot commented Jul 11, 2026

Copy link
Copy Markdown

Jina Review

Jina has completed this review.

Review: https://app.usejina.com/reviews/48634b65-e992-481e-9e8e-bafc34fe5516

Item Status
Review Completed
Findings No issues found

@jina-simulation jina-simulation Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime Review - Merge Readiness 5/5

0 issues found - Ready to merge

Ready to merge.

No dependency-refresh regression was demonstrated: immutable installation completed, GraphQL 17 schema loading succeeded, and generation produced all 98 expected pages.

The sole candidate is a pre-existing validation gap and is retained only as a non-blocking technical observation.

Final review: The dependency refresh has no accepted runtime issues.

GraphQL loading and generation were directly validated; the remaining pipeline observation is pre-existing and non-blocking.

Review Comments

  • GraphQL reference validation is separate from the normal build

    The Docusaurus GraphQL plugin registers generation as a CLI command rather than a normal build hook, and CI runs only yarn build.

    Consider adding a CI check that generates or validates the API reference against the committed pages so schema or loader regressions cannot leave stale documentation undetected.

    Evidence:

    • docusaurus.config.js:132-142 configures the schema and loader without a build hook.
    • The installed plugin implementation only registers graphql-to-doc through extendCli.
    • .github/workflows/build.yml:31-38 runs yarn build without invoking graphql-to-doc.
    • 1 more evidence item(s) recorded.

    Related files: docusaurus.config.js, .github/workflows/build.yml

Issues

No medium/high-confidence runtime issues were found.

Summary

  • Status: warned
  • Areas investigated: 6
  • Tasks/probes performed: 3
  • Issues reported: 0
  • Publishable issues: 0
  • Inline comments: 0
  • File-level comments: 0
  • Review comments: 1
  • Unanchored publishable findings posted as file-level comments: 0
  • Blocked validations: 0
  • Dashboard: full runtime review
  • Commit: 3900a6d
  • Changed files: 3
  • Tool calls: none

@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 3900a6d to eb4f69a Compare July 11, 2026 21:07
@jina-simulation

jina-simulation Bot commented Jul 11, 2026

Copy link
Copy Markdown

Jina Review

Jina has completed this review.

Review: https://app.usejina.com/reviews/38a24062-9f25-4160-8546-b1c1185d7591

Item Status
Review Completed
Findings No issues found

@jina-simulation jina-simulation Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime Review - Merge Readiness 5/5

0 issues found - Ready to merge

Ready to merge.

No accepted runtime issues remain.

Immutable installation, the production Docusaurus build, CSS compilation, GraphQL schema loading, and generation succeeded, while all other candidates were shown to be pre-existing, unreachable, duplicated, or non-blocking.

Final review: No publishable runtime issues were established.

Installation, production build, CSS compilation, and GraphQL generation succeeded; remaining findings are pre-existing, unreachable, duplicated, or non-blocking.

Review Comments

  • Visual regression failures are non-blocking

    The visual regression workflow runs Playwright with continue-on-error, so styling regressions would not fail the check.

    This is a pre-existing enforcement gap and does not block this dependency-refresh PR.

    Evidence:

    • .github/workflows/playwright-visual-regression.yml:67 sets continue-on-error: true.
    • The CSS investigation found successful compilation and no demonstrated dependency-refresh visual regression.

    Related files: .github/workflows/playwright-visual-regression.yml

Issues

No medium/high-confidence runtime issues were found.

Summary

  • Status: warned
  • Areas investigated: 7
  • Tasks/probes performed: 0
  • Issues reported: 0
  • Publishable issues: 0
  • Inline comments: 0
  • File-level comments: 0
  • Review comments: 1
  • Unanchored publishable findings posted as file-level comments: 0
  • Blocked validations: 0
  • Dashboard: full runtime review
  • Commit: eb4f69a
  • Changed files: 3
  • Tool calls: none

@renovate renovate Bot force-pushed the renovate/non-major-deps branch from eb4f69a to 527c341 Compare July 12, 2026 04:32
@jina-simulation

jina-simulation Bot commented Jul 12, 2026

Copy link
Copy Markdown

Jina Review

Jina has completed this review.

Review: https://app.usejina.com/reviews/17e32e09-3efd-45bb-95ff-48a1b7d50f3e

Item Status
Review Completed
Findings No issues found

@jina-simulation jina-simulation Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime Review - Merge Readiness 5/5

0 issues found - Ready to merge

Ready to merge.

There are no accepted issues; the GraphQL schema loaded successfully and generation produced all 98 expected pages.

Existing validation gaps are pre-existing and already covered by prior review context.

Final review: No publishable runtime issues were identified.

The validated GraphQL loader and API generation remain compatible, and no candidate issues were submitted for the other areas.

Issues

No medium/high-confidence runtime issues were found.

Summary

  • Status: warned
  • Areas investigated: 6
  • Tasks/probes performed: 3
  • Issues reported: 0
  • Publishable issues: 0
  • Inline comments: 0
  • File-level comments: 0
  • Review comments: 0
  • Unanchored publishable findings posted as file-level comments: 0
  • Blocked validations: 0
  • Dashboard: full runtime review
  • Commit: 527c341
  • Changed files: 3
  • Tool calls: none

@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 527c341 to dad7166 Compare July 12, 2026 19:37
@jina-simulation

jina-simulation Bot commented Jul 12, 2026

Copy link
Copy Markdown

Jina Review

Jina has completed this review.

Review: https://app.usejina.com/reviews/10faee9e-dc50-444c-91af-be45f2817cc5

Item Status
Review Completed
Findings No issues found

@jina-simulation jina-simulation Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime Review - Merge Readiness 5/5

0 issues found - Ready to merge

Ready to merge.

No candidate issues were submitted or substantiated, and prior runtime validation established successful installation, Docusaurus build, GraphQL schema loading, API-reference generation, and CSS compilation.

The remaining visual-test enforcement gap is pre-existing, non-blocking, and already covered by PR thread history.

Final review: No publishable runtime issues were identified.

The dependency refresh remains ready to merge; the only retained finding is a pre-existing visual-regression enforcement gap.

Issues

No medium/high-confidence runtime issues were found.

Summary

  • Status: warned
  • Areas investigated: 7
  • Tasks/probes performed: 3
  • Issues reported: 0
  • Publishable issues: 0
  • Inline comments: 0
  • File-level comments: 0
  • Review comments: 0
  • Unanchored publishable findings posted as file-level comments: 0
  • Blocked validations: 1
  • Dashboard: full runtime review
  • Commit: dad7166
  • Changed files: 3
  • Tool calls: none

@renovate renovate Bot force-pushed the renovate/non-major-deps branch from dad7166 to a1a0a56 Compare July 13, 2026 16:01
@jina-simulation

jina-simulation Bot commented Jul 13, 2026

Copy link
Copy Markdown

Jina Review

Jina has completed this review.

Review: https://app.usejina.com/reviews/00d16af2-a6ba-4657-b859-b2cb691d222b

Item Status
Review Completed
Findings No issues found

@jina-simulation jina-simulation Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime Review - Merge Readiness 5/5

0 issues found - Ready to merge

Ready to merge.

No candidate issues were submitted or substantiated, and direct validation confirmed a reproducible Yarn install and successful production build.

Existing build warnings are unrelated documentation/link warnings and do not establish a regression from this PR.

Final review: No publishable runtime issues were identified.

Immutable installation and the production Docusaurus build succeeded; observed warnings are pre-existing and unrelated to this dependency refresh.

Issues

No medium/high-confidence runtime issues were found.

Summary

  • Status: warned
  • Areas investigated: 6
  • Tasks/probes performed: 0
  • Issues reported: 0
  • Publishable issues: 0
  • Inline comments: 0
  • File-level comments: 0
  • Review comments: 0
  • Unanchored publishable findings posted as file-level comments: 0
  • Blocked validations: 0
  • Dashboard: full runtime review
  • Commit: a1a0a56
  • Changed files: 3
  • Tool calls: none

@renovate renovate Bot force-pushed the renovate/non-major-deps branch from a1a0a56 to 6807680 Compare July 13, 2026 17:19
@jina-simulation

jina-simulation Bot commented Jul 13, 2026

Copy link
Copy Markdown

Jina Review

Jina has completed this review.

Review: https://app.usejina.com/reviews/605114af-1870-4202-92df-db098c8ba423

Item Status
Review Completed
Findings No issues found

@jina-simulation jina-simulation Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Runtime Review - Merge Readiness 5/5

0 issues found - Ready to merge

Ready to merge.

No accepted issues remain; prior runtime validation found no dependency-refresh regression.

Final review: No publishable runtime issues were identified.

The investigation produced no candidate issues, and prior validation found successful installation, production build, GraphQL loading/generation, and CSS compilation.

Issues

No medium/high-confidence runtime issues were found.

Summary

  • Status: warned
  • Areas investigated: 8
  • Tasks/probes performed: 0
  • Issues reported: 0
  • Publishable issues: 0
  • Inline comments: 0
  • File-level comments: 0
  • Review comments: 0
  • Unanchored publishable findings posted as file-level comments: 0
  • Blocked validations: 0
  • Dashboard: full runtime review
  • Commit: 6807680
  • Changed files: 3
  • Tool calls: none

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants