Skip to content

chore(deps): update all non-major dependencies#61

Merged
benjamincanac merged 1 commit into
mainfrom
renovate/all-minor-patch
Jun 10, 2026
Merged

chore(deps): update all non-major dependencies#61
benjamincanac merged 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@ai-sdk/gateway (source) ^3.0.121^3.0.126 age confidence
@ai-sdk/vue (source) ^3.0.193^3.0.198 age confidence
@comark/nuxt (source) ^0.3.1^0.4.0 age confidence
@electric-sql/pglite (source) ^0.4.6^0.5.1 age confidence
@iconify-json/simple-icons ^1.2.84^1.2.86 age confidence
@nuxt/ui (source) ^4.8.1^4.8.2 age confidence
@shikijs/langs (source) ^4.1.0^4.2.0 age confidence
@tiptap/core (source) ^3.24.0^3.26.0 age confidence
@tiptap/extension-details (source) ^3.24.0^3.26.0 age confidence
@tiptap/extension-emoji (source) ^3.24.0^3.26.0 age confidence
@tiptap/extension-list (source) ^3.24.0^3.26.0 age confidence
@tiptap/extension-mention (source) ^3.24.0^3.26.0 age confidence
@tiptap/extension-table (source) ^3.24.0^3.26.0 age confidence
@tiptap/pm (source) ^3.24.0^3.26.0 age confidence
@tiptap/vue-3 (source) ^3.24.0^3.26.0 age confidence
@types/node (source) ^25.9.1^25.9.2 age confidence
ai (source) ^6.0.193^6.0.198 age confidence
pnpm (source) 11.5.011.5.2 age confidence
shiki (source) ^4.1.0^4.2.0 age confidence
vue-tsc (source) ^3.3.3^3.3.4 age confidence
workflow (source) 4.2.54.3.1 age confidence

Release Notes

vercel/ai (@​ai-sdk/gateway)

v3.0.126

Compare Source

Patch Changes
  • ff16d3b: feat(gateway): add GatewayFailedDependencyError (424)

v3.0.125

Compare Source

Patch Changes
  • fef3b24: Backport: chore(provider/gateway): update gateway model settings files

v3.0.124

Compare Source

Patch Changes
  • 286b7a2: Backport: chore(provider/gateway): update gateway model settings files

v3.0.123

Compare Source

Patch Changes
  • 537a022: Backport: chore(provider/gateway): update gateway model settings files

v3.0.122

Compare Source

Patch Changes
  • 9766034: Backport: chore(provider/gateway): update gateway model settings files
comarkdown/comark (@​comark/nuxt)

v0.4.0: @​comark/nuxt v0.4.0

Compare Source

0.4.0 (2026-06-04)

electric-sql/pglite (@​electric-sql/pglite)

v0.5.1

Compare Source

Patch Changes
  • 930e2d0: fix PGlite version; redeploy external extensions

v0.5.0

Minor Changes
  • 93d50aa: Upgrade to Postgres 18.3; move other extensions to their own npm packages;
nuxt/ui (@​nuxt/ui)

v4.8.2

Compare Source

Bug Fixes
  • Form: support setting the name attribute (#​6539) (f8186e2)
  • InputMenu/SelectMenu: re-highlight first item when items change (#​6538) (0414dd0)
  • InputNumber/InputDate/InputTime/Calendar: restore locale prop (#​6546) (ed2f955)
  • module: merge custom variants into AppConfig type (#​6531) (f0571c3)
shikijs/shiki (@​shikijs/langs)

v4.2.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
ueberdosis/tiptap (@​tiptap/core)

v3.26.0

Patch Changes

v3.25.0

Compare Source

Patch Changes

  • ec291dd: Fix: dragging an inline/resizable image within the editor no longer creates a duplicate

    When the Image extension was configured with inline: true or resize enabled, dragging an image within the editor could insert a duplicate at the drop position instead of moving it. This happened because the browser's native image drag behavior could populate dataTransfer.files, causing the FileHandler extension to intercept the drop before ProseMirror's internal move logic could run.

  • 454e9b8: Add clearable mark option (default true). unsetAllMarks now skips marks with clearable: false, so semantic marks like comments are not removed by "clear formatting".

  • 9cf8db0: Add attrsEqual and marksEqual utility functions to @tiptap/core. attrsEqual compares two attribute objects for equality regardless of key ordering. marksEqual compares two arrays of mark objects by type and attributes using attrsEqual.

  • 3d4f94c: Fix plain-text copy of table cell selections including content from unselected cells in between. Each selected range is now serialized independently and joined in document order, so dragging upward (reverse selection) also produces output in document order.

  • Updated dependencies [c1a2ce8]

ueberdosis/tiptap (@​tiptap/extension-details)

v3.26.0

Patch Changes

v3.25.0

Compare Source

Patch Changes
ueberdosis/tiptap (@​tiptap/extension-emoji)

v3.26.0

Patch Changes

v3.25.0

Compare Source

Patch Changes
ueberdosis/tiptap (@​tiptap/extension-list)

v3.26.0

Patch Changes

v3.25.0

Compare Source

Minor Changes
  • 45237e7: ListKeymap's Backspace handler now lifts the current list item before merging. At the start of a non-first list item, the item is lifted out of its wrapping list (splitting the list around it) instead of immediately joining its content into the previous item. A second Backspace then hits the existing "paragraph after a list" branch and merges the lifted textblock's content into the previous list's last item. Mirrors the two-step behavior introduced for blockquote in #​7891.
Patch Changes
  • 8dc5694: Fix delete at the end of a list item with a branching nested sublist. Nested items are hoisted to the parent list instead of being node-selected and deleted on the next keypress.
  • Updated dependencies [ec291dd]
  • Updated dependencies [454e9b8]
  • Updated dependencies [9cf8db0]
  • Updated dependencies [c1a2ce8]
  • Updated dependencies [3d4f94c]
ueberdosis/tiptap (@​tiptap/extension-mention)

v3.26.0

Patch Changes

v3.25.0

Compare Source

Patch Changes
ueberdosis/tiptap (@​tiptap/extension-table)

v3.26.0

Patch Changes

v3.25.0

Compare Source

Patch Changes
  • 86e29ec: Fix HTMLAttributes not being applied to the <table> element when resizable is disabled (the default). The TableView node view (introduced in 3.23) bypassed renderHTML and never applied user-configured attributes like class or data-* to the rendered table element.
  • Updated dependencies [ec291dd]
  • Updated dependencies [454e9b8]
  • Updated dependencies [9cf8db0]
  • Updated dependencies [c1a2ce8]
  • Updated dependencies [3d4f94c]
ueberdosis/tiptap (@​tiptap/pm)

v3.26.0

v3.25.0

Compare Source

Patch Changes
  • c1a2ce8: Bump prosemirror-tables to ^1.8.0 so findTable is available from @tiptap/pm, and align the related ProseMirror dependencies with the versions required by prosemirror-tables.
ueberdosis/tiptap (@​tiptap/vue-3)

v3.26.0

Patch Changes

v3.25.0

Compare Source

Patch Changes
  • 26e6f0f: Fix VueNodeViewRenderer thrashing the DOM when contentDOM is null for non-leaf nodes. The renderer now always creates a contentDOM element for non-leaf nodes (matching React's behavior), so ProseMirror has a valid element to render children into even when the NodeView component does not include NodeViewContent or renders it conditionally.
  • Updated dependencies [ec291dd]
  • Updated dependencies [454e9b8]
  • Updated dependencies [9cf8db0]
  • Updated dependencies [c1a2ce8]
  • Updated dependencies [3d4f94c]
pnpm/pnpm (pnpm)

v11.5.2

Compare Source

Patch Changes

  • Peer dependency resolution now reuses the peer contexts already recorded in the lockfile when those providers are still present in the dependency graph and still satisfy the peer ranges. This avoids unnecessary peer-context rewrites during lockfile regeneration. Current manifest choices remain authoritative: a newly added, explicitly updated, or aliased direct provider, a changed nested provider, or a locked version that no longer satisfies the range still takes precedence.

  • The lockfile verifier now checks that a registry entry pinning an explicit tarball URL points at the artifact the registry's own metadata lists for that name@version. Previously a tampered lockfile could pair a trusted name@version with an attacker-chosen tarball URL (and a matching integrity for those bytes), so the install fetched the attacker's bytes. A mismatch — or any entry that can't be confirmed against the registry — is rejected with ERR_PNPM_TARBALL_URL_MISMATCH. Non-registry resolutions (file:, git-hosted, etc.) and registry entries without an explicit tarball URL (the URL is reconstructed from name+version+registry, so it is inherently bound) are unaffected; non-standard registry tarball URLs (npm Enterprise, GitHub Packages) still pass because they match the metadata.

  • Fix pnpm update --recursive --lockfile-only <pkg>@&#8203;<version> crashing with Invalid Version when the catalog entry for <pkg> is a version range (e.g. ^21.2.10) and catalogMode is strict or prefer. The catalog–version comparison now skips the equality check when either side is a range rather than passing a range to semver.eq(), so range specifiers fall through to the existing mismatch handling instead of throwing #​11570.

  • Avoided a Node.js crash when pnpm exits after network requests on Windows.

  • Fixed packages being materialized into the virtual store without their root-level files (package.json, LICENSE, README, root entrypoints) when multiple pnpm install processes ran against the same store/workspace concurrently. The fast import path used to destructively empty the shared target directory, so a concurrent importer could wipe files another importer had already written; if the surviving files included the package.json completion marker, every later install treated the broken directory as complete and never repaired it. The fast path now imports directly only when it can create the target directory exclusively, and otherwise builds the package in a private temp directory and atomically renames it into place #​12197.

  • Fix dependency build scripts not running under the global virtual store (enableGlobalVirtualStore).

    In a workspace install, dependency build scripts are deferred to a single rebuild pass (buildProjects). That pass resolved each package's location from the classic node_modules/.pnpm/<depPathToFilename> layout, which does not exist under the global virtual store — so native dependencies (e.g. packages using node-gyp / prebuild-install) were never built and failed to load at runtime (Cannot find module .../build/Release/*.node).

    buildProjects now resolves the global-virtual-store projection directory (<storeDir>/links/<hash>, computed with the same graph hash the installer uses) when enableGlobalVirtualStore is set, and serializes concurrent builds of the same shared projection so parallel workspace projects don't race on the same directory.

  • Don't promote a runtime: dependency (such as the Node.js version from devEngines.runtime or pnpm runtime set) into a catalog when catalogMode is strict or prefer. A runtime: dependency round-trips to devEngines.runtime, which only recognizes the runtime: protocol; cataloging it rewrote the manifest entry to catalog:, which broke that round-trip, stranded it in devDependencies, and left devEngines.runtime untouched.

  • Skip lockfile minimumReleaseAge/trustPolicy verification for non-registry tarball protocols (for example file:), so local tarball dependencies are not incorrectly checked against npm registry metadata.

v11.5.1

Compare Source

Patch Changes
  • Improve pnpm audit performance by pruning non-vulnerable lockfile subtrees and stopping path enumeration once vulnerable findings reach the path cap.
  • Avoid crashing when the workspace state cache is partially written or malformed.
  • Set npm_config_user_agent for root lifecycle scripts during headless installs.
  • Preserve the integrity field of a remote (non-registry) tarball dependency when its lockfile entry is rebuilt. Re-resolving such a dependency without re-fetching it (for example via pnpm update, or when another dependency changes) produced a resolution with no integrity — URL/tarball resolvers only learn the integrity after the tarball is downloaded — so the previously recorded integrity was dropped, making later installs fail with ERR_PNPM_MISSING_TARBALL_INTEGRITY #​12067.
  • Normalize a string repository field into the { type, url } object form when creating the publish manifest, matching npm's behavior. Some registries (e.g. Gitea/Codeberg) reject a string repository with a 500 Internal Server Error during pnpm publish #​12099.
  • Preserve compatible optional peer versions already present in the lockfile when resolving dependencies.
  • Fixed inconsistent resolution of a peer dependency that is shared through a diamond. When a package peer-depends on both another package and one of that package's own peer dependencies (for example @typescript-eslint/eslint-plugin peer-depends on both @typescript-eslint/parser and typescript, and @typescript-eslint/parser peer-depends on typescript), pnpm no longer reuses a hoisted instance of the shared peer that was resolved against a different version #​12079.
vuejs/language-tools (vue-tsc)

v3.3.4

Compare Source

language-core
  • fix: only exclude already-set props from inherited attrs when checkRequiredFallthroughAttributes is enabled (#​6088) - Thanks to @​KazariEX!
  • fix: camelize slot props regardless of htmlAttributes option (#​6089) - Thanks to @​KazariEX!
  • fix: detect duplicate event listeners across name formats (#​6094) - Thanks to @​whysopaul!
language-service
typescript-plugin
vercel/workflow (workflow)

v4.3.1

Compare Source

@​workflow/world-vercel@​4.3.2

  • #​2204 5655fcb @​VaguelySerious - Retry transient response-body read/decode failures (truncated or terminated streams, gateway non-CBOR bodies) on idempotent requests inside the HTTP client, so a sporadic events.list parse failure no longer surfaces as a fatal error.

v4.3.0

Compare Source

@​workflow/core@​4.3.0

  • #​2059 9092640 @​TooTallNate - A WritableStream from a workflow's getWritable() can now be passed as an argument to a child workflow via start(); the child's writes land on the parent run's stream directly for the full lifetime of the child run.
  • #​2191 5a0ce9a @​pranaygp - Fix forwarded writable stream encryption when child workflows execute on a newer deployment than their parent.
  • #​2206 1e32d05 @​pranaygp - Prevent replayed workflows from advancing their deterministic clock when a future event is inspected before its matching operation is invoked.
  • #​2208 5fd7d9c @​pranaygp - Retry transient workflow replay divergence before classifying repeated divergence as a corrupted event log.

@​workflow/world@​4.1.4

  • #​2191 5a0ce9a @​pranaygp - Fix forwarded writable stream encryption when child workflows execute on a newer deployment than their parent.
  • #​2208 5fd7d9c @​pranaygp - Retry transient workflow replay divergence before classifying repeated divergence as a corrupted event log.

@​workflow/errors@​4.1.3

  • #​2208 5fd7d9c @​pranaygp - Retry transient workflow replay divergence before classifying repeated divergence as a corrupted event log.

v4.2.6

Compare Source

@​workflow/core@​4.2.6

  • #​2179 e256858 @​pranaygp - Harden runtime event pagination against rejected, repeated, or overlapping cursor responses.
  • #​2171 38c67a7 @​TooTallNate - Fix CorruptedEventLogError on replay when a workflow races a hook read against a sleep() (e.g. Promise.race([hook, sleep])). Branch-deciding deliveries (buffered hook payloads and wait completions) are now handed to the workflow in strict event-log order — anchored on event position rather than on microtask-resolution timing — so the committed branch wins the race deterministically, independent of decryption/hydration time or Promise.race argument order.
  • #​2156 ebfeede @​VaguelySerious - Harden workflow error stack remapping for large inline sourcemaps.
  • #​2142 3113738 @​pranaygp - Prevent failed stream writes from surfacing as unhandled rejections and include request correlation details in stream errors.

@​workflow/world@​4.1.3

  • #​1979 8ab6c4f @​adamiBs - Make run.input and step.input .optional() on the World snapshot schemas so consumers no longer fail validation when the service externalizes payloads as RemoteRef blobs.

@​workflow/world-local@​4.1.3

  • #​2139 2aecfdb @​pranaygp - Reduce local stream metadata and pagination I/O by reading only EOF marker bytes and scanning chunk files once.

@​workflow/world-vercel@​4.3.0

  • #​1978 17cf939 @​TooTallNate - Add @workflow/world-vercel/run-id sub-export with encode/decode helpers that produce ULID-shaped workflow run IDs carrying a tag bit, a 5-bit version, and a 6-bit Vercel region ID.
  • #​2142 3113738 @​pranaygp - Prevent failed stream writes from surfacing as unhandled rejections and include request correlation details in stream errors.

@​workflow/web@​4.1.7

@​workflow/web-shared@​4.1.7

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title chore(deps): update dependency workflow to v4.2.6 chore(deps): update all non-major dependencies to v4.2.6 Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from a147ad2 to 4600d87 Compare June 3, 2026 02:50
@renovate renovate Bot changed the title chore(deps): update all non-major dependencies to v4.2.6 chore(deps): update all non-major dependencies Jun 3, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 4600d87 to a737d7e Compare June 3, 2026 07:33
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from a737d7e to b1740e0 Compare June 3, 2026 10:56
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from b1740e0 to 62eff77 Compare June 3, 2026 13:49
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 62eff77 to d6895e9 Compare June 3, 2026 18:04
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from d6895e9 to bec5c88 Compare June 3, 2026 22:00
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from bec5c88 to fc5e938 Compare June 4, 2026 02:48
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from fc5e938 to 8d18c96 Compare June 4, 2026 09:29
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 8d18c96 to 562c8e5 Compare June 5, 2026 02:17
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 562c8e5 to 5fab7b0 Compare June 5, 2026 14:30
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 5fab7b0 to a597d89 Compare June 5, 2026 18:12
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from a597d89 to 28b90f5 Compare June 6, 2026 01:43
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 28b90f5 to ff660a1 Compare June 6, 2026 09:18
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from ff660a1 to d3bfad2 Compare June 6, 2026 12:44
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from d3bfad2 to 0e77c8e Compare June 7, 2026 01:35
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 0e77c8e to 80c99b9 Compare June 9, 2026 06:03
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 80c99b9 to 16d5374 Compare June 9, 2026 10:38
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 16d5374 to b547f4a Compare June 9, 2026 23:16
@benjamincanac benjamincanac merged commit 4a73048 into main Jun 10, 2026
4 checks passed
@benjamincanac benjamincanac deleted the renovate/all-minor-patch branch June 10, 2026 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benjamincanac