chore(deps): update all non-major dependencies#150
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
ca1aa21 to
2ef8077
Compare
c51113b to
8e88122
Compare
Copilot stopped work on behalf of
TechWatching due to an error
July 9, 2026 08:19
5472cfc to
15d3530
Compare
15d3530 to
8870b76
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.2.114→^1.2.116^1.2.87→^1.2.89^1.2.59→^1.2.651.2.66^3.14.0→^3.15.01.2.1→1.3.0^4.2.0→^4.3.1^10.5.0→^10.6.0v0.80.9→v0.82.6v0.82.7^1.393.0→^1.398.71.399.1(+1)^4.3.1→^4.3.2^3.3.5→^3.3.7Release Notes
nuxt/content (@nuxt/content)
v3.15.0Compare Source
Features
bunsqlite connector for Bun runtime deployments (#3741) (92ac2ab)Bug Fixes
nuxt/scripts (@nuxt/scripts)
v1.3.0Compare Source
🚀 Features
🐞 Bug Fixes
View changes on GitHub
shikijs/shiki (@shikijs/engine-javascript)
v4.3.1Compare Source
🚀 Features
typefield forThemedToken- by @ije in #1293 (585b5)View changes on GitHub
v4.3.0Compare Source
🚀 Features
View changes on GitHub
eslint/eslint (eslint)
v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)github/gh-aw-actions (github/gh-aw-actions)
v0.82.6Compare Source
Sync of actions from gh-aw at
v0.82.6.v0.82.5Compare Source
Sync of actions from gh-aw at
v0.82.5.v0.82.4Compare Source
Sync of actions from gh-aw at
v0.82.4.v0.82.3Compare Source
Sync of actions from gh-aw at
v0.82.3.v0.82.2Compare Source
Sync of actions from gh-aw at
v0.82.2.v0.82.1Compare Source
Sync of actions from gh-aw at
v0.82.1.v0.82.0Compare Source
Sync of actions from gh-aw at
v0.82.0.v0.81.6Compare Source
Sync of actions from gh-aw at
v0.81.6.v0.81.5Compare Source
Sync of actions from gh-aw at
v0.81.5.v0.81.4Compare Source
Sync of actions from gh-aw at
v0.81.4.v0.81.3Compare Source
Sync of actions from gh-aw at
v0.81.3.v0.81.2Compare Source
Sync of actions from gh-aw at
v0.81.2.v0.81.1Compare Source
Sync of actions from gh-aw at
v0.81.1.v0.81.0Compare Source
Sync of actions from gh-aw at
v0.81.0.PostHog/posthog-js (posthog-js)
v1.398.7Compare Source
1.398.7
Patch Changes
#4113
45f17eeThanks @TueHaulund! - fix session replay leaking a shadow-root observer when a same-origin iframe is removedFollow-up to the shadow-observer iframe-teardown fix:
takeFullSnapshot'sonSerializeregisters every shadow root with the top-level document, so a root nested in a same-origin iframe was keyed to the wrong document and its observer/buffer were not disconnected when that iframe was removed (they lingered until the next full snapshot).addShadowRootnow derives the owning document from the host element, so per-document teardown matches iframe-nested roots too. (2026-07-08)v1.398.6Compare Source
1.398.6
Patch Changes
c75c0baThanks @hpouillot! - fix: avoid throwing when rrweb recorder cleanup cannot remove a listener(2026-07-08)
v1.398.5Compare Source
1.398.5
Patch Changes
be8242aThanks @rafaeelaudibert! - Publish the code-split ESM toolbar bundle when the build emits one. The release tooling now recursively includesdist/toolbar/(with explicit JS content types for the strict-MIME ESM chunks) across the immutable, major-alias, and compatibility upload prefixes, and the workflow accepts the canonicaltoolbar.js/toolbar.csslayout. This is a no-op against today's single-file build.(2026-07-08)
v1.398.4Compare Source
v1.398.3Compare Source
1.398.3
Patch Changes
#4112
38bb185Thanks @TueHaulund! - fix session replay silently dropping shadow DOM mutations after an iframe teardownThe single shared ShadowDomManager observes every shadow root on the page, but MutationBuffer.reset() disconnected it. That reset fires whenever any one buffer is torn down, so an iframe being removed or navigating away disconnected every shadow-root observer page-wide. Shadow DOM content (for example a widget mounted in an open shadow root) then stopped recording until the next periodic full snapshot re-registered it. Buffer teardown now releases only its own resources; global shadow observation is reset by takeFullSnapshot and on recording stop. (2026-07-08)
v1.398.2Compare Source
1.398.2
Patch Changes
#4063
24aadd5Thanks @posthog! - Fix aRangeError: Maximum call stack size exceededthat could originate from the sharedpatch()fetch/XHR wrapper. posthog-js wrapswindow.fetchin two independent places (tracing headers and session-recording network capture), so their restores routinely ran out of order. Previously an out-of-order restore silently no-op'd, leaving the wrapper in the call path; repeated start/stop cycles grew the wrapper chain without bound until a realfetchwalked a chain deep enough to overflow the stack. Wrappers now delegate through a mutable link so any layer can be torn down even when newer wrappers sit on top of it, keeping the chain bounded. Header-injection and network-capture behavior is unchanged.(2026-07-07)
#4100
e250a24Thanks @marandaneto! - Stop adding the gzip compression query parameter to browser SDK requests.(2026-07-07)
#4083
f07e241Thanks @posthog! - fix(replay): harden session-replay network capture so instrumentation that throws (e.g.new Request()rejecting a URL/method) degrades gracefully and never breaks or misattributes the host application's ownxhr.open()/fetch()calls(2026-07-07)
v1.398.1Compare Source
1.398.1
Patch Changes
5013ab6Thanks @marandaneto! - Stop sending the deprecatedverquery parameter to capture and session recording endpoints.(2026-07-07)
v1.398.0Compare Source
v1.397.0Compare Source
1.397.0
Minor Changes
cc340dbThanks @bs1180! - feat(web): add aposthog-js/customizationssubpath entry point exposing the optional customizations (setAllPersonProfilePropertiesAsPersonPropertiesForFlags, thebefore-sendsampling helpers, and the redux/kea loggers) as a proper ES module with bundled types, replacing the internalposthog-js/lib/src/customizationsdeep import. Also fixes the TypeScript definitions sosetAllPersonProfilePropertiesAsPersonPropertiesForFlagsaccepts the instance passed to theloadedcallback (the documented usage), and theloadedcallback's instance type now includesconfig.(2026-07-06)
v1.396.9Compare Source
v1.396.8Compare Source
1.396.8
Patch Changes
2af0026Thanks @posthog! - fix(web): prevent an infinite-recursion stack overflow in the logs console capture. The console wrapper's own capture path can emit internal debug lines through PostHog's logger, which wrote back to the wrapped console and re-entered capture until the stack blew (RangeError: Maximum call stack size exceeded). The wrapper now exposes the original console method via__rrweb_original__(so the internal logger bypasses it) and guards against re-entrancy from any code that logs mid-capture.(2026-07-06)
v1.396.7Compare Source
v1.396.6Compare Source
1.396.6
Patch Changes
#4053
45d1b36Thanks @posthog! - feat(web): add a gracefulshutdown()to the browser client for parity with posthog-node, so isomorphic teardown code (e.g. the Nuxt module) that callsposthog.shutdown()on the client no longer throwsTypeError: shutdown is not a function. It best-effort flushes the queued events and always resolves.(2026-07-03)
#4054
f0657ebThanks @posthog! - fix(web): detect our own feature-flag request timeouts via atimedOutflag instead of the abort reason, so they are logged atwarn(noterror) on browsers that don't propagatecontroller.abort(reason)— keeping benign timeouts out of error tracking's console-error capture(2026-07-03)
#4031
94a0530Thanks @posthog! - Improve survey display reliability:$surveysdefinitions after a short TTL (stale-while-revalidate) so server-side changes such as switching a survey from popover to API propagate to long-lived tabs without a page reload.posthog.surveys.markSurveyAsSeen(surveyId, { iteration })so custom integrators that render surveys through their own backend can honour the "already seen" and wait-period checks.Modalnotifies its parent on close even when iOSModal.onDismissfails to fire, so the transparent full-screen modal can no longer stay mounted intercepting touches and freezing the app. (2026-07-03)Updated dependencies [
45d1b36]:v1.396.5Compare Source
1.396.5
Patch Changes
d7cf13bThanks @turnipdabeets! - Prevent uncaughtgetComputedStylecrashes in heatmaps and autocapture when the event target is a cross-realm element (e.g. from an iframe or synthetic event)(2026-07-02)
5e7e132]:v1.396.4Compare Source
1.396.4
Patch Changes
#4035
18e543bThanks @posthog! - fix(web): isolateonFeatureFlagscallbacks so a throwing user handler no longer breaks the remaining callback chain or gets misattributed as an SDK error(2026-07-01)
#4039
15bcb42Thanks @github-actions! - fix(replay): measure$snapshot_bytesas UTF-8 byte length instead of UTF-16 string length, so non-ASCII session replay payloads are counted accurately against the message size limit(2026-07-01)
v1.396.3Compare Source
1.396.3
Patch Changes
e0ad8efThanks @posthog! - FixTypeError: ....at is not a functionthrown by the bundledweb-vitalsdependency on browsers that predateArray.prototype.at()(Chrome <92, iOS Safari <15.4). The web-vitals entrypoints now install a tinyArray.prototype.atpolyfill before web-vitals runs, so web vitals capture works again on older browsers instead of crashing with an unhandled error.(2026-06-30)
v1.396.2Compare Source
1.396.2
Patch Changes
b6261e7Thanks @marandaneto! - Include a Promise polyfill in the IE11 bundle and avoid Promise-dependent async compression paths when Promise support is unavailable.(2026-06-29)
v1.396.1Compare Source
1.396.1
Patch Changes
cdeae17Thanks @marandaneto! - Fall back to uncompressed browser requests when gzip encoding fails.(2026-06-29)
v1.396.0Compare Source
1.396.0
Minor Changes
74cc6bbThanks @TueHaulund! - Add aget_current_urlconfig option that overrides the URL used for client-side URL targeting — session replay URL triggers, the session replay URL blocklist, survey URL display conditions, product tour URL conditions, web experiment URL conditions, and autocapture URL allow/ignore lists. These match againstwindow.location.hrefdirectly, which does not reflect a$current_urlrewritten inbefore_send. Apps where the browser URL is not meaningful for targeting (e.g. Electron/desktop builds served from a generated host) can now return the logical URL to match against. Defaults towindow.location.hrefwhen not set.(2026-06-29)
Patch Changes
74cc6bb]:v1.395.0Compare Source
1.395.0
Minor Changes
6200888Thanks @turnipdabeets! - AddgetAllFeatureFlags(), which returns all currently loaded feature flags as structuredFeatureFlagResults (key,enabled,variant,payload). It is a synchronous read of the cached flags and does not send a$feature_flag_calledevent.(2026-06-26)
Patch Changes
6200888]:v1.394.0Compare Source
1.394.0
Minor Changes
919abcaThanks @ioannisj! - Capture the$device_modelsuper-property on Android Chromium vianavigator.userAgentData.getHighEntropyValues(['model']). Resolved once during init and sent on subsequent events; opt out withdisableDeviceModel: true.(2026-06-26)
v1.393.6Compare Source
1.393.6
Patch Changes
6ef9179Thanks @marandaneto! - Handle request serialization errors without throwing or blocking queued requests.(2026-06-26)
v1.393.5Compare Source
1.393.5
Patch Changes
619d318Thanks @marandaneto! - Improve console log capture performance for truncated large objects.(2026-06-25)
v1.393.4Compare Source
1.393.4
Patch Changes
c9c8925Thanks @hpouillot! - Fix browser console log capture when session activity timestamps are missing and refresh session attributes for each log.(2026-06-24)
c9c8925]:v1.393.3Compare Source
1.393.3
Patch Changes
f94deafThanks @ioannisj! - fix(surveys): guard handlePageUnload against version-skewed surveys instance missing the method(2026-06-24)
v1.393.2Compare Source
1.393.2
Patch Changes
1c9a811Thanks @ioannisj! - Stop logging a misleading "upgrade your PostHog server" warning for valid v2 flags responses that have no flags.(2026-06-24)
v1.393.1Compare Source
1.393.1
Patch Changes
99bad9cThanks @pauldambra! - Session replay network capture: add an opt-in streaming reader for request/response bodies that stops at the payload size limit instead of buffering the whole body and then discarding it — bounding memory and pre-request latency when a body is very large. It reads only a clone of the body, so it never consumes the stream the page itself reads, and always resolves (never rejects) into the page'sfetch. Off by default; enabled fordefaults: '2026-06-25'and settable directly viasession_recording.streamNetworkBody.(2026-06-24)
99bad9c]:tailwindlabs/tailwindcss (tailwindcss)
v4.3.2Compare Source
Fixed
auto-rows-*andauto-cols-*utilities (e.g.auto-rows-12andauto-cols-16) (#20229)@tailwindcss/cliin--watchmode from crashing on Windows when@sourcepoints to a directory that doesn't exist (#20242)@tailwindcss/vitefrom crashing in Deno v2.8.x whencontext.parentURLis not a valid URL (#20245)@tailwindcss/cliin--watchmode rebuilds when the input CSS file changes in an ignored directory (#20246)@variantrules used inaddBase(…)to use custom variants defined later (#20247)@tailwindcss/vitefrom crashing during HMR when scanned files or directories are deleted (#20259)font-sizeinstead ofcolordeclarations fortext-[--spacing(…)](#20260)@sourcepatterns from scanning unrelated sibling files and folders (#20263)%]…[%in.tt,.tt2, and.txfiles (#20269)p.text-black[condition](#20269)@position-tryrules from triggering unknown at-rule warnings when optimizing CSS (#20277)--opacitytheme values (#20287)@tailwindcss/postcsswhen used with newer PostCSS patch releases (#20289)vuejs/language-tools (vue-tsc)
v3.3.7Compare Source
language-core
return(#6115) - Thanks to @KazariEX!typescript-plugin
v3.3.6Compare Source
language-core
.d.tsboundary (#6104) - Thanks to @Holiden!WeakMapto cache inline TS ASTs - Thanks to @KazariEX!v-bindparsing behavior - Thanks to @KazariEX!allCodeFeatures- Thanks to @KazariEX!Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.