chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@nuxt/ui (source)	^4.7.1 → ^4.8.0			pnpm.catalog.default	minor
@types/google.maps (source)	^3.58.1 → ^3.64.1			peerDependencies	minor
@types/youtube (source)	^0.1.0 → ^0.2.0			peerDependencies	minor
@unhead/vue (source)	^2.0.3 → ^2.1.15			peerDependencies	minor
Hebilicious/reproduire	v0.0.9-mp → v0.0.9			action	patch
actions/checkout	v6.0.1 → v6.0.2			action	patch
actions/stale	v10.0.0 → v10.3.0			action	minor
pnpm (source)	11.1.3 → 11.2.2			packageManager	minor
posthog-js (source)	^1.374.2 → ^1.374.4			pnpm.catalog.default	patch	1.376.0 (+1)
posthog-js (source)	^1.0.0 → ^1.374.4			peerDependencies	minor	1.376.0 (+1)
vitest (source)	^4.1.6 → ^4.1.7			pnpm.catalog.default	patch

---

Release Notes

nuxt/ui (@​nuxt/ui)

v4.8.0

Compare Source

⚠ BREAKING CHANGES

• InputMenu: rename autocomplete prop to mode to free up HTML attribute (#​6474)

Features

• Avatar/AvatarGroup: add color prop (#​6405) (6f2396f)
• Breadcrumb: add color prop (#​6406) (955dac1)
• ChatMessage: add body slot and improve actions alignment (#​6460) (48685b6)
• ChatMessage: add color prop and header slot (#​6407) (c6ce8ca)
• ChatPrompt: add submitOnEnter prop to control Enter behavior (b597f90), closes #​6177
• Checkbox/RadioGroup/Switch: add highlight prop for error ring styling (a0deee4)
• CommandPalette: search and highlight description field (524c34d)
• ContentSearch/DashboardSearch: enable Fuse.js token search by default (ba08220)
• ContentSearch: add async search support via useSearchCollection (#​6432) (a1bef8b)
• DashboardGroup: add storageOptions prop (8f0101b), closes #​6170
• Error: add icon prop and leading slot (e6ea707), closes #​6119
• Separator: add position prop (#​6415) (844660a)
• Theme: override component prop defaults (#​6031) (71c008e)

Bug Fixes

• ChatMessage: add wrap-break-word to content slot (#​6476) (eb468e6)
• CommandPalette: only split tokens in highlight when useTokenSearch is enabled (898fbce)
• CommandPalette: preserve relative order of ignoreFilter groups (e4c1787)
• CommandPalette: re-highlight first item after debounced results render (efd7b8e)
• CommandPalette: update default fuse keys in docs and search components (0d9cc0d)
• components: apply theme.prefix to hardcoded utility classes (f51b1e8)
• components: constrain popper content to available viewport height (007b136), closes #​6449
• ContentSearch: preserve intermediate ancestors in breadcrumb prefix (#​6466) (f639b19)
• ContentToc: apply ui.trigger prop to trigger elements (252b906), closes #​6428
• defineShortcuts: use e.code for alt shortcuts to handle macOS key remapping (231f156), closes #​6444
• FileUpload: pass disabled attribute to button variant (2890c83), closes #​6420
• Form: improve errors type (#​6208) (c1090ab)
• InputMenu/Select/SelectMenu: respect trailing: false over default trailingIcon (#​6457) (65b47ce)
• InputMenu: rename autocomplete prop to mode to free up HTML attribute (#​6474) (2799fa6)
• module: don't require @nuxtjs/mdc when using content option (89f7778)
• module: pass computed ref directly to useHead innerHTML (00b7476)
• module: ship stripped [#build](https://redirect.github.com/nuxt/ui/issues/build)/ui.css fallback for tooling (083c2a9), closes #​5504
• ProseKbd: add default slot and make value optional (f317c7f)
• Textarea: autoresize on mount with pre-filled value (e96a0b6), closes #​5962
• useComponentProps: treat array-typed theme values as ClassValue leaves (cac3860)

unjs/unhead (@​unhead/vue)

v2.1.15

Compare Source

No significant changes

    View changes on GitHub

v2.1.13

Compare Source

   🐞 Bug Fixes

• schema-org: Normalize target to array before merging potentialAction  -  by @​harlan-zw and Claude Opus 4.6 (1M context) in #​709 (22ac9)

    View changes on GitHub

v2.1.12

Compare Source

   🐞 Bug Fixes

• Harden prototype pollution  -  by @​harlan-zw (a6ed9)
• Case insensitive attr dedupe  -  by @​harlan-zw (3146b)

    View changes on GitHub

v2.1.11

Compare Source

    ⚠️ Security

• Fixed XSS bypass in useHeadSafe via attribute name injection (GHSA-g5xx-pwrp-g3fv). Users handling untrusted input with useHeadSafe should upgrade immediately.

   🐞 Bug Fixes

• addons,schema-org: Permissive peer dependencies  -  by @​harlan-zw (4c5d1)

    View changes on GitHub

v2.1.10

Compare Source

   🐞 Bug Fixes

• solid-js: Correct peerDependency version  -  by @​tyeporter in #​671 (64e17)

    View changes on GitHub

v2.1.9

Compare Source

   🐞 Bug Fixes

• schema-org: Nuxt test utils compat bug  -  by @​harlan-zw (ef838)

    View changes on GitHub

v2.1.8

Compare Source

   🐞 Bug Fixes

• schema-org: Avoid crashing from 3+ duplicate nodes  -  by @​harlan-zw (4baf9)

    View changes on GitHub

v2.1.7

Compare Source

   🐞 Bug Fixes

• unhead:
  • deduplicate matching tags inside same render cycle  -  by @​harlan-zw in #​668 (5c0b2)

    View changes on GitHub

v2.1.6

Compare Source

   🐞 Bug Fixes

• react: Ssr regression  -  by @​harlan-zw (6adff)

    View changes on GitHub

v2.1.5

Compare Source

   🐞 Bug Fixes

• react: Dispose head entries on unmount in React 18 StrictMode  -  by @​harlan-zw in #​664 (50ffe)
• scripts: Prevent scope disposal from aborting unrelated trigger in useScript  -  by @​cernymatej in #​660 (e8f5b)
• unhead: Dedupe link rel without hreflang or type  -  by @​danielroe in #​658 (1487d)

    View changes on GitHub

v2.1.4

Compare Source

   🐞 Bug Fixes

• schema-org: Remove unimplemented SchemaOrgDebug  -  by @​onmax in #​649 (642dc)
• unhead: Dedupe <link rel="alternate"> by hreflang/type only, drop href from key  -  by @​harlan-zw in #​656 (86175)

    View changes on GitHub

v2.1.3

Compare Source

   🐞 Bug Fixes

• unhead:
  • Dedupe <link rel="alternate">  -  by @​danielroe and onmax in #​655 (fdabe)
• vue:
  • Support computed getter trigger  -  by @​harlan-zw in #​638 (fd63a)
  • Guard s._statusRef  -  by @​danielroe in #​642 (4ef03)

   🏎 Performance

• vue: Avoid duplicating error message in the bundle  -  by @​panstromek in #​652 (194e5)

    View changes on GitHub

v2.1.2

Compare Source

   🐞 Bug Fixes

• Broken cjs environment  -  by @​harlan-zw (ce989)

    View changes on GitHub

v2.1.1

Compare Source

No significant changes

    View changes on GitHub

v2.1.0

Compare Source

   🚀 Features

• schema-org: 12 new nodes  -  by @​harlan-zw in #​612 (1a9b8)

   🐞 Bug Fixes

• react:
  • Recursive function resolves broken  -  by @​harlan-zw (4e0c7)
• schema-org:
  • Correct month off-by-one  -  by @​harlan-zw in #​603 (a3e70)
  • Missing schema.org properties  -  by @​harlan-zw in #​614 (54e05)
• unhead:
  • Enforce boolean string meta contents  -  by @​kfreezen in #​594 (0b8e7)
  • Capo module scripts ordering  -  by @​Barbapapazes in #​600 (3c661)
  • Capo inline scripts ordering  -  by @​Barbapapazes in #​596 (7be75)
  • Normalize script type  -  by @​harlan-zw (e51b6)
  • Safer handling of input  -  by @​harlan-zw (b4b6c)

   🏎 Performance

• schema-org:
  • Remove ohash and defu dependencies  -  by @​harlan-zw in #​605 (0d508)
  • Rework graph resolution  -  by @​harlan-zw in #​616 (b79e4)

    View changes on GitHub

v2.0.19

Compare Source

   🐞 Bug Fixes

• vue: Tree shaking breaking some reactivity  -  by @​harlan-zw (7abb5)

    View changes on GitHub

v2.0.18

Compare Source

   🏎 Performance

• unhead: Avoid server side effects  -  by @​harlan-zw in #​585 (3fd09)

    View changes on GitHub

v2.0.17

Compare Source

No significant changes

    View changes on GitHub

v2.0.14

Compare Source

   🐞 Bug Fixes

• unhead: Multiword attributes in template  -  by @​NikSimonov in #​568 (f635b)

    View changes on GitHub

v2.0.13

Compare Source

   🐞 Bug Fixes

• unhead:
  • Canonical plugin modifying non-url properties  -  by @​paraboul (ee8fd)
  • Avoid normalizing template param input  -  by @​harlan-zw (1d205)
  • Safer removal of leading / trailing separators  -  by @​harlan-zw (d4501)

    View changes on GitHub

v2.0.12

Compare Source

   🐞 Bug Fixes

• react: Force invalidation on entry disposal  -  by @​harlan-zw in #​559 (4ee5e)

    View changes on GitHub

v2.0.11

Compare Source

   🐞 Bug Fixes

• Allow non-standard meta tags to be intentionally duped  -  by @​harlan-zw (9a899)

    View changes on GitHub

v2.0.10

Compare Source

   🐞 Bug Fixes

• Safer meta array deduping  -  by @​harlan-zw (32486)

    View changes on GitHub

v2.0.9

Compare Source

   🏎 Performance

• unhead: Normalize canonicalHost only once in canonical plugin  -  by @​negezor in #​550 (92713)

    View changes on GitHub

v2.0.8

Compare Source

No significant changes

    View changes on GitHub

v2.0.7

Compare Source

   🐞 Bug Fixes

• schema-org: unhead hoisting issue  -  by @​harlan-zw (bb0e4)

    View changes on GitHub

v2.0.6

Compare Source

   🐞 Bug Fixes

• ssr: Less aggressive encoding of non-title tags  -  by @​harlan-zw (f4d4f)

    View changes on GitHub

v2.0.5

Compare Source

   🐞 Bug Fixes

• vue: Use setTimeout as render's debounced delayer  -  by @​kricsleo in #​540 (8f7c5)

    View changes on GitHub

v2.0.4

Compare Source

   🐞 Bug Fixes

• InferSeoMetaPlugin: Template param replacement broken  -  by @​harlan-zw (4e1c8)

    View changes on GitHub

Hebilicious/reproduire (Hebilicious/reproduire)

v0.0.9

Compare Source

compare changes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

actions/stale (actions/stale)

v10.3.0

Compare Source

v10.2.0

Compare Source

v10.1.1

Compare Source

What's Changed

Bug Fix

• Add Missing Input Reading for only-issue-types by @​Bibo-Joshi in #​1298

Improvement

• Improves error handling when rate limiting is disabled on GHES. by @​chiranjib-swain in #​1300

Dependency Upgrades

• Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @​dependabot in #​1276
• Upgrade @​types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @​dependabot in #​1280
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in #​1291
• Upgrade actions/checkout from 4 to 6 by @​dependabot in #​1306

New Contributors

• @​chiranjib-swain made their first contribution in #​1300

Full Changelog: actions/stale@v10...v10.1.1

v10.1.0

Compare Source

What's Changed

• Add only-issue-types option to filter issues by type by @​Bibo-Joshi in #​1255

New Contributors

• @​Bibo-Joshi made their first contribution in #​1255

Full Changelog: actions/stale@v10...v10.1.0

pnpm/pnpm (pnpm)

v11.2.2

Compare Source

Patch Changes

• When the install engine is delegated to pacquet via configDependencies, the user's CLI flags passed to pnpm install (e.g. --no-runtime, --prod, --dev, --no-optional, --node-linker, --cpu/--os/--libc, --offline, --prefer-offline) are now forwarded to pacquet's install subcommand verbatim. Previously pacquet was invoked with a fixed argument list, so flags like --no-runtime were silently dropped. Flag forwarding is gated on the command being install/i; add, update, and dedupe still don't forward (their flag surface doesn't line up with pacquet's install).
• Fixed pnpm up (and pnpm add / pnpm remove) failing with pacquet_package_manager::outdated_lockfile when pacquet is declared in configDependencies. pnpm now passes --ignore-manifest-check to pacquet so its --frozen-lockfile check doesn't fire against the (pre-mutation) package.json pnpm hasn't written yet #​11797. Requires a pacquet release that supports the flag — bump PACQUET_VERSION in the e2e tests once it ships.

v11.2.1

Compare Source

Patch Changes

• Mark optional subdependency snapshots of config dependencies with optional: true in the env lockfile, matching how optional dependencies are recorded elsewhere in pnpm-lock.yaml. Previously, snapshots for the platform-specific subdeps pulled in via a config dep's optionalDependencies were written as empty objects, which was inconsistent with the rest of the lockfile and made it look like those non-host platform variants were required.
• Fix pickRegistryForPackage returning the wrong registry for an unscoped npm: alias under a scoped local name. A manifest entry like "@​private/foo": "npm:lodash@^1" was routing the lodash fetch through registries["@​private"], even though lodash is unscoped and doesn't live on that registry. The npm-alias branch now returns the alias target's own scope (or null for an unscoped target, falling through to registries.default) instead of leaking into the local key's scope.
• Don't print "Installing config dependencies..." when config dependencies are already installed and nothing needs to be fetched, re-linked, or removed.

v11.2.0

Compare Source

Minor Changes

• Experimental: Adding @pnpm/pacquet (the Rust port of pnpm) to configDependencies in pnpm-workspace.yaml now delegates the materialization phase of pnpm install to the pacquet binary. pnpm still owns dependency resolution; pacquet only fetches and imports from the freshly-written lockfile. This is an opt-in preview of the Rust install engine #​11723.

  To configure pacquet in a project, run:

  pnpm add @​pnpm/pacquet --config
  

  You'll see changes in pnpm-workspace.yaml and pnpm-lock.yaml that should be committed. If you experience any issues with pacquet, please let us know by mentioning this in the GitHub issue you create.

• configDependencies now resolve and install one level of optionalDependencies declared by the config dependency, with os/cpu/libc platform filtering applied at install time. This unlocks the esbuild/swc-style pattern where a package ships platform-specific binaries via optionalDependencies — a config dependency can now do the same and have the matching binary symlinked next to it in the global virtual store, so require('pkg-platform-arch') from inside the config dependency resolves correctly.

  The env lockfile records all platform variants regardless of host platform, so it remains portable across machines. Each entry in a config dependency's optionalDependencies must declare an exact version — ranges and tags are rejected to keep installs reproducible.

• Implement the documented pnpm login --scope <scope> flag. The scope is normalized (a leading @ is added if missing; blank values are ignored) and an @<scope>:registry=<registry> mapping is written to the pnpm auth file alongside the auth token. Subsequent installs of @<scope>/* packages then route to the chosen registry. Previously pnpm login --scope foo errored with Unknown option: 'scope' despite the flag being listed in the online documentation #​11716.

• pnpm outdated and pnpm update --interactive now report Node.js, Deno, and Bun runtimes installed as project dependencies (runtime: specifiers). Previously these were silently skipped.

Patch Changes

• Fix cafile=<relative-path> in .npmrc being read from the wrong directory when pnpm is invoked from a different cwd (e.g. pnpm --dir <project> install from a CI wrapper or monorepo script). The path is now resolved against the directory of the .npmrc that declared it, not process.cwd(). Before this fix the CA file silently failed to load — the install proceeded without the configured CA and the user only saw TLS errors against a private registry, with no log line tying back to the wrongly resolved path #​11624.

• Fix config.registry getting a trailing slash appended when registry is set in .npmrc and no registries.default is provided by pnpm-workspace.yaml. The sync from registries.default to config.registry introduced in #​11744 now only fires when the workspace manifest actually contributes a different default.

• Fix global add/update to handle minimumReleaseAge policy violations instead of surfacing an internal resolver guardrail error.

• Fix two crashes with injectWorkspacePackages: true when the lockfile has been pruned (e.g. by turbo prune --docker):

  • Cannot use 'in' operator to search for 'directory' in undefined: a peer-dependency-variant injected snapshot inherits its resolution from the base packages: entry; when a pruner drops that base entry the readers crash. convertToLockfileObject now reconstructs the directory resolution from the file: depPath at load time — a single normalization point, so every reader sees a fully-formed snapshot.
  • ERR_PNPM_ENOENT on node_modules/.bin/<tool>: after prepare/postinstall, runLifecycleHooksConcurrently re-imported each injected workspace package; the scanDir-into-filesMap workaround fed target-internal paths to the importer, which the makeEmptyDir fast path (#​11088) then wiped. Drop the workaround and pass keepModulesDir: true so the importer preserves the target's existing node_modules (bin links + transitive deps) and source files keep their hardlinks.

• Fixed pnpm login and pnpm logout ignoring registries.default from pnpm-workspace.yaml #​10099.

• Fix the minimumReleaseAge (publishedBy) maturity shortcut to be inclusive at the cutoff. Previously, abbreviated metadata whose modified field equalled the cutoff fell off the fast path and triggered a full-metadata re-fetch (or a MISSING_TIME error when full metadata wasn't permitted). Since modified is an upper bound on every version's publish time, modified == publishedBy already implies every version passes the per-version <= filter in filterPkgMetadataByPublishDate, so the shortcut now accepts the boundary case directly. Strictly > (was >=) at the rejection branch.

• Honor publishConfig.access when publishing packages.

PostHog/posthog-js (posthog-js)

v1.374.4

Compare Source

v1.374.3

Compare Source

1.374.3

Patch Changes

• #​3607 557b893 Thanks @​eli-r-ph! - Enable $web_vitals reporting when cookieless mode is enabled
  (2026-05-20)
• Updated dependencies [557b893, a880dbc]:
  • @​posthog/types@​1.374.3
  • @​posthog/core@​1.29.6

vitest-dev/vitest (vitest)

v4.1.7

Compare Source

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in #​10384 (4f0f2)

    View changes on GitHub

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
scripts-docs	Error		May 22, 2026 5:08pm
scripts-playground	Error		May 22, 2026 5:08pm

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/scripts@446

commit: 7690d61

[vercel]

Suggested change

	"@nuxt/ui": "4.2.1",
	"@nuxt/ui": "^4.2.1",

The @nuxt/ui dependency is pinned to 4.2.1 without a caret, which is inconsistent with all other dependencies in this file that use flexible versioning with the ^ prefix.

View Details

Analysis

Inconsistent version pinning for @nuxt/ui dependency

What fails: docs/package.json line 20 specifies @nuxt/ui as pinned version 4.2.1 (without caret prefix), while all 13 other dependencies use caret versioning (^) for flexible version constraints within the major version.

How to reproduce:

cat docs/package.json | grep -A 15 '"dependencies"'

Result: Shows "@nuxt/ui": "4.2.1" (pinned) while all surrounding dependencies have caret prefix:

• "@nuxt/content": "^3.8.2"
• "@nuxt/fonts": "^0.12.1"
• "@nuxthq/studio": "^2.2.1"
• All other 10 dependencies also use ^ prefix

Expected behavior: According to npm semantic versioning, caret versioning allows compatible updates (minor/patch versions) within a major version. The project consistently uses this pattern for all other dependencies, so @nuxt/ui should be ^4.2.1 to match the established convention and allow patch/minor updates like other dependencies.

Root cause: Automated dependency update (Renovate bot commit 0b37709) preserved the previous pinned format when bumping the version from 4.0.0 to 4.2.1, rather than applying the project's standard caret versioning pattern used throughout the file.

[vercel]

Suggested change

	"posthog-js": "^1.321.2"
	"posthog-js": "^1.0.0"

The posthog-js peer dependency constraint changed from ^1.0.0 to ^1.321.2, which is unusually restrictive and appears unintentional given the patch version bump in devDependencies (1.321.1 → 1.321.2).

View Details

Analysis

Overly restrictive posthog-js peer dependency breaks backward compatibility

What fails: The posthog-js peer dependency constraint in package.json was changed from ^1.0.0 to ^1.321.2 (commit 1536ad2), restricting supported versions to 1.321.2+ and rejecting all prior versions (1.0.0-1.321.1) that would previously install.

How to reproduce:

# User has posthog-js 1.200.0 installed (legitimate version under old ^1.0.0 constraint)
npm install @nuxt/scripts
# After update, npm now rejects this version because 1.200.0 does not satisfy ^1.321.2

Result: npm/pnpm install fails with: "posthog-js@1.200.0 not satisfied by ^1.321.2"

Expected: The peer dependency should remain at ^1.0.0 (or similar permissive constraint) since:

• Code only uses posthog.init() and basic config options (api_host, capture_pageview, disable_session_recording) available since 1.0.0
• The devDependency update was only a patch bump (1.222.0 → 1.321.2), not a major version requiring API changes
• Peer dependencies should be permissive to maximize compatibility
• Semantic versioning guidance indicates patch/minor version updates within the same major version should be backward compatible

This change appears to be an error from automated dependency update tooling (Renovate) that applied the same pinpoint version to both devDependencies and peerDependencies.

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

<--- Last few GCs --->

[939:0x42890000]   123937 ms: Scavenge (interleaved) 1470.9 (1478.5) -> 1468.4 (1486.5) MB, pooled: 0 MB, 59.93 / 0.00 ms  (average mu = 0.381, current mu = 0.390) allocation failure; 
[939:0x42890000]   125874 ms: Mark-Compact (reduce) 1481.2 (1492.6) -> 1470.9 (1475.7) MB, pooled: 0 MB, 1150.69 / 0.01 ms  (+ 497.4 ms in 32 steps since start of marking, biggest step 19.9 ms, walltime since start of marking 1799 ms) (average mu = 0.354,
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0x744ae8 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/24.16.0/bin/node]
 2: 0xc1a4b0  [/opt/containerbase/tools/node/24.16.0/bin/node]
 3: 0xc1a59f  [/opt/containerbase/tools/node/24.16.0/bin/node]
 4: 0xebdda5  [/opt/containerbase/tools/node/24.16.0/bin/node]
 5: 0xebddd2  [/opt/containerbase/tools/node/24.16.0/bin/node]
 6: 0xebe0ca  [/opt/containerbase/tools/node/24.16.0/bin/node]
 7: 0xecedca  [/opt/containerbase/tools/node/24.16.0/bin/node]
 8: 0xed3170  [/opt/containerbase/tools/node/24.16.0/bin/node]
 9: 0x19655d1  [/opt/containerbase/tools/node/24.16.0/bin/node]
/usr/local/bin/node: line 18:   939 Aborted                 /opt/containerbase/tools/node/24.16.0/bin/node "$@"

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​paypal/​paypal-js@​9.7.0

View full report