chore(deps): update all non-major dependencies by renovate[bot] · Pull Request #446 · nuxt/scripts

renovate · 2025-04-05T00:27:07Z

This PR contains the following updates:

Package	Change	Type	Update	Pending
@nuxt/ui (source)	`^4.7.1` → `^4.8.0`	pnpm.catalog.default	minor
@types/google.maps (source)	`^3.58.1` → `^3.64.1`	peerDependencies	minor
@types/youtube (source)	`^0.1.0` → `^0.2.0`	peerDependencies	minor
@unhead/vue (source)	`^2.0.3` → `^2.1.15`	peerDependencies	minor
Hebilicious/reproduire	`v0.0.9-mp` → `v0.0.9`	action	patch
actions/checkout	`v6.0.1` → `v6.0.2`	action	patch
actions/stale	`v10.0.0` → `v10.3.0`	action	minor
pnpm (source)	`11.1.3` → `11.2.2`	packageManager	minor
posthog-js (source)	`^1.374.2` → `^1.374.4`	pnpm.catalog.default	patch	`1.376.0` (+1)
posthog-js (source)	`^1.0.0` → `^1.374.4`	peerDependencies	minor	`1.376.0` (+1)
vitest (source)	`^4.1.6` → `^4.1.7`	pnpm.catalog.default	patch

Release Notes

nuxt/ui (@nuxt/ui)

`v4.8.0`

Compare Source

⚠ BREAKING CHANGES

InputMenu: rename autocomplete prop to mode to free up HTML attribute (#6474)

Features

Avatar/AvatarGroup: add color prop (#6405) (6f2396f)
Breadcrumb: add color prop (#6406) (955dac1)
ChatMessage: add body slot and improve actions alignment (#6460) (48685b6)
ChatMessage: add color prop and header slot (#6407) (c6ce8ca)
ChatPrompt: add submitOnEnter prop to control Enter behavior (b597f90), closes #6177
Checkbox/RadioGroup/Switch: add highlight prop for error ring styling (a0deee4)
CommandPalette: search and highlight description field (524c34d)
ContentSearch/DashboardSearch: enable Fuse.js token search by default (ba08220)
ContentSearch: add async search support via useSearchCollection (#6432) (a1bef8b)
DashboardGroup: add storageOptions prop (8f0101b), closes #6170
Error: add icon prop and leading slot (e6ea707), closes #6119
Separator: add position prop (#6415) (844660a)
Theme: override component prop defaults (#6031) (71c008e)

Bug Fixes

ChatMessage: add wrap-break-word to content slot (#6476) (eb468e6)
CommandPalette: only split tokens in highlight when useTokenSearch is enabled (898fbce)
CommandPalette: preserve relative order of ignoreFilter groups (e4c1787)
CommandPalette: re-highlight first item after debounced results render (efd7b8e)
CommandPalette: update default fuse keys in docs and search components (0d9cc0d)
components: apply theme.prefix to hardcoded utility classes (f51b1e8)
components: constrain popper content to available viewport height (007b136), closes #6449
ContentSearch: preserve intermediate ancestors in breadcrumb prefix (#6466) (f639b19)
ContentToc: apply ui.trigger prop to trigger elements (252b906), closes #6428
defineShortcuts: use e.code for alt shortcuts to handle macOS key remapping (231f156), closes #6444
FileUpload: pass disabled attribute to button variant (2890c83), closes #6420
Form: improve errors type (#6208) (c1090ab)
InputMenu/Select/SelectMenu: respect trailing: false over default trailingIcon (#6457) (65b47ce)
InputMenu: rename autocomplete prop to mode to free up HTML attribute (#6474) (2799fa6)
module: don't require @nuxtjs/mdc when using content option (89f7778)
module: pass computed ref directly to useHead innerHTML (00b7476)
module: ship stripped [#build](https://redirect.github.com/nuxt/ui/issues/build)/ui.css fallback for tooling (083c2a9), closes #5504
ProseKbd: add default slot and make value optional (f317c7f)
Textarea: autoresize on mount with pre-filled value (e96a0b6), closes #5962
useComponentProps: treat array-typed theme values as ClassValue leaves (cac3860)

unjs/unhead (@unhead/vue)

`v2.1.15`

Compare Source

No significant changes

View changes on GitHub

`v2.1.13`

Compare Source

🐞 Bug Fixes

schema-org: Normalize target to array before merging potentialAction - by @harlan-zw and Claude Opus 4.6 (1M context) in #709 (22ac9)

View changes on GitHub

`v2.1.12`

Compare Source

🐞 Bug Fixes

Harden prototype pollution - by @harlan-zw (a6ed9)
Case insensitive attr dedupe - by @harlan-zw (3146b)

View changes on GitHub

`v2.1.11`

Compare Source

⚠️ Security

Fixed XSS bypass in useHeadSafe via attribute name injection (GHSA-g5xx-pwrp-g3fv). Users handling untrusted input with useHeadSafe should upgrade immediately.

🐞 Bug Fixes

addons,schema-org: Permissive peer dependencies - by @harlan-zw (4c5d1)

View changes on GitHub

`v2.1.10`

Compare Source

🐞 Bug Fixes

solid-js: Correct peerDependency version - by @tyeporter in #671 (64e17)

View changes on GitHub

`v2.1.9`

Compare Source

🐞 Bug Fixes

schema-org: Nuxt test utils compat bug - by @harlan-zw (ef838)

View changes on GitHub

`v2.1.8`

Compare Source

🐞 Bug Fixes

schema-org: Avoid crashing from 3+ duplicate nodes - by @harlan-zw (4baf9)

View changes on GitHub

`v2.1.7`

Compare Source

🐞 Bug Fixes

unhead:
- deduplicate matching tags inside same render cycle - by @harlan-zw in #668 (5c0b2)

View changes on GitHub

`v2.1.6`

Compare Source

🐞 Bug Fixes

react: Ssr regression - by @harlan-zw (6adff)

View changes on GitHub

`v2.1.5`

Compare Source

🐞 Bug Fixes

react: Dispose head entries on unmount in React 18 StrictMode - by @harlan-zw in #664 (50ffe)
scripts: Prevent scope disposal from aborting unrelated trigger in useScript - by @cernymatej in #660 (e8f5b)
unhead: Dedupe link rel without hreflang or type - by @danielroe in #658 (1487d)

View changes on GitHub

`v2.1.4`

Compare Source

🐞 Bug Fixes

schema-org: Remove unimplemented SchemaOrgDebug - by @onmax in #649 (642dc)
unhead: Dedupe <link rel="alternate"> by hreflang/type only, drop href from key - by @harlan-zw in #656 (86175)

View changes on GitHub

`v2.1.3`

Compare Source

🐞 Bug Fixes

unhead:
- Dedupe <link rel="alternate"> - by @danielroe and onmax in #655 (fdabe)
vue:
- Support computed getter trigger - by @harlan-zw in #638 (fd63a)
- Guard s._statusRef - by @danielroe in #642 (4ef03)

🏎 Performance

vue: Avoid duplicating error message in the bundle - by @panstromek in #652 (194e5)

View changes on GitHub

`v2.1.2`

Compare Source

🐞 Bug Fixes

Broken cjs environment - by @harlan-zw (ce989)

View changes on GitHub

`v2.1.1`

Compare Source

No significant changes

View changes on GitHub

`v2.1.0`

Compare Source

🚀 Features

schema-org: 12 new nodes - by @harlan-zw in #612 (1a9b8)

🐞 Bug Fixes

react:
- Recursive function resolves broken - by @harlan-zw (4e0c7)
schema-org:
- Correct month off-by-one - by @harlan-zw in #603 (a3e70)
- Missing schema.org properties - by @harlan-zw in #614 (54e05)
unhead:
- Enforce boolean string meta contents - by @kfreezen in #594 (0b8e7)
- Capo module scripts ordering - by @Barbapapazes in #600 (3c661)
- Capo inline scripts ordering - by @Barbapapazes in #596 (7be75)
- Normalize script type - by @harlan-zw (e51b6)
- Safer handling of input - by @harlan-zw (b4b6c)

🏎 Performance

schema-org:
- Remove ohash and defu dependencies - by @harlan-zw in #605 (0d508)
- Rework graph resolution - by @harlan-zw in #616 (b79e4)

View changes on GitHub

`v2.0.19`

Compare Source

🐞 Bug Fixes

vue: Tree shaking breaking some reactivity - by @harlan-zw (7abb5)

View changes on GitHub

`v2.0.18`

Compare Source

🏎 Performance

unhead: Avoid server side effects - by @harlan-zw in #585 (3fd09)

View changes on GitHub

`v2.0.17`

Compare Source

No significant changes

View changes on GitHub

`v2.0.14`

Compare Source

🐞 Bug Fixes

unhead: Multiword attributes in template - by @NikSimonov in #568 (f635b)

View changes on GitHub

`v2.0.13`

Compare Source

🐞 Bug Fixes

unhead:
- Canonical plugin modifying non-url properties - by @paraboul (ee8fd)
- Avoid normalizing template param input - by @harlan-zw (1d205)
- Safer removal of leading / trailing separators - by @harlan-zw (d4501)

View changes on GitHub

`v2.0.12`

Compare Source

🐞 Bug Fixes

react: Force invalidation on entry disposal - by @harlan-zw in #559 (4ee5e)

View changes on GitHub

`v2.0.11`

Compare Source

🐞 Bug Fixes

Allow non-standard meta tags to be intentionally duped - by @harlan-zw (9a899)

View changes on GitHub

`v2.0.10`

Compare Source

🐞 Bug Fixes

Safer meta array deduping - by @harlan-zw (32486)

View changes on GitHub

`v2.0.9`

Compare Source

🏎 Performance

unhead: Normalize canonicalHost only once in canonical plugin - by @negezor in #550 (92713)

View changes on GitHub

`v2.0.8`

Compare Source

No significant changes

View changes on GitHub

`v2.0.7`

Compare Source

🐞 Bug Fixes

schema-org: unhead hoisting issue - by @harlan-zw (bb0e4)

View changes on GitHub

`v2.0.6`

Compare Source

🐞 Bug Fixes

ssr: Less aggressive encoding of non-title tags - by @harlan-zw (f4d4f)

View changes on GitHub

`v2.0.5`

Compare Source

🐞 Bug Fixes

vue: Use setTimeout as render's debounced delayer - by @kricsleo in #540 (8f7c5)

View changes on GitHub

`v2.0.4`

Compare Source

🐞 Bug Fixes

InferSeoMetaPlugin: Template param replacement broken - by @harlan-zw (4e1c8)

View changes on GitHub

Hebilicious/reproduire (Hebilicious/reproduire)

`v0.0.9`

Compare Source

compare changes

actions/checkout (actions/checkout)

`v6.0.2`

Compare Source

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in #2356

actions/stale (actions/stale)

What's Changed

Bug Fix

Add Missing Input Reading for only-issue-types by @Bibo-Joshi in #1298

Improvement

Improves error handling when rate limiting is disabled on GHES. by @chiranjib-swain in #1300

Dependency Upgrades

Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @dependabot in #1276
Upgrade @types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @dependabot in #1280
Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #1291
Upgrade actions/checkout from 4 to 6 by @dependabot in #1306

New Contributors

@chiranjib-swain made their first contribution in #1300

Full Changelog: actions/stale@v10...v10.1.1

`v10.1.0`

Compare Source

What's Changed

Add only-issue-types option to filter issues by type by @Bibo-Joshi in #1255

New Contributors

@Bibo-Joshi made their first contribution in #1255

Full Changelog: actions/stale@v10...v10.1.0

pnpm/pnpm (pnpm)

`v11.2.2`

Compare Source

Patch Changes

When the install engine is delegated to pacquet via configDependencies, the user's CLI flags passed to pnpm install (e.g. --no-runtime, --prod, --dev, --no-optional, --node-linker, --cpu/--os/--libc, --offline, --prefer-offline) are now forwarded to pacquet's install subcommand verbatim. Previously pacquet was invoked with a fixed argument list, so flags like --no-runtime were silently dropped. Flag forwarding is gated on the command being install/i; add, update, and dedupe still don't forward (their flag surface doesn't line up with pacquet's install).
Fixed pnpm up (and pnpm add / pnpm remove) failing with pacquet_package_manager::outdated_lockfile when pacquet is declared in configDependencies. pnpm now passes --ignore-manifest-check to pacquet so its --frozen-lockfile check doesn't fire against the (pre-mutation) package.json pnpm hasn't written yet #11797. Requires a pacquet release that supports the flag — bump PACQUET_VERSION in the e2e tests once it ships.

`v11.2.1`

Compare Source

Patch Changes

Mark optional subdependency snapshots of config dependencies with optional: true in the env lockfile, matching how optional dependencies are recorded elsewhere in pnpm-lock.yaml. Previously, snapshots for the platform-specific subdeps pulled in via a config dep's optionalDependencies were written as empty objects, which was inconsistent with the rest of the lockfile and made it look like those non-host platform variants were required.
Fix pickRegistryForPackage returning the wrong registry for an unscoped npm: alias under a scoped local name. A manifest entry like "@private/foo": "npm:lodash@^1" was routing the lodash fetch through registries["@private"], even though lodash is unscoped and doesn't live on that registry. The npm-alias branch now returns the alias target's own scope (or null for an unscoped target, falling through to registries.default) instead of leaking into the local key's scope.
Don't print "Installing config dependencies..." when config dependencies are already installed and nothing needs to be fetched, re-linked, or removed.

`v11.2.0`

Compare Source

Minor Changes

Experimental: Adding @pnpm/pacquet (the Rust port of pnpm) to configDependencies in pnpm-workspace.yaml now delegates the materialization phase of pnpm install to the pacquet binary. pnpm still owns dependency resolution; pacquet only fetches and imports from the freshly-written lockfile. This is an opt-in preview of the Rust install engine #11723.

To configure pacquet in a project, run:
```
pnpm add @&#8203;pnpm/pacquet --config
```
You'll see changes in pnpm-workspace.yaml and pnpm-lock.yaml that should be committed. If you experience any issues with pacquet, please let us know by mentioning this in the GitHub issue you create.
configDependencies now resolve and install one level of optionalDependencies declared by the config dependency, with os/cpu/libc platform filtering applied at install time. This unlocks the esbuild/swc-style pattern where a package ships platform-specific binaries via optionalDependencies — a config dependency can now do the same and have the matching binary symlinked next to it in the global virtual store, so require('pkg-platform-arch') from inside the config dependency resolves correctly.

The env lockfile records all platform variants regardless of host platform, so it remains portable across machines. Each entry in a config dependency's optionalDependencies must declare an exact version — ranges and tags are rejected to keep installs reproducible.
Implement the documented pnpm login --scope <scope> flag. The scope is normalized (a leading @ is added if missing; blank values are ignored) and an @<scope>:registry=<registry> mapping is written to the pnpm auth file alongside the auth token. Subsequent installs of @<scope>/* packages then route to the chosen registry. Previously pnpm login --scope foo errored with Unknown option: 'scope' despite the flag being listed in the online documentation #11716.
pnpm outdated and pnpm update --interactive now report Node.js, Deno, and Bun runtimes installed as project dependencies (runtime: specifiers). Previously these were silently skipped.

Patch Changes

Fix cafile=<relative-path> in .npmrc being read from the wrong directory when pnpm is invoked from a different cwd (e.g. pnpm --dir <project> install from a CI wrapper or monorepo script). The path is now resolved against the directory of the .npmrc that declared it, not process.cwd(). Before this fix the CA file silently failed to load — the install proceeded without the configured CA and the user only saw TLS errors against a private registry, with no log line tying back to the wrongly resolved path #11624.
Fix config.registry getting a trailing slash appended when registry is set in .npmrc and no registries.default is provided by pnpm-workspace.yaml. The sync from registries.default to config.registry introduced in #11744 now only fires when the workspace manifest actually contributes a different default.
Fix global add/update to handle minimumReleaseAge policy violations instead of surfacing an internal resolver guardrail error.
Fix two crashes with injectWorkspacePackages: true when the lockfile has been pruned (e.g. by turbo prune --docker):
- Cannot use 'in' operator to search for 'directory' in undefined: a peer-dependency-variant injected snapshot inherits its resolution from the base packages: entry; when a pruner drops that base entry the readers crash. convertToLockfileObject now reconstructs the directory resolution from the file: depPath at load time — a single normalization point, so every reader sees a fully-formed snapshot.
- ERR_PNPM_ENOENT on node_modules/.bin/<tool>: after prepare/postinstall, runLifecycleHooksConcurrently re-imported each injected workspace package; the scanDir-into-filesMap workaround fed target-internal paths to the importer, which the makeEmptyDir fast path (#11088) then wiped. Drop the workaround and pass keepModulesDir: true so the importer preserves the target's existing node_modules (bin links + transitive deps) and source files keep their hardlinks.
Fixed pnpm login and pnpm logout ignoring registries.default from pnpm-workspace.yaml #10099.
Fix the minimumReleaseAge (publishedBy) maturity shortcut to be inclusive at the cutoff. Previously, abbreviated metadata whose modified field equalled the cutoff fell off the fast path and triggered a full-metadata re-fetch (or a MISSING_TIME error when full metadata wasn't permitted). Since modified is an upper bound on every version's publish time, modified == publishedBy already implies every version passes the per-version <= filter in filterPkgMetadataByPublishDate, so the shortcut now accepts the boundary case directly. Strictly > (was >=) at the rejection branch.
Honor publishConfig.access when publishing packages.

PostHog/posthog-js (posthog-js)

`v1.374.4`

Compare Source

`v1.374.3`

Compare Source

1.374.3

Patch Changes

#3607 557b893 Thanks @eli-r-ph! - Enable $web_vitals reporting when cookieless mode is enabled
(2026-05-20)
Updated dependencies [557b893, a880dbc]:
- @posthog/types@1.374.3
- @posthog/core@1.29.6

vitest-dev/vitest (vitest)

`v4.1.7`

Compare Source

🐞 Bug Fixes

runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by @hi-ogawa in #10384 (4f0f2)

View changes on GitHub

Configuration

📅 Schedule: (UTC)

Branch creation
- "on Monday"
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2025-04-05T00:27:09Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
scripts-docs	Error		May 22, 2026 5:08pm
scripts-playground	Error		May 22, 2026 5:08pm

pkg-pr-new · 2025-07-16T18:29:18Z

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/scripts@446

commit: 7690d61

vercel · 2025-11-25T02:47:14Z

    "@nuxt/image": "^1.11.0",
    "@nuxt/scripts": "workspace:*",
-    "@nuxt/ui": "4.0.0",
+    "@nuxt/ui": "4.2.1",


Suggested change

"@nuxt/ui": "4.2.1",

"@nuxt/ui": "^4.2.1",

The @nuxt/ui dependency is pinned to 4.2.1 without a caret, which is inconsistent with all other dependencies in this file that use flexible versioning with the ^ prefix.

View Details

Analysis

Inconsistent version pinning for @nuxt/ui dependency

What fails: docs/package.json line 20 specifies @nuxt/ui as pinned version 4.2.1 (without caret prefix), while all 13 other dependencies use caret versioning (^) for flexible version constraints within the major version.

How to reproduce:

cat docs/package.json | grep -A 15 '"dependencies"'

Result: Shows "@nuxt/ui": "4.2.1" (pinned) while all surrounding dependencies have caret prefix:

"@nuxt/content": "^3.8.2"

"@nuxt/fonts": "^0.12.1"

"@nuxthq/studio": "^2.2.1"

All other 10 dependencies also use ^ prefix

Expected behavior: According to npm semantic versioning, caret versioning allows compatible updates (minor/patch versions) within a major version. The project consistently uses this pattern for all other dependencies, so @nuxt/ui should be ^4.2.1 to match the established convention and allow patch/minor updates like other dependencies.

Root cause: Automated dependency update (Renovate bot commit 0b37709) preserved the previous pinned format when bumping the version from 4.0.0 to 4.2.1, rather than applying the project's standard caret versioning pattern used throughout the file.

vercel · 2026-01-15T00:37:21Z

-    "posthog-js": "^1.0.0"
+    "@types/youtube": "^0.1.2",
+    "@unhead/vue": "^2.1.2",
+    "posthog-js": "^1.321.2"


Suggested change

"posthog-js": "^1.321.2"

"posthog-js": "^1.0.0"

The posthog-js peer dependency constraint changed from ^1.0.0 to ^1.321.2, which is unusually restrictive and appears unintentional given the patch version bump in devDependencies (1.321.1 → 1.321.2).

View Details

Analysis

Overly restrictive posthog-js peer dependency breaks backward compatibility

What fails: The posthog-js peer dependency constraint in package.json was changed from ^1.0.0 to ^1.321.2 (commit 1536ad2), restricting supported versions to 1.321.2+ and rejecting all prior versions (1.0.0-1.321.1) that would previously install.

How to reproduce:

# User has posthog-js 1.200.0 installed (legitimate version under old ^1.0.0 constraint) npm install @nuxt/scripts # After update, npm now rejects this version because 1.200.0 does not satisfy ^1.321.2

Result: npm/pnpm install fails with: "posthog-js@1.200.0 not satisfied by ^1.321.2"

Expected: The peer dependency should remain at ^1.0.0 (or similar permissive constraint) since:

Code only uses posthog.init() and basic config options (api_host, capture_pageview, disable_session_recording) available since 1.0.0

The devDependency update was only a patch bump (1.222.0 → 1.321.2), not a major version requiring API changes

Peer dependencies should be permissive to maximize compatibility

Semantic versioning guidance indicates patch/minor version updates within the same major version should be backward compatible

This change appears to be an error from automated dependency update tooling (Renovate) that applied the same pinpoint version to both devDependencies and peerDependencies.

socket-security · 2026-04-29T17:16:38Z

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

renovate · 2026-05-19T23:08:46Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml


<--- Last few GCs --->

[939:0x42890000]   123937 ms: Scavenge (interleaved) 1470.9 (1478.5) -> 1468.4 (1486.5) MB, pooled: 0 MB, 59.93 / 0.00 ms  (average mu = 0.381, current mu = 0.390) allocation failure; 
[939:0x42890000]   125874 ms: Mark-Compact (reduce) 1481.2 (1492.6) -> 1470.9 (1475.7) MB, pooled: 0 MB, 1150.69 / 0.01 ms  (+ 497.4 ms in 32 steps since start of marking, biggest step 19.9 ms, walltime since start of marking 1799 ms) (average mu = 0.354,
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0x744ae8 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/24.16.0/bin/node]
 2: 0xc1a4b0  [/opt/containerbase/tools/node/24.16.0/bin/node]
 3: 0xc1a59f  [/opt/containerbase/tools/node/24.16.0/bin/node]
 4: 0xebdda5  [/opt/containerbase/tools/node/24.16.0/bin/node]
 5: 0xebddd2  [/opt/containerbase/tools/node/24.16.0/bin/node]
 6: 0xebe0ca  [/opt/containerbase/tools/node/24.16.0/bin/node]
 7: 0xecedca  [/opt/containerbase/tools/node/24.16.0/bin/node]
 8: 0xed3170  [/opt/containerbase/tools/node/24.16.0/bin/node]
 9: 0x19655d1  [/opt/containerbase/tools/node/24.16.0/bin/node]
/usr/local/bin/node: line 18:   939 Aborted                 /opt/containerbase/tools/node/24.16.0/bin/node "$@"

socket-security · 2026-05-22T07:33:07Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@paypal/paypal-js@9.7.0

View full report

renovate Bot force-pushed the renovate/all-minor-patch branch from 9c4e39b to 5bfebea Compare April 5, 2025 00:30

vercel Bot deployed to Preview – scripts-playground April 5, 2025 00:37 View deployment

vercel Bot deployed to Preview – scripts-docs April 5, 2025 00:40 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 5bfebea to 7804f68 Compare April 6, 2025 09:08

renovate Bot changed the title ~~chore(deps): update resolutions typescript to v5.8.3~~ chore(deps): update all non-major dependencies Apr 6, 2025

vercel Bot deployed to Preview – scripts-docs April 6, 2025 09:10 View deployment

vercel Bot deployed to Preview – scripts-playground April 6, 2025 09:12 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 7804f68 to 2d975ff Compare April 7, 2025 04:48

vercel Bot deployed to Preview – scripts-docs April 7, 2025 04:51 View deployment

vercel Bot deployed to Preview – scripts-playground April 7, 2025 04:53 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 2d975ff to 0104ff1 Compare April 7, 2025 08:22

vercel Bot deployed to Preview – scripts-playground April 7, 2025 08:24 View deployment

vercel Bot deployed to Preview – scripts-docs April 7, 2025 08:26 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 0104ff1 to 8120e32 Compare April 7, 2025 15:15

vercel Bot deployed to Preview – scripts-playground April 7, 2025 15:17 View deployment

vercel Bot deployed to Preview – scripts-docs April 7, 2025 15:20 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 8120e32 to 5ec9f5e Compare April 7, 2025 18:22

vercel Bot deployed to Preview – scripts-docs April 7, 2025 18:29 View deployment

vercel Bot deployed to Preview – scripts-playground April 7, 2025 18:31 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 5ec9f5e to efcb3b7 Compare April 8, 2025 08:39

vercel Bot deployed to Preview – scripts-playground April 8, 2025 08:42 View deployment

vercel Bot deployed to Preview – scripts-docs April 8, 2025 08:44 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from efcb3b7 to 1a61aec Compare April 10, 2025 00:28

vercel Bot deployed to Preview – scripts-playground April 10, 2025 00:30 View deployment

vercel Bot deployed to Preview – scripts-docs April 10, 2025 00:33 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 1a61aec to cf8e7f8 Compare April 10, 2025 09:47

vercel Bot deployed to Preview – scripts-playground April 10, 2025 09:50 View deployment

vercel Bot deployed to Preview – scripts-docs April 10, 2025 09:52 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from cf8e7f8 to 2b13cf8 Compare April 11, 2025 01:12

vercel Bot had a problem deploying to Preview – scripts-docs April 16, 2025 07:27 Failure

renovate Bot force-pushed the renovate/all-minor-patch branch from 6132302 to 360e116 Compare April 16, 2025 14:05

vercel Bot deployed to Preview – scripts-playground April 16, 2025 14:07 View deployment

vercel Bot had a problem deploying to Preview – scripts-docs April 16, 2025 14:08 Failure

renovate Bot force-pushed the renovate/all-minor-patch branch from 360e116 to aa97a8b Compare April 17, 2025 00:59

vercel Bot deployed to Preview – scripts-playground April 17, 2025 01:02 View deployment

vercel Bot had a problem deploying to Preview – scripts-docs April 17, 2025 01:03 Failure

renovate Bot force-pushed the renovate/all-minor-patch branch from aa97a8b to 714cf9d Compare April 17, 2025 08:46

vercel Bot deployed to Preview – scripts-playground April 17, 2025 08:48 View deployment

vercel Bot had a problem deploying to Preview – scripts-docs April 17, 2025 08:49 Failure

renovate Bot force-pushed the renovate/all-minor-patch branch from 714cf9d to bdbb60c Compare April 17, 2025 18:14

vercel Bot had a problem deploying to Preview – scripts-docs April 17, 2025 18:15 Failure

vercel Bot deployed to Preview – scripts-playground April 17, 2025 18:17 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from bdbb60c to 9343bf3 Compare April 18, 2025 20:28

vercel Bot had a problem deploying to Preview – scripts-docs April 18, 2025 21:10 Failure

vercel Bot deployed to Preview – scripts-playground April 18, 2025 21:12 View deployment

renovate Bot force-pushed the renovate/all-minor-patch branch from 9343bf3 to fb7fea7 Compare April 21, 2025 12:46

vercel Bot deployed to Preview – scripts-playground April 21, 2025 12:48 View deployment

vercel Bot had a problem deploying to Preview – scripts-docs April 21, 2025 12:49 Failure

renovate Bot force-pushed the renovate/all-minor-patch branch from fb7fea7 to 556aaae Compare April 21, 2025 16:40

vercel Bot deployed to Preview – scripts-playground April 21, 2025 16:42 View deployment

vercel Bot had a problem deploying to Preview – scripts-docs April 21, 2025 16:43 Failure

vercel Bot reviewed Sep 20, 2025

View reviewed changes

Comment thread pnpm-lock.yaml Outdated

vercel Bot reviewed Nov 25, 2025

View reviewed changes

vercel Bot reviewed Jan 15, 2026

View reviewed changes

chore(deps): update all non-major dependencies

d1f7b8f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all non-major dependencies#446

chore(deps): update all non-major dependencies#446
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

renovate Bot commented Apr 5, 2025 •

edited

Loading

Uh oh!

vercel Bot commented Apr 5, 2025 •

edited

Loading

Uh oh!

pkg-pr-new Bot commented Jul 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

vercel Bot Nov 25, 2025

Uh oh!

vercel Bot Jan 15, 2026

Uh oh!

socket-security Bot commented Apr 29, 2026 •

edited

Loading

Uh oh!

renovate Bot commented May 19, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 22, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Apr 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

⚠ BREAKING CHANGES

Features

Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

⚠️ Security

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🚀 Features

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🏎 Performance

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

🐞 Bug Fixes

What's Changed

Bug Fix

Improvement

Dependency Upgrades

New Contributors

What's Changed

New Contributors

Patch Changes

Patch Changes

Minor Changes

Patch Changes

1.374.3

Patch Changes

🐞 Bug Fixes

Configuration

Uh oh!

vercel Bot commented Apr 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pkg-pr-new Bot commented Jul 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

vercel Bot Nov 25, 2025

Choose a reason for hiding this comment

Analysis

Inconsistent version pinning for @nuxt/ui dependency

Uh oh!

vercel Bot Jan 15, 2026

Choose a reason for hiding this comment

Analysis

Overly restrictive posthog-js peer dependency breaks backward compatibility

Uh oh!

socket-security Bot commented Apr 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

renovate Bot commented Apr 5, 2025 •

edited

Loading

vercel Bot commented Apr 5, 2025 •

edited

Loading

pkg-pr-new Bot commented Jul 16, 2025 •

edited

Loading

socket-security Bot commented Apr 29, 2026 •

edited

Loading