Skip to content

chore(deps): update all non-major dependencies#150

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#150
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
@iconify-json/lucide ^1.2.114^1.2.117 age confidence dependencies patch
@iconify-json/simple-icons ^1.2.87^1.2.90 age confidence dependencies patch
@iconify-json/vscode-icons ^1.2.59^1.2.67 age confidence devDependencies patch
@nuxt/content (source) ^3.14.0^3.15.0 age confidence dependencies minor
@nuxt/scripts (source) 1.2.11.3.0 age confidence dependencies minor 1.3.1
@shikijs/engine-javascript (source) ^4.2.0^4.3.1 age confidence dependencies minor
eslint (source) ^10.5.0^10.7.0 age confidence devDependencies minor
github/gh-aw-actions v0.80.9v0.82.8 age confidence action minor v0.82.9
pnpm (source) 10.34.410.34.5 age confidence packageManager patch
posthog-js (source) ^1.393.0^1.399.2 age confidence dependencies minor 1.399.5 (+2)
tailwindcss (source) ^4.3.1^4.3.2 age confidence dependencies patch
vue-tsc (source) ^3.3.5^3.3.7 age confidence devDependencies patch

Release Notes

nuxt/content (@​nuxt/content)

v3.15.0

Compare Source

Features
Bug Fixes
  • content: support validator detection with pnpm enableGlobalVirtualStore (#​3791) (6b2720b)
  • hmr: update all matching collections when a file changes (#​3802) (06f8edb)
  • search: softer heading-level boost curve and tuned defaults (#​3801) (00d25a5)
  • vercel: use tmp directory to clone contents (#​3810) (793d59a)
nuxt/scripts (@​nuxt/scripts)

v1.3.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
shikijs/shiki (@​shikijs/engine-javascript)

v4.3.1

Compare Source

   🚀 Features
    View changes on GitHub

v4.3.0

Compare Source

   🚀 Features
    View changes on GitHub
eslint/eslint (eslint)

v10.7.0

Compare Source

Features

  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#​21032) (sethamus)
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#​21063) (fnx)
  • 557fde8 feat: support computed Number.parseInt member access in radix rule (#​21041) (Pixel)
  • 0b4a73b feat: add suggestions to no-compare-neg-zero (#​21034) (den$)
  • 96cdd42 feat: report invalid signed numeric radix values in radix rule (#​21030) (Pixel)

Bug Fixes

  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#​21069) (Pixel)
  • 0d7d70c fix: insert cause outside wrapping parens in preserve-caught-error (#​21062) (Mahin Anowar)
  • 75ec753 fix: handle static template literals in eqeqeq rule (#​21058) (Pixel)
  • b717a22 fix: prevent eqeqeq null option from reporting non-equality operators (#​21057) (Pixel)
  • e35b05f fix: avoid no-invalid-regexp false positive for shadowed RegExp (#​21051) (Pixel)
  • a3172b6 fix: avoid no-control-regex false positive for shadowed RegExp (#​21050) (Pixel)
  • d1f637e fix: parenthesize sequence expression operands in no-implicit-coercion (#​21045) (spokodev)
  • 8859baf fix: avoid prefer-numeric-literals false positive for shadowed globals (#​21047) (한국)
  • a9e5961 fix: use-isnan false positive on shadowed NaN/Number (#​20958) (sethamus)
  • 8a240a7 fix: avoid false positives in radix rule for spread arguments (#​21044) (Pixel)

Documentation

  • c30d808 docs: Update README (GitHub Actions Bot)
  • 5139800 docs: document ESLint migration codemods in v9 and v10 guides (#​20980) (Alex Bit)
  • 04174cb docs: Update README (GitHub Actions Bot)
  • 026e130 docs: update semver policy for bug fixes (#​21048) (Milos Djermanovic)
  • 9d42fef docs: Update README (GitHub Actions Bot)
  • b230159 docs: Update README (GitHub Actions Bot)
  • 0129972 docs: correct **/.js glob to **/*.js in config files guide (#​21036) (EduardF1)

Chores

v10.6.0

Compare Source

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#​20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#​20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#​20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#​21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#​21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#​21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#​21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#​21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#​21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#​21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#​20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#​20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#​20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#​20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#​20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#​20983) (lumir)

Chores

github/gh-aw-actions (github/gh-aw-actions)

v0.82.8

Compare Source

Sync of actions from gh-aw at v0.82.8.

v0.82.7

Compare Source

Sync of actions from gh-aw at v0.82.7.

v0.82.6

Compare Source

Sync of actions from gh-aw at v0.82.6.

v0.82.5

Compare Source

Sync of actions from gh-aw at v0.82.5.

v0.82.4

Compare Source

Sync of actions from gh-aw at v0.82.4.

v0.82.3

Compare Source

Sync of actions from gh-aw at v0.82.3.

v0.82.2

Compare Source

Sync of actions from gh-aw at v0.82.2.

v0.82.1

Compare Source

Sync of actions from gh-aw at v0.82.1.

v0.82.0

Compare Source

Sync of actions from gh-aw at v0.82.0.

v0.81.6

Compare Source

Sync of actions from gh-aw at v0.81.6.

v0.81.5

Compare Source

Sync of actions from gh-aw at v0.81.5.

v0.81.4

Compare Source

Sync of actions from gh-aw at v0.81.4.

v0.81.3

Compare Source

Sync of actions from gh-aw at v0.81.3.

v0.81.2

Compare Source

Sync of actions from gh-aw at v0.81.2.

v0.81.1

Compare Source

Sync of actions from gh-aw at v0.81.1.

v0.81.0

Compare Source

Sync of actions from gh-aw at v0.81.0.

pnpm/pnpm (pnpm)

v10.34.5

Compare Source

PostHog/posthog-js (posthog-js)

v1.399.2

Compare Source

1.399.2

Patch Changes
  • #​4118 f630394 Thanks @​posthog! - Fix a RangeError: Maximum call stack size exceeded originating from the shared rrweb patch() helper. It patches shared globals such as Element.prototype.attachShadow (shadow-dom-manager) and the DOM/canvas observers, so multiple recorder instances or repeated start/stop cycles wrap the same global more than once. Previously an out-of-order restore silently no-op'd, leaving the wrapper in the call path; repeated cycles grew the wrapper chain without bound until a real call walked a chain deep enough to overflow the stack. Wrappers now delegate through a mutable per-layer link so any layer can be torn down even when newer wrappers sit on top of it, keeping the chain bounded. Recording behavior is unchanged. This applies the same fix as #​4063 (fetch/XHR) to the shared helper so every rrweb-record caller inherits the bounded-chain behavior.
    (2026-07-10)

v1.399.1

Compare Source

v1.399.0

Compare Source

1.399.0

Minor Changes
  • #​4115 86bb3a5 Thanks @​DanielVisca! - add the posthog.metrics API (count, gauge, histogram) — alpha

    A statsd-style pre-aggregating metrics client for the PostHog Metrics product (alpha). Samples are folded into per-series aggregates in memory (counts sum, gauges keep the last value, histograms accumulate buckets) and flushed periodically as OTLP/JSON to /i/v1/metrics — one data point per series per flush window, no matter how many calls. No OpenTelemetry SDK setup required:

    posthog.metrics.count('orders_created', 1)
    posthog.metrics.gauge('active_connections', 42)
    posthog.metrics.histogram('api_latency', 187, { unit: 'ms' })

    Configure via metrics: { serviceName, environment, flushIntervalMs, maxSeriesPerFlush, beforeSend, ... }. (2026-07-08)

Patch Changes

v1.398.7

Compare Source

1.398.7

Patch Changes
  • #​4113 45f17ee Thanks @​TueHaulund! - fix session replay leaking a shadow-root observer when a same-origin iframe is removed

    Follow-up to the shadow-observer iframe-teardown fix: takeFullSnapshot's onSerialize registers every shadow root with the top-level document, so a root nested in a same-origin iframe was keyed to the wrong document and its observer/buffer were not disconnected when that iframe was removed (they lingered until the next full snapshot). addShadowRoot now derives the owning document from the host element, so per-document teardown matches iframe-nested roots too. (2026-07-08)

v1.398.6

Compare Source

1.398.6

Patch Changes

v1.398.5

Compare Source

1.398.5

Patch Changes
  • #​4103 be8242a Thanks @​rafaeelaudibert! - Publish the code-split ESM toolbar bundle when the build emits one. The release tooling now recursively includes dist/toolbar/ (with explicit JS content types for the strict-MIME ESM chunks) across the immutable, major-alias, and compatibility upload prefixes, and the workflow accepts the canonical toolbar.js/toolbar.css layout. This is a no-op against today's single-file build.
    (2026-07-08)

v1.398.4

Compare Source

v1.398.3

Compare Source

1.398.3

Patch Changes
  • #​4112 38bb185 Thanks @​TueHaulund! - fix session replay silently dropping shadow DOM mutations after an iframe teardown

    The single shared ShadowDomManager observes every shadow root on the page, but MutationBuffer.reset() disconnected it. That reset fires whenever any one buffer is torn down, so an iframe being removed or navigating away disconnected every shadow-root observer page-wide. Shadow DOM content (for example a widget mounted in an open shadow root) then stopped recording until the next periodic full snapshot re-registered it. Buffer teardown now releases only its own resources; global shadow observation is reset by takeFullSnapshot and on recording stop. (2026-07-08)

v1.398.2

Compare Source

1.398.2

Patch Changes
  • #​4063 24aadd5 Thanks @​posthog! - Fix a RangeError: Maximum call stack size exceeded that could originate from the shared patch() fetch/XHR wrapper. posthog-js wraps window.fetch in two independent places (tracing headers and session-recording network capture), so their restores routinely ran out of order. Previously an out-of-order restore silently no-op'd, leaving the wrapper in the call path; repeated start/stop cycles grew the wrapper chain without bound until a real fetch walked a chain deep enough to overflow the stack. Wrappers now delegate through a mutable link so any layer can be torn down even when newer wrappers sit on top of it, keeping the chain bounded. Header-injection and network-capture behavior is unchanged.
    (2026-07-07)

  • #​4100 e250a24 Thanks @​marandaneto! - Stop adding the gzip compression query parameter to browser SDK requests.
    (2026-07-07)

  • #​4083 f07e241 Thanks @​posthog! - fix(replay): harden session-replay network capture so instrumentation that throws (e.g. new Request() rejecting a URL/method) degrades gracefully and never breaks or misattributes the host application's own xhr.open() / fetch() calls
    (2026-07-07)

v1.398.1

Compare Source

1.398.1

Patch Changes

v1.398.0

Compare Source

v1.397.0

Compare Source

1.397.0

Minor Changes
  • #​4089 cc340db Thanks @​bs1180! - feat(web): add a posthog-js/customizations subpath entry point exposing the optional customizations (setAllPersonProfilePropertiesAsPersonPropertiesForFlags, the before-send sampling helpers, and the redux/kea loggers) as a proper ES module with bundled types, replacing the internal posthog-js/lib/src/customizations deep import. Also fixes the TypeScript definitions so setAllPersonProfilePropertiesAsPersonPropertiesForFlags accepts the instance passed to the loaded callback (the documented usage), and the loaded callback's instance type now includes config.
    (2026-07-06)

v1.396.9

Compare Source

v1.396.8

Compare Source

1.396.8

Patch Changes
  • #​4062 2af0026 Thanks @​posthog! - fix(web): prevent an infinite-recursion stack overflow in the logs console capture. The console wrapper's own capture path can emit internal debug lines through PostHog's logger, which wrote back to the wrapped console and re-entered capture until the stack blew (RangeError: Maximum call stack size exceeded). The wrapper now exposes the original console method via __rrweb_original__ (so the internal logger bypasses it) and guards against re-entrancy from any code that logs mid-capture.
    (2026-07-06)

v1.396.7

Compare Source

v1.396.6

Compare Source

1.396.6

Patch Changes
  • #​4053 45d1b36 Thanks @​posthog! - feat(web): add a graceful shutdown() to the browser client for parity with posthog-node, so isomorphic teardown code (e.g. the Nuxt module) that calls posthog.shutdown() on the client no longer throws TypeError: shutdown is not a function. It best-effort flushes the queued events and always resolves.
    (2026-07-03)

  • #​4054 f0657eb Thanks @​posthog! - fix(web): detect our own feature-flag request timeouts via a timedOut flag instead of the abort reason, so they are logged at warn (not error) on browsers that don't propagate controller.abort(reason) — keeping benign timeouts out of error tracking's console-error capture
    (2026-07-03)

  • #​4031 94a0530 Thanks @​posthog! - Improve survey display reliability:

    • posthog-js: refresh the cached $surveys definitions after a short TTL (stale-while-revalidate) so server-side changes such as switching a survey from popover to API propagate to long-lived tabs without a page reload.
    • posthog-js: add posthog.surveys.markSurveyAsSeen(surveyId, { iteration }) so custom integrators that render surveys through their own backend can honour the "already seen" and wait-period checks.
    • posthog-react-native: guarantee the survey Modal notifies its parent on close even when iOS Modal.onDismiss fails to fire, so the transparent full-screen modal can no longer stay mounted intercepting touches and freezing the app. (2026-07-03)
  • Updated dependencies [45d1b36]:

v1.396.5

Compare Source

1.396.5

Patch Changes
  • #​4050 d7cf13b Thanks @​turnipdabeets! - Prevent uncaught getComputedStyle crashes in heatmaps and autocapture when the event target is a cross-realm element (e.g. from an iframe or synthetic event)
    (2026-07-02)
  • Updated dependencies [5e7e132]:

v1.396.4

Compare Source

1.396.4
Patch Changes
  • #​4035 18e543b Thanks @​posthog! - fix(web): isolate onFeatureFlags callbacks so a throwing user handler no longer breaks the remaining callback chain or gets misattributed as an SDK error
    (2026-07-01)

  • #​4039 15bcb42 Thanks @​github-actions! - fix(replay): measure $snapshot_bytes as UTF-8 byte length instead of UTF-16 string length, so non-ASCII session replay payloads are counted accurately against the message size limit
    (2026-07-01)

v1.396.3

Compare Source

1.396.3
Patch Changes
  • #​4020 e0ad8ef Thanks @​posthog! - Fix TypeError: ....at is not a function thrown by the bundled web-vitals dependency on browsers that predate Array.prototype.at() (Chrome <92, iOS Safari <15.4). The web-vitals entrypoints now install a tiny Array.prototype.at polyfill before web-vitals runs, so web vitals capture works again on older browsers instead of crashing with an unhandled error.
    (2026-06-30)

v1.396.2

Compare Source

1.396.2
Patch Changes
  • #​4003 b6261e7 Thanks @​marandaneto! - Include a Promise polyfill in the IE11 bundle and avoid Promise-dependent async compression paths when Promise support is unavailable.
    (2026-06-29)

v1.396.1

Compare Source

1.396.1
Patch Changes

v1.396.0

Compare Source

1.396.0
Minor Changes
  • #​3987 74cc6bb Thanks @​TueHaulund! - Add a get_current_url config option that overrides the URL used for client-side URL targeting — session replay URL triggers, the session replay URL blocklist, survey URL display conditions, product tour URL conditions, web experiment URL conditions, and autocapture URL allow/ignore lists. These match against window.location.href directly, which does not reflect a $current_url rewritten in before_send. Apps where the browser URL is not meaningful for targeting (e.g. Electron/desktop builds served from a generated host) can now return the logical URL to match against. Defaults to window.location.href when not set.
    (2026-06-29)
Patch Changes

v1.395.0

Compare Source

1.395.0

Minor Changes
  • #​3977 6200888 Thanks @​turnipdabeets! - Add getAllFeatureFlags(), which returns all currently loaded feature flags as structured FeatureFlagResults (key, enabled, variant, payload). It is a synchronous read of the cached flags and does not send a $feature_flag_called event.
    (2026-06-26)
Patch Changes

v1.394.0

Compare Source

1.394.0

Minor Changes
  • #​3986 919abca Thanks @​ioannisj! - Capture the $device_model super-property on Android Chromium via navigator.userAgentData.getHighEntropyValues(['model']). Resolved once during init and sent on subsequent events; opt out with disableDeviceModel: true.
    (2026-06-26)

v1.393.6

Compare Source

1.393.6

Patch Changes

v1.393.5

Compare Source

1.393.5

Patch Changes

v1.393.4

Compare Source

1.393.4

Patch Changes

v1.393.3

Compare Source

1.393.3

Patch Changes
  • #​3945 f94deaf Thanks @​ioannisj! - fix(surveys): guard handlePageUnload against version-skewed surveys instance missing the method
    (2026-06-24)

v1.393.2

Compare Source

1.393.2

Patch Changes
  • #​3944 1c9a811 Thanks @​ioannisj! - Stop logging a misleading "upgrade your PostHog server" warning for valid v2 flags responses that have no flags.
    (2026-06-24)

v1.393.1

Compare Source

1.393.1

Patch Changes
  • #​3919 99bad9c Thanks @​pauldambra! - Session replay network capture: add an opt-in streaming reader for request/response bodies that stops at the payload size limit instead of buffering the whole body and then discarding it — bounding memory and pre-request latency when a body is ver

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from ca1aa21 to 2ef8077 Compare July 6, 2026 09:12
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from c51113b to 8e88122 Compare July 9, 2026 05:53
Copilot AI requested a review from TechWatching July 9, 2026 08:19
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from f20e9fe to f12fb65 Compare July 12, 2026 11:47
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from f12fb65 to dd8ba68 Compare July 14, 2026 09:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants