chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@atproto/api (source)	0.19.3 → 0.19.5
@atproto/lex (source)	0.0.20 → 0.0.23
@atproto/lex-password-session (source)	0.0.8 → 0.0.11
@iconify-json/lucide	1.2.98 → 1.2.100
@iconify-json/simple-icons	1.2.74 → 1.2.75
@nuxt/ui (source)	4.5.1 → 4.6.0
@nuxtjs/i18n (source)	10.2.3 → 10.2.4
@nuxtjs/mdc	0.20.2 → 0.21.0
@storybook/addon-a11y (source)	10.3.1 → 10.3.3
@storybook/addon-docs (source)	10.3.1 → 10.3.3
@storybook/addon-themes (source)	10.3.1 → 10.3.3
algoliasearch (source)	5.49.2 → 5.50.0
diff	8.0.3 → 8.0.4
focus-trap	8.0.0 → 8.0.1
h3 (source)	1.15.8 → 1.15.10
h3-next (source)	2.0.1-rc.16 → 2.0.1-rc.20
knip (source)	6.0.5 → 6.1.0
marked (source)	17.0.4 → 17.0.5
pnpm (source)	10.32.1 → 10.33.0
sanitize-html (source)	2.17.1 → 2.17.2
srvx (source)	0.11.12 → 0.11.13
tsdown (source)	0.21.4 → 0.21.6
valibot (source)	1.3.0 → 1.3.1
vitest (source)	0.1.12 → 0.1.14

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

bluesky-social/atproto (@​atproto/api)

v0.19.5

Compare Source

Patch Changes

• #​4408 d0c136c Thanks @​matthieusieben! - Export internal ids

• #​4408 d0c136c Thanks @​matthieusieben! - Add "codegen" as part of the build

• #​4408 d0c136c Thanks @​matthieusieben! - Type did and assertDid Agent properties to be typed as DidString

• #​4791 3aa18f8 Thanks @​estrattonbailey! - Codegen updated lexicons

• Updated dependencies [0dbea15, d0c136c, 527f5d4]:

  • @​atproto/syntax@​0.5.2

v0.19.4

Compare Source

Patch Changes

• #​4709 9f9f71a Thanks @​foysalit! - Introduce a purge event to remove ozone's data on age assurance

• Updated dependencies [67eb0c1]:

  • @​atproto/syntax@​0.5.1

bluesky-social/atproto (@​atproto/lex)

v0.0.23

Compare Source

Patch Changes

• Updated dependencies [527f5d4, 527f5d4, c4df84c, 527f5d4, a99dd58, e5e5bcf, ac6bd18, c5c6c7d]:
  • @​atproto/lex-schema@​0.0.17
  • @​atproto/lex-client@​0.0.18
  • @​atproto/lex-builder@​0.0.20
  • @​atproto/lex-installer@​0.0.23

v0.0.22

Compare Source

Patch Changes

• Updated dependencies [6a88461, 6a88461, df8328c, 6a88461, 6a88461, 6a88461]:
  • @​atproto/lex-client@​0.0.17
  • @​atproto/lex-schema@​0.0.16
  • @​atproto/lex-data@​0.0.14
  • @​atproto/lex-builder@​0.0.19
  • @​atproto/lex-installer@​0.0.22
  • @​atproto/lex-json@​0.0.14

v0.0.21

Compare Source

Patch Changes

• Updated dependencies [5a2f884, 3dc3791, 3dc3791, 3dc3791, 3dc3791, 112b159, 3dc3791, 3dc3791]:
  • @​atproto/lex-client@​0.0.16
  • @​atproto/lex-schema@​0.0.15
  • @​atproto/lex-builder@​0.0.18
  • @​atproto/lex-installer@​0.0.21

bluesky-social/atproto (@​atproto/lex-password-session)

v0.0.11

Compare Source

Patch Changes

• Updated dependencies [527f5d4, 527f5d4, c4df84c, 527f5d4, a99dd58, e5e5bcf, ac6bd18, c5c6c7d]:
  • @​atproto/lex-schema@​0.0.17
  • @​atproto/lex-client@​0.0.18

v0.0.10

Compare Source

Patch Changes

• Updated dependencies [6a88461, 6a88461, df8328c, 6a88461, 6a88461]:
  • @​atproto/lex-client@​0.0.17
  • @​atproto/lex-schema@​0.0.16

v0.0.9

Compare Source

Patch Changes

• Updated dependencies [5a2f884, 3dc3791, 3dc3791, 3dc3791, 3dc3791, 112b159, 3dc3791, 3dc3791]:
  • @​atproto/lex-client@​0.0.16
  • @​atproto/lex-schema@​0.0.15

nuxt/ui (@​nuxt/ui)

v4.6.0

Compare Source

⚠ BREAKING CHANGES

• module: use moduleDependencies to manipulate options (#​5384)

Features

• add standalone Vue REPL playground (#​6209) (390c4bd)
• ChatMessage: add files slot (12d6020)
• ChatReasoning: new component (#​6175) (6db594e)
• ChatShimmer: new component (#​6171) (8db9c54)
• ChatTool: new component (#​6176) (7849534)
• Checkbox/Switch: add support for trueValue / falseValue props (#​6150) (91c6356)
• ContentToc: add highlight-variant prop (#​5746) (df080ce)
• DropdownMenu: add filter prop (#​6153) (a529b43)
• FileUpload: add fileImage prop (#​5935) (40f9c2e)
• Icon: add global options on Vue-only side (#​5354) (566fbee)
• InputMenu: add autocomplete prop (#​6026) (ee8a248)
• InputTime: add range prop (#​6203) (c124f29)
• locale: add Icelandic language (#​6149) (f3ddc60)
• module: use moduleDependencies to manipulate options (#​5384) (dd3f5c5)
• Sidebar: new component (#​6038) (51a1f85)
• Table: implement row pinning (#​6115) (fbd60d9)
• Tooltip: support global content configuration via App tooltip prop (#​6152) (83afd9c)
• unplugin: add support for prose components (#​6198) (c58b9b2)

Bug Fixes

• Avatar: use resolved size for image width/height (#​6008) (6dd0fc4)
• ChatShimmer: handle RTL mode (#​6180) (51793a8)
• ContentNavigation: prevent toggling disabled parent items (#​6122) (0f1074f)
• ContentSurround: handle RTL mode (#​6148) (6921f13)
• ContentToc: reset start margin at lg breakpoint (8f24f79)
• DashboardSearchButton: use valid HTML structure for trailing slot (#​6194) (578a12f)
• Editor: guard lift calls for unavailable list extensions (#​6100) (065db6b)
• Error: support status and statusText properties (1350d62), closes #​6134
• FileUpload: make multiple, accept and reset options reactive (#​6204) (ae093df)
• Modal/Slideover/Popover/Drawer: prevent double close:prevent emit (#​6226) (9a0d501)
• module: only auto-import public composables and allow Vite opt-out (#​6197) (886f5fb)
• NavigationMenu: improve RTL support for viewport and indicator (#​6164) (755867b)
• NavigationMenu: propagate disabled state to item in vertical orientation (6d4d651)
• ProsePre: move shiki line highlight styles to theme (d663950)

nuxt-modules/i18n (@​nuxtjs/i18n)

v10.2.4

Compare Source

This changelog is generated by GitHub Releases

   🐞 Bug Fixes

• Do not import from nuxt/schema  -  by @​danielroe in #​3925 (f57bb)
• Respect trailingSlash on root  -  by @​divine in #​3920 (9e504)
• Move typescript to dev dependencies  -  by @​BobbieGoede in #​3939 (3b0ad)
• Add warning for missing domains when multiDomainLocales is enabled  -  by @​DotwoodMedia in #​3938 (d9a1a)
• types: Allow mixing string and objects for locale file configuration  -  by @​richex-cn in #​3933 (b63d0)

    View changes on GitHub

nuxt-content/mdc (@​nuxtjs/mdc)

v0.21.0

Compare Source

compare changes

🩹 Fixes

• Don't memoise configs, and allow external modules to call mdc:configSources (#​471)
• Normalize lang (#​459)
• cache: Fix issue where value watch could get out of sync (#​385)

🏡 Chore

• Upgrade deps (930318c)
• Remove mkdist resolution (344ee69)
• Keep mkdist@​2.3.0 (8881f62)

❤️ Contributors

• Farnabaz farnabaz@gmail.com
• Chris Towles chris.towles@gmail.com
• Juls0730 (@​juls0730)
• Daniel Roe (@​danielroe)

storybookjs/storybook (@​storybook/addon-a11y)

v10.3.3

Compare Source

• Addon-Vitest: Streamline vite(st) config detection across init and postinstall - #​34193, thanks @​valentinpalkovic!

v10.3.2

Compare Source

• CLI: Shorten CTA link messages - #​34236, thanks @​shilman!
• React Native Web: Fix vite8 support by bumping vite-plugin-rnw - #​34231, thanks @​dannyhw!

algolia/algoliasearch-client-javascript (algoliasearch)

v5.50.0

Compare Source

• 2d6c9b2727 feat(javascript): Implement gzip compression (#​6052) by @​MarioAlexandruDan
• a196c9cf73 feat(clients): response decompression (#​6095) by @​eric-zaharia
• 1ad4bcd99b fix(javascript): Update Node options to target ES2018 (#​6101) by @​MarioAlexandruDan
• 600f157a13 fix(specs): remove query parameter that are not accepted by the Composition API (#​6128) by @​ClaraMuller
• 90d96d575a chore(deps): dependencies 2026-03-16 (#​6102) by @​algolia-bot
• 6064369533 fix(javascript): move gzip compression to node-only builds, remove fflate (#​6154) by @​Fluf22

kpdecker/jsdiff (diff)

v8.0.4

Compare Source

• #​667 - fix another bug in diffWords when used with an Intl.Segmenter. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), diffWords would previously crash. Now this case is handled correctly.

focus-trap/focus-trap (focus-trap)

v8.0.1

Compare Source

Patch Changes

• 7d5010e: Loosen checkCanFocusTrap Promise resolution type to unknown to make it easier to use Promise.all() or Promise.allSettled() as the returned Promise (Promise<void> was causing issues because those Promise APIs do not resolve with a void value).

h3js/h3 (h3)

v1.15.10

Compare Source

compare changes

🩹 Fixes

• Preserve percent-encoded req.url in app event handler (#​1355)

❤️ Contributors

• Sergio Azócar (@​sergioazoc)

v1.15.9

Compare Source

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)
• static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
• sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

webpro-nl/knip (knip)

v6.1.0: Release 6.1.0

Compare Source

• Add knip.nodeRuntimePath setting (resolve #​1643) (65e943c)
• Swap Astro sharp detection to match default behavior (#​1559) (84968bb)
• feat: stencil plugin (#​1644) (d5d20e5) - thanks @​johnjenkins!
• Enable metro plugin when expo is installed (#​1600) (14bc9d7) - thanks @​DaniFoldi!
• Resolve jsPlugins dependencies in oxlint plugin (#​1576) (e11c962) - thanks @​nikolailehbrink!
• Wrap up oxlint jsPlugins support (209a9f7)
• Update dependencies (close #​1646) (869020f)
• Fix config hint filePath edge case (e79c302)
• Rename oxlint config file in fixtures (5630204)
• Release knip@​6.1.0 (b3c908e)

v6.0.6: Release 6.0.6

Compare Source

• Suppress issues initially to not overwhelm agent in mcp server (7793962)
• Auto-format (346247a)
• Fix false positive unused deps when run from workspace dir (resolve #​1642) (95f4431)
• Move from convertPathsToAlias → compilePathMappings (resolve #​1641) (ccc62d6)

markedjs/marked (marked)

v17.0.5

Compare Source

Bug Fixes

• Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#​3918) (4625980)
• prevent quadratic complexity in emStrongLDelim regex (#​3906) (c732dd2)
• prevent single-tilde strikethrough false positives (#​3910) (5e03369)
• re-assign tokenizer.lexer and renderer.parser at start of each parse call (#​3907) (f3a3ec0)
• trim trailing whitespace from lheading text (#​3920) (3ea7e88)

pnpm/pnpm (pnpm)

v10.33.0

Compare Source

apostrophecms/apostrophe (sanitize-html)

v2.17.2

Compare Source

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &#​0000001) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

h3js/srvx (srvx)

v0.11.13

Compare Source

compare changes

🩹 Fixes

• url: Deopt absolute URIs in FastURL (de0d699)

🏡 Chore

• Update deps (4e6ace6)
• Update deps (6a72a00)
• Fix type issue (ed8cc2b)
• Apply automated updates (7375fed)
• Update deps (8f4bc4f)

❤️ Contributors

• Pooya Parsa (@​pi0)

rolldown/tsdown (tsdown)

v0.21.6

Compare Source

   🚀 Features

• Upgrade rolldown to v1.0.0-rc.12  -  by @​sxzz (51292)
• config:
  • Pass root config to workspace config functions  -  by @​sxzz (76169)
  • Use mergeConfig for workspace config merging and support variadic overrides  -  by @​sxzz (148aa)
• dts:
  • Add cjsReexport option to eliminate dual module type hazard  -  by @​mandarini and @​sxzz in #​856 (875c1)
• exports:
  • Add bin option to auto-generate package.json bin field  -  by @​sxzz in #​869 (7ebd6)

   🐞 Bug Fixes

• css:
  • Compile preprocessor langs in virtual CSS modules  -  by @​sxzz in #​865 (7b2e0)
  • Strip .module from CSS output filenames  -  by @​sxzz in #​866 (03ade)
  • Default splitting to true in unbundle mode for CSS inject  -  by @​sxzz in #​867 (a4da6)
  • Split CSS plugin into pre/post phases for scoped CSS support  -  by @​sxzz in #​870 (ff0c4)
• entry:
  • Correctly output relative paths in logger output  -  by @​sxzz (00050)

    View changes on GitHub

v0.21.5

Compare Source

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in #​845 (41411)
• Support typescript v6  -  by @​ocavue in #​858 (bffc4)

   🐞 Bug Fixes

• css:
  • Run final minification on merged CSS output  -  by @​sxzz in #​853 (475df)
  • Don't override internal importer  -  by @​Laupetin in #​860 (af40e)
  • Use aliased exports for CSS module keys  -  by @​wChenonly and @​sxzz in #​840 (bb6de)
• deps:
  • External optionalDependencies by default  -  by @​sxzz (cd24d)
  • Resolve subpath extensions for packages without exports field  -  by @​sxzz in #​863 (c5150)
  • Correctly resolve root @types packages for dts deep imports  -  by @​brc-dd and @​sxzz in #​852 (0b276)

    View changes on GitHub

open-circle/valibot (valibot)

v1.3.1

Compare Source

• Change MAC48_REGEX, MAC64_REGEX and MAC_REGEX to drop the i flag for better JSON Schema compatibility (pull request #​1430)
• Change hash action to use case-expanded character classes instead of the i flag (pull request #​1430)

voidzero-dev/vite-plus (vitest)

v0.1.14: vite-plus v0.1.14 — Shell Completions, Log Modes, Linux musl, and Devcontainer Support

Compare Source

A feature-packed release bringing shell completion support, new task log output modes, Linux musl target builds, improved project creation UX, and numerous testing and compatibility fixes.

Highlights

• Shell completion support — Tab completions for bash, zsh, fish, and PowerShell (#​974)
• Task log output modes — New --log=interleaved|labeled|grouped modes for controlling task output display (vite-task#266)
• Smart cache skipping — Tasks that modify their own inputs are now automatically excluded from caching (vite-task#248)
• Linux musl target support — Native builds for Alpine Linux and musl-based distros (#​995)
• Create project in current directory — vp create . now works to scaffold a project in the current directory (#​1097)
• Non-interactive installation — Devcontainers and CI environments can now install vite-plus without interactive prompts (#​1092)

Features

• Add shell completion support for bash, zsh, fish, and PowerShell (#​974) — @​nekomoyi
• Add --log=interleaved|labeled|grouped modes for task output (vite-task#266) @​branchseer
• Skip caching tasks that modify their inputs (vite-task#248) @​branchseer
• Add Linux musl target support (#​995) — @​fengmk2
• Support creating project in current directory (#​1097) — @​jong-kyung
• Upgrade Vite 8.0.1→8.0.2, Rolldown rc.10→rc.11, Vitest 4.1.0→4.1.1 (#​1121) — @​Brooooooklyn
• Upgrade @​vitejs/devtools 0.1.8→0.1.11, oxfmt 0.41.0→0.42.0, oxlint 1.56.0→1.57.0 (#​1126) — @​Brooooooklyn

Fixes & Enhancements

• Show binary location when shell config is not writable (#​1060) — @​fengmk2
• Add troubleshooting tips for npm template not found error (#​1055) — @​naokihaba
• Warn when object-form manualChunks is detected (#​1046) — @​kazupon
• Use OxfmtConfig instead of FormatOptions for fmt types (#​1075) — @​camc314
• Include skill docs in release artifacts (#​1087) — @​kazupon
• Invalidate resolve cache after version configuration changes (#​1089) — @​kazupon
• Traverse parent directories to find vite.config.ts in vp pack (#​1072) — @​kazupon
• Support non-interactive installation for devcontainers (#​1092) — @​fengmk2
• Correct Vue.js language key in Zed settings (#​1109) — @​CoutinhoTTS
• Exclude @​vitest/browser/context from vendor-aliases to fix missing server export (#​1110) — @​kazupon
• Handle spurious key events in Windows command picker (#​1100) — @​nekomoyi
• Revert bundler module resolution in monorepo template (#​1111) — @​fengmk2
• Auto-inline packages that use expect.extend() to fix module instance splitting (#​1113) — @​kazupon
• Add .claude/worktrees/ to monorepo template gitignore (#​1125) — @​jong-kyung
• Warn on uncoercible husky version instead of false positive (#​1124) — @​jong-kyung
• Fix cargo deny workflow (#​1048) — @​fengmk2
• Align default untracked env patterns with Turborepo (vite-task#262)
• Fix flaky SIGSEGV on musl (vite-task#278)
• Use neutral symbols for cache hit/miss indicators (vite-task#268)

Docs

• Fix invalid links (#​1061) — @​bhbs
• Add CI integration section to scaffolded AGENTS.md ([#​1088](https://redirect.github.com/voidzero-dev/vite-plus/pull/10

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ready	Preview, Comment	Mar 28, 2026 8:55am
npmx.dev	Ready	Preview, Comment	Mar 28, 2026 8:55am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
npmx-lunaria	Ignored		Mar 28, 2026 8:55am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[ghostdevv]

I'm not sure what's causing the issue, will ask if anyone knows in the discord o7